Problem with authentication in Pyramid (remember + authenticated_userid)

I can't get Pyramid's basic authentication mechanism to work for me. Am I doing it wrong?

To debug, I ran this block of code inside one of my views:

print '$$$1', pyramid.security.remember(request, 12)
print '$$$2', pyramid.security.unauthenticated_userid(request)
print '$$$3', pyramid.security.authenticated_userid(request)

Here is the output I got:

$$$1 [('Set-Cookie', 'auth_tkt="45a66a6e860356b991cc8fc8acf9bf7f4d8b3d2212!userid_type:int"; Path=/'), ('Set-Cookie', 'auth_tkt="45a66a6e860356b991cc8fc8acf9bf7f4d8b3d2212!userid_type:int"; Path=/; Domain=127.0.0.1:6543'), ('Set-Cookie', 'auth_tkt="45a66a6e860356b991cc8fc8acf9bf7f4d8b3d2212!userid_type:int"; Path=/; Domain=.127.0.0.1:6543')]

$$$2 None

$$$3 None

I do have request.session working for me, so I'm guessing the problem isn't with the cookies.

Here's the code I use in my __init__ to config Pyramid:

authn_policy = AuthTktAuthentica开发者_运维百科tionPolicy( 'secret', callback=lambda x:[])
engine = engine_from_config(settings, 'sqlalchemy.')
initialize_sql(engine)
my_session_factory = UnencryptedCookieSessionFactoryConfig('anothersecret')
config = Configurator(settings=settings, session_factory=my_session_factory,
                      authentication_policy=authn_policy,
        )

Please help!

"remember" just returns headers. You need to set these headers into the response. See also this section of Adding Authorization docs, particularly the code sample directly below in line 21 & 22.

You are probably making the same mistake I was in reading the tutorial as stating that group_finder /only/ returns additional groups. This is not the case as referenced here: http://plope.com/pyramid_auth_design_api_postmortem .

If you use the callback function it must only return None when the user is invalid. The tutorial's example will return none for any user that isn't in the enumerated users (even if you are authenticating the user via some other mechanism). In my own code I explicitly return an empty list ( [] ) for the case of a user not yet being in a remembered list/group. This way I have three types of access levels: Public, Authenticated, Group Based Permissions.

In addition to the tutorial's example there is also this set of cookbook entries: http://docs.pylonsproject.org/projects/pyramid_cookbook/dev/authentication.html