Using pyramid authentication with pyramid

Question

In the pyramid documentation, the Sqlalchemy Dispatch Tutorial uses dummy data in security.py. I needed to use mysql data so I implemented it like this:

Answer 1

You have the idea right.

Your groupfinder is broken right now. Notice you have a for-loop with a return statement inside. The groupfinder should return at least an empty list [] if the user is valid. Only return None if the user is invalid.

Also an md5 of the password is pretty crappy these days. Look at the cryptacular or passlib libraries for performing a cryptographic hash instead via bcrypt.