RedHatTraining/repoze.who.git

middleware: Avoid passing extracted 'identity' to 'remember' during egress.

Tres Seaver

2016-05-31 455778d138ea623d224c9206e5001fd2a1fd7e1c

commit \| author \| age
7141c7	1	repoze.who Changelog
TS	2	====================
aa8755	3
c46a74	4	2.3 (unreleased)
TS	5	----------------
	6
90fd1c	7	- Add support for Python 3.4, Python 3.5, and PyPy3.
c46a74	8
TS	9	- Drop support for Python 2.6 and 3.2.
4f3525	10
455778	11	- ``middleware``: avoid passing extracted ``identity`` to ``remember``
TS	12	during egress (the app may have called ``api.forget()``). See #21.
	13
41468f	14	- ``_auth_tkt`` / ``plugins.auth_tkt``: add support for any hash algorithm
TS	15	supported by the ``hashlib`` module in Python's standard library.
	16	Fixes #22 via #23.
	17
0a07fc	18	- ``plugins.auth_tkt``: Fix storage of "userdata" to save dict. Fixes
41468f	19	#14 via #18.
7b0a91	20
19d219	21	- middleware: avoid UnboundLocalError when wrapped generater yields no
TS	22	items. See: http://bugs.repoze.org/issue184
	23
4f3525	24	- Make cookie expiration date RFC-2616 compliant (independent of locale,
41468f	25	including 'GMT' zone). See #11.
4f3525	26
9cd0f8	27	2.2 (2013-05-17)
a4b584	28	----------------
TS	29
1d7c19	30	- Parse INI-file configuration using ``SafeConfigParser``: allows
TS	31	escaping the ``'%'`` so that e.g. a query template using for a DB-API
	32	connection using ``pyformat`` preserves the template.
	33
a4b584	34	- Added support for Python 3.3, PyPy.
TS	35
d96616	36
717490	37	2.1 (2013-03-20)
c72bfe	38	----------------
TS	39
5ecc71	40	- ``_compat`` module: tolerate missing ``CONTENT_TYPE`` key in the WSGI
TS	41	environment. Thanks to Dag Hoidal for the patch.
	42
d96616	43	- ``htpasswd`` plugin: add a ``sha1_check`` checker function (the ``crypt``
TS	44	module is not available on Windows). Thanks to Chandrashekar Jayaraman
	45	for the patch.
	46
c72bfe	47	- Documentation typo fixes from Carlos de la Guardia and Atsushi Odagiri.
TS	48
0cfb1a	49
TS	50	2.1b1 (2012-11-05)
	51	------------------
d9f6f4	52
TS	53	- Ported to Py3k using the "compatible subset" mode.
	54	- Dropped support for Python < 2.6.x.
	55	- Dropped dependency on Paste (forking some code from it).
	56	- Added dependency on WebOb instead.
	57	Thanks to Atsushi Odagiri (aodag) for the initial effort.
	58
	59
d03c94	60	2.0 (2011-09-28)
493726	61	----------------
TS	62
7f9907	63	- ``auth_tkt`` plugin: strip any port number from the 'Domain' of generated
TS	64	cookies. http://bugs.repoze.org/issue66
	65
493726	66	- Further harden middleware, calling ``close()`` on the iterable even if
TS	67	raising an exception for a missing challenger.
	68	http://bugs.repoze.org/issue174
	69
	70
1b2443	71	2.0b1 (2011-05-24)
TS	72	------------------
f8ef81	73
d6b53f	74	- Enabled standard use of logging module's configuration mechanism.
TS	75	See http://docs.python.org/dev/howto/logging.html#configuring-logging-for-a-library
	76	Thanks to jgoldsmith for the patch: http://bugs.repoze.org/issue178
	77
	78
f8ef81	79	- ``repoze.who.plugins.htpasswd``: defend against timing-based attacks.
TS	80
	81
2b9b1f	82	2.0a4 (2011-02-02)
TS	83	------------------
9a8e60	84
b01f44	85	- Ensure that the middleware calls ``close()`` (if it exists) on the
TS	86	iterable returned from thw wrapped application, as required by PEP 333.
	87	http://bugs.repoze.org/issue174
	88
03fba8	89	- Make ``make_api_factory_with_config`` tolerant of invalid filenames /
TS	90	content for the config file: in such cases, the API factory will have
	91	no configured plugins or policies: it will only be useful for retrieving
	92	the API from an environment populated by middleware.
	93
c61031	94	- Fix bug in ``repoze.who.api`` where the ``remember()`` or ``forget()``
TS	95	methods could return a None if the identifier plugin returned a None.
cfe26c	96
c61031	97	- Fix ``auth_tkt`` plugin to not hand over tokens as strings to paste. See
fc9a88	98	http://lists.repoze.org/pipermail/repoze-dev/2010-November/003680.html
BS	99
c61031	100	- Fix ``auth_tkt`` plugin to add "secure" and "HttpOnly" to cookies when
TS	101	configured with ``secure=True``: these attributes prevent the browser from
	102	sending cookies over insecure channels, which could be vulnerable to some
3b5782	103	XSS attacks.
d7e647	104
15e365	105	- Avoid propagating unicode 'max_age' value into cookie headers. See
TS	106	https://bugs.launchpad.net/bugs/674123 .
	107
e8080a	108	- Added a single-file example BFG application demonstrating the use of
TS	109	the new 'login' and 'logout' methods of the API object.
	110
924f24	111	- Add ``login`` and ``logout`` methods to the ``repoze.who.api.API`` object,
TS	112	as a convenience for application-driven login / logout code, which would
95f147	113	otherwise need to use private methods of the API, and reach down into
TS	114	its plugins.
f8ef81	115
9a8e60	116
2c742e	117	2.0a3 (2010-09-30)
eb7071	118	------------------
f80021	119
a446d6	120	- Deprecated the following plugins, moving their modules, tests, and docs
ff604c	121	to a new project, ``repoze.who.deprecatedplugins``:
a446d6	122
TS	123	- ``repoze.who.plugins.cookie.InsecureCookiePlugin``
	124
630a05	125	- ``repoze.who.plugins.form.FormPlugin``
a446d6	126
630a05	127	- ``repoze.who.plugins.form.RedirectingFormPlugin``
a446d6	128
TS	129	- Made the ``repoze.who.plugins.cookie.InsecureCookiePlugin`` take a
76e951	130	``charset`` argument, and use to to encode / decode login and password.
TS	131	See http://bugs.repoze.org/issue155
	132
a446d6	133	- Updated ``repoze.who.restrict`` to return headers as a list, to keep
TS	134	``wsgiref`` from complaining.
5b6365	135
a446d6	136	- Helped default request classifier cope with xml submissions with an
6b7b34	137	explicit charset defined: http://bugs.repoze.org/issue145 (Lorenzo
CM	138	M. Catucci)
	139
a446d6	140	- Corrected the handling of type and subtype when matching an XML post
6b7b34	141	to ``xmlpost`` in the default classifier, which, according to RFC
CM	142	2045, must be matched case-insensitively:
	143	http://bugs.repoze.org/issue145 (Lorenzo M. Catucci)
	144
a349a2	145	- Added ``repoze.who.config:make_api_factory_with_config``, a convenience
TS	146	method for applications which want to set up their own API Factory from
	147	a configuration file.
	148
f80021	149	- Fixed example call to ``repoze.who.config:make_middleware_with_config``
TS	150	(added missing ``global_config`` argument). See
	151	http://bugs.repoze.org/issue114
	152
f8ef81	153
c186ae	154	2.0a2 (2010-03-25)
TS	155	------------------
52bc23	156
TS	157	Bugs Fixed
	158	~~~~~~~~~~
	159
	160	- Fixed failure to pass substution values in log message string formatting
	161	for ``repoze.who.api:API.challenge``. Fix included adding tests for all
	162	logging done by the API object. See http://bugs.repoze.org/issue122
	163
	164	Backward Incompatibilities
	165	~~~~~~~~~~~~~~~~~~~~~~~~~~
	166
	167	- Adjusted logging level for some lower-level details from ``info``
	168	to ``debug``.
f8ef81	169
52bc23	170
TS	171
e25b84	172	2.0a1 (2010-02-24)
993216	173	------------------
TS	174
b4b8ee	175	Features
TS	176	~~~~~~~~
62cd25	177
c9c1c6	178	- Restored the ability to create the middleware using the old ``classifier``
TS	179	argument. That argument is now a deprecated-but-will-work-forever alias for
	180	``request_classifier``.
cbc983	181
b0f81f	182	- The ``auth_tkt`` plugin now implements the ``IAuthenticator`` interface,
TS	183	and should normally be used both as an ``IIdentifier`` and an
	184	``IAuthenticator``.
	185
993216	186	- Factored out the API of the middleware object to make it useful from
TS	187	within the application. Applications using ``repoze.who``` now fall into
	188	one of three catgeories:
	189
	190	- "middleware-only" applications are configured with middleware, and
	191	use either ``REMOTE_USER`` or ``repoze.who.identity`` from the environment
	192	to determing the authenticated user.
	193
	194	- "bare metal" applications use no ``repoze.who`` middleware at all:
	195	instead, they configure and an ``APIFactory`` object at startup, and
	196	use it to create an ``API`` object when needed on a per-request basis.
	197
	198	- "hybrid" applications are configured with ``repoze.who`` middleware,
	199	but use a new library function to fetch the ``API`` object from the
c9c1c6	200	environ, e.g. to permit calling ``remember`` after a signup or successful
TS	201	login.
993216	202
b4b8ee	203	Bugs Fixed
TS	204	~~~~~~~~~~
	205
	206	- Fix http://bugs.repoze.org/issue102: when no challengers existed,
	207	logging would cause an exception.
	208
	209	- Remove ``ez_setup.py`` and dependency on it in setup.py (support
	210	distribute).
	211
	212	Backward Incompatibilities
	213	~~~~~~~~~~~~~~~~~~~~~~~~~~
	214
b213af	215	- The middleware used to allow identifier plugins to "pre-authenticate"
TS	216	an identity. This feature is no longer supported: the ``auth_tkt``
	217	plugin, which used to use the feature, is now configured to work as
c9c1c6	218	an authenticator plugin (as well as an identifier).
b213af	219
b4b8ee	220	- The ``repoze.who.middleware:PluggableAuthenticationMiddleware`` class
TS	221	no longer has the following (non-API) methods (now made API methods
	222	of the ``repoze.who.api:API`` class):
	223
	224	- ``add_metadata``
	225	- ``authenticate``
	226	- ``challenge``
	227	- ``identify``
	228
	229	- The following (non-API) functions moved from ``repoze.who.middleware`` to
	230	``repoze.who.api``:
	231
	232	- ``make_registries``
	233	- ``match_classification``
	234	- ``verify``
	235
	236
f8ef81	237
060054	238	1.0.18 (2009-11-05)
TS	239	-------------------
798feb	240
TS	241	- Issue #104: AuthTkt plugin was passing an invalid cookie value in
	242	headers from ``forget``, and was not setting the ``Max-Age`` and
	243	``Expires`` attributes of those cookies.
	244
b4b8ee	245
f8ef81	246
6e136f	247	1.0.17 (2009-11-05)
TS	248	-------------------
e0d138	249
TS	250	- Fixed the ``repoze.who.plugins.form.make_plugin`` factory's ``formcallable``
	251	argument handling, to allow passing in a dotted name (e.g., from a config
	252	file).
	253
b4b8ee	254
f8ef81	255
6b15ee	256	1.0.16 (2009-11-04)
028e4d	257	-------------------
1ec83d	258
8dd881	259	- Exposed ``formcallable`` argument for ``repoze.who.plugins.form.FormPlugin``
TS	260	to the callers of the ``repoze.who.plugins.form.make_plugin`` factory.
	261	Thanks to Roland Hedburg for the report.
21a9c5	262
8dd881	263	- Fixed an issue that caused the following symptom when using the
TS	264	ini configuration parser::
	265
	266	TypeError: _makePlugin() got multiple values for keyword argument 'name'
21a9c5	267
CM	268	See http://bugs.repoze.org/issue92 for more details. Thanks to vaab
	269	for the bug report and initial fix.
	270
1ec83d	271
7141c7	272	1.0.15 (2009-06-25)
TS	273	-------------------
299b4c	274
a14163	275	- If the form post value ``max_age`` exists while in the ``identify``
CM	276	method is handling the ``login_handler_path``, pass the max_age
	277	value in the returned identity dictionary as ``max_age``. See the
	278	below bullet point for why.
	279
299b4c	280	- If the ``identity`` dict passed to the ``auth_tkt`` ``remember``
CM	281	method contains a ``max_age`` key with a string (or integer) value,
	282	treat it as a cue to set the ``Max-Age`` and ``Expires`` headers in
	283	the returned cookies. The cookie ``Max-Age`` is set to the value
	284	and the ``Expires`` is computed from the current time.
	285
7141c7	286
TS	287	1.0.14 (2009-06-17)
	288	-------------------
9318dd	289
1810b2	290	- Fix test breakage on Windows. See http://bugs.repoze.org/issue79 .
TS	291
00a6d9	292	- Documented issue with using ``include_ip`` setting in the ``auth_tkt``
TS	293	plugin. See http://bugs.repoze.org/issue81 .
	294
0dd808	295	- Added 'passthrough_challenge_decider', which avoids re-challenging 401
TS	296	responses which have been "pre-challenged" by the application.
	297
9318dd	298	- One-hundred percent unit test coverage.
TS	299
a6f6dc	300	- Add ``timeout`` and ``reissue_time`` arguments to the auth_tkt
CM	301	identifier plugin, courtesty of Paul Johnston.
	302
	303	- Add a ``userid_checker`` argument to the auth_tkt identifier plugin,
	304	courtesty of Gustavo Narea.
	305
	306	If ``userid_checker`` is provided, it must be a dotted Python name
	307	that resolves to a function which accepts a userid and returns a
	308	boolean True or False, indicating whether that user exists in a
	309	database. This is a workaround. Due to a design bug in repoze.who,
	310	the only way who can check for user existence is to use one or more
	311	IAuthenticator plugin ``authenticate`` methods. If an
	312	IAuthenticator's ``authenticate`` method returns true, it means that
	313	the user exists. However most IAuthenticator plugins expect both
	314	a username and a password, and will return False unconditionally if
	315	both aren't supplied. This means that an authenticator can't be
	316	used to check if the user "only" exists. The identity provided by
	317	an auth_tkt does not contain a password to check against. The
	318	actual design bug in repoze.who is this: when a user presents
	319	credentials from an auth_tkt, he is considered "preauthenticated".
	320	IAuthenticator.authenticate is just never called for a
	321	"preauthenticated" identity, which works fine, but it means that the
	322	user will be considered authenticated even if you deleted the user's
	323	record from whatever database you happen to be using. However, if
	324	you use a userid_checker, you can ensure that a user exists for the
	325	auth_tkt supplied userid. If the userid_checker returns False, the
	326	auth_tkt credentials are considered "no good".
	327
7141c7	328
TS	329	1.0.13 (2009-04-24)
	330	-------------------
64ba13	331
TS	332	- Added a paragraph to ``IAuthenticator`` docstring, documenting that plugins
	333	are allowed to add keys to the ``identity`` dictionary (e.g., to save a
ced7bd	334	second database query in an ``IMetadataProvider`` plugin).
64ba13	335
08b2ae	336	- Patch supplied for issue #71 (http://bugs.repoze.org/issue71)
CM	337	whereby a downstream app can return a generator, relying on an
	338	upstream component to call start_response. We do this because the
	339	challenge decider needs the status and headers to decide what to do.
	340
56d0c5	341
7141c7	342	1.0.12 (2009-04-19)
TS	343	-------------------
56d0c5	344	- auth_tkt plugin tried to append REMOTE_USER_TOKENS data to
CM	345	existing tokens data returned by auth_tkt.parse_tkt; this was
	346	incorrect; just overwrite.
0ee58d	347
TS	348	- Extended auth_tkt plugin factory to allow passing secret in a separate
	349	file from the main config file. See http://bugs.repoze.org/issue40 .
	350
7141c7	351
TS	352	1.0.11 (2009-04-10)
	353	-------------------
afbbcd	354
8c20ba	355	- Fix auth_tkt plugin; cookie values are now quoted, making it possible
CM	356	to put spaces and other whitespace, etc in usernames. (thanks to Michael
95736b	357	Pedersen).
8c20ba	358
afbbcd	359	- Fix corner case issue of an exception raised when attempting to log
CM	360	when there are no identifiers or authenticators.
	361
7141c7	362
TS	363	1.0.10 (2009-01-23)
	364	-------------------
7b931d	365
CM	366	- The RedirectingFormPlugin now passes along SetCookie headers set
	367	into the response by the application within the NotFound response
	368	(fixes TG2 "flash" issue).
	369
7141c7	370
TS	371	1.0.9 (2008-12-18)
	372	------------------
30ab69	373
9238cd	374	- The RedirectingFormPlugin now attempts to find a header named
CM	375	``X-Authentication-Failure-Reason`` among the response headers set
	376	by the application when a challenge is issued. If a value for this
	377	header exists (and is non-blank), the value is attached to the
	378	redirect URL's query string as the ``reason`` parameter (or a
	379	user-settable key). This makes it possible for downstream
	380	applications to issue a response that initiates a challenge with
	381	this header and subsequently display the reason in the login form
	382	rendered as a result of the challenge.
30ab69	383
7141c7	384
TS	385	1.0.8 (2008-12-13)
	386	------------------
186ff6	387
9238cd	388	- The ``PluggableAuthenticationMiddleware`` constructor accepts a
CM	389	``log_stream`` argument, which is typically a file. After this
	390	release, it can also be a PEP 333 ``Logger`` instance; if it is a
	391	PEP 333 ``Logger`` instance, this logger will be used as the
	392	repoze.who logger (instead of one being constructed by the
	393	middleware, as was previously always the case). When the
	394	``log_stream`` argument is a PEP 333 Logger object, the
	395	``log_level`` argument is ignored.
186ff6	396
7141c7	397
TS	398	1.0.7 (2008-08-28)
	399	------------------
37de44	400
9238cd	401	- ``repoze.who`` and ``repoze.who.plugins`` were not added to the
CM	402	``namespace_packages`` list in setup.py, potentially making 1.0.6 a
	403	brownbag release, given that making these packages namespace
	404	packages was the only reason for its release.
37de44	405
7141c7	406
TS	407	1.0.6 (2008-08-28)
	408	------------------
facdf8	409
9238cd	410	- Make repoze.who and repoze.who.plugins into namespace packages
CM	411	mainly so we can allow plugin authors to distribute packages in the
	412	repoze.who.plugins namespace.
facdf8	413
7141c7	414
TS	415	1.0.5 (2008-08-23)
	416	------------------
519300	417
9238cd	418	- Fix auth_tkt plugin to set the same cookies in its ``remember``
CM	419	method that it does in its ``forget`` method. Previously, logging
	420	out and relogging back in to a site that used auth_tkt identifier
	421	plugin was slightly dicey and would only work sometimes.
facdf8	422
9238cd	423	- The FormPlugin plugin has grown a redirect-on-unauthorized feature.
CM	424	Any response from a downstream application that causes a challenge
	425	and includes a Location header will cause a redirect to the value of
	426	the Location header.
dee08c	427
7141c7	428
TS	429	1.0.4 (2008-08-22)
	430	------------------
b95a59	431
9238cd	432	- Added a key to the '[general]' config section: ``remote_user_key``.
CM	433	If you use this key in the config file, it tells who to 1) not
	434	perform any authentication if it exists in the environment during
	435	ingress and 2) to set the key in the environment for the downstream
	436	app to use as the REMOTE_USER variable. The default is
	437	``REMOTE_USER``.
b95a59	438
9238cd	439	- Using unicode user ids in combination with the auth_tkt plugin would
CM	440	cause problems under mod_wsgi.
55dc7a	441
9238cd	442	- Allowed 'cookie_path' argument to InsecureCookiePlugin (and config
CM	443	constructor). Thanks to Gustavo Narea.
55dc7a	444
7141c7	445
TS	446	1.0.3 (2008-08-16)
	447	------------------
f693fe	448
9238cd	449	- A bug in the middleware's ``authenticate`` method made it impossible
CM	450	to authenticate a user with a userid that was null (e.g. 0, False),
	451	which are valid identifiers. The only invalid userid is now None.
c7e12d	452
9238cd	453	- Applied patch from Olaf Conradi which logs an error when an invalid
CM	454	filename is passed to the HTPasswdPlugin.
c7e12d	455
7141c7	456
TS	457	1.0.2 (2008-06-16)
	458	------------------
cad90d	459
9238cd	460	- Fix bug found by Chris Perkins: the auth_tkt plugin's "remember"
CM	461	method didn't handle userids which are Python "long" instances
	462	properly. Symptom: TypeError: cannot concatenate 'str' and 'long'
	463	objects in "paste.auth.auth_tkt".
a2c030	464
9238cd	465	- Added predicate-based "restriction" middleware support
CM	466	(repoze.who.restrict), allowing configuratio-driven authorization as
	467	a WSGI filter. One example predicate, 'authenticated_predicate', is
	468	supplied, which requires that the user be authenticated either via
	469	'REMOTE_USER' or via 'repoze.who.identity'. To use the filter to
	470	restrict access::
cad90d	471
TS	472	[filter:authenticated_only]
	473	use = egg:repoze.who#authenticated
	474
	475	or::
	476
	477	[filter:some_predicate]
	478	use = egg:repoze.who#predicate
	479	predicate = my.module:some_predicate
	480	some_option = a value
	481
7141c7	482
TS	483	1.0.1 (2008-05-24)
	484	------------------
8199a1	485
9238cd	486	- Remove dependency-link to dist.repoze.org to prevent easy_install
CM	487	from inserting that path into its search paths (the dependencies are
	488	available from PyPI).
8199a1	489
7141c7	490
TS	491	1.0 (2008-05-04)
	492	-----------------
419946	493
9238cd	494	- The plugin at plugins.form.FormPlugin didn't redirect properly after
CM	495	collecting identification information. Symptom: a downstream app
	496	would receive a POST request with a blank body, which would
	497	sometimes result in a Bad Request error.
f39349	498
9238cd	499	- Fixed interface declarations of
CM	500	'classifiers.default_request_classifier' and
	501	'classifiers.default_password_compare'.
515c69	502
9238cd	503	- Added actual config-driven middleware factory,
CM	504	'config.make_middleware_with_config'
515c69	505
9238cd	506	- Removed fossilized 'who_conf' argument from plugin factory functions.
515c69	507
7141c7	508	- Added ConfigParser-based WhoConfig, implementing the spec outlined at
9238cd	509	http://www.plope.com/static/misc/sphinxtest/intro.html#middleware-configuration-via-config-file,
CM	510	with the following changes:
419946	511
7141c7	512	- "Bare" plugins (requiring no configuration options) may be specified
419946	513	as either egg entry points (e.g., 'egg:distname#entry_point_name') or
TS	514	as dotted-path-with-colon (e.g., 'dotted.name:object_id').
	515
7141c7	516	- Therefore, the separator between a plugin and its classifier is now
TS	517	a semicolon, rather than a colon. E.g.::
419946	518
TS	519	[plugins:id_plugin]
	520	use = egg:another.package#identify_with_frobnatz
	521	frobnatz = baz
	522
	523	[identifiers]
	524	plugins =
	525	egg:my.egg#identify;browser
	526	dotted.name:identifier
	527	id_plugin
	528
7141c7	529
779caf	530	0.9.1 (2008-04-27)
7141c7	531	------------------
779caf	532
9238cd	533	- Fix auth_tkt plugin to be able to encode and decode integer user
CM	534	ids.
779caf	535
7141c7	536
88e646	537	0.9 (2008-04-01)
7141c7	538	----------------
88e646	539
9238cd	540	- Fix bug introduced in FormPlugin in 0.8 release (rememberer headers
CM	541	not set).
88e646	542
9238cd	543	- Add PATH_INFO to started and ended log info.
d9f046	544
9238cd	545	- Add a SQLMetadataProviderPlugin (in plugins/sql).
d9f046	546
9238cd	547	- Change constructor of SQLAuthenticatorPlugin: it now accepts only
CM	548	"query", "conn_factory", and "compare_fn". The old constructor
	549	accepted a DSN, but some database systems don't use DBAPI DSNs. The
	550	new constructor accepts no DSN; the conn_factory is assumed to do
	551	all the work to make a connection, including knowing the DSN if one
	552	is required. The "conn_factory" should return something that, when
	553	called with no arguments, returns a database connection.
d9f046	554
9238cd	555	- The "make_plugin" helper in plugins/sql has been renamed
CM	556	"make_authenticator_plugin". When called, this helper will return a
	557	SQLAuthenticatorPlugin. A bit of helper logic in the
	558	"make_authenticator_plugin" allows a connection factory to be
	559	computed. The top-level callable referred to by conn_factory in
	560	this helper should return a function that, when called with no
	561	arguments, returns a datbase connection. The top-level callable
	562	itself is called with "who_conf" (global who configuration) and any
	563	number of non-top-level keyword arguments as they are passed into
	564	the helper, to allow for a DSN or URL or whatever to be passed in.
d9f046	565
9238cd	566	- A "make_metatata_plugin" helper has been added to plugins/sql. When
CM	567	called, this will make a SQLMetadataProviderPlugin. See the
	568	implementation for details. It is similar to the
	569	"make_authenticator_plugin" helper.
d9f046	570
7141c7	571
cbe4e3	572	0.8 (2008-03-27)
7141c7	573	----------------
b5a331	574
9238cd	575	- Add a RedirectingFormIdentifier plugin. This plugin is willing to
CM	576	redirect to an external (or downstream application) login form to
	577	perform identification. The external login form must post to the
	578	"login_handler_path" of the plugin (optimally with a "came_from"
	579	value to tell the plugin where to redirect the response to if the
	580	authentication works properly). The "logout_handler_path" of this
	581	plugin can be visited to perform a logout. The "came_from" value
	582	also works there.
a400b0	583
9238cd	584	- Identifier plugins are now permitted to set a key in the environment
CM	585	named 'repoze.who.application' on ingress (in 'identify'). If an
	586	identifier plugin does so, this application is used instead of the
	587	"normal" downstream application. This feature was added to more
	588	simply support the redirecting form identifier plugin.
a400b0	589
7141c7	590
a400b0	591	0.7 (2008-03-26)
7141c7	592	----------------
a400b0	593
9238cd	594	- Change the IMetadataProvider interface: this interface used to have
CM	595	a "metadata" method which returned a dictionary. This method is not
	596	part of that API anymore. It's been replaced with an "add_metadata"
	597	method which has the signature::
b5a331	598
CM	599	def add_metadata(environ, identity):
	600	"""
	601	Add metadata to the identity (which is a dictionary)
	602	"""
	603
	604	The return value is ignored. IMetadataProvider plugins are now
	605	assumed to be responsible for 'scribbling' directly on the identity
	606	that is passed in (it's a dictionary). The user id can always be
	607	retrieved from the identity via identity['repoze.who.userid'] for
	608	metadata plugins that rely on that value.
	609
7141c7	610
a400b0	611	0.6 (2008-03-20)
7141c7	612	----------------
e35c64	613
9238cd	614	- Renaming: repoze.pam is now repoze.who
cb5426	615
9238cd	616	- Bump ez_setup.py version.
e35c64	617
9238cd	618	- Add IMetadataProvider plugin type. Chris says 'Whit rules'.
fa9581	619
7141c7	620
3b67e9	621	0.5 (2008-03-09)
7141c7	622	----------------
db4cf5	623
9238cd	624	- Allow "remote user key" (default: REMOTE_USER) to be overridden
CM	625	(pass in remote_user_key to middleware constructor).
db4cf5	626
9238cd	627	- Allow form plugin to override the default form.
db4cf5	628
9238cd	629	- API change: IIdentifiers are no longer required to put both 'login'
CM	630	and 'password' in a returned identity dictionary. Instead, an
	631	IIdentifier can place arbitrary key/value pairs in the identity
	632	dictionary (or return an empty dictionary).
40a968	633
9238cd	634	- API return value change: the "failure" identity which IIdentifiers
CM	635	return is now None rather than an empty dictionary.
40a968	636
9238cd	637	- The IAuthenticator interface now specifies that IAuthenticators must
CM	638	not raise an exception when evaluating an identity that does not
	639	have "expected" key/value pairs (e.g. when an IAuthenticator that
	640	expects login and password inspects an identity returned by an
	641	IP-based auth system which only puts the IP address in the
	642	identity); instead they fail gracefully by returning None.
40a968	643
9238cd	644	- Add (cookie) "auth_tkt" identification plugin.
a5b033	645
9238cd	646	- Stamp identity dictionaries with a userid by placing a key named
CM	647	'repoze.pam.userid' into the identity for each authenticated
	648	identity.
a5b033	649
9238cd	650	- If an IIdentifier plugin inserts a 'repoze.pam.userid' key into the
CM	651	identity dictionary, consider this identity "preauthenticated". No
	652	authenticator plugins will be asked to authenticate this identity.
	653	This is designed for things like the recently added auth_tkt plugin,
	654	which embeds the user id into the ticket. This effectively alllows
	655	an IIdentifier plugin to become an IAuthenticator plugin when
	656	breaking apart the responsibility into two separate plugins is
	657	"make-work". Preauthenticated identities will be selected first
	658	when deciding which identity to use for any given request.
a5b033	659
9238cd	660	- Insert a 'repoze.pam.identity' key into the WSGI environment on
CM	661	ingress if an identity is found. Its value will be the identity
	662	dictionary related to the identity selected by repoze.pam on
	663	ingress. Downstream consumers are allowed to mutate this
	664	dictionary; this value is passed to "remember" and "forget", so its
	665	main use is to do a "credentials reset"; e.g. a user has changed his
	666	username or password within the application, but we don't want to
	667	force him to log in again after he does so.
a5b033	668
7141c7	669
247f34	670	0.4 (03-07-2008)
7141c7	671	----------------
247f34	672
9238cd	673	- Allow plugins to specify a classifiers list per interface (instead
CM	674	of a single classifiers list per plugin).
247f34	675
7141c7	676
fb510d	677	0.3 (03-05-2008)
7141c7	678	----------------
fb510d	679
9238cd	680	- Make SQLAuthenticatorPlugin's default_password_compare use hexdigest
CM	681	sha instead of base64'ed binary sha for simpler conversion.
fb510d	682
7141c7	683
196bc2	684	0.2 (03-04-2008)
7141c7	685	----------------
196bc2	686
9238cd	687	- Added SQLAuthenticatorPlugin (see plugins/sql.py).
196bc2	688
7141c7	689
318832	690	0.1 (02-27-2008)
7141c7	691	----------------
318832	692
9238cd	693	- Initial release (no configuration file support yet).