| | |
| | | repoze.who Changelog |
| | | ==================== |
| | | |
| | | After 2.0a1 |
| | | ----------- |
| | | |
| | | 2.1 (2013-03-20) |
| | | ---------------- |
| | | |
| | | - ``_compat`` module: tolerate missing ``CONTENT_TYPE`` key in the WSGI |
| | | environment. Thanks to Dag Hoidal for the patch. |
| | | |
| | | - ``htpasswd`` plugin: add a ``sha1_check`` checker function (the ``crypt`` |
| | | module is not available on Windows). Thanks to Chandrashekar Jayaraman |
| | | for the patch. |
| | | |
| | | - Documentation typo fixes from Carlos de la Guardia and Atsushi Odagiri. |
| | | |
| | | |
| | | 2.1b1 (2012-11-05) |
| | | ------------------ |
| | | |
| | | - Ported to Py3k using the "compatible subset" mode. |
| | | - Dropped support for Python < 2.6.x. |
| | | - Dropped dependency on Paste (forking some code from it). |
| | | - Added dependency on WebOb instead. |
| | | Thanks to Atsushi Odagiri (aodag) for the initial effort. |
| | | |
| | | |
| | | 2.0 (2011-09-28) |
| | | ---------------- |
| | | |
| | | - ``auth_tkt`` plugin: strip any port number from the 'Domain' of generated |
| | | cookies. http://bugs.repoze.org/issue66 |
| | | |
| | | - Further harden middleware, calling ``close()`` on the iterable even if |
| | | raising an exception for a missing challenger. |
| | | http://bugs.repoze.org/issue174 |
| | | |
| | | |
| | | 2.0b1 (2011-05-24) |
| | | ------------------ |
| | | |
| | | - Enabled standard use of logging module's configuration mechanism. |
| | | See http://docs.python.org/dev/howto/logging.html#configuring-logging-for-a-library |
| | | Thanks to jgoldsmith for the patch: http://bugs.repoze.org/issue178 |
| | | |
| | | |
| | | - ``repoze.who.plugins.htpasswd``: defend against timing-based attacks. |
| | | |
| | | |
| | | 2.0a4 (2011-02-02) |
| | | ------------------ |
| | | |
| | | - Ensure that the middleware calls ``close()`` (if it exists) on the |
| | | iterable returned from thw wrapped application, as required by PEP 333. |
| | | http://bugs.repoze.org/issue174 |
| | | |
| | | - Make ``make_api_factory_with_config`` tolerant of invalid filenames / |
| | | content for the config file: in such cases, the API factory will have |
| | | *no* configured plugins or policies: it will only be useful for retrieving |
| | | the API from an environment populated by middleware. |
| | | |
| | | - Fix bug in ``repoze.who.api`` where the ``remember()`` or ``forget()`` |
| | | methods could return a None if the identifier plugin returned a None. |
| | | |
| | | - Fix ``auth_tkt`` plugin to not hand over tokens as strings to paste. See |
| | | http://lists.repoze.org/pipermail/repoze-dev/2010-November/003680.html |
| | | |
| | | - Fix ``auth_tkt`` plugin to add "secure" and "HttpOnly" to cookies when |
| | | configured with ``secure=True``: these attributes prevent the browser from |
| | | sending cookies over insecure channels, which could be vulnerable to some |
| | | XSS attacks. |
| | | |
| | | - Avoid propagating unicode 'max_age' value into cookie headers. See |
| | | https://bugs.launchpad.net/bugs/674123 . |
| | | |
| | | - Added a single-file example BFG application demonstrating the use of |
| | | the new 'login' and 'logout' methods of the API object. |
| | | |
| | | - Add ``login`` and ``logout`` methods to the ``repoze.who.api.API`` object, |
| | | as a convenience for application-driven login / logout code, which would |
| | | otherwise need to use private methods of the API, and reach down into |
| | | its plugins. |
| | | |
| | | |
| | | 2.0a3 (2010-09-30) |
| | | ------------------ |
| | | |
| | | - Deprecated the following plugins, moving their modules, tests, and docs |
| | | to a new project, ``repoze.who.deprecatedplugins``: |
| | | |
| | | - ``repoze.who.plugins.cookie.InsecureCookiePlugin`` |
| | | |
| | | - ``repoze.who.plugins.form.FormPlugin`` |
| | | |
| | | - ``repoze.who.plugins.form.RedirectingFormPlugin`` |
| | | |
| | | - Made the ``repoze.who.plugins.cookie.InsecureCookiePlugin`` take a |
| | | ``charset`` argument, and use to to encode / decode login and password. |
| | | See http://bugs.repoze.org/issue155 |
| | | |
| | | - Updated ``repoze.who.restrict`` to return headers as a list, to keep |
| | | ``wsgiref`` from complaining. |
| | | |
| | | - Helped default request classifier cope with xml submissions with an |
| | | explicit charset defined: http://bugs.repoze.org/issue145 (Lorenzo |
| | | M. Catucci) |
| | | |
| | | - Corrected the handling of type and subtype when matching an XML post |
| | | to ``xmlpost`` in the default classifier, which, according to RFC |
| | | 2045, must be matched case-insensitively: |
| | | http://bugs.repoze.org/issue145 (Lorenzo M. Catucci) |
| | | |
| | | - Added ``repoze.who.config:make_api_factory_with_config``, a convenience |
| | | method for applications which want to set up their own API Factory from |
| | | a configuration file. |
| | | |
| | | - Fixed example call to ``repoze.who.config:make_middleware_with_config`` |
| | | (added missing ``global_config`` argument). See |
| | | http://bugs.repoze.org/issue114 |
| | | |
| | | |
| | | 2.0a2 (2010-03-25) |
| | | ------------------ |
| | | |
| | | Bugs Fixed |
| | | ~~~~~~~~~~ |
| | |
| | | |
| | | - Adjusted logging level for some lower-level details from ``info`` |
| | | to ``debug``. |
| | | |
| | | |
| | | |
| | | 2.0a1 (2010-02-24) |
| | |
| | | - ``verify`` |
| | | |
| | | |
| | | |
| | | 1.0.18 (2009-11-05) |
| | | ------------------- |
| | | |
| | |
| | | ``Expires`` attributes of those cookies. |
| | | |
| | | |
| | | |
| | | 1.0.17 (2009-11-05) |
| | | ------------------- |
| | | |
| | |
| | | file). |
| | | |
| | | |
| | | |
| | | 1.0.16 (2009-11-04) |
| | | ------------------- |
| | | |