1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
|
Metadata-Version: 2.1
Name: pyramid
Version: 2.0
Summary: The Pyramid Web Framework, a Pylons project
Home-page: https://trypyramid.com
Author: Chris McDonough, Agendaless Consulting
Author-email: pylons-discuss@googlegroups.com
License: BSD-derived (Repoze)
Project-URL: Documentation, https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch/
Project-URL: Changelog, https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch/whatsnew-2.0.html
Project-URL: Issue Tracker, https://github.com/Pylons/pyramid/issues
Description: Pyramid
=======
.. image:: https://github.com/Pylons/Pyramid/workflows/Build%20and%20test/badge.svg?branch=2.0-branch
:target: https://github.com/Pylons/Pyramid/actions?query=workflow%3A%22Build+and+test%22
:alt: 2.0-branch Travis CI Status
.. image:: https://readthedocs.org/projects/pyramid/badge/?version=2.0-branch
:target: https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch
:alt: 2.0-branch Documentation Status
.. image:: https://img.shields.io/badge/irc-freenode-blue.svg
:target: https://webchat.freenode.net/?channels=pyramid
:alt: IRC Freenode
`Pyramid <https://trypyramid.com/>`_ is a small, fast, down-to-earth, open
source Python web framework. It makes real-world web application development
and deployment more fun, more predictable, and more productive.
.. code-block:: python
from wsgiref.simple_server import make_server
from pyramid.config import Configurator
from pyramid.response import Response
def hello_world(request):
return Response('Hello World!')
if __name__ == '__main__':
with Configurator() as config:
config.add_route('hello', '/')
config.add_view(hello_world, route_name='hello')
app = config.make_wsgi_app()
server = make_server('0.0.0.0', 6543, app)
server.serve_forever()
Pyramid is a project of the `Pylons Project <https://pylonsproject.org>`_.
Support and Documentation
-------------------------
See `Pyramid Support and Development
<https://docs.pylonsproject.org/projects/pyramid/en/latest/#support-and-development>`_
for documentation, reporting bugs, and getting support.
Developing and Contributing
---------------------------
See `HACKING.txt <https://github.com/Pylons/pyramid/blob/master/HACKING.txt>`_ and
`contributing.md <https://github.com/Pylons/pyramid/blob/master/contributing.md>`_
for guidelines on running tests, adding features, coding style, and updating
documentation when developing in or contributing to Pyramid.
License
-------
Pyramid is offered under the BSD-derived `Repoze Public License
<http://repoze.org/license.html>`_.
Authors
-------
Pyramid is made available by `Agendaless Consulting <https://agendaless.com>`_
and a team of `contributors
<https://github.com/Pylons/pyramid/graphs/contributors>`_.
2.0 (2021-02-28)
================
- No changes from 2.0b1.
2.0b1 (2021-02-20)
==================
- Break potential reference cycle between ``request`` and ``context``.
See https://github.com/Pylons/pyramid/pull/3649
- Remove ``update_wrapper`` from ``pyramid.decorator.reify``.
See https://github.com/Pylons/pyramid/pull/3657
2.0b0 (2020-12-15)
==================
- Overhaul tutorials and update cookiecutter to de-emphasize ``request.user``
in favor of ``request.identity`` for common use cases.
See https://github.com/Pylons/pyramid/pull/3629
- Improve documentation and patterns with builtin fixtures shipped in the
cookiecutters.
See https://github.com/Pylons/pyramid/pull/3629
2.0a0 (2020-11-29)
==================
Features
--------
- Add support for Python 3.9.
See https://github.com/Pylons/pyramid/issues/3622
- The ``aslist`` method now handles non-string objects when flattening.
See https://github.com/Pylons/pyramid/pull/3594
- It is now possible to pass multiple values to the ``header`` predicate
for route and view configuration.
See https://github.com/Pylons/pyramid/pull/3576
- Add support for Python 3.8.
See https://github.com/Pylons/pyramid/pull/3547
- New security APIs have been added to support a massive overhaul of the
authentication and authorization system. Read
"Upgrading Authentication/Authorization" in the "What's New in Pyramid 2.0"
chapter of the documentation for information about using this new system.
- ``pyramid.config.Configurator.set_security_policy``.
- ``pyramid.interfaces.ISecurityPolicy``
- ``pyramid.request.Request.identity``.
- ``pyramid.request.Request.is_authenticated``
- ``pyramid.authentication.SessionAuthenticationHelper``
- ``pyramid.authorization.ACLHelper``
- ``is_authenticated=True/False`` predicate for route and view configs
See https://github.com/Pylons/pyramid/pull/3465 and
https://github.com/Pylons/pyramid/pull/3598
- Changed the default ``serializer`` on
``pyramid.session.SignedCookieSessionFactory`` to use
``pyramid.session.JSONSerializer`` instead of
``pyramid.session.PickleSerializer``. Read
"Upgrading Session Serialization" in the "What's New in Pyramid 2.0" chapter
of the documentation for more information about why this change was made.
See https://github.com/Pylons/pyramid/pull/3413
- It is now possible to control whether a route pattern contains a trailing
slash when it is composed with a route prefix using
``config.include(..., route_prefix=...)`` or
``with config.route_prefix_context(...)``. This can be done by specifying
an empty pattern and setting the new argument
``inherit_slash=True``. For example:
.. code-block:: python
with config.route_prefix_context('/users'):
config.add_route('users', '', inherit_slash=True)
In the example, the resulting pattern will be ``/users``. Similarly, if the
route prefix were ``/users/`` then the final pattern would be ``/users/``.
If the ``pattern`` was ``'/'``, then the final pattern would always be
``/users/``. This new setting is only available if the pattern supplied
to ``add_route`` is the empty string (``''``).
See https://github.com/Pylons/pyramid/pull/3420
- No longer define ``pyramid.request.Request.json_body`` which is already
provided by WebOb. This allows the attribute to now be settable.
See https://github.com/Pylons/pyramid/pull/3447
- Improve debugging info from ``pyramid.view.view_config`` decorator.
See https://github.com/Pylons/pyramid/pull/3483
- A new parameter, ``allow_no_origin``, was added to
``pyramid.config.Configurator.set_default_csrf_options`` as well as
``pyramid.csrf.check_csrf_origin``. This option controls whether a
request is rejected if it has no ``Origin`` or ``Referer`` header -
often the result of a user configuring their browser not to send a
``Referer`` header for privacy reasons even on same-domain requests.
The default is to reject requests without a known origin. It is also
possible to allow the special ``Origin: null`` header by adding it to the
``pyramid.csrf_trusted_origins`` list in the settings.
See https://github.com/Pylons/pyramid/pull/3512
and https://github.com/Pylons/pyramid/pull/3518
- A new parameter, ``check_origin``, was added to
``pyramid.config.Configurator.set_default_csrf_options`` which disables
origin checking entirely.
See https://github.com/Pylons/pyramid/pull/3518
- Added ``pyramid.interfaces.IPredicateInfo`` which defines the object passed
to predicate factories as their second argument.
See https://github.com/Pylons/pyramid/pull/3514
- Added support for serving pre-compressed static assets by using the
``content_encodings`` argument of
``pyramid.config.Configurator.add_static_view`` and
``pyramid.static.static_view``.
See https://github.com/Pylons/pyramid/pull/3537
- Fix ``DeprecationWarning`` emitted by using the ``imp`` module.
See https://github.com/Pylons/pyramid/pull/3553
- Properties created via ``config.add_request_method(..., property=True)`` or
``request.set_property`` used to be readonly. They can now be overridden
via ``request.foo = ...`` and until the value is deleted it will return
the overridden value. This is most useful when mocking request properties
in testing.
See https://github.com/Pylons/pyramid/pull/3559
- Finished callbacks are now executed as part of the ``closer`` that is
invoked as part of ``pyramid.scripting.prepare`` and
``pyramid.paster.bootstrap``.
See https://github.com/Pylons/pyramid/pull/3561
- Added ``pyramid.request.RequestLocalCache`` which can be used to create
simple objects that are shared across requests and can be used to store
per-request data. This is useful when the source of data is external to
the request itself. Often a reified property is used on a request via
``pyramid.config.Configurator.add_request_method``, or
``pyramid.decorator.reify``, and these work great when the data is
generated on-demand when accessing the request property. However, often
the case is that the data is generated when accessing some other system
and then we want to cache the data for the duration of the request.
See https://github.com/Pylons/pyramid/pull/3561
- Exposed ``pyramid.authorization.ALL_PERMISSIONS`` and
``pyramid.authorization.DENY_ALL`` such that all of the ACL-related constants
are now importable from the ``pyramid.authorization`` namespace.
See https://github.com/Pylons/pyramid/pull/3563
- ``pserve`` now outputs verbose messaging to `stderr` instead of `stdout`
to circumvent buffering issues that exist by default on `stdout`.
See https://github.com/Pylons/pyramid/pull/3593
Deprecations
------------
- Deprecated the authentication and authorization interfaces and
principal-based support. See "Upgrading Authentication/Authorization" in
the "What's New in Pyramid 2.0" chapter of the documentation for information
on equivalent APIs and notes on upgrading. The following APIs are deprecated
as a result of this change:
- ``pyramid.config.Configurator.set_authentication_policy``
- ``pyramid.config.Configurator.set_authorization_policy``
- ``pyramid.interfaces.IAuthenticationPolicy``
- ``pyramid.interfaces.IAuthorizationPolicy``
- ``pyramid.request.Request.effective_principals``
- ``pyramid.request.Request.unauthenticated_userid``
- ``pyramid.authentication.AuthTktAuthenticationPolicy``
- ``pyramid.authentication.RemoteUserAuthenticationPolicy``
- ``pyramid.authentication.RepozeWho1AuthenticationPolicy``
- ``pyramid.authentication.SessionAuthenticationPolicy``
- ``pyramid.authentication.BasicAuthAuthenticationPolicy``
- ``pyramid.authorization.ACLAuthorizationPolicy``
- The ``effective_principals`` view and route predicates.
See https://github.com/Pylons/pyramid/pull/3465
- Deprecated ``pyramid.security.principals_allowed_by_permission``. This
method continues to work with the deprecated
``pyramid.interfaces.IAuthorizationPolicy`` interface but will not work with
the new ``pyramid.interfaces.ISecurityPolicy``.
See https://github.com/Pylons/pyramid/pull/3465
- Deprecated several ACL-related aspects of ``pyramid.security``. Equivalent
objects should now be imported from the ``pyramid.authorization`` namespace.
This includes:
- ``pyramid.security.Everyone``
- ``pyramid.security.Authenticated``
- ``pyramid.security.ALL_PERMISSIONS``
- ``pyramid.security.DENY_ALL``
- ``pyramid.security.ACLAllowed``
- ``pyramid.security.ACLDenied``
See https://github.com/Pylons/pyramid/pull/3563
- Deprecated ``pyramid.session.PickleSerializer``.
See https://github.com/pylons/pyramid/issues/2709,
and https://github.com/pylons/pyramid/pull/3353,
and https://github.com/pylons/pyramid/pull/3413
Backward Incompatibilities
--------------------------
- Drop support for Python 2.7, 3.4, and 3.5.
See https://github.com/Pylons/pyramid/pull/3421,
and https://github.com/Pylons/pyramid/pull/3547,
and https://github.com/Pylons/pyramid/pull/3634
- Removed the ``pyramid.compat`` module. Integrators should use the ``six``
module or vendor shims they are using into their own codebases going forward.
https://github.com/Pylons/pyramid/pull/3421
- ``pcreate`` and the builtin scaffolds have been removed in favor of
using the ``cookiecutter`` tool and the ``pyramid-cookiecutter-starter``
cookiecutter. The script and scaffolds were deprecated in Pyramid 1.8.
See https://github.com/Pylons/pyramid/pull/3406
- Changed the default ``hashalg`` on
``pyramid.authentication.AuthTktCookieHelper`` to ``sha512``.
See https://github.com/Pylons/pyramid/pull/3557
- Removed ``pyramid.interfaces.ITemplateRenderer``. This interface was
deprecated since Pyramid 1.5 and was an interface
used by libraries like ``pyramid_mako`` and ``pyramid_chameleon`` but
provided no functionality within Pyramid itself.
See https://github.com/Pylons/pyramid/pull/3409
- Removed ``pyramid.security.has_permission``,
``pyramid.security.authenticated_userid``,
``pyramid.security.unauthenticated_userid``, and
``pyramid.security.effective_principals``. These methods were deprecated
in Pyramid 1.5 and all have equivalents available as properties on the
request. For example, ``request.authenticated_userid``.
See https://github.com/Pylons/pyramid/pull/3410
- Removed support for supplying a media range to the ``accept`` predicate of
both ``pyramid.config.Configurator.add_view`` and
``pyramid.config.Configurator.add_route``. These options were deprecated
in Pyramid 1.10 and WebOb 1.8 because they resulted in uncontrollable
matching that was not compliant with the RFC.
See https://github.com/Pylons/pyramid/pull/3411
- Removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. This
session factory was replaced with
``pyramid.session.SignedCookieSessionFactory`` in Pyramid 1.5 and has been
deprecated since then.
See https://github.com/Pylons/pyramid/pull/3412
- Removed ``pyramid.session.signed_serialize``, and
``pyramid.session.signed_deserialize``. These methods were only used by
the now-removed ``pyramid.session.UnencryptedCookieSessionFactoryConfig``
and were coupled to the vulnerable pickle serialization format which could
lead to remove code execution if the secret key is compromised.
See https://github.com/Pylons/pyramid/pull/3412
- Changed the default ``serializer`` on
``pyramid.session.SignedCookieSessionFactory`` to use
``pyramid.session.JSONSerializer`` instead of
``pyramid.session.PickleSerializer``. Read "Upgrading Session Serialization"
in the "What's New in Pyramid 2.0" chapter of the documentation for more
information about why this change was made.
See https://github.com/Pylons/pyramid/pull/3413
- ``pyramid.request.Request.invoke_exception_view`` will no longer be called
by the default execution policy.
See https://github.com/Pylons/pyramid/pull/3496
- ``pyramid.config.Configurator.scan`` will no longer, by default, execute
Venusian decorator callbacks registered for categories other than
``'pyramid'``. To find any decorator regardless of category, specify
``config.scan(..., categories=None)``.
See https://github.com/Pylons/pyramid/pull/3510
- The second argument to predicate factories has been changed from ``config``
to ``info``, an instance of ``pyramid.interfaces.IPredicateInfo``. This
limits the data available to predicates but still provides the package,
registry, settings and dotted-name resolver which should cover most use
cases and is largely backward compatible.
See https://github.com/Pylons/pyramid/pull/3514
- Removed the ``check_csrf`` predicate. Instead, use
``pyramid.config.Configurator.set_default_csrf_options`` and the
``require_csrf`` view option to enable automatic CSRF checking.
See https://github.com/Pylons/pyramid/pull/3521
- Update the default behavior of
``pyramid.authenticationAuthTktAuthenticationPolicy`` and
``pyramid.authentication.AuthTktCookieHelper`` to only set a single cookie
without a domain parameter when no other domain constraints are specified.
Prior to this change, ``wild_domain=False`` (the default) was effectively
treated the same as ``wild_domain=True``, in which a cookie was defined
such that browsers would use it both for the request's domain, as well as
any subdomain. In the new behavior, cookies will only affect the current
domain, and not subdomains, by default.
See https://github.com/Pylons/pyramid/pull/3587
Documentation Changes
---------------------
- Restore build of PDF on Read The Docs.
See https://github.com/Pylons/pyramid/issues/3290
- Fix docs build for Sphinx 2.0.
See https://github.com/Pylons/pyramid/pull/3480
- Significant updates to the wiki, wiki2 tutorials to demonstrate the new
security policy usage as well as a much more production-ready test harness.
See https://github.com/Pylons/pyramid/pull/3557
Keywords: web,wsgi,pylons,pyramid
Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Framework :: Pyramid
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI
Classifier: License :: Repoze Public License
Requires-Python: >=3.6
Provides-Extra: testing
Provides-Extra: docs
|
