- The ``pyramid.interfaces.IAuthenticationPolicy`` interface now specifies an
``unauthenticated_userid`` method. This method supports an important
optimization required by people who are using persistent storages which do
not support object caching and whom want to create a "user object" as a
request attribute.
- A new API has been added to the ``pyramid.security`` module named
``unauthenticated_userid``. This API function calls the
``unauthenticated_userid`` method of the effective security policy.
- An ``unauthenticated_userid`` method has been added to the dummy
authentication policy returned by
``pyramid.config.Configurator.testing_securitypolicy``. It returns the
same thing as that the dummy authentication policy's
``authenticated_userid`` method.
- Since the ``pyramid.interfaces.IAuthenticationPolicy`` interface now
specifies that a policy implementation must implement an
``unauthenticated_userid`` method, all third-party custom authentication
policies now must implement this method. It, however, will only be called
when the global function named ``pyramid.security.unauthenticated_userid``
is invoked, so if you're not invoking that, you will not notice any issues.
- The (non-API) method of all internal authentication policy implementations
previously named ``_get_userid`` is now named ``unauthenticated_userid``,
promoted to an API method. If you were overriding this method, you'll now
need to override it as ``unauthenticated_userid`` instead.