Hi,
I'm using pyramid 1.5.1 and in trying to figure
out SessionAuthenticationPolicy I found problems.
I looked at HEAD (I think) on github and problems
seem to exist there too.
unauthenticated_userid is not documented.
The callback function is never called. The
debug output is:
2014-08-06 02:59:43,213 DEBUG [testlogin][Dummy-3]
pyramid.authentication.SessionAuthenticationPolicy.effective_principals:
unauthenticated_userid returned None; returning ['system.Everyone']
The problem is that SessionAuthenticationPolicy
is counting on having a "prefix + 'userid'"
session key in request.session. However there's
no documentation on this and so the key does not exist.
One possible approach is to supply an identity
keyword argument in a fashion similar to that
in ReposeWho1AuthenticationPolicy so the
user knows what key is supposed to exist.
(This seems heavy-handed.)
I'm not really thinking things through at
the moment but it seems to me that there
needs to be some sort of documentaion,
if not an interface, for setting the value
behind
SessionAuthenticationPolicy.(un)authenticated_userid.
Or something.
As it is SessionAuthenticationPolicy is
impossible to use without snooping through
the source.
Sorry to run-on. I've been working at
this for a while and my brain is full.
Meanwhile, if I simply set
request.session[prefix + 'userid']
in my app will I be reasonably
future-proof? (I've not actually tried this
to see if it works.)
Thanks.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
--
You received this message because you are subscribed to the Google Groups
"pylons-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to pylons-devel+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-devel@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-devel.
For more options, visit https://groups.google.com/d/optout.
