From f535ece7ca576f5b7d184c6becdd6b96001881ca Mon Sep 17 00:00:00 2001
From: Holger Frey <mail@holgerfrey.de>
Date: Tue, 17 Oct 2017 11:14:20 +0200
Subject: [PATCH] added pyramid_nacl_session to project

---
 development.ini               |  7 ++++++-
 docs/installation.rst         |  3 +++
 ordr2/__init__.py             |  4 ++--
 ordr2/session.py              | 19 +++++++++++++++++++
 setup.py                      |  1 +
 tests/__init__.py             | 29 ++++++++++++++++++++---------
 tests/_functional/__init__.py |  5 +----
 7 files changed, 52 insertions(+), 16 deletions(-)
 create mode 100644 ordr2/session.py

diff --git a/development.ini b/development.ini
index 45e4d22..d11c9a5 100644
--- a/development.ini
+++ b/development.ini
@@ -13,13 +13,18 @@ pyramid.debug_routematch = false
 pyramid.default_locale_name = en
 pyramid.includes =
     pyramid_debugtoolbar
+    pyramid_jinja2
 
 sqlalchemy.url = sqlite:///%(here)s/ordr2.sqlite
 passlib.config = %(here)s/passlib.ini
 
-auth.secret = change me
 static_views.cache_max_age = 0
 
+# change these
+auth.secret = Change Me!
+session.secret = 4d72ee16df8cf1238048ade32e3ce4d51757af8ada4a962cfae5cea5c08421a0
+
+
 # By default, the toolbar only appears for clients from IP addresses
 # '127.0.0.1' and '::1'.
 # debugtoolbar.hosts = 127.0.0.1 ::1
diff --git a/docs/installation.rst b/docs/installation.rst
index 48e515e..3c55b7b 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -70,6 +70,9 @@ pyramid_debugtoolbar
 pyramid_jinja2
     Jina2 templating engine for the pyramid web framework
 
+pyramid_nacl_session
+    Session object with encryption
+
 pyramid_tm
     automatic transaction management based on the request life cycle
 
diff --git a/ordr2/__init__.py b/ordr2/__init__.py
index 141cf69..6a21e0c 100644
--- a/ordr2/__init__.py
+++ b/ordr2/__init__.py
@@ -12,11 +12,11 @@ def main(global_config, **settings):
     ''' This function returns a Pyramid WSGI application. '''
     config = Configurator(settings=settings)
 
-    config.include('pyramid_jinja2')
     config.include('.models')
     config.include('.resources')
     config.include('.security')
-    config.include('ordr2.views')
+    config.include('.session')
+    config.include('.views')
 
     config.scan()
 
diff --git a/ordr2/session.py b/ordr2/session.py
new file mode 100644
index 0000000..704f356
--- /dev/null
+++ b/ordr2/session.py
@@ -0,0 +1,19 @@
+''' Session configuration '''
+
+import binascii
+from pyramid.session import BaseCookieSessionFactory
+from pyramid_nacl_session import EncryptedCookieSessionFactory
+
+
+def includeme(config):
+    ''' initializing session configuration
+
+    Activate this setup using ``config.include('ordr2.session')``.
+    '''
+
+    settings = config.get_settings()
+    hex_secret = settings['session.secret'].strip()
+    secret = binascii.unhexlify(hex_secret)
+
+    factory = EncryptedCookieSessionFactory(secret)
+    config.set_session_factory(factory)
diff --git a/setup.py b/setup.py
index 5843571..456669f 100644
--- a/setup.py
+++ b/setup.py
@@ -16,6 +16,7 @@ requirements = [
     'pyramid',
     'pyramid_jinja2',
     'pyramid_debugtoolbar',
+    'pyramid_nacl_session',
     'pyramid_tm',
     'SQLAlchemy',
     'transaction',
diff --git a/tests/__init__.py b/tests/__init__.py
index 1717155..edc332a 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -1,19 +1,31 @@
 ''' Test package for ordr2. '''
 
+import os.path
 import pytest
 import transaction
 
 from pyramid import testing
 
 
+# some path mangling to get the path to passlib.ini
+currrent_dir = os.path.dirname(__file__)
+ordr2_dir = os.path.dirname(currrent_dir)
+passlib_config_path = os.path.join(ordr2_dir, 'passlib.ini')
+assert os.path.isfile(passlib_config_path)
+
 APP_SETTINGS = {
     'sqlalchemy.url': 'sqlite:///:memory:',
     'auth.secret': 'not-very-secure',
-    'session.secret': 'not-very-secure',
-    'session.auto_csrf': True
+    'session.secret':
+        '4d72ee16df8cf1238048ade32e3ce4d51757af8ada4a962cfae5cea5c08421a0',
+    'session.auto_csrf': True,
+    'passlib.config': passlib_config_path,
+    'pyramid.includes': [
+        'pyramid_jinja2',
+        ]
     }
 
-EXAMPLE_USERS = {
+EXAMPLE_USER_DATA = {
     'unvalidated': (1, 'Graham', 'Chapman'),
     'new': (2, 'John', 'Cleese'),
     'user': (3, 'Terry', 'Gilliam'),
@@ -25,10 +37,10 @@ EXAMPLE_USERS = {
 
 # helpers
 
-def create_user(db, role_name):
-    ''' set up one well known example users '''
+def get_user(role_name):
+    ''' get the user model for one well known user '''
     from ordr2.models import Role, User
-    id_, first_name, last_name = EXAMPLE_USERS[role_name]
+    id_, first_name, last_name = EXAMPLE_USER_DATA[role_name]
     user = User(
         id=id_,
         username=first_name + last_name,
@@ -38,7 +50,6 @@ def create_user(db, role_name):
         role=Role(role_name)
         )
     user.set_password(first_name)
-    db.add(user)
     return user
 
 
@@ -46,7 +57,8 @@ def create_users(db):
     ''' set up all well known example users '''
     from ordr2.models import Role
     for role in Role:
-        create_user(db, role.value)
+        user = get_user(role.value)
+        db.add(user)
 
 
 # fixtures
@@ -55,7 +67,6 @@ def create_users(db):
 def app_config():
     ''' fixture for tests requiring a pyramid.testing setup '''
     with testing.testConfig(settings=APP_SETTINGS) as config:
-        config.include('pyramid_jinja2')
         #config.include('pyramid_mailer.testing')
 
         from ordr2.models.users import passlib_context
diff --git a/tests/_functional/__init__.py b/tests/_functional/__init__.py
index a5b9894..92bb8a0 100644
--- a/tests/_functional/__init__.py
+++ b/tests/_functional/__init__.py
@@ -15,10 +15,7 @@ passlib_config_path = os.path.join(ordr2_dir, 'passlib.ini')
 
 
 WEBTEST_SETTINGS = APP_SETTINGS.copy()
-WEBTEST_SETTINGS.update({
-    'pyramid.includes': ['pyramid_jinja2'],
-    'passlib.config': passlib_config_path
-    })
+# WEBTEST_SETTINGS.update({ })
 
 
 @pytest.fixture(scope='module')