From dd15238fa182aff0ab09dd9d3f469f821f9810ef Mon Sep 17 00:00:00 2001 From: dobesv Date: Thu, 27 Feb 2014 10:34:12 -0800 Subject: Add get_logout_headers to request The documentation for forget() says it is deprecated and to use get_logout_headers() on the request instead. However, no such method has been added to the request. --- pyramid/security.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pyramid/security.py b/pyramid/security.py index 848574233..dafd19611 100644 --- a/pyramid/security.py +++ b/pyramid/security.py @@ -355,6 +355,25 @@ class AuthenticationAPIMixin(object): return [Everyone] return policy.effective_principals(self) + def get_logout_headers(self): + """ + Return a sequence of header tuples (e.g. ``[('Set-Cookie', + 'foo=abc')]``) suitable for 'forgetting' the set of credentials + possessed by the currently authenticated user. A common usage + might look like so within the body of a view function + (``response`` is assumed to be an :term:`WebOb` -style + :term:`response` object computed previously by the view code):: + + request.response.headerlist.extend(request.get_logout_headers()) + + If no :term:`authentication policy` is in use, this function will + always return an empty sequence. + """ + policy = self._get_authentication_policy() + if policy is None: + return [] + return policy.forget(request) + class AuthorizationAPIMixin(object): def has_permission(self, permission, context=None): -- cgit v1.2.3 From 8b434dd3d40ed42639a73d9ba5a750732049a043 Mon Sep 17 00:00:00 2001 From: dobesv Date: Thu, 27 Feb 2014 11:09:08 -0800 Subject: Remove reference to request.get_logout_headers() --- pyramid/security.py | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/pyramid/security.py b/pyramid/security.py index dafd19611..aa4aece69 100644 --- a/pyramid/security.py +++ b/pyramid/security.py @@ -160,9 +160,6 @@ def forget(request): If no :term:`authentication policy` is in use, this function will always return an empty sequence. - - .. deprecated:: 1.5 - Use :meth:`pyramid.request.Request.get_logout_headers` instead. """ policy = _get_authentication_policy(request) if policy is None: @@ -354,26 +351,7 @@ class AuthenticationAPIMixin(object): if policy is None: return [Everyone] return policy.effective_principals(self) - - def get_logout_headers(self): - """ - Return a sequence of header tuples (e.g. ``[('Set-Cookie', - 'foo=abc')]``) suitable for 'forgetting' the set of credentials - possessed by the currently authenticated user. A common usage - might look like so within the body of a view function - (``response`` is assumed to be an :term:`WebOb` -style - :term:`response` object computed previously by the view code):: - - request.response.headerlist.extend(request.get_logout_headers()) - If no :term:`authentication policy` is in use, this function will - always return an empty sequence. - """ - policy = self._get_authentication_policy() - if policy is None: - return [] - return policy.forget(request) - class AuthorizationAPIMixin(object): def has_permission(self, permission, context=None): -- cgit v1.2.3