From 0688dad3e51361e3274650f39897100063f89459 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 1 Jul 2009 08:13:25 +0000 Subject: - Deprecate the ``authentication_policy`` and ``authorization_policy`` arguments to ``repoze.bfg.router.make_app``. Instead, developers should use the various authentication policy ZCML directives (``repozewho1authenticationpolicy``, ``remoteuserauthenticationpolicy`` and ``authtktauthenticationpolicy``) and the `aclauthorizationpolicy`` authorization policy directive as described in the changes to the "Security" narrative documentation chapter and the wiki tutorials. --- repoze/bfg/router.py | 33 +++++++++++++++++++++++++-------- repoze/bfg/tests/test_router.py | 15 ++++++++++++--- 2 files changed, 37 insertions(+), 11 deletions(-) (limited to 'repoze') diff --git a/repoze/bfg/router.py b/repoze/bfg/router.py index 0a863f93a..4eb0fed81 100644 --- a/repoze/bfg/router.py +++ b/repoze/bfg/router.py @@ -239,7 +239,10 @@ def make_app(root_factory, package=None, filename='configure.zcml', authentication or authorization will be performed. Instead, BFG will ignore any view permission assertions in your application and imperative security checks performed by your application will - always return ``True``. + always return ``True``. This argument is deprecated in + :mod:`repoze.bfg` 1.0; use a ZCML directive such as + ``authtktauthenticationpolicy`` instead, as documented in the + Security chapter of the :mod:`repoze.bfg` documentation. ``authorization_policy`` is an object that implements the ``repoze.bfg.interfaces.IAuthorizationPoicy`` interface @@ -249,7 +252,10 @@ def make_app(root_factory, package=None, filename='configure.zcml', authenticate that user. If the ``authentication_policy`` argument is *not* ``None``, and the ``authorization_policy`` argument *is* ``None``, the authorization policy defaults to an authorization - implementation that uses ACLs. + implementation that uses ACLs. This argument is deprecated in + :mod:`repoze.bfg` 1.0; use a ZCML directive such as + ``aclauthorizationpolicy`` instead, as documented in the Security + chapter of the :mod:`repoze.bfg` documentation. ``options``, if used, should be a dictionary containing runtime options (e.g. the key/value pairs in an app section of a @@ -272,12 +278,6 @@ def make_app(root_factory, package=None, filename='configure.zcml', settings = Settings(get_options(options)) registry.registerUtility(settings, ISettings) - if authentication_policy: - registry.registerUtility(authentication_policy, IAuthenticationPolicy) - if authorization_policy is None: - authorization_policy = ACLAuthorizationPolicy() - registry.registerUtility(authorization_policy, IAuthorizationPolicy) - if root_factory is None: root_factory = DefaultRootFactory @@ -287,6 +287,23 @@ def make_app(root_factory, package=None, filename='configure.zcml', mapper = RoutesRootFactory(root_factory) registry.registerUtility(mapper, IRoutesMapper) + if authentication_policy: + debug_logger.warn( + 'The "authentication_policy" and "authorization_policy" ' + 'arguments to repoze.bfg.router.make_app have been deprecated ' + 'in repoze.bfg version 1.0. Instead of using these arguments to ' + 'configure an authorization/authentication policy pair, use ' + 'a pair of ZCML directives (such as "authtktauthenticationpolicy" ' + 'and "aclauthorizationpolicy" documented within the Security ' + 'chapter in the BFG documentation. If you need to use a custom ' + 'authentication or authorization policy, you should make a ZCML ' + 'directive for it and use that directive within your ' + 'application\'s ZCML') + registry.registerUtility(authentication_policy, IAuthenticationPolicy) + if authorization_policy is None: + authorization_policy = ACLAuthorizationPolicy() + registry.registerUtility(authorization_policy, IAuthorizationPolicy) + populateRegistry(registry, filename, package) if mapper.has_routes(): diff --git a/repoze/bfg/tests/test_router.py b/repoze/bfg/tests/test_router.py index 389920029..b0f75d899 100644 --- a/repoze/bfg/tests/test_router.py +++ b/repoze/bfg/tests/test_router.py @@ -780,8 +780,11 @@ class MakeAppTests(unittest.TestCase): from repoze.bfg.interfaces import IAuthorizationPolicy authzpolicy = DummyContext() from repoze.bfg.tests import routesapp - app = self._callFUT(None, routesapp, authorization_policy=authzpolicy) + logger = DummyLogger() + app = self._callFUT(None, routesapp, authorization_policy=authzpolicy, + debug_logger=logger) self.failIf(app.registry.queryUtility(IAuthorizationPolicy)) + self.assertEqual(logger.messages, []) def test_authentication_policy_no_authorization_policy(self): from repoze.bfg.interfaces import IAuthorizationPolicy @@ -789,12 +792,15 @@ class MakeAppTests(unittest.TestCase): from repoze.bfg.authorization import ACLAuthorizationPolicy authnpolicy = DummyContext() from repoze.bfg.tests import routesapp - app = self._callFUT(None, routesapp, authentication_policy=authnpolicy) + logger = DummyLogger() + app = self._callFUT(None, routesapp, authentication_policy=authnpolicy, + debug_logger=logger) self.assertEqual(app.registry.getUtility(IAuthenticationPolicy), authnpolicy) self.assertEqual( app.registry.getUtility(IAuthorizationPolicy).__class__, ACLAuthorizationPolicy) + self.assertEqual(len(logger.messages), 1) # deprecation warning def test_authentication_policy_and_authorization_policy(self): from repoze.bfg.interfaces import IAuthorizationPolicy @@ -802,12 +808,15 @@ class MakeAppTests(unittest.TestCase): authnpolicy = DummyContext() authzpolicy = DummyContext() from repoze.bfg.tests import routesapp + logger = DummyLogger() app = self._callFUT(None, routesapp, authentication_policy=authnpolicy, - authorization_policy = authzpolicy) + authorization_policy = authzpolicy, + debug_logger=logger) self.assertEqual(app.registry.getUtility(IAuthenticationPolicy), authnpolicy) self.assertEqual(app.registry.getUtility(IAuthorizationPolicy), authzpolicy) + self.assertEqual(len(logger.messages), 1) # deprecation warning class TestDefaultForbiddenView(unittest.TestCase): def _callFUT(self, context, request): -- cgit v1.2.3