undeprecate remember/forget functions and remove remember_userid/forget_userid methods from request
| | |
| | | Features |
| | | -------- |
| | | |
| | | - Authentication and authorization APIs have been added as as methods of the |
| | | request: ``request.has_permission``, ``request.forget_userid``, and |
| | | ``request.remember_userid``. |
| | | - An authorization API has been added as a method of the |
| | | request: ``request.has_permission``. |
| | | |
| | | ``request.has_permission`` is a method-based alternative to the |
| | | ``pyramid.security.has_permission`` API and works exactly the same. The |
| | | older API is now deprecated. |
| | | |
| | | ``request.forget_userid`` and ``request.remember_userid`` are method-based |
| | | alternatives to ``pyramid.security.forget`` and |
| | | ``pyramid.security.remember``. These do not work exacly the same as their |
| | | function counterparts, however. These methods automatically set the headers |
| | | returned by the authentication policy on the response, whereas the older |
| | | function-based APIs returned a sequence of headers and required the caller to |
| | | set those headers. The older function-based API still works but is now |
| | | deprecated. |
| | | |
| | | - Property API attributes have been added to the request for easier access to |
| | | authentication data: ``request.authenticated_userid``, |
| | |
| | | current_route_path, static_url, static_path, |
| | | model_url, resource_url, set_property, |
| | | effective_principals, authenticated_userid, |
| | | unauthenticated_userid, has_permission, forget_userid, |
| | | remember_userid |
| | | unauthenticated_userid, has_permission |
| | | |
| | | .. attribute:: context |
| | | |
| | |
| | | subrequest is invoked. This means that it's not available for use on a |
| | | request provided by e.g. the ``pshell`` environment. For more |
| | | information, see :ref:`subrequest_chapter`. |
| | | |
| | | .. automethod:: remember_userid |
| | | |
| | | .. automethod:: forget_userid |
| | | |
| | | .. automethod:: has_permission |
| | | |
| | |
| | | from pyramid.httpexceptions import HTTPFound |
| | | from pyramid.security import ( |
| | | remember, |
| | | forget, |
| | | ) |
| | | |
| | | from pyramid.view import ( |
| | | view_config, |
| | | view_defaults |
| | |
| | | login = request.params['login'] |
| | | password = request.params['password'] |
| | | if USERS.get(login) == password: |
| | | request.remember_userid(login) |
| | | return HTTPFound(location=came_from) |
| | | headers = remember(request, login) |
| | | return HTTPFound(location=came_from, |
| | | headers=headers) |
| | | message = 'Failed login' |
| | | |
| | | return dict( |
| | |
| | | @view_config(route_name='logout') |
| | | def logout(self): |
| | | request = self.request |
| | | request.forget_userid() |
| | | headers = forget(request) |
| | | url = request.route_url('home') |
| | | return HTTPFound(location=url) |
| | | return HTTPFound(location=url, |
| | | headers=headers) |
| | |
| | | from pyramid.httpexceptions import HTTPFound |
| | | from pyramid.security import ( |
| | | remember, |
| | | forget, |
| | | ) |
| | | |
| | | from pyramid.view import ( |
| | | view_config, |
| | | view_defaults, |
| | |
| | | login = request.params['login'] |
| | | password = request.params['password'] |
| | | if USERS.get(login) == password: |
| | | request.remember_userid(login) |
| | | return HTTPFound(location=came_from) |
| | | headers = remember(request, login) |
| | | return HTTPFound(location=came_from, |
| | | headers=headers) |
| | | message = 'Failed login' |
| | | |
| | | return dict( |
| | |
| | | @view_config(route_name='logout') |
| | | def logout(self): |
| | | request = self.request |
| | | request.forget_userid() |
| | | headers = forget(request) |
| | | url = request.route_url('home') |
| | | return HTTPFound(location=url) |
| | | return HTTPFound(location=url, |
| | | headers=headers) |
| | |
| | | head of ``tutorial/tutorial/views.py``: |
| | | |
| | | .. literalinclude:: src/authorization/tutorial/views.py |
| | | :lines: 6-11 |
| | | :lines: 6-13,15-17 |
| | | :linenos: |
| | | :emphasize-lines: 3,6 |
| | | :emphasize-lines: 3,6-9,11 |
| | | :language: python |
| | | |
| | | (Only the highlighted lines, with other necessary modifications, |
| | | need to be added.) |
| | | |
| | | :func:`~pyramid.view.forbidden_view_config` will be used |
| | | :meth:`~pyramid.view.forbidden_view_config` will be used |
| | | to customize the default 403 Forbidden page. |
| | | :meth:`~pyramid.request.Request.remember_userid` and |
| | | :meth:`~pyramid.request.Request.forget_userid` help to create and |
| | | :meth:`~pyramid.security.remember` and |
| | | :meth:`~pyramid.security.forget` help to create and |
| | | expire an auth ticket cookie. |
| | | |
| | | Now add the ``login`` and ``logout`` views: |
| | | |
| | | .. literalinclude:: src/authorization/tutorial/views.py |
| | | :lines: 76-102 |
| | | :lines: 82-120 |
| | | :linenos: |
| | | :language: python |
| | | |
| | |
| | | (Only the highlighted line and a trailing comma on the preceding |
| | | line need to be added.) |
| | | |
| | | :attr:`~pyramid.request.Request.authenticated_userid` will return ``None`` |
| | | if the user is not authenticated, or a user id if the user is |
| | | authenticated. |
| | | The :meth:`pyramid.request.Request.authenticated_userid` will be ``None`` if |
| | | the user is not authenticated, or a user id if the user is authenticated. |
| | | |
| | | Add a "Logout" link when logged in |
| | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| | |
| | | |
| | | .. literalinclude:: src/authorization/tutorial/views.py |
| | | :linenos: |
| | | :emphasize-lines: 8,11,18,23,42,46,62,66,74,80,76-107 |
| | | :emphasize-lines: 8,11-15,17,24,29,48,52,68,72,80,82-120 |
| | | :language: python |
| | | |
| | | (Only the highlighted lines need to be added.) |
| | |
| | | forbidden_view_config, |
| | | ) |
| | | |
| | | from pyramid.security import ( |
| | | remember, |
| | | forget, |
| | | ) |
| | | |
| | | |
| | | from .security import USERS |
| | | from .models import Page |
| | | |
| | |
| | | login = request.params['login'] |
| | | password = request.params['password'] |
| | | if USERS.get(login) == password: |
| | | request.remember_userid(login) |
| | | return HTTPFound(location=came_from) |
| | | headers = remember(request, login) |
| | | return HTTPFound(location = came_from, |
| | | headers = headers) |
| | | message = 'Failed login' |
| | | |
| | | return dict( |
| | |
| | | |
| | | @view_config(context='.models.Wiki', name='logout') |
| | | def logout(request): |
| | | request.forget_userid() |
| | | return HTTPFound(location=request.resource_url(request.context)) |
| | | headers = forget(request) |
| | | return HTTPFound(location = request.resource_url(request.context), |
| | | headers = headers) |
| | |
| | | forbidden_view_config, |
| | | ) |
| | | |
| | | from pyramid.security import ( |
| | | remember, |
| | | forget, |
| | | ) |
| | | |
| | | |
| | | from .security import USERS |
| | | from .models import Page |
| | | |
| | |
| | | login = request.params['login'] |
| | | password = request.params['password'] |
| | | if USERS.get(login) == password: |
| | | request.remember_userid(login) |
| | | return HTTPFound(location=came_from) |
| | | headers = remember(request, login) |
| | | return HTTPFound(location = came_from, |
| | | headers = headers) |
| | | message = 'Failed login' |
| | | |
| | | return dict( |
| | |
| | | |
| | | @view_config(context='.models.Wiki', name='logout') |
| | | def logout(request): |
| | | request.forget_userid() |
| | | return HTTPFound(location=request.resource_url(request.context)) |
| | | headers = forget(request) |
| | | return HTTPFound(location = request.resource_url(request.context), |
| | | headers = headers) |
| | |
| | | head of ``tutorial/tutorial/views.py``: |
| | | |
| | | .. literalinclude:: src/authorization/tutorial/views.py |
| | | :lines: 9-12,19 |
| | | :lines: 9-19 |
| | | :linenos: |
| | | :emphasize-lines: 3,5 |
| | | :emphasize-lines: 3,6-9,11 |
| | | :language: python |
| | | |
| | | (Only the highlighted lines need to be added.) |
| | | |
| | | :func:`~pyramid.view.forbidden_view_config` will be used |
| | | :meth:`~pyramid.view.forbidden_view_config` will be used |
| | | to customize the default 403 Forbidden page. |
| | | :meth:`~pyramid.request.Request.remember_userid` and |
| | | :meth:`~pyramid.request.Request.forget_userid` help to create and |
| | | :meth:`~pyramid.security.remember` and |
| | | :meth:`~pyramid.security.forget` help to create and |
| | | expire an auth ticket cookie. |
| | | |
| | | Now add the ``login`` and ``logout`` views: |
| | | |
| | | .. literalinclude:: src/authorization/tutorial/views.py |
| | | :lines: 85-115 |
| | | :lines: 91-123 |
| | | :linenos: |
| | | :language: python |
| | | |
| | |
| | | |
| | | (Only the highlighted line needs to be added.) |
| | | |
| | | The :attr:`~pyramid.request.Request.authenticated_userid` property will return |
| | | The :meth:`~pyramid.request.Request.authenticated_userid` property will be |
| | | ``None`` if the user is not authenticated. |
| | | |
| | | Add a "Logout" link when logged in |
| | |
| | | |
| | | .. literalinclude:: src/authorization/tutorial/views.py |
| | | :linenos: |
| | | :emphasize-lines: 11,19,25,31,52,55,67,70,82,85-115 |
| | | :emphasize-lines: 11,14-19,25,31,37,58,61,73,76,88,91-117,119-123 |
| | | :language: python |
| | | |
| | | (Only the highlighted lines need to be added.) |
| | |
| | | forbidden_view_config, |
| | | ) |
| | | |
| | | from pyramid.security import ( |
| | | remember, |
| | | forget, |
| | | ) |
| | | |
| | | from .security import USERS |
| | | |
| | | from .models import ( |
| | | DBSession, |
| | | Page, |
| | | ) |
| | | |
| | | from .security import USERS |
| | | |
| | | # regular expression used to find WikiWords |
| | | wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)") |
| | |
| | | pagename=pagename)) |
| | | return dict( |
| | | page=page, |
| | | save_url = request.route_url('edit_page', pagename=pagename), |
| | | logged_in=request.authenticated_userid, |
| | | save_url=request.route_url('edit_page', pagename=pagename), |
| | | logged_in=request.authenticated_userid |
| | | ) |
| | | |
| | | @view_config(route_name='login', renderer='templates/login.pt') |
| | |
| | | login = request.params['login'] |
| | | password = request.params['password'] |
| | | if USERS.get(login) == password: |
| | | request.remember_userid(login) |
| | | return HTTPFound(location = came_from) |
| | | headers = remember(request, login) |
| | | return HTTPFound(location = came_from, |
| | | headers = headers) |
| | | message = 'Failed login' |
| | | |
| | | return dict( |
| | |
| | | |
| | | @view_config(route_name='logout') |
| | | def logout(request): |
| | | request.forget_userid() |
| | | return HTTPFound(location = request.route_url('view_wiki')) |
| | | headers = forget(request) |
| | | return HTTPFound(location = request.route_url('view_wiki'), |
| | | headers = headers) |
| | | |
| | |
| | | forbidden_view_config, |
| | | ) |
| | | |
| | | from pyramid.security import ( |
| | | remember, |
| | | forget, |
| | | ) |
| | | |
| | | from .security import USERS |
| | | |
| | | from .models import ( |
| | | DBSession, |
| | | Page, |
| | | ) |
| | | |
| | | from .security import USERS |
| | | |
| | | # regular expression used to find WikiWords |
| | | wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)") |
| | |
| | | pagename=pagename)) |
| | | return dict( |
| | | page=page, |
| | | save_url = request.route_url('edit_page', pagename=pagename), |
| | | logged_in=request.authenticated_userid, |
| | | save_url=request.route_url('edit_page', pagename=pagename), |
| | | logged_in=request.authenticated_userid |
| | | ) |
| | | |
| | | @view_config(route_name='login', renderer='templates/login.pt') |
| | |
| | | login = request.params['login'] |
| | | password = request.params['password'] |
| | | if USERS.get(login) == password: |
| | | request.remember_userid(login) |
| | | return HTTPFound(location = came_from) |
| | | headers = remember(request, login) |
| | | return HTTPFound(location = came_from, |
| | | headers = headers) |
| | | message = 'Failed login' |
| | | |
| | | return dict( |
| | |
| | | |
| | | @view_config(route_name='logout') |
| | | def logout(request): |
| | | request.forget_userid() |
| | | return HTTPFound(location = request.route_url('view_wiki')) |
| | | |
| | | headers = forget(request) |
| | | return HTTPFound(location = request.route_url('view_wiki'), |
| | | headers = headers) |
| | |
| | | reg = get_current_registry() # b/c |
| | | return reg |
| | | |
| | | def _get_authentication_policy(request): |
| | | registry = _get_registry(request) |
| | | return registry.queryUtility(IAuthenticationPolicy) |
| | | |
| | | def has_permission(permission, context, request): |
| | | """ |
| | | A function that calls |
| | |
| | | |
| | | def remember(request, principal, **kw): |
| | | """ |
| | | Returns a sequence of header tuples (e.g. ``[('Set-Cookie', |
| | | 'foo=abc')]``) on this request's response. |
| | | Returns a sequence of header tuples (e.g. ``[('Set-Cookie', 'foo=abc')]``) |
| | | on this request's response. |
| | | These headers are suitable for 'remembering' a set of credentials |
| | | implied by the data passed as ``principal`` and ``*kw`` using the |
| | | current :term:`authentication policy`. Common usage might look |
| | |
| | | |
| | | from pyramid.security import remember |
| | | headers = remember(request, 'chrism', password='123', max_age='86400') |
| | | response = request.response |
| | | response.headerlist.extend(headers) |
| | | return response |
| | | |
| | |
| | | always return an empty sequence. If used, the composition and |
| | | meaning of ``**kw`` must be agreed upon by the calling code and |
| | | the effective authentication policy. |
| | | |
| | | .. deprecated:: 1.5 |
| | | Use :meth:`pyramid.request.Request.remember_userid` instead. |
| | | but be sure to read its docs first; the remember_userid method is not an |
| | | exact analog of the remember function, because it sets headers instead |
| | | of returning them. |
| | | """ |
| | | return request._remember_userid(principal, **kw) |
| | | |
| | | deprecated( |
| | | 'remember', |
| | | 'As of Pyramid 1.5 the "pyramid.security.remember" API is ' |
| | | 'now deprecated. It will be removed in Pyramd 1.8. Use the ' |
| | | '"remember_userid" method of the Pyramid request instead, but be sure to ' |
| | | 'read the docs first; the remember_userid method is not an exact analog of ' |
| | | 'the remember function, because it sets headers instead of returning them.' |
| | | ) |
| | | policy = _get_authentication_policy(request) |
| | | if policy is None: |
| | | return [] |
| | | return policy.remember(request, principal, **kw) |
| | | |
| | | def forget(request): |
| | | """ |
| | |
| | | always return an empty sequence. |
| | | |
| | | .. deprecated:: 1.5 |
| | | Use :meth:`pyramid.request.Request.forget_userid` instead. |
| | | but be sure to read its docs first; the forget_userid method is not an |
| | | exact analog of the forget function, because it sets headers instead |
| | | of returning them. |
| | | Use :meth:`pyramid.request.Request.get_logout_headers` instead. |
| | | """ |
| | | return request._forget_userid() |
| | | |
| | | deprecated( |
| | | 'forget', |
| | | 'As of Pyramid 1.5 the "pyramid.security.forget" API is ' |
| | | 'now deprecated. It will be removed in Pyramd 1.8. Use the ' |
| | | '"forget_user" method of the Pyramid request instead, but be sure to ' |
| | | 'read the docs first; the forget_userid method is not an exact analog of ' |
| | | 'the forget function, because it sets headers instead of returning them.' |
| | | ) |
| | | policy = _get_authentication_policy(request) |
| | | if policy is None: |
| | | return [] |
| | | return policy.forget(request) |
| | | |
| | | def principals_allowed_by_permission(context, permission): |
| | | """ Provided a ``context`` (a resource object), and a ``permission`` |
| | |
| | | return [Everyone] |
| | | return policy.effective_principals(self) |
| | | |
| | | # b/c |
| | | def _remember_userid(self, principal, **kw): |
| | | policy = self._get_authentication_policy() |
| | | if policy is None: |
| | | return [] |
| | | return policy.remember(self, principal, **kw) |
| | | |
| | | def remember_userid(self, principal, on_exception=False, **kw): |
| | | """ Using a response callback, sets authentication headers on the |
| | | response eventually returned by the view executed by this request |
| | | suitable for loggin a user in. These headers are used for |
| | | 'remembering' a set of credentials implied by the data passed as |
| | | ``principal`` and ``*kw`` using the current :term:`authentication |
| | | policy`. Common usage might look like so within the body of a view |
| | | function: |
| | | |
| | | .. code-block:: python |
| | | |
| | | request.remember_userid('chrism', password='123', max_age='86400') |
| | | |
| | | This method always returns ``None``; it is called only for its side |
| | | effects. |
| | | |
| | | If no :term:`authentication policy` is in use, this function will |
| | | do nothing. If used, the composition and |
| | | meaning of ``**kw`` must be agreed upon by the calling code and |
| | | the effective authentication policy. |
| | | |
| | | One special keyword value is understood by this method: |
| | | ``on_exception``. Usually if an exception occurs within the same |
| | | request after this method is called, the headers provided by the |
| | | authentication policy will not be set on the response. If |
| | | ``on_exception`` is passed, and as ``True``, then the headers will be |
| | | set on the response even if an exception is later raised. By default |
| | | this value is ``False``. |
| | | |
| | | .. versionadded:: 1.5 |
| | | |
| | | """ |
| | | def callback(req, response): |
| | | # do not set the headers on an exception unless explicitly |
| | | # instructed |
| | | exc = getattr(req, 'exception', None) |
| | | if exc is None or on_exception: |
| | | # NB: this call to _remember_userid should be exactly here |
| | | # because some policies actually add another response callback |
| | | # when their remember method is called, and we dont want them |
| | | # to do that if there's an exception in the default case. |
| | | headers = req._remember_userid(principal, **kw) |
| | | response.headerlist.extend(headers) |
| | | self.add_response_callback(callback) |
| | | |
| | | # b/c |
| | | def _forget_userid(self): |
| | | policy = self._get_authentication_policy() |
| | | if policy is None: |
| | | return [] |
| | | return policy.forget(self) |
| | | |
| | | def forget_userid(self, on_exception=False): |
| | | """ Using a response callback, sets authentication headers suitable for |
| | | logging a user out on the response returned by the view executed during |
| | | this request based on the current :term:`authentication policy`. |
| | | |
| | | If no :term:`authentication policy` is in use, this function will |
| | | be a noop. |
| | | |
| | | This method always returns ``None``; it is called only for its side |
| | | effects. |
| | | |
| | | One special keyword value is understood by this method: |
| | | ``on_exception``. Usually if an exception occurs within the same |
| | | request after this method is called, the headers provided by the |
| | | authentication policy will not be set on the response. If |
| | | ``on_exception`` is passed, and as ``True``, then the headers will be |
| | | set on the response even if an exception is later raised. By default |
| | | this value is ``False``. |
| | | |
| | | .. versionadded:: 1.5 |
| | | """ |
| | | def callback(req, response): |
| | | exc = getattr(req, 'exception', None) |
| | | if exc is None or on_exception: |
| | | # NB: this call to _forget_userid should be exactly here |
| | | # because some policies actually add another response callback |
| | | # when their forget method is called, and we dont want them |
| | | # to do that if there's an exception in the default case. |
| | | headers = req._forget_userid() |
| | | response.headerlist.extend(headers) |
| | | self.add_response_callback(callback) |
| | | |
| | | class AuthorizationAPIMixin(object): |
| | | |
| | | def has_permission(self, permission, context=None): |
| | |
| | | self.assertEqual(ut.permissive, False) |
| | | |
| | | def test_testing_securitypolicy_remember_result(self): |
| | | from pyramid.security import remember |
| | | config = self._makeOne(autocommit=True) |
| | | pol = config.testing_securitypolicy( |
| | | 'user', ('group1', 'group2'), |
| | | permissive=False, |
| | | remember_result=[('X-Pyramid-Test', True)]) |
| | | permissive=False, remember_result=True) |
| | | request = DummyRequest() |
| | | request.registry = config.registry |
| | | request.remember_userid('fred') |
| | | val = remember(request, 'fred') |
| | | self.assertEqual(pol.remembered, 'fred') |
| | | val = dict(request.response.headerlist).get('X-Pyramid-Test') |
| | | self.assertEqual(val, True) |
| | | |
| | | def test_testing_securitypolicy_forget_result(self): |
| | | from pyramid.security import forget |
| | | config = self._makeOne(autocommit=True) |
| | | pol = config.testing_securitypolicy( |
| | | 'user', ('group1', 'group2'), |
| | | permissive=False, |
| | | forget_result=[('X-Pyramid-Test', True)]) |
| | | permissive=False, forget_result=True) |
| | | request = DummyRequest() |
| | | request.registry = config.registry |
| | | request.response = DummyResponse() |
| | | request.forget_userid() |
| | | val = forget(request) |
| | | self.assertEqual(pol.forgotten, True) |
| | | val = dict(request.response.headerlist).get('X-Pyramid-Test') |
| | | self.assertTrue(val) |
| | | self.assertEqual(val, True) |
| | | |
| | | def test_testing_resources(self): |
| | | from pyramid.traversal import find_resource |
| | |
| | | class DummyEvent: |
| | | pass |
| | | |
| | | class DummyResponse(object): |
| | | def __init__(self): |
| | | self.headers = [] |
| | | |
| | | @property |
| | | def headerlist(self): |
| | | return self.headers |
| | | |
| | | class DummyRequest(AuthenticationAPIMixin, AuthorizationAPIMixin): |
| | | subpath = () |
| | | matchdict = None |
| | | def __init__(self, environ=None): |
| | | if environ is None: |
| | | environ = {} |
| | | self.environ = environ |
| | | self.params = {} |
| | | self.cookies = {} |
| | | self.response = DummyResponse() |
| | | |
| | | def add_response_callback(self, callback): |
| | | callback(self, self.response) |
| | |
| | | result = self._callFUT(context, 'view') |
| | | self.assertEqual(result, 'yo') |
| | | |
| | | class TestRemember(unittest.TestCase): |
| | | def setUp(self): |
| | | testing.setUp() |
| | | |
| | | def tearDown(self): |
| | | testing.tearDown() |
| | | |
| | | def _callFUT(self, *arg): |
| | | from pyramid.security import remember |
| | | return remember(*arg) |
| | | |
| | | def test_no_authentication_policy(self): |
| | | request = _makeRequest() |
| | | result = self._callFUT(request, 'me') |
| | | self.assertEqual(result, []) |
| | | |
| | | def test_with_authentication_policy(self): |
| | | request = _makeRequest() |
| | | registry = request.registry |
| | | _registerAuthenticationPolicy(registry, 'yo') |
| | | result = self._callFUT(request, 'me') |
| | | self.assertEqual(result, [('X-Pyramid-Test', 'me')]) |
| | | |
| | | def test_with_authentication_policy_no_reg_on_request(self): |
| | | from pyramid.threadlocal import get_current_registry |
| | | registry = get_current_registry() |
| | | request = _makeRequest() |
| | | del request.registry |
| | | _registerAuthenticationPolicy(registry, 'yo') |
| | | result = self._callFUT(request, 'me') |
| | | self.assertEqual(result, [('X-Pyramid-Test', 'me')]) |
| | | |
| | | class TestForget(unittest.TestCase): |
| | | def setUp(self): |
| | | testing.setUp() |
| | | |
| | | def tearDown(self): |
| | | testing.tearDown() |
| | | |
| | | def _callFUT(self, *arg): |
| | | from pyramid.security import forget |
| | | return forget(*arg) |
| | | |
| | | def test_no_authentication_policy(self): |
| | | request = _makeRequest() |
| | | result = self._callFUT(request) |
| | | self.assertEqual(result, []) |
| | | |
| | | def test_with_authentication_policy(self): |
| | | request = _makeRequest() |
| | | _registerAuthenticationPolicy(request.registry, 'yo') |
| | | result = self._callFUT(request) |
| | | self.assertEqual(result, [('X-Pyramid-Test', 'logout')]) |
| | | |
| | | def test_with_authentication_policy_no_reg_on_request(self): |
| | | from pyramid.threadlocal import get_current_registry |
| | | registry = get_current_registry() |
| | | request = _makeRequest() |
| | | del request.registry |
| | | _registerAuthenticationPolicy(registry, 'yo') |
| | | result = self._callFUT(request) |
| | | self.assertEqual(result, [('X-Pyramid-Test', 'logout')]) |
| | | |
| | | class TestViewExecutionPermitted(unittest.TestCase): |
| | | def setUp(self): |
| | | testing.setUp() |
| | |
| | | _registerAuthenticationPolicy(registry, 'yo') |
| | | self.assertEqual(request.effective_principals, 'yo') |
| | | |
| | | class TestRememberUserId(unittest.TestCase): |
| | | principal = 'the4th' |
| | | |
| | | def setUp(self): |
| | | testing.setUp() |
| | | |
| | | def tearDown(self): |
| | | testing.tearDown() |
| | | |
| | | def assert_response_headers(self, request, expected_headers): |
| | | request._process_response_callbacks(request.response) |
| | | headers = request.response.headerlist |
| | | self.assertEqual(list(expected_headers), list(headers)) |
| | | |
| | | def test_backward_compat_delegates_to_mixin(self): |
| | | from zope.deprecation import __show__ |
| | | try: |
| | | __show__.off() |
| | | request = _makeFakeRequest() |
| | | from pyramid.security import remember |
| | | self.assertEqual( |
| | | remember(request, 'matt'), |
| | | [('X-Pyramid-Test', 'remember_userid')] |
| | | ) |
| | | finally: |
| | | __show__.on() |
| | | |
| | | def test_with_no_authentication_policy(self): |
| | | request = _makeRequest() |
| | | headers_before = request.response.headerlist |
| | | request.remember_userid(self.principal) |
| | | self.assert_response_headers(request, headers_before) |
| | | |
| | | def test_with_authentication_policy(self): |
| | | request = _makeRequest() |
| | | headers_before = request.response.headerlist |
| | | expected_headers = headers_before[:] + [(_TEST_HEADER, self.principal)] |
| | | _registerAuthenticationPolicy(request.registry, self.principal) |
| | | request.remember_userid(self.principal) |
| | | self.assert_response_headers(request, expected_headers) |
| | | |
| | | def test_with_authentication_policy_no_reg_on_request(self): |
| | | from pyramid.threadlocal import get_current_registry |
| | | registry = get_current_registry() |
| | | request = _makeRequest() |
| | | del request.registry |
| | | _registerAuthenticationPolicy(registry, self.principal) |
| | | headers_before = request.response.headerlist |
| | | request.remember_userid(self.principal) |
| | | expected_headers = headers_before[:] + [(_TEST_HEADER, self.principal)] |
| | | self.assert_response_headers(request, expected_headers) |
| | | |
| | | def test_request_has_exception_attr_no_on_exception_flag(self): |
| | | request = _makeRequest() |
| | | headers_before = request.response.headerlist |
| | | _registerAuthenticationPolicy(request.registry, self.principal) |
| | | request.exception = True |
| | | request.remember_userid(self.principal) |
| | | self.assert_response_headers(request, headers_before) |
| | | |
| | | def test_request_has_exception_attr_with_on_exception_flag(self): |
| | | request = _makeRequest() |
| | | headers_before = request.response.headerlist |
| | | _registerAuthenticationPolicy(request.registry, self.principal) |
| | | request.exception = True |
| | | request.remember_userid(self.principal, on_exception=True) |
| | | expected_headers = headers_before[:] + [(_TEST_HEADER, self.principal)] |
| | | self.assert_response_headers(request, expected_headers) |
| | | |
| | | class TestForgetUserId(unittest.TestCase): |
| | | principal = 'me-not' |
| | | |
| | | def setUp(self): |
| | | testing.setUp() |
| | | |
| | | def tearDown(self): |
| | | testing.tearDown() |
| | | |
| | | def assert_response_headers(self, request, expected_headers): |
| | | request._process_response_callbacks(request.response) |
| | | headers = request.response.headerlist |
| | | self.assertEqual(list(expected_headers), list(headers)) |
| | | |
| | | def _makeOne(self): |
| | | request = _makeRequest() |
| | | request.response.headers.add(_TEST_HEADER, self.principal) |
| | | return request |
| | | |
| | | def test_backward_compat_delegates_to_mixin(self): |
| | | from zope.deprecation import __show__ |
| | | try: |
| | | __show__.off() |
| | | request = _makeFakeRequest() |
| | | from pyramid.security import forget |
| | | self.assertEqual( |
| | | forget(request), |
| | | [('X-Pyramid-Test', 'forget_userid')], |
| | | ) |
| | | finally: |
| | | __show__.on() |
| | | |
| | | def test_with_no_authentication_policy(self): |
| | | request = self._makeOne() |
| | | headers_before = request.response.headerlist |
| | | request.forget_userid() |
| | | self.assert_response_headers(request, headers_before) |
| | | |
| | | def test_with_authentication_policy(self): |
| | | request = self._makeOne() |
| | | headers_before = request.response.headerlist |
| | | expected_headers = headers_before[:] + [(_TEST_HEADER, 'forget_userid')] |
| | | _registerAuthenticationPolicy(request.registry, self.principal) |
| | | request.forget_userid() |
| | | self.assert_response_headers(request, expected_headers) |
| | | |
| | | def test_with_authentication_policy_no_reg_on_request(self): |
| | | from pyramid.threadlocal import get_current_registry |
| | | registry = get_current_registry() |
| | | request = self._makeOne() |
| | | del request.registry |
| | | _registerAuthenticationPolicy(registry, self.principal) |
| | | headers_before = request.response.headerlist |
| | | request.forget_userid() |
| | | expected_headers = headers_before[:] + [(_TEST_HEADER, 'forget_userid')] |
| | | self.assert_response_headers(request, expected_headers) |
| | | |
| | | def test_request_has_exception_attr_no_on_exception_flag(self): |
| | | request = self._makeOne() |
| | | headers_before = request.response.headerlist |
| | | _registerAuthenticationPolicy(request.registry, self.principal) |
| | | request.exception = True |
| | | request.forget_userid() |
| | | self.assert_response_headers(request, headers_before) |
| | | |
| | | def test_request_has_exception_attr_with_on_exception_flag(self): |
| | | request = self._makeOne() |
| | | headers_before = request.response.headerlist |
| | | _registerAuthenticationPolicy(request.registry, self.principal) |
| | | request.exception = True |
| | | request.forget_userid(on_exception=True) |
| | | expected_headers = headers_before[:] + [(_TEST_HEADER, 'forget_userid')] |
| | | self.assert_response_headers(request, expected_headers) |
| | | |
| | | class TestHasPermission(unittest.TestCase): |
| | | def setUp(self): |
| | | testing.setUp() |
| | |
| | | return headers |
| | | |
| | | def forget(self, request): |
| | | headers = [(_TEST_HEADER, 'forget_userid')] |
| | | headers = [(_TEST_HEADER, 'logout')] |
| | | self._header_forgotten = headers[0] |
| | | return headers |
| | | |
| | |
| | | @property |
| | | def effective_principals(req): |
| | | return 'effective_principals' |
| | | |
| | | def _forget_userid(req): |
| | | return [('X-Pyramid-Test', 'forget_userid')] |
| | | |
| | | def _remember_userid(req, principal, **kw): |
| | | return [('X-Pyramid-Test', 'remember_userid')] |
| | | |
| | | return FakeRequest({}) |
| | | |