v2.5 & v3.0 breaks Pyramid's SQLAlchemy + URL dispatch wiki tutorial

[viniciusban]

The SQLAlchemy + URL dispatch wiki tutorial - Adding authentication step breaks with versions 2.5 and 3.0 of pyramid_debugtoolbar.

Steps to reproduce the error:

1. Get this source code, from the official tutorial: https://github.com/Pylons/pyramid/tree/1.7-branch/docs/tutorials/wiki2/src/authentication
2. Create a virtualenv and activate it.
3. Follow instructions in README.txt
4. Go to http://localhost:6543/login
5. Fill in the form with "editor" in user and password fields.
6. Click the submit button.

The browser should show you the error message.

The same application using pyramid_debugtoolbar==2.4.2 works fine.

[mmerickel]

Okay so this issue is a result of #241 which is touching a bunch of properties of the request, including properties that are controlled by the transaction manager which has been already committed / cleaned up at this point. This specific issue is a result of touching authenticated_userid.

We may need to issue a temporary fix for this by limiting what the toolbar looks at in the request. The real approach can only be done later when Pylons/pyramid_tm#40 has been solved. After that we can put the toolbar under the transaction manager and it can touch whatever it wants.

[jvanasco]

That #241 looks wrong. I recall dropping the tuple format for a list, at your request. I need to look in my repo.

[mmerickel]

I'm currently trying to decide how I want to rollback or fix this change. One option is to the property access lazy like I did with the session such that it's only populated if requested / used by the user. I think this is the best approach, albeit most annoying to implement.

[jvanasco]

I had subconsciously assumed these attributes would always be present. Could this simply be handled by testing for presence first?

On May 19, 2016, at 10:58 AM, Michael Merickel [email protected] wrote:

I'm currently trying to decide how I want to rollback or fix this change. One option is to the property access lazy like I did with the session such that it's only populated if requested / used by the user. I think this is the best approach, albeit most annoying to implement.

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub

[mmerickel]

No, these are not attributes but rather computed properties. If you are not familiar with the current issues with pyramid_tm I referenced above, you should try to understand those first.

[mmerickel]

Interestingly this bug only manifests itself on python 3x due to some inconsistencies in how hasattr works. On py27 I noticed that the hasattr(request, 'authenticated_userid') is actually squashing the DetachedInstanceError whereas py35 is letting the error through.

[digitalresistor]

I only deploy and build on the latest greatest. That's why I run Pyramid 1.7 and Python 3.5 :P