summaryrefslogtreecommitdiff
path: root/docs/narr/security.rst
AgeCommit message (Collapse)Author
2024-03-02docs: missing self in SessionSecurityPolicy exampleRob van der Linde
2020-10-13Rename `ISecurityPolicy.authenticated_identity` to `identity`Theron Luhn
2020-01-16Merge branch 'master' into move-acl-security-to-authorizationMichael Merickel
2020-01-12move doc references from pyramid.security to pyramid.authorizationMichael Merickel
2020-01-06sync views with new structure and add csrf protectionMichael Merickel
2019-12-31change hashalg on AuthTktCookieHelper to sha512.Michael Merickel
2019-12-30rename identify(request) to authenticated_identity(request)Michael Merickel
2019-12-17Use `self.identify` instead of `request.authenticated_identity`Theron Luhn
2019-12-16Update docs/narr/security.rst code examples.Theron Luhn
2019-12-15Remove requirement that identity is validated.Theron Luhn
2019-12-15Revert "Bring back identity into permits."Theron Luhn
This reverts commit 2e06fa414412688dc3b7e0b422b0fc0b96ec882f.
2019-12-15Update docs/narr/security.rstTheron Luhn
Co-Authored-By: Steve Piercy <web@stevepiercy.com>
2019-12-14Bring back identity into permits.Theron Luhn
2019-12-14Update docs.Theron Luhn
2019-12-14start reworking security policyÉric Araujo
2019-10-17support Origin: null in csrf_trusted_origins and check_origin=FalseMichael Merickel
2019-10-17Merge pull request #3521 from mmerickel/remove-check-csrf-predicateMichael Merickel
remove check_csrf view predicate
2019-10-17move the interface docs to api/interfacesMichael Merickel
2019-10-17remove check_csrf view predicateMichael Merickel
2019-09-30Merge pull request #3465 from luhn/security-policyMichael Merickel
Security policy implementation
2019-09-23Doc fixes from @DeimosTheron Luhn
2019-09-19Document CSRF allow_no_origin option.Theron Luhn
2019-08-26Doc fix via @mmerickelTheron Luhn
Co-Authored-By: Michael Merickel <github@m.merickel.org>
2019-07-27Fix typosMin ho Kim
2019-07-13Improve security docs.Theron Luhn
2019-06-08First draft of upgrade docs.Theron Luhn
2019-05-26First draft of narrative docs.Theron Luhn
2019-05-12Narrative docs WIPTheron Luhn
2018-10-14Update documentation for implementing custom authz policyBert JW Regeer
2018-08-18Clean up code-blocks in securitySteve Piercy
2017-10-18csrf documentation changeBen Fagin
2017-04-30standardize "non-standard"Steve Piercy
2017-04-29final cleanup of csrf decoupling in #2854Michael Merickel
- Renamed `SessionCSRFStoragePolicy` to `LegacySessionCSRFStoragePolicy` for the version that uses the legacy `ISession.get_csrf_token` and `ISession.new_csrf_token` apis and set that as the default. - Added new `SessionCSRFStoragePolicy` that stores data in the session similar to how the `SessionAuthenticationPolicy` works. - `CookieCSRFStoragePolicy` did not properly return the newly generated token from `get_csrf_token` after calling `new_csrf_token`. It needed to cache the new value since the response callback does not affect the current request. - `CookieCSRFStoragePolicy` was not forwarding the `domain` value to the `CookieProfile` causing that setting to be ignored. - Removed `check_csrf_token` from the `ICSRFStoragePolicy` interface to simplify implementations of storage policies. - Added an introspectable item for the configured storage policy so that it appears on the debugtoolbar. - Added a change note on `ISession` that it no longer required the csrf methods. - Leave deprecated shims in ``pyramid.session`` for ``check_csrf_origin`` and ``check_csrf_token``.
2017-04-26Apply drafting changes to documentation.Matthew Wilkes
2017-04-12Use the webob CookieProfile in the Cookie implementation, rename some ↵Matthew Wilkes
implemenations based on feedback, split CSRF implementation and option configuration and make the csrf token function exposed as a system default rather than a renderer event.
2017-04-12Rename implementation to ICSRFStoragePolicyMatthew Wilkes
2017-04-12Fix tests and documentation in various places, and feedback following reviewJure Cerjak
regarding naming of variables and code cleanup.
2017-04-12Create a new ICSRF implementation for getting CSRF tokens, split out from ↵Matthew Wilkes
the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.
2016-06-09grammar, spelling, wrapping fixSteve Piercy
2016-06-08Adding a warning discouraging use of __acl__ properties attributesJulien MIOTTE
2015-10-31minor grammar, rewrap to 79 columnsSteve Piercy
2015-02-17enhance security docs with an example of subclassing a builtin policyMichael Merickel
2015-02-17grammarMichael Merickel
2014-08-13some tweaks to the usage of userid in the docsMichael Merickel
2014-08-12Docs: Switched first 2 paragraphs of security overview.Karl O. Pinc
2014-08-12Docs: Add resource tree into security overview.Karl O. Pinc
2014-08-12Docs: Include the concept of credentials in the high level security overview.Karl O. Pinc
2014-08-12Docs: Make "userid" link to the glossary term.Karl O. Pinc
2014-08-12Security: Change "principal" argument in security.remember() to "userid".Karl O. Pinc
Make the change througout the authentication policies, etc. as well.
2014-08-12Docs: Make clear that a userid need not be a principal.Karl O. Pinc
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 12:44:46 +0000