added pyramid_nacl_session to project

development.ini

@@ -13,13 +13,18 @@ pyramid.debug_routematch = false
 pyramid.default_locale_name = en
 pyramid.includes =
     pyramid_debugtoolbar
+    pyramid_jinja2
 
 sqlalchemy.url = sqlite:///%(here)s/ordr2.sqlite
 passlib.config = %(here)s/passlib.ini
 
-auth.secret = change me
 static_views.cache_max_age = 0
 
+# change these
+auth.secret = Change Me!
+session.secret = 4d72ee16df8cf1238048ade32e3ce4d51757af8ada4a962cfae5cea5c08421a0
+
+
 # By default, the toolbar only appears for clients from IP addresses
 # '127.0.0.1' and '::1'.
 # debugtoolbar.hosts = 127.0.0.1 ::1

docs/installation.rst

@@ -70,6 +70,9 @@ pyramid_debugtoolbar
 pyramid_jinja2
     Jina2 templating engine for the pyramid web framework
 
+pyramid_nacl_session
+    Session object with encryption
+
 pyramid_tm
     automatic transaction management based on the request life cycle
 

ordr2/__init__.py

@@ -12,11 +12,11 @@ def main(global_config, **settings):
     ''' This function returns a Pyramid WSGI application. '''
     config = Configurator(settings=settings)
 
-    config.include('pyramid_jinja2')
     config.include('.models')
     config.include('.resources')
     config.include('.security')
-    config.include('ordr2.views')
+    config.include('.session')
+    config.include('.views')
 
     config.scan()
 

ordr2/session.py

@@ -0,0 +1,19 @@
+''' Session configuration '''
+
+import binascii
+from pyramid.session import BaseCookieSessionFactory
+from pyramid_nacl_session import EncryptedCookieSessionFactory
+
+
+def includeme(config):
+    ''' initializing session configuration
+
+    Activate this setup using ``config.include('ordr2.session')``.
+    '''
+
+    settings = config.get_settings()
+    hex_secret = settings['session.secret'].strip()
+    secret = binascii.unhexlify(hex_secret)
+
+    factory = EncryptedCookieSessionFactory(secret)
+    config.set_session_factory(factory)

setup.py

@@ -16,6 +16,7 @@ requirements = [
     'pyramid',
     'pyramid_jinja2',
     'pyramid_debugtoolbar',
+    'pyramid_nacl_session',
     'pyramid_tm',
     'SQLAlchemy',
     'transaction',

tests/__init__.py

@@ -1,19 +1,31 @@
 ''' Test package for ordr2. '''
 
+import os.path
 import pytest
 import transaction
 
 from pyramid import testing
 
 
+# some path mangling to get the path to passlib.ini
+currrent_dir = os.path.dirname(__file__)
+ordr2_dir = os.path.dirname(currrent_dir)
+passlib_config_path = os.path.join(ordr2_dir, 'passlib.ini')
+assert os.path.isfile(passlib_config_path)
+
 APP_SETTINGS = {
     'sqlalchemy.url': 'sqlite:///:memory:',
     'auth.secret': 'not-very-secure',
-    'session.secret': 'not-very-secure',
+    'session.secret':
-    'session.auto_csrf': True
+        '4d72ee16df8cf1238048ade32e3ce4d51757af8ada4a962cfae5cea5c08421a0',
+    'session.auto_csrf': True,
+    'passlib.config': passlib_config_path,
+    'pyramid.includes': [
+        'pyramid_jinja2',
+        ]
     }
 
-EXAMPLE_USERS = {
+EXAMPLE_USER_DATA = {
     'unvalidated': (1, 'Graham', 'Chapman'),
     'new': (2, 'John', 'Cleese'),
     'user': (3, 'Terry', 'Gilliam'),
@@ -25,10 +37,10 @@ EXAMPLE_USERS = {
 
 # helpers
 
-def create_user(db, role_name):
+def get_user(role_name):
-    ''' set up one well known example users '''
+    ''' get the user model for one well known user '''
     from ordr2.models import Role, User
-    id_, first_name, last_name = EXAMPLE_USERS[role_name]
+    id_, first_name, last_name = EXAMPLE_USER_DATA[role_name]
     user = User(
         id=id_,
         username=first_name + last_name,
@@ -38,7 +50,6 @@ def create_user(db, role_name):
         role=Role(role_name)
         )
     user.set_password(first_name)
-    db.add(user)
     return user
 
 
@@ -46,7 +57,8 @@ def create_users(db):
     ''' set up all well known example users '''
     from ordr2.models import Role
     for role in Role:
-        create_user(db, role.value)
+        user = get_user(role.value)
+        db.add(user)
 
 
 # fixtures
@@ -55,7 +67,6 @@ def create_users(db):
 def app_config():
     ''' fixture for tests requiring a pyramid.testing setup '''
     with testing.testConfig(settings=APP_SETTINGS) as config:
-        config.include('pyramid_jinja2')
         #config.include('pyramid_mailer.testing')
 
         from ordr2.models.users import passlib_context

tests/_functional/__init__.py

@@ -15,10 +15,7 @@ passlib_config_path = os.path.join(ordr2_dir, 'passlib.ini')
 
 
 WEBTEST_SETTINGS = APP_SETTINGS.copy()
-WEBTEST_SETTINGS.update({
+# WEBTEST_SETTINGS.update({ })
-    'pyramid.includes': ['pyramid_jinja2'],
-    'passlib.config': passlib_config_path
-    })
 
 
 @pytest.fixture(scope='module')