pypi · dstufft · Jan 26, 2017 · Jan 25, 2017
diff --git a/requirements/main.in b/requirements/main.in
@@ -24,7 +24,7 @@ paginate_sqlalchemy
 passlib>=1.6.4
 psycopg2
 pyblake2
-pyramid>=1.7,<1.8
+pyramid>=1.8
 pyramid_jinja2>=2.5
 pyramid_mailer>=0.14.1
 pyramid_multiauth

diff --git a/requirements/main.txt b/requirements/main.txt
@@ -90,6 +90,9 @@ hiredis==0.2.0 \
     --hash=sha256:ca958e13128e49674aa4a96f02746f5de5973f39b57297b84d59fd44d314d5b5
 html5lib==0.9999999 \
     --hash=sha256:2612a191a8d5842bfa057e41ba50bbb9dcb722419d2408c78cff4758d0754868
+hupper==0.4.2 \
+    --hash=sha256:2a15e90b4a19d55015f3a7e348bd15dbc93fbe2bd9c49d6b781d05794bd06c84 \
+    --hash=sha256:c638b88b1a1505522870219a68272d2f1ae5778cf046c267925edec97678b0fb
 itsdangerous==0.24 \
     --hash=sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519
 Jinja2==2.9.4 \
@@ -164,9 +167,9 @@ pyramid-services==0.4 \
 pyramid-tm==1.1.1 \
     --hash=sha256:44ce2845456c881fabb88edafbb421d76f3ffd590ee9a45a26d67437da9bd35f \
     --hash=sha256:6d8133e174118375d88dd0112f7dc509eae40074017d587648a17625f539ecd4
-pyramid==1.7.3 \
-    --hash=sha256:74b8eedf2b0a1a658ab79ae4b0ecf68fa8cdd5debcfec579c8b40bec83d1864e \
-    --hash=sha256:bb370b25727e16baff27468d4425216af4586b1a4516acf5ad8970b4c268cf79
+pyramid==1.8.1 \
+    --hash=sha256:9035da3e1eb997f867563695378ff392415973bd0517ac92104313ae5a14d11f \
+    --hash=sha256:359782ed643d923411595d84b3fde2f0caf790ce9eb33b0f019c25436c4c30ec
 python-dateutil==2.6.0 \
     --hash=sha256:3acbef017340600e9ff8f2994d8f7afd6eacb295383f286466a6df3961e486f0 \
     --hash=sha256:537bf2a8f8ce6f6862ad705cd68f9e405c0b5db014aa40fa29eab4335d4b1716 \

diff --git a/tests/unit/accounts/test_auth_policy.py b/tests/unit/accounts/test_auth_policy.py
@@ -12,6 +12,7 @@
 
 import pretend
 
+from pyramid import authentication
 from pyramid.interfaces import IAuthenticationPolicy
 from zope.interface.verify import verifyClass
 
@@ -28,10 +29,17 @@ def test_verify(self):
         )
 
     def test_unauthenticated_userid_no_userid(self, monkeypatch):
+        extract_http_basic_credentials = \
+            pretend.call_recorder(lambda request: None)
+        monkeypatch.setattr(
+            authentication,
+            "extract_http_basic_credentials",
+            extract_http_basic_credentials,
+        )
+
         policy = auth_policy.BasicAuthAuthenticationPolicy(
             check=pretend.stub(),
         )
-        policy._get_credentials = pretend.call_recorder(lambda request: None)
 
         vary_cb = pretend.stub()
         add_vary_cb = pretend.call_recorder(lambda *v: vary_cb)
@@ -42,17 +50,22 @@ def test_unauthenticated_userid_no_userid(self, monkeypatch):
         )
 
         assert policy.unauthenticated_userid(request) is None
-        assert policy._get_credentials.calls == [pretend.call(request)]
+        assert extract_http_basic_credentials.calls == [pretend.call(request)]
         assert add_vary_cb.calls == [pretend.call("Authorization")]
         assert request.add_response_callback.calls == [pretend.call(vary_cb)]
 
     def test_unauthenticated_userid_with_userid(self, monkeypatch):
+        extract_http_basic_credentials = \
+            pretend.call_recorder(lambda request: ("username", "password"))
+        monkeypatch.setattr(
+            authentication,
+            "extract_http_basic_credentials",
+            extract_http_basic_credentials,
+        )
+
         policy = auth_policy.BasicAuthAuthenticationPolicy(
             check=pretend.stub(),
         )
-        policy._get_credentials = pretend.call_recorder(
-            lambda request: ("username", "password")
-        )
 
         vary_cb = pretend.stub()
         add_vary_cb = pretend.call_recorder(lambda *v: vary_cb)
@@ -68,6 +81,7 @@ def test_unauthenticated_userid_with_userid(self, monkeypatch):
         )
 
         assert policy.unauthenticated_userid(request) is userid
+        assert extract_http_basic_credentials.calls == [pretend.call(request)]
         assert request.find_service.calls == [
             pretend.call(IUserService, context=None),
         ]

diff --git a/tests/unit/test_sessions.py b/tests/unit/test_sessions.py
@@ -544,15 +544,15 @@ def test_has_options(self):
     @pytest.mark.parametrize("uses_session", [False, None])
     def test_invalid_session(self, uses_session):
         context = pretend.stub()
-        request = pretend.stub(session=pretend.stub(), exception=None)
+        request = pretend.stub(session=pretend.stub())
         response = pretend.stub()
 
         @pretend.call_recorder
         def view(context, request):
             assert isinstance(request.session, InvalidSession)
             return response
 
-        info = pretend.stub(options={})
+        info = pretend.stub(options={}, exception_only=False)
         if uses_session is not None:
             info.options["uses_session"] = uses_session
         derived_view = session_view(view, info)

diff --git a/warehouse/sessions.py b/warehouse/sessions.py
@@ -272,16 +272,13 @@ def session_view(view, info):
         # with a small wrapper around it to ensure that it has a Vary: Cookie
         # header.
         return add_vary("Cookie")(view)
+    elif info.exception_only:
+        return view
     else:
         # If we're not using the session on this view, then we'll wrap the view
         # with a wrapper that just ensures that the session cannot be used.
         @functools.wraps(view)
         def wrapped(context, request):
-            # TODO: When Pyramid 1.8 is released we can make this better by
-            #       using info.exception_only.
-            if request.exception is not None:
-                return view(context, request)
-
             # Save the original session so that we can restore it once the
             # inner views have been called.
             original_session = request.session