Permalink
Browse files

Reintroduced dependency to pyramid>=1.4 now it is released.

Cleaned up the code accordingly.
  • Loading branch information...
madjar committed Dec 24, 2012
1 parent 741138b commit 2e6e244354b8b9a32031730b0aecad6d0777bbd1
Showing with 10 additions and 36 deletions.
  1. +3 −4 docs/customization.rst
  2. +4 −4 pyramid_persona/__init__.py
  3. +2 −16 pyramid_persona/tests.py
  4. +0 −11 pyramid_persona/views.py
  5. +1 −1 setup.py
View
@@ -12,7 +12,7 @@ checks before logging them.
The easier way to do see is by overriding the login view. The default view is
defined like this::
- @view_config(route_name='login')
+ @view_config(route_name='login', check_csrf=True)
def login(request):
email = verify_login(request)
headers = remember(request, email)
@@ -25,7 +25,7 @@ which the button was clicked ; by default we redirect the user back there after
So, if you want to check that an email is on a whitelist and create a profile and
redirect new users, you can define a new login view like this one::
- @view_config(route_name='login')
+ @view_config(route_name='login', check_csrf=True)
def login(request):
email = verify_login('email')
if email not in whitelist:
@@ -39,9 +39,8 @@ redirect new users, you can define a new login view like this one::
Some goes if you want to do extra stuff at logout. The default logout view looks like this::
- @view_config(route_name='logout')
+ @view_config(route_name='logout', check_csrf=True)
def logout(request):
- check_csrf_token(request)
headers = forget(request)
return HTTPFound(request.POST['came_from'], headers=headers)
@@ -75,19 +75,19 @@ def check():
config.registry['persona.login_route'] = login_route
login_path = settings.get('persona.login_path', '/login')
config.add_route(login_route, login_path)
- config.add_view(login, route_name=login_route)
+ config.add_view(login, route_name=login_route, check_csrf=True)
logout_route = settings.get('persona.logout_route', 'logout')
config.registry['persona.logout_route'] = logout_route
logout_path = settings.get('persona.logout_path', '/logout')
config.add_route(logout_route, logout_path)
- config.add_view(logout, route_name=logout_route)
+ config.add_view(logout, route_name=logout_route, check_csrf=True)
# A simple 403 view, with a login button.
config.add_forbidden_view(forbidden)
# A quick access to the login button
- config.set_request_property(button, 'persona_button', reify=True)
+ config.add_request_method(button, 'persona_button', reify=True)
# The javascript needed by persona
- config.set_request_property(js, 'persona_js', reify=True)
+ config.add_request_method(js, 'persona_js', reify=True)
View
@@ -1,30 +1,16 @@
import unittest
-from pyramid.interfaces import IAuthorizationPolicy, IAuthenticationPolicy
-from pyramid.testing import DummySecurityPolicy
from pyramid.httpexceptions import HTTPBadRequest
import requests
from pyramid import testing
-class SecurityPolicy(DummySecurityPolicy):
- remembered = None
- forgotten = None
- def remember(self, request, principal, **kw):
- self.remembered = principal
- return []
-
- def forget(self, request):
- self.forgotten = True
- return []
-
-
class ViewTests(unittest.TestCase):
def setUp(self):
self.config = testing.setUp(autocommit=False)
self.config.add_settings({'persona.audiences': 'http://someaudience'})
self.config.include('pyramid_persona')
- self.security_policy = SecurityPolicy()
+ self.security_policy = self.config.testing_securitypolicy()
self.config.set_authorization_policy(self.security_policy)
self.config.set_authentication_policy(self.security_policy)
self.config.commit()
@@ -59,7 +45,7 @@ def test_login_fails_with_bad_audience(self):
request.params['came_from'] = '/'
self.assertRaises(HTTPBadRequest, login, request)
- self.assertEqual(self.security_policy.remembered, None)
+ self.assertFalse(hasattr(self.security_policy, 'remembered'))
def test_logout(self):
from .views import logout
View
@@ -2,24 +2,14 @@
from pyramid.httpexceptions import HTTPBadRequest, HTTPFound
from pyramid.response import Response
from pyramid.security import remember, forget
-
import browserid.errors
-def _check_csrf_token(request):
- """Check the CSRF token from the request. Raises if invalid.
-
- Copied from pyramid.session.check_csrf_token in pyramid==1.4a2."""
- if request.params.get('csrf_token') != request.session.get_csrf_token():
- raise HTTPBadRequest('incorrect CSRF token')
-
-
def verify_login(request):
"""Verifies the assertion and the csrf token in the given request.
Returns the email of the user if everything is valid, otherwise raises
a HTTPBadRequest"""
- _check_csrf_token(request)
verifier = request.registry['persona.verifier']
try:
data = verifier.verify(request.POST['assertion'])
@@ -37,7 +27,6 @@ def login(request):
def logout(request):
"""View to forget the user"""
- _check_csrf_token(request)
headers = forget(request)
return HTTPFound(request.POST['came_from'], headers=headers)
View
@@ -7,7 +7,7 @@
CHANGES = open(os.path.join(here, 'CHANGES.rst')).read()
requires = [
- 'pyramid',
+ 'pyramid>=1.4',
'PyBrowserID',
]

0 comments on commit 2e6e244

Please sign in to comment.