Permalink
Browse files

undeprecate remember/forget functions and remove remember_userid/forg…

…et_userid methods from request
  • Loading branch information...
1 parent c126033 commit 0dcd56c2c30863c6683c0cf442aa73dfdcd11b13 @mcdonc mcdonc committed Nov 9, 2013
View
@@ -4,23 +4,13 @@ Unreleased
Features
--------
-- Authentication and authorization APIs have been added as as methods of the
- request: ``request.has_permission``, ``request.forget_userid``, and
- ``request.remember_userid``.
+- An authorization API has been added as a method of the
+ request: ``request.has_permission``.
``request.has_permission`` is a method-based alternative to the
``pyramid.security.has_permission`` API and works exactly the same. The
older API is now deprecated.
- ``request.forget_userid`` and ``request.remember_userid`` are method-based
- alternatives to ``pyramid.security.forget`` and
- ``pyramid.security.remember``. These do not work exacly the same as their
- function counterparts, however. These methods automatically set the headers
- returned by the authentication policy on the response, whereas the older
- function-based APIs returned a sequence of headers and required the caller to
- set those headers. The older function-based API still works but is now
- deprecated.
-
- Property API attributes have been added to the request for easier access to
authentication data: ``request.authenticated_userid``,
``request.unauthenticated_userid``, and ``request.effective_principals``.
View
@@ -13,8 +13,7 @@
current_route_path, static_url, static_path,
model_url, resource_url, set_property,
effective_principals, authenticated_userid,
- unauthenticated_userid, has_permission, forget_userid,
- remember_userid
+ unauthenticated_userid, has_permission
.. attribute:: context
@@ -254,10 +253,6 @@
request provided by e.g. the ``pshell`` environment. For more
information, see :ref:`subrequest_chapter`.
- .. automethod:: remember_userid
-
- .. automethod:: forget_userid
-
.. automethod:: has_permission
.. automethod:: add_response_callback
@@ -1,4 +1,9 @@
from pyramid.httpexceptions import HTTPFound
+from pyramid.security import (
+ remember,
+ forget,
+ )
+
from pyramid.view import (
view_config,
view_defaults
@@ -36,8 +41,9 @@ def login(self):
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
- request.remember_userid(login)
- return HTTPFound(location=came_from)
+ headers = remember(request, login)
+ return HTTPFound(location=came_from,
+ headers=headers)
message = 'Failed login'
return dict(
@@ -52,6 +58,7 @@ def login(self):
@view_config(route_name='logout')
def logout(self):
request = self.request
- request.forget_userid()
+ headers = forget(request)
url = request.route_url('home')
- return HTTPFound(location=url)
+ return HTTPFound(location=url,
+ headers=headers)
@@ -1,4 +1,9 @@
from pyramid.httpexceptions import HTTPFound
+from pyramid.security import (
+ remember,
+ forget,
+ )
+
from pyramid.view import (
view_config,
view_defaults,
@@ -38,8 +43,9 @@ def login(self):
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
- request.remember_userid(login)
- return HTTPFound(location=came_from)
+ headers = remember(request, login)
+ return HTTPFound(location=came_from,
+ headers=headers)
message = 'Failed login'
return dict(
@@ -54,6 +60,7 @@ def login(self):
@view_config(route_name='logout')
def logout(self):
request = self.request
- request.forget_userid()
+ headers = forget(request)
url = request.route_url('home')
- return HTTPFound(location=url)
+ return HTTPFound(location=url,
+ headers=headers)
@@ -197,24 +197,24 @@ Add the following import statements to the
head of ``tutorial/tutorial/views.py``:
.. literalinclude:: src/authorization/tutorial/views.py
- :lines: 6-11
+ :lines: 6-13,15-17
:linenos:
- :emphasize-lines: 3,6
+ :emphasize-lines: 3,6-9,11
:language: python
(Only the highlighted lines, with other necessary modifications,
need to be added.)
-:func:`~pyramid.view.forbidden_view_config` will be used
+:meth:`~pyramid.view.forbidden_view_config` will be used
to customize the default 403 Forbidden page.
-:meth:`~pyramid.request.Request.remember_userid` and
-:meth:`~pyramid.request.Request.forget_userid` help to create and
+:meth:`~pyramid.security.remember` and
+:meth:`~pyramid.security.forget` help to create and
expire an auth ticket cookie.
Now add the ``login`` and ``logout`` views:
.. literalinclude:: src/authorization/tutorial/views.py
- :lines: 76-102
+ :lines: 82-120
:linenos:
:language: python
@@ -267,9 +267,8 @@ like this:
(Only the highlighted line and a trailing comma on the preceding
line need to be added.)
-:attr:`~pyramid.request.Request.authenticated_userid` will return ``None``
-if the user is not authenticated, or a user id if the user is
-authenticated.
+The :meth:`pyramid.request.Request.authenticated_userid` will be ``None`` if
+the user is not authenticated, or a user id if the user is authenticated.
Add a "Logout" link when logged in
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -317,7 +316,7 @@ when we're done:
.. literalinclude:: src/authorization/tutorial/views.py
:linenos:
- :emphasize-lines: 8,11,18,23,42,46,62,66,74,80,76-107
+ :emphasize-lines: 8,11-15,17,24,29,48,52,68,72,80,82-120
:language: python
(Only the highlighted lines need to be added.)
@@ -8,6 +8,12 @@
forbidden_view_config,
)
+from pyramid.security import (
+ remember,
+ forget,
+ )
+
+
from .security import USERS
from .models import Page
@@ -89,8 +95,9 @@ def login(request):
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
- request.remember_userid(login)
- return HTTPFound(location=came_from)
+ headers = remember(request, login)
+ return HTTPFound(location = came_from,
+ headers = headers)
message = 'Failed login'
return dict(
@@ -103,5 +110,6 @@ def login(request):
@view_config(context='.models.Wiki', name='logout')
def logout(request):
- request.forget_userid()
- return HTTPFound(location=request.resource_url(request.context))
+ headers = forget(request)
+ return HTTPFound(location = request.resource_url(request.context),
+ headers = headers)
@@ -8,6 +8,12 @@
forbidden_view_config,
)
+from pyramid.security import (
+ remember,
+ forget,
+ )
+
+
from .security import USERS
from .models import Page
@@ -89,8 +95,9 @@ def login(request):
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
- request.remember_userid(login)
- return HTTPFound(location=came_from)
+ headers = remember(request, login)
+ return HTTPFound(location = came_from,
+ headers = headers)
message = 'Failed login'
return dict(
@@ -103,5 +110,6 @@ def login(request):
@view_config(context='.models.Wiki', name='logout')
def logout(request):
- request.forget_userid()
- return HTTPFound(location=request.resource_url(request.context))
+ headers = forget(request)
+ return HTTPFound(location = request.resource_url(request.context),
+ headers = headers)
@@ -221,23 +221,23 @@ Add the following import statements to the
head of ``tutorial/tutorial/views.py``:
.. literalinclude:: src/authorization/tutorial/views.py
- :lines: 9-12,19
+ :lines: 9-19
:linenos:
- :emphasize-lines: 3,5
+ :emphasize-lines: 3,6-9,11
:language: python
(Only the highlighted lines need to be added.)
-:func:`~pyramid.view.forbidden_view_config` will be used
+:meth:`~pyramid.view.forbidden_view_config` will be used
to customize the default 403 Forbidden page.
-:meth:`~pyramid.request.Request.remember_userid` and
-:meth:`~pyramid.request.Request.forget_userid` help to create and
+:meth:`~pyramid.security.remember` and
+:meth:`~pyramid.security.forget` help to create and
expire an auth ticket cookie.
Now add the ``login`` and ``logout`` views:
.. literalinclude:: src/authorization/tutorial/views.py
- :lines: 85-115
+ :lines: 91-123
:linenos:
:language: python
@@ -289,7 +289,7 @@ like this:
(Only the highlighted line needs to be added.)
-The :attr:`~pyramid.request.Request.authenticated_userid` property will return
+The :meth:`~pyramid.request.Request.authenticated_userid` property will be
``None`` if the user is not authenticated.
Add a "Logout" link when logged in
@@ -338,7 +338,7 @@ when we're done:
.. literalinclude:: src/authorization/tutorial/views.py
:linenos:
- :emphasize-lines: 11,19,25,31,52,55,67,70,82,85-115
+ :emphasize-lines: 11,14-19,25,31,37,58,61,73,76,88,91-117,119-123
:language: python
(Only the highlighted lines need to be added.)
@@ -11,12 +11,18 @@
forbidden_view_config,
)
+from pyramid.security import (
+ remember,
+ forget,
+ )
+
+from .security import USERS
+
from .models import (
DBSession,
Page,
)
-from .security import USERS
# regular expression used to find WikiWords
wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)")
@@ -78,8 +84,8 @@ def edit_page(request):
pagename=pagename))
return dict(
page=page,
- save_url = request.route_url('edit_page', pagename=pagename),
- logged_in=request.authenticated_userid,
+ save_url=request.route_url('edit_page', pagename=pagename),
+ logged_in=request.authenticated_userid
)
@view_config(route_name='login', renderer='templates/login.pt')
@@ -97,8 +103,9 @@ def login(request):
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
- request.remember_userid(login)
- return HTTPFound(location = came_from)
+ headers = remember(request, login)
+ return HTTPFound(location = came_from,
+ headers = headers)
message = 'Failed login'
return dict(
@@ -111,6 +118,7 @@ def login(request):
@view_config(route_name='logout')
def logout(request):
- request.forget_userid()
- return HTTPFound(location = request.route_url('view_wiki'))
+ headers = forget(request)
+ return HTTPFound(location = request.route_url('view_wiki'),
+ headers = headers)
@@ -11,12 +11,18 @@
forbidden_view_config,
)
+from pyramid.security import (
+ remember,
+ forget,
+ )
+
+from .security import USERS
+
from .models import (
DBSession,
Page,
)
-from .security import USERS
# regular expression used to find WikiWords
wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)")
@@ -78,8 +84,8 @@ def edit_page(request):
pagename=pagename))
return dict(
page=page,
- save_url = request.route_url('edit_page', pagename=pagename),
- logged_in=request.authenticated_userid,
+ save_url=request.route_url('edit_page', pagename=pagename),
+ logged_in=request.authenticated_userid
)
@view_config(route_name='login', renderer='templates/login.pt')
@@ -97,8 +103,9 @@ def login(request):
login = request.params['login']
password = request.params['password']
if USERS.get(login) == password:
- request.remember_userid(login)
- return HTTPFound(location = came_from)
+ headers = remember(request, login)
+ return HTTPFound(location = came_from,
+ headers = headers)
message = 'Failed login'
return dict(
@@ -111,6 +118,6 @@ def login(request):
@view_config(route_name='logout')
def logout(request):
- request.forget_userid()
- return HTTPFound(location = request.route_url('view_wiki'))
-
+ headers = forget(request)
+ return HTTPFound(location = request.route_url('view_wiki'),
+ headers = headers)
Oops, something went wrong.

0 comments on commit 0dcd56c

Please sign in to comment.