# HG changeset patch
# User Damien Correia
# Date 1521737584 -3600
# Node ID 802ac7e98f1be7af3d143f062e074ece2a6dcce2
# Parent  307ef0983cfa04cc68f29f11acaddabdfd5f4ec5
Add authentication policy secure: false in development, True in production

diff -r 307ef0983cfa -r 802ac7e98f1b {{cookiecutter.project_slug}}/etc/development.ini
--- a/{{cookiecutter.project_slug}}/etc/development.ini	Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/etc/development.ini	Thu Mar 22 17:53:04 2018 +0100
@@ -113,6 +113,9 @@
 pyams.application_factory = pyams_content.root.SiteRoot
 pyams.application_name = pyams
 
+# Secure PyAMS authentication policy (requires HTTPS)
+pyams.authentication_policy.secure = False
+
 # PyAMS mailer
 pyams_mail.mailers = {{ cookiecutter.smtp_server_name }}.
 {{ cookiecutter.smtp_server_name }}.name = {{ cookiecutter.smtp_server_name }}
diff -r 307ef0983cfa -r 802ac7e98f1b {{cookiecutter.project_slug}}/etc/production.ini
--- a/{{cookiecutter.project_slug}}/etc/production.ini	Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/etc/production.ini	Thu Mar 22 17:53:04 2018 +0100
@@ -108,6 +108,9 @@
 pyams.application_factory = pyams_content.root.SiteRoot
 pyams.application_name = pyams
 
+# Secure PyAMS authentication policy (requires HTTPS)
+pyams.authentication_policy.secure = True
+
 # PyAMS mailer
 pyams_mail.mailers = {{ cookiecutter.smtp_server_name }}.
 {{ cookiecutter.smtp_server_name }}.name = {{ cookiecutter.smtp_server_name }}
diff -r 307ef0983cfa -r 802ac7e98f1b {{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py
--- a/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py	Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py	Thu Mar 22 17:53:04 2018 +0100
@@ -22,6 +22,7 @@
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid.config import Configurator
 from pyramid.csrf import CookieCSRFStoragePolicy
+from pyramid.settings import asbool
 
 
 def main(global_config, **settings):
@@ -35,8 +36,7 @@
 
     authn_policy = PyAMSAuthenticationPolicy(secret='PyAMS 0.1.0',
                                              http_only=True,
-                                             secure=True,  # remove in development environment
-                                                           # if you don't use HTTPS
+                                             secure=asbool(settings.get('pyams.authentication_policy.secure', True)),
                                              credentials=('http',))
     config.set_authentication_policy(authn_policy)
     config.set_authorization_policy(ACLAuthorizationPolicy())