Added 'pyams.authentication_policy.secure' configuration setting to enable secure (HTTPS) authentication
--- a/{{cookiecutter.project_slug}}/etc/development.ini Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/etc/development.ini Thu Mar 22 19:07:57 2018 +0100
@@ -113,6 +113,9 @@
pyams.application_factory = pyams_content.root.SiteRoot
pyams.application_name = pyams
+# Secure PyAMS authentication policy (requires HTTPS)
+pyams.authentication_policy.secure = False
+
# PyAMS mailer
pyams_mail.mailers = {{ cookiecutter.smtp_server_name }}.
{{ cookiecutter.smtp_server_name }}.name = {{ cookiecutter.smtp_server_name }}
--- a/{{cookiecutter.project_slug}}/etc/production.ini Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/etc/production.ini Thu Mar 22 19:07:57 2018 +0100
@@ -108,6 +108,9 @@
pyams.application_factory = pyams_content.root.SiteRoot
pyams.application_name = pyams
+# Secure PyAMS authentication policy (requires HTTPS)
+pyams.authentication_policy.secure = True
+
# PyAMS mailer
pyams_mail.mailers = {{ cookiecutter.smtp_server_name }}.
{{ cookiecutter.smtp_server_name }}.name = {{ cookiecutter.smtp_server_name }}
--- a/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py Thu Mar 22 15:46:33 2018 +0100
+++ b/{{cookiecutter.project_slug}}/{{cookiecutter.webapp_name}}/__init__.py Thu Mar 22 19:07:57 2018 +0100
@@ -22,6 +22,7 @@
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from pyramid.csrf import CookieCSRFStoragePolicy
+from pyramid.settings import asbool
def main(global_config, **settings):
@@ -35,8 +36,7 @@
authn_policy = PyAMSAuthenticationPolicy(secret='PyAMS 0.1.0',
http_only=True,
- secure=True, # remove in development environment
- # if you don't use HTTPS
+ secure=asbool(settings.get('pyams.authentication_policy.secure', True)),
credentials=('http',))
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(ACLAuthorizationPolicy())