rattail/tailbone
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Require pyramid 2.x; remove 1.x-style auth policies

Browse source
This commit is contained in:
Lance Edgar 2024-06-03 23:13:25 -05:00
parent e17ef2edd8
commit efe477d0db
4 changed files with 8 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tailbone/app.py
View file

@ -39,7 +39,7 @@ from pyramid.authentication import SessionAuthenticationPolicy
from zope.sqlalchemy import register
import tailbone.db
from tailbone.auth import TailboneAuthorizationPolicy
from tailbone.auth import TailboneSecurityPolicy
from tailbone.config import csrf_token_name, csrf_header_name
from tailbone.util import get_effective_theme, get_theme_template_path
from tailbone.providers import get_all_providers
@ -136,14 +136,7 @@ def make_pyramid_config(settings, configure_csrf=True):
config.registry['rattail_config'] = rattail_config
# configure user authorization / authentication
# TODO: security policy should become the default, for pyramid 2.x
if rattail_config.getbool('tailbone', 'pyramid.use_security_policy',
usedb=False, default=False):
from tailbone.auth import TailboneSecurityPolicy
config.set_security_policy(TailboneSecurityPolicy())
else:
config.set_authorization_policy(TailboneAuthorizationPolicy())
config.set_authentication_policy(SessionAuthenticationPolicy())
config.set_security_policy(TailboneSecurityPolicy())
# maybe require CSRF token protection
if configure_csrf: