diff --git a/requirements/main.in b/requirements/main.in index f0250775b923..8780b2ba5955 100644 --- a/requirements/main.in +++ b/requirements/main.in @@ -24,7 +24,7 @@ paginate_sqlalchemy passlib>=1.6.4 psycopg2 pyblake2 -pyramid>=1.7,<1.8 +pyramid>=1.8 pyramid_jinja2>=2.5 pyramid_mailer>=0.14.1 pyramid_multiauth diff --git a/requirements/main.txt b/requirements/main.txt index e98a2a8b7f89..28f9ac7aabae 100644 --- a/requirements/main.txt +++ b/requirements/main.txt @@ -90,6 +90,9 @@ hiredis==0.2.0 \ --hash=sha256:ca958e13128e49674aa4a96f02746f5de5973f39b57297b84d59fd44d314d5b5 html5lib==0.9999999 \ --hash=sha256:2612a191a8d5842bfa057e41ba50bbb9dcb722419d2408c78cff4758d0754868 +hupper==0.4.2 \ + --hash=sha256:2a15e90b4a19d55015f3a7e348bd15dbc93fbe2bd9c49d6b781d05794bd06c84 \ + --hash=sha256:c638b88b1a1505522870219a68272d2f1ae5778cf046c267925edec97678b0fb itsdangerous==0.24 \ --hash=sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519 Jinja2==2.9.4 \ @@ -164,9 +167,9 @@ pyramid-services==0.4 \ pyramid-tm==1.1.1 \ --hash=sha256:44ce2845456c881fabb88edafbb421d76f3ffd590ee9a45a26d67437da9bd35f \ --hash=sha256:6d8133e174118375d88dd0112f7dc509eae40074017d587648a17625f539ecd4 -pyramid==1.7.3 \ - --hash=sha256:74b8eedf2b0a1a658ab79ae4b0ecf68fa8cdd5debcfec579c8b40bec83d1864e \ - --hash=sha256:bb370b25727e16baff27468d4425216af4586b1a4516acf5ad8970b4c268cf79 +pyramid==1.8.1 \ + --hash=sha256:9035da3e1eb997f867563695378ff392415973bd0517ac92104313ae5a14d11f \ + --hash=sha256:359782ed643d923411595d84b3fde2f0caf790ce9eb33b0f019c25436c4c30ec python-dateutil==2.6.0 \ --hash=sha256:3acbef017340600e9ff8f2994d8f7afd6eacb295383f286466a6df3961e486f0 \ --hash=sha256:537bf2a8f8ce6f6862ad705cd68f9e405c0b5db014aa40fa29eab4335d4b1716 \ diff --git a/tests/unit/accounts/test_auth_policy.py b/tests/unit/accounts/test_auth_policy.py index ab682a2319db..e9cec26cc6e6 100644 --- a/tests/unit/accounts/test_auth_policy.py +++ b/tests/unit/accounts/test_auth_policy.py @@ -12,6 +12,7 @@ import pretend +from pyramid import authentication from pyramid.interfaces import IAuthenticationPolicy from zope.interface.verify import verifyClass @@ -28,10 +29,17 @@ def test_verify(self): ) def test_unauthenticated_userid_no_userid(self, monkeypatch): + extract_http_basic_credentials = \ + pretend.call_recorder(lambda request: None) + monkeypatch.setattr( + authentication, + "extract_http_basic_credentials", + extract_http_basic_credentials, + ) + policy = auth_policy.BasicAuthAuthenticationPolicy( check=pretend.stub(), ) - policy._get_credentials = pretend.call_recorder(lambda request: None) vary_cb = pretend.stub() add_vary_cb = pretend.call_recorder(lambda *v: vary_cb) @@ -42,17 +50,22 @@ def test_unauthenticated_userid_no_userid(self, monkeypatch): ) assert policy.unauthenticated_userid(request) is None - assert policy._get_credentials.calls == [pretend.call(request)] + assert extract_http_basic_credentials.calls == [pretend.call(request)] assert add_vary_cb.calls == [pretend.call("Authorization")] assert request.add_response_callback.calls == [pretend.call(vary_cb)] def test_unauthenticated_userid_with_userid(self, monkeypatch): + extract_http_basic_credentials = \ + pretend.call_recorder(lambda request: ("username", "password")) + monkeypatch.setattr( + authentication, + "extract_http_basic_credentials", + extract_http_basic_credentials, + ) + policy = auth_policy.BasicAuthAuthenticationPolicy( check=pretend.stub(), ) - policy._get_credentials = pretend.call_recorder( - lambda request: ("username", "password") - ) vary_cb = pretend.stub() add_vary_cb = pretend.call_recorder(lambda *v: vary_cb) @@ -68,6 +81,7 @@ def test_unauthenticated_userid_with_userid(self, monkeypatch): ) assert policy.unauthenticated_userid(request) is userid + assert extract_http_basic_credentials.calls == [pretend.call(request)] assert request.find_service.calls == [ pretend.call(IUserService, context=None), ] diff --git a/tests/unit/test_sessions.py b/tests/unit/test_sessions.py index 7a0cb6166e49..0baee1c117b5 100644 --- a/tests/unit/test_sessions.py +++ b/tests/unit/test_sessions.py @@ -544,7 +544,7 @@ def test_has_options(self): @pytest.mark.parametrize("uses_session", [False, None]) def test_invalid_session(self, uses_session): context = pretend.stub() - request = pretend.stub(session=pretend.stub(), exception=None) + request = pretend.stub(session=pretend.stub()) response = pretend.stub() @pretend.call_recorder @@ -552,7 +552,7 @@ def view(context, request): assert isinstance(request.session, InvalidSession) return response - info = pretend.stub(options={}) + info = pretend.stub(options={}, exception_only=False) if uses_session is not None: info.options["uses_session"] = uses_session derived_view = session_view(view, info) diff --git a/warehouse/sessions.py b/warehouse/sessions.py index dd42b7431c4c..8e8be9f01713 100644 --- a/warehouse/sessions.py +++ b/warehouse/sessions.py @@ -272,16 +272,13 @@ def session_view(view, info): # with a small wrapper around it to ensure that it has a Vary: Cookie # header. return add_vary("Cookie")(view) + elif info.exception_only: + return view else: # If we're not using the session on this view, then we'll wrap the view # with a wrapper that just ensures that the session cannot be used. @functools.wraps(view) def wrapped(context, request): - # TODO: When Pyramid 1.8 is released we can make this better by - # using info.exception_only. - if request.exception is not None: - return view(context, request) - # Save the original session so that we can restore it once the # inner views have been called. original_session = request.session