From 0168300b0da3c79e05ec87aa777e04674a86cebb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Araujo?= <earaujo@caravan.coop>
Date: Sat, 14 Dec 2019 13:32:07 -0500
Subject: start reworking security policy

---
 tests/test_security.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index 2a8847f3b..726fbbbf3 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -350,7 +350,7 @@ class TestAuthenticatedUserId(unittest.TestCase):
         request = _makeRequest()
         _registerAuthenticationPolicy(request.registry, 'yo')
         _registerSecurityPolicy(request.registry, 'wat')
-        self.assertEqual(request.authenticated_userid, 'yo')
+        self.assertEqual(request.authenticated_userid, 'wat')
 
     def test_with_security_policy(self):
         request = _makeRequest()
@@ -511,10 +511,7 @@ class TestLegacySecurityPolicy(unittest.TestCase):
         _registerAuthenticationPolicy(request.registry, ['p1', 'p2'])
         _registerAuthorizationPolicy(request.registry, True)
 
-        self.assertIs(
-            policy.permits(request, request.context, 'userid', 'permission'),
-            True,
-        )
+        self.assertTrue(policy.permits(request, request.context, 'permission'))
 
 
 _TEST_HEADER = 'X-Pyramid-Test'
@@ -532,7 +529,10 @@ class DummySecurityPolicy:
     def identify(self, request):
         return self.result
 
-    def permits(self, request, context, identity, permission):
+    def authenticated_userid(self, request):
+        return self.result
+
+    def permits(self, request, context, permission):
         return self.result
 
     def remember(self, request, userid, **kw):
@@ -540,7 +540,7 @@ class DummySecurityPolicy:
         self._header_remembered = headers[0]
         return headers
 
-    def forget(self, request):
+    def forget(self, request, **kw):
         headers = [(_TEST_HEADER, 'logout')]
         self._header_forgotten = headers[0]
         return headers
-- 
cgit v1.2.3


From 0f1ef0d4885ab2fd99d1cf2ccc92886c5519f651 Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sat, 14 Dec 2019 18:45:21 -0600
Subject: Remove failing tests using threadlocal request.

It shoud be okay to remove because threadlocal support was removed from
the security implementation.

However, *I don't understand why they started failing.*  In master,
`get_current_registry` returns a registry object, which DummyRequest
will fall back on, causing the tests to pass and rendering them useless.
On this branch, it returns `None`, causing the tests to fail.  I can't
find any reason in the diff why this would change.  This makes me
nervous.
---
 tests/test_security.py | 36 ------------------------------------
 1 file changed, 36 deletions(-)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index 726fbbbf3..ca28ec190 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -165,15 +165,6 @@ class TestPrincipalsAllowedByPermission(unittest.TestCase):
         result = self._callFUT(context, 'view')
         self.assertEqual(result, [Everyone])
 
-    def test_with_authorization_policy(self):
-        from pyramid.threadlocal import get_current_registry
-
-        registry = get_current_registry()
-        _registerAuthorizationPolicy(registry, 'yo')
-        context = DummyContext()
-        result = self._callFUT(context, 'view')
-        self.assertEqual(result, 'yo')
-
 
 class TestRemember(unittest.TestCase):
     def setUp(self):
@@ -358,15 +349,6 @@ class TestAuthenticatedUserId(unittest.TestCase):
         _registerSecurityPolicy(request.registry, 123)
         self.assertEqual(request.authenticated_userid, '123')
 
-    def test_with_authentication_policy_no_reg_on_request(self):
-        from pyramid.threadlocal import get_current_registry
-
-        registry = get_current_registry()
-        request = _makeRequest()
-        del request.registry
-        _registerAuthenticationPolicy(registry, 'yo')
-        self.assertEqual(request.authenticated_userid, 'yo')
-
 
 class TestUnAuthenticatedUserId(unittest.TestCase):
     def setUp(self):
@@ -390,15 +372,6 @@ class TestUnAuthenticatedUserId(unittest.TestCase):
         _registerSecurityPolicy(request.registry, 'yo')
         self.assertEqual(request.unauthenticated_userid, 'yo')
 
-    def test_with_authentication_policy_no_reg_on_request(self):
-        from pyramid.threadlocal import get_current_registry
-
-        registry = get_current_registry()
-        request = _makeRequest()
-        del request.registry
-        _registerAuthenticationPolicy(registry, 'yo')
-        self.assertEqual(request.unauthenticated_userid, 'yo')
-
 
 class TestEffectivePrincipals(unittest.TestCase):
     def setUp(self):
@@ -418,15 +391,6 @@ class TestEffectivePrincipals(unittest.TestCase):
         _registerAuthenticationPolicy(request.registry, 'yo')
         self.assertEqual(request.effective_principals, 'yo')
 
-    def test_with_authentication_policy_no_reg_on_request(self):
-        from pyramid.threadlocal import get_current_registry
-
-        registry = get_current_registry()
-        request = _makeRequest()
-        del request.registry
-        _registerAuthenticationPolicy(registry, 'yo')
-        self.assertEqual(request.effective_principals, 'yo')
-
 
 class TestHasPermission(unittest.TestCase):
     def setUp(self):
-- 
cgit v1.2.3


From eda8787d00b31dc90164e5c233bfb1cc1f94eaed Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sat, 14 Dec 2019 19:05:47 -0600
Subject: Don't test request.authenticated_userid stringifies the result.

---
 tests/test_security.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index ca28ec190..715d99804 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -345,8 +345,7 @@ class TestAuthenticatedUserId(unittest.TestCase):
 
     def test_with_security_policy(self):
         request = _makeRequest()
-        # Ensure the identity is stringified.
-        _registerSecurityPolicy(request.registry, 123)
+        _registerSecurityPolicy(request.registry, '123')
         self.assertEqual(request.authenticated_userid, '123')
 
 
-- 
cgit v1.2.3


From d699c9ace8028bf74e1c6c3ea085fdf9beeb2586 Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sat, 14 Dec 2019 19:12:01 -0600
Subject: Raise error on kwargs in `LegacySecurityPolicy.forget`.

---
 tests/test_security.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index 715d99804..1c969e305 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -466,6 +466,12 @@ class TestLegacySecurityPolicy(unittest.TestCase):
             policy.forget(request), [('X-Pyramid-Test', 'logout')]
         )
 
+    def test_forget_with_kwargs(self):
+        from pyramid.security import LegacySecurityPolicy
+
+        policy = LegacySecurityPolicy()
+        self.assertRaises(ValueError, lambda: policy.forget(None, foo='bar'))
+
     def test_permits(self):
         from pyramid.security import LegacySecurityPolicy
 
-- 
cgit v1.2.3


From 2e06fa414412688dc3b7e0b422b0fc0b96ec882f Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sat, 14 Dec 2019 20:17:36 -0800
Subject: Bring back identity into permits.

---
 tests/test_security.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index 1c969e305..3896e008d 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -480,7 +480,10 @@ class TestLegacySecurityPolicy(unittest.TestCase):
         _registerAuthenticationPolicy(request.registry, ['p1', 'p2'])
         _registerAuthorizationPolicy(request.registry, True)
 
-        self.assertTrue(policy.permits(request, request.context, 'permission'))
+        self.assertIs(
+            policy.permits(request, request.context, 'userid', 'permission'),
+            True,
+        )
 
 
 _TEST_HEADER = 'X-Pyramid-Test'
@@ -501,7 +504,7 @@ class DummySecurityPolicy:
     def authenticated_userid(self, request):
         return self.result
 
-    def permits(self, request, context, permission):
+    def permits(self, request, context, identity, permission):
         return self.result
 
     def remember(self, request, userid, **kw):
-- 
cgit v1.2.3


From dc4241edd6d433224f62aece153741f7ea63569a Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sat, 14 Dec 2019 22:46:51 -0800
Subject: Fix coverage.

---
 tests/test_security.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index 3896e008d..a555fd7f6 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -165,6 +165,15 @@ class TestPrincipalsAllowedByPermission(unittest.TestCase):
         result = self._callFUT(context, 'view')
         self.assertEqual(result, [Everyone])
 
+    def test_with_authorization_policy(self):
+        from pyramid.threadlocal import get_current_registry
+
+        registry = get_current_registry()
+        _registerAuthorizationPolicy(registry, 'yo')
+        context = DummyContext()
+        result = self._callFUT(context, 'view')
+        self.assertEqual(result, 'yo')
+
 
 class TestRemember(unittest.TestCase):
     def setUp(self):
-- 
cgit v1.2.3


From 32bf9b3669f2ba0c4a0aaf35f4e2cdad8f9314f0 Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sun, 15 Dec 2019 19:55:10 -0800
Subject: Revert "Bring back identity into permits."

This reverts commit 2e06fa414412688dc3b7e0b422b0fc0b96ec882f.
---
 tests/test_security.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'tests/test_security.py')

diff --git a/tests/test_security.py b/tests/test_security.py
index a555fd7f6..f39e3c730 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -489,10 +489,7 @@ class TestLegacySecurityPolicy(unittest.TestCase):
         _registerAuthenticationPolicy(request.registry, ['p1', 'p2'])
         _registerAuthorizationPolicy(request.registry, True)
 
-        self.assertIs(
-            policy.permits(request, request.context, 'userid', 'permission'),
-            True,
-        )
+        self.assertTrue(policy.permits(request, request.context, 'permission'))
 
 
 _TEST_HEADER = 'X-Pyramid-Test'
@@ -513,7 +510,7 @@ class DummySecurityPolicy:
     def authenticated_userid(self, request):
         return self.result
 
-    def permits(self, request, context, identity, permission):
+    def permits(self, request, context, permission):
         return self.result
 
     def remember(self, request, userid, **kw):
-- 
cgit v1.2.3