| | |
| | | repoze.who Changelog |
| | | ==================== |
| | | |
| | | After 2.0a3 (unreleased) |
| | | ------------------------ |
| | | 2.0 (2011-09-28) |
| | | ---------------- |
| | | |
| | | - Fix bug in repoze.who.api where the remember() or forget() methods could |
| | | return a None if the identifier plugin returned a None. According to the |
| | | interfaces in repoze.who.interfaces the API methods cannot return None while |
| | | the plugin methods can. |
| | | - ``auth_tkt`` plugin: strip any port number from the 'Domain' of generated |
| | | cookies. http://bugs.repoze.org/issue66 |
| | | |
| | | - Fix auth_tkt plugin to not hand over tokens as strings to paste. See |
| | | - Further harden middleware, calling ``close()`` on the iterable even if |
| | | raising an exception for a missing challenger. |
| | | http://bugs.repoze.org/issue174 |
| | | |
| | | |
| | | 2.0b1 (2011-05-24) |
| | | ------------------ |
| | | |
| | | - Enabled standard use of logging module's configuration mechanism. |
| | | See http://docs.python.org/dev/howto/logging.html#configuring-logging-for-a-library |
| | | Thanks to jgoldsmith for the patch: http://bugs.repoze.org/issue178 |
| | | |
| | | |
| | | - ``repoze.who.plugins.htpasswd``: defend against timing-based attacks. |
| | | |
| | | |
| | | 2.0a4 (2011-02-02) |
| | | ------------------ |
| | | |
| | | - Ensure that the middleware calls ``close()`` (if it exists) on the |
| | | iterable returned from thw wrapped application, as required by PEP 333. |
| | | http://bugs.repoze.org/issue174 |
| | | |
| | | - Make ``make_api_factory_with_config`` tolerant of invalid filenames / |
| | | content for the config file: in such cases, the API factory will have |
| | | *no* configured plugins or policies: it will only be useful for retrieving |
| | | the API from an environment populated by middleware. |
| | | |
| | | - Fix bug in ``repoze.who.api`` where the ``remember()`` or ``forget()`` |
| | | methods could return a None if the identifier plugin returned a None. |
| | | |
| | | - Fix ``auth_tkt`` plugin to not hand over tokens as strings to paste. See |
| | | http://lists.repoze.org/pipermail/repoze-dev/2010-November/003680.html |
| | | |
| | | - Fix auth_tkt plugin to add "secure" and "HttpOnly" to cookies when it is |
| | | configured with secure=True. Before this was not added meaning that cookies |
| | | could be sent by the browser over insecure channels and were vulnerable to some |
| | | - Fix ``auth_tkt`` plugin to add "secure" and "HttpOnly" to cookies when |
| | | configured with ``secure=True``: these attributes prevent the browser from |
| | | sending cookies over insecure channels, which could be vulnerable to some |
| | | XSS attacks. |
| | | |
| | | - Avoid propagating unicode 'max_age' value into cookie headers. See |
| | |
| | | otherwise need to use private methods of the API, and reach down into |
| | | its plugins. |
| | | |
| | | 2.0a3 (2010-09030) |
| | | |
| | | 2.0a3 (2010-09-30) |
| | | ------------------ |
| | | |
| | | - Deprecated the following plugins, moving their modules, tests, and docs |
| | |
| | | |
| | | - ``repoze.who.plugins.cookie.InsecureCookiePlugin`` |
| | | |
| | | - ``repoze.who.plugins.form.FormPlugin |
| | | - ``repoze.who.plugins.form.FormPlugin`` |
| | | |
| | | - ``repoze.who.plugins.form.RedirectingFormPlugin |
| | | - ``repoze.who.plugins.form.RedirectingFormPlugin`` |
| | | |
| | | - Made the ``repoze.who.plugins.cookie.InsecureCookiePlugin`` take a |
| | | ``charset`` argument, and use to to encode / decode login and password. |
| | |
| | | (added missing ``global_config`` argument). See |
| | | http://bugs.repoze.org/issue114 |
| | | |
| | | |
| | | 2.0a2 (2010-03-25) |
| | | ------------------ |
| | | |
| | |
| | | |
| | | - Adjusted logging level for some lower-level details from ``info`` |
| | | to ``debug``. |
| | | |
| | | |
| | | |
| | | 2.0a1 (2010-02-24) |
| | |
| | | - ``verify`` |
| | | |
| | | |
| | | |
| | | 1.0.18 (2009-11-05) |
| | | ------------------- |
| | | |
| | |
| | | ``Expires`` attributes of those cookies. |
| | | |
| | | |
| | | |
| | | 1.0.17 (2009-11-05) |
| | | ------------------- |
| | | |
| | |
| | | file). |
| | | |
| | | |
| | | |
| | | 1.0.16 (2009-11-04) |
| | | ------------------- |
| | | |