remember using a RepozeWho1AuthenticationPolicy swallows kw arguments #1249

Closed
rbu opened this Issue Feb 27, 2014 · 1 comment

Comments

Projects
None yet
2 participants
Contributor

rbu commented Feb 27, 2014

Documentation for pyramid.security.remember supports keyword arguments to hand over to the authentication policy. However, when using RepozeWho1AuthenticationPolicy, all of the kw are dropped in remember:

    def remember(self, request, principal, **kw):
        """ Store the ``principal`` as ``repoze.who.userid``."""
        identifier = self._get_identifier(request)
        if identifier is None:
            return []
        environ = request.environ
        identity = {'repoze.who.userid':principal}
        return identifier.remember(environ, identity)

It is my understanding that with repoze.who, additional configuration parameters shall be stored in the identity dictionary. In our case, setting the max_age parameter to the authtkt identifier, would be done using an identity {'repoze.who.userid':principal, 'max_age': 23}.

It seems sensible just to hand over kw through the identity dictionary and all users to specify max_age or other parameters such as userdata. This works for me:

    def remember(self, request, principal, **kw):
        """ Store the ``principal`` as ``repoze.who.userid``."""
        identifier = self._get_identifier(request)
        if identifier is None:
            return []
        environ = request.environ
        identity = kw
        identity['repoze.who.userid'] = principal
        return identifier.remember(environ, identity)

If you'd go with this, I'll send a PR.

Owner

tseaver commented Feb 27, 2014

Sounds fine, please do submit a PR.

tseaver closed this Feb 27, 2014

@rbu rbu added a commit to rbu/pyramid that referenced this issue Mar 3, 2014

@rbu rbu Hand RepozeWho1AuthenticationPolicy.remember kwargs to repoze.who #1249
Documentation for pyramid.security.remember supports keyword arguments
to hand over to the authentication policy. However, when using
RepozeWho1AuthenticationPolicy, all of the kw were dropped in remember.

It is my understanding that with repoze.who, additional configuration
parameters shall be stored in the identity dictionary. In our case,
setting the max_age parameter to the authtkt identifier, would be done
using an identity {'repoze.who.userid':principal, 'max_age': 23}.

It seems sensible just to hand over kw through the identity dictionary
and all users to specify max_age or other parameters such as userdata.
76144df

@rbu rbu added a commit to rbu/pyramid that referenced this issue Mar 3, 2014

@rbu rbu Hand RepozeWho1AuthenticationPolicy.remember kwargs to repoze.who #1249
Documentation for pyramid.security.remember supports keyword arguments
to hand over to the authentication policy. However, when using
RepozeWho1AuthenticationPolicy, all of the kw were dropped in remember.

It is my understanding that with repoze.who, additional configuration
parameters shall be stored in the identity dictionary. In our case,
setting the max_age parameter to the authtkt identifier, would be done
using an identity {'repoze.who.userid':principal, 'max_age': 23}.

It seems sensible just to hand over kw through the identity dictionary
and all users to specify max_age or other parameters such as userdata.
1bd3157

@tseaver tseaver added a commit that referenced this issue Mar 3, 2014

@tseaver tseaver Merge pull request #1254 from rbu/repozewho1-remember-kwargs
Hand RepozeWho1AuthenticationPolicy.remember kwargs to repoze.who (master) #1249
3063246

@tseaver tseaver added a commit that referenced this issue Mar 4, 2014

@tseaver tseaver Merge pull request #1255 from rbu/repozewho1-remember-kwargs-1.5
Hand RepozeWho1AuthenticationPolicy.remember kwargs to repoze.who (1.5) #1249
26694a7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment