From dba59c91418886a6e382adaf0ad3abb6bd013a93 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Tue, 23 Jun 2009 17:29:03 +0000 Subject: - The ``callback`` argument of the ``repoze.bfg.authentication`` authentication policies named ``RepozeWho1AuthenticationPolicy``, ``RemoteUserAuthenticationPolicy``, and ``AuthTktAuthenticationPolicy`` now must accept two positional arguments: the orginal argument accepted by each (userid or identity) plus a second argument, which will be the current request. Apologies, this is required to service finding groups when there is no "global" database connection. --- CHANGES.txt | 12 ++++++++++++ repoze/bfg/authentication.py | 28 +++++++++++++++------------- repoze/bfg/tests/test_authentication.py | 16 ++++++++-------- 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 65186eb0d..9de8f6b52 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -20,6 +20,18 @@ Documentation - Conditional documentation in installation section ("how to install a Python interpreter"). +Backwards Incompatibilities +--------------------------- + +- The ``callback`` argument of the ``repoze.bfg.authentication`` + authentication policies named ``RepozeWho1AuthenticationPolicy``, + ``RemoteUserAuthenticationPolicy``, and + ``AuthTktAuthenticationPolicy`` now must accept two positional + arguments: the orginal argument accepted by each (userid or + identity) plus a second argument, which will be the current request. + Apologies, this is required to service finding groups when there is + no "global" database connection. + 1.0a1 (2009-06-22) ================== diff --git a/repoze/bfg/authentication.py b/repoze/bfg/authentication.py index 5aca0c110..37f03cf8b 100644 --- a/repoze/bfg/authentication.py +++ b/repoze/bfg/authentication.py @@ -19,7 +19,7 @@ class CallbackAuthenticationPolicy(object): return None if self.callback is None: return userid - if self.callback(userid) is not None: # is not None! + if self.callback(userid, request) is not None: # is not None! return userid def effective_principals(self, request): @@ -30,7 +30,7 @@ class CallbackAuthenticationPolicy(object): if self.callback is None: groups = [] else: - groups = self.callback(userid) + groups = self.callback(userid, request) if groups is None: # is None! return effective_principals effective_principals.append(Authenticated) @@ -54,11 +54,12 @@ class RepozeWho1AuthenticationPolicy(CallbackAuthenticationPolicy): ``callback`` - Default: ``None``. A callback passed the repoze.who identity, - expected to return None if the user represented by the - identity doesn't exist or a sequence of group identifiers - (possibly empty) if the user does exist. If ``callback`` is - None, the userid will be assumed to exist with no groups. + Default: ``None``. A callback passed the repoze.who identity + and the request, expected to return None if the user + represented by the identity doesn't exist or a sequence of + group identifiers (possibly empty) if the user does exist. If + ``callback`` is None, the userid will be assumed to exist with + no groups. """ implements(IAuthenticationPolicy) @@ -83,7 +84,7 @@ class RepozeWho1AuthenticationPolicy(CallbackAuthenticationPolicy): return None if self.callback is None: return identity['repoze.who.userid'] - if self.callback(identity) is not None: # is not None! + if self.callback(identity, request) is not None: # is not None! return identity['repoze.who.userid'] def effective_principals(self, request): @@ -94,7 +95,7 @@ class RepozeWho1AuthenticationPolicy(CallbackAuthenticationPolicy): if self.callback is None: groups = [] else: - groups = self.callback(identity) + groups = self.callback(identity, request) if groups is None: # is None! return effective_principals userid = identity['repoze.who.userid'] @@ -132,10 +133,11 @@ class RemoteUserAuthenticationPolicy(CallbackAuthenticationPolicy): ``callback`` - Default: ``None``. A callback passed the userid, expected to return - None if the userid doesn't exist or a sequence of group identifiers - (possibly empty) if the user does exist. If ``callback`` is None, - the userid will be assumed to exist with no groups. + Default: ``None``. A callback passed the userid and the request, + expected to return None if the userid doesn't exist or a sequence + of group identifiers (possibly empty) if the user does exist. + If ``callback`` is None, the userid will be assumed to exist with no + groups. """ implements(IAuthenticationPolicy) diff --git a/repoze/bfg/tests/test_authentication.py b/repoze/bfg/tests/test_authentication.py index f3df22005..2032f53c3 100644 --- a/repoze/bfg/tests/test_authentication.py +++ b/repoze/bfg/tests/test_authentication.py @@ -32,7 +32,7 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase): def test_authenticated_userid_with_callback_returns_None(self): request = DummyRequest( {'repoze.who.identity':{'repoze.who.userid':'fred'}}) - def callback(identity): + def callback(identity, request): return None policy = self._makeOne(callback=callback) self.assertEqual(policy.authenticated_userid(request), None) @@ -40,7 +40,7 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase): def test_authenticated_userid_with_callback_returns_something(self): request = DummyRequest( {'repoze.who.identity':{'repoze.who.userid':'fred'}}) - def callback(identity): + def callback(identity, request): return ['agroup'] policy = self._makeOne(callback=callback) self.assertEqual(policy.authenticated_userid(request), 'fred') @@ -66,7 +66,7 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase): request = DummyRequest( {'repoze.who.identity':{'repoze.who.userid':'fred', 'groups':['quux', 'biz']}}) - def callback(identity): + def callback(identity, request): return identity['groups'] policy = self._makeOne(callback=callback) self.assertEqual(policy.effective_principals(request), @@ -77,7 +77,7 @@ class TestRepozeWho1AuthenticationPolicy(unittest.TestCase): request = DummyRequest( {'repoze.who.identity':{'repoze.who.userid':'fred', 'groups':['quux', 'biz']}}) - def callback(identity): + def callback(identity, request): return None policy = self._makeOne(callback=callback) self.assertEqual(policy.effective_principals(request), [Everyone]) @@ -207,14 +207,14 @@ class TestAutkTktAuthenticationPolicy(unittest.TestCase): def test_authenticated_userid_callback_returns_None(self): request = DummyRequest({}) - def callback(userid): + def callback(userid, request): return None policy = self._makeOne(callback, {'userid':'fred'}) self.assertEqual(policy.authenticated_userid(request), None) def test_authenticated_userid(self): request = DummyRequest({}) - def callback(userid): + def callback(userid, request): return True policy = self._makeOne(callback, {'userid':'fred'}) self.assertEqual(policy.authenticated_userid(request), 'fred') @@ -228,7 +228,7 @@ class TestAutkTktAuthenticationPolicy(unittest.TestCase): def test_effective_principals_callback_returns_None(self): from repoze.bfg.security import Everyone request = DummyRequest({}) - def callback(userid): + def callback(userid, request): return None policy = self._makeOne(callback, {'userid':'fred'}) self.assertEqual(policy.effective_principals(request), [Everyone]) @@ -237,7 +237,7 @@ class TestAutkTktAuthenticationPolicy(unittest.TestCase): from repoze.bfg.security import Everyone from repoze.bfg.security import Authenticated request = DummyRequest({}) - def callback(userid): + def callback(userid, request): return ['group.foo'] policy = self._makeOne(callback, {'userid':'fred'}) self.assertEqual(policy.effective_principals(request), -- cgit v1.2.3