| | |
| | | repoze.who changes |
| | | ================== |
| | | ``repoze.who`` Changelog |
| | | ======================== |
| | | |
| | | Next release |
| | | 1.0.19 (unreleased) |
| | | ------------------- |
| | | |
| | | - Allowed 'cookie_path' argument to InsecureCookiePlugin (and config |
| | | constructor). Thanks to Gustavo Narea. |
| | | - TBD |
| | | |
| | | 1.0.3 (2008/08/16) |
| | | 1.0.18 (2009-11-05) |
| | | ------------------- |
| | | |
| | | - A bug in the middleware's ``authenticate`` method made it |
| | | impossible to authenticate a user with a userid that was null |
| | | (e.g. 0, False), which are valid identifiers. The only invalid |
| | | userid is now None. |
| | | - Issue #104: AuthTkt plugin was passing an invalid cookie value in |
| | | headers from ``forget``, and was not setting the ``Max-Age`` and |
| | | ``Expires`` attributes of those cookies. |
| | | |
| | | - Applied patch from Olaf Conradi which logs an error when an invalid |
| | | filename is passed to the HTPasswdPlugin. |
| | | 1.0.17 (2009-11-05) |
| | | ------------------- |
| | | |
| | | 1.0.2 (2008/06/16) |
| | | - Fixed the ``repoze.who.plugins.form.make_plugin`` factory's ``formcallable`` |
| | | argument handling, to allow passing in a dotted name (e.g., from a config |
| | | file). |
| | | |
| | | - Fix bug found by Chris Perkins: the auth_tkt plugin's "remember" |
| | | method didn't handle userids which are Python "long" instances |
| | | properly. Symptom: TypeError: cannot concatenate 'str' and 'long' |
| | | objects in "paste.auth.auth_tkt". |
| | | 1.0.16 (2009-11-04) |
| | | ------------------- |
| | | |
| | | - Added predicate-based "restriction" middleware support |
| | | (repoze.who.restrict), allowing configuratio-driven authorization |
| | | as a WSGI filter. One example predicate, 'authenticated_predicate', |
| | | is supplied, which requires that the user be authenticated either via |
| | | 'REMOTE_USER' or via 'repoze.who.identity'. To use the filter to |
| | | restrict access:: |
| | | - Exposed ``formcallable`` argument for ``repoze.who.plugins.form.FormPlugin`` |
| | | to the callers of the ``repoze.who.plugins.form.make_plugin`` factory. |
| | | Thanks to Roland Hedburg for the report. |
| | | |
| | | - Fixed an issue that caused the following symptom when using the |
| | | ini configuration parser:: |
| | | |
| | | TypeError: _makePlugin() got multiple values for keyword argument 'name' |
| | | |
| | | See http://bugs.repoze.org/issue92 for more details. Thanks to vaab |
| | | for the bug report and initial fix. |
| | | |
| | | |
| | | 1.0.15 (2009-06-25) |
| | | ------------------- |
| | | |
| | | - If the form post value ``max_age`` exists while in the ``identify`` |
| | | method is handling the ``login_handler_path``, pass the max_age |
| | | value in the returned identity dictionary as ``max_age``. See the |
| | | below bullet point for why. |
| | | |
| | | - If the ``identity`` dict passed to the ``auth_tkt`` ``remember`` |
| | | method contains a ``max_age`` key with a string (or integer) value, |
| | | treat it as a cue to set the ``Max-Age`` and ``Expires`` headers in |
| | | the returned cookies. The cookie ``Max-Age`` is set to the value |
| | | and the ``Expires`` is computed from the current time. |
| | | |
| | | |
| | | 1.0.14 (2009-06-17) |
| | | ------------------- |
| | | |
| | | - Fix test breakage on Windows. See http://bugs.repoze.org/issue79 . |
| | | |
| | | - Documented issue with using ``include_ip`` setting in the ``auth_tkt`` |
| | | plugin. See http://bugs.repoze.org/issue81 . |
| | | |
| | | - Added 'passthrough_challenge_decider', which avoids re-challenging 401 |
| | | responses which have been "pre-challenged" by the application. |
| | | |
| | | - One-hundred percent unit test coverage. |
| | | |
| | | - Add ``timeout`` and ``reissue_time`` arguments to the auth_tkt |
| | | identifier plugin, courtesty of Paul Johnston. |
| | | |
| | | - Add a ``userid_checker`` argument to the auth_tkt identifier plugin, |
| | | courtesty of Gustavo Narea. |
| | | |
| | | If ``userid_checker`` is provided, it must be a dotted Python name |
| | | that resolves to a function which accepts a userid and returns a |
| | | boolean True or False, indicating whether that user exists in a |
| | | database. This is a workaround. Due to a design bug in repoze.who, |
| | | the only way who can check for user existence is to use one or more |
| | | IAuthenticator plugin ``authenticate`` methods. If an |
| | | IAuthenticator's ``authenticate`` method returns true, it means that |
| | | the user exists. However most IAuthenticator plugins expect *both* |
| | | a username and a password, and will return False unconditionally if |
| | | both aren't supplied. This means that an authenticator can't be |
| | | used to check if the user "only" exists. The identity provided by |
| | | an auth_tkt does not contain a password to check against. The |
| | | actual design bug in repoze.who is this: when a user presents |
| | | credentials from an auth_tkt, he is considered "preauthenticated". |
| | | IAuthenticator.authenticate is just never called for a |
| | | "preauthenticated" identity, which works fine, but it means that the |
| | | user will be considered authenticated even if you deleted the user's |
| | | record from whatever database you happen to be using. However, if |
| | | you use a userid_checker, you can ensure that a user exists for the |
| | | auth_tkt supplied userid. If the userid_checker returns False, the |
| | | auth_tkt credentials are considered "no good". |
| | | |
| | | |
| | | 1.0.13 (2009-04-24) |
| | | ------------------- |
| | | |
| | | - Added a paragraph to ``IAuthenticator`` docstring, documenting that plugins |
| | | are allowed to add keys to the ``identity`` dictionary (e.g., to save a |
| | | second database query in an ``IMetadataProvider`` plugin). |
| | | |
| | | - Patch supplied for issue #71 (http://bugs.repoze.org/issue71) |
| | | whereby a downstream app can return a generator, relying on an |
| | | upstream component to call start_response. We do this because the |
| | | challenge decider needs the status and headers to decide what to do. |
| | | |
| | | |
| | | 1.0.12 (2009-04-19) |
| | | ------------------- |
| | | - auth_tkt plugin tried to append REMOTE_USER_TOKENS data to |
| | | existing tokens data returned by auth_tkt.parse_tkt; this was |
| | | incorrect; just overwrite. |
| | | |
| | | - Extended auth_tkt plugin factory to allow passing secret in a separate |
| | | file from the main config file. See http://bugs.repoze.org/issue40 . |
| | | |
| | | |
| | | 1.0.11 (2009-04-10) |
| | | ------------------- |
| | | |
| | | - Fix auth_tkt plugin; cookie values are now quoted, making it possible |
| | | to put spaces and other whitespace, etc in usernames. (thanks to Michael |
| | | Pedersen). |
| | | |
| | | - Fix corner case issue of an exception raised when attempting to log |
| | | when there are no identifiers or authenticators. |
| | | |
| | | |
| | | 1.0.10 (2009-01-23) |
| | | ------------------- |
| | | |
| | | - The RedirectingFormPlugin now passes along SetCookie headers set |
| | | into the response by the application within the NotFound response |
| | | (fixes TG2 "flash" issue). |
| | | |
| | | |
| | | 1.0.9 (2008-12-18) |
| | | ------------------ |
| | | |
| | | - The RedirectingFormPlugin now attempts to find a header named |
| | | ``X-Authentication-Failure-Reason`` among the response headers set |
| | | by the application when a challenge is issued. If a value for this |
| | | header exists (and is non-blank), the value is attached to the |
| | | redirect URL's query string as the ``reason`` parameter (or a |
| | | user-settable key). This makes it possible for downstream |
| | | applications to issue a response that initiates a challenge with |
| | | this header and subsequently display the reason in the login form |
| | | rendered as a result of the challenge. |
| | | |
| | | |
| | | 1.0.8 (2008-12-13) |
| | | ------------------ |
| | | |
| | | - The ``PluggableAuthenticationMiddleware`` constructor accepts a |
| | | ``log_stream`` argument, which is typically a file. After this |
| | | release, it can also be a PEP 333 ``Logger`` instance; if it is a |
| | | PEP 333 ``Logger`` instance, this logger will be used as the |
| | | repoze.who logger (instead of one being constructed by the |
| | | middleware, as was previously always the case). When the |
| | | ``log_stream`` argument is a PEP 333 Logger object, the |
| | | ``log_level`` argument is ignored. |
| | | |
| | | |
| | | 1.0.7 (2008-08-28) |
| | | ------------------ |
| | | |
| | | - ``repoze.who`` and ``repoze.who.plugins`` were not added to the |
| | | ``namespace_packages`` list in setup.py, potentially making 1.0.6 a |
| | | brownbag release, given that making these packages namespace |
| | | packages was the only reason for its release. |
| | | |
| | | |
| | | 1.0.6 (2008-08-28) |
| | | ------------------ |
| | | |
| | | - Make repoze.who and repoze.who.plugins into namespace packages |
| | | mainly so we can allow plugin authors to distribute packages in the |
| | | repoze.who.plugins namespace. |
| | | |
| | | |
| | | 1.0.5 (2008-08-23) |
| | | ------------------ |
| | | |
| | | - Fix auth_tkt plugin to set the same cookies in its ``remember`` |
| | | method that it does in its ``forget`` method. Previously, logging |
| | | out and relogging back in to a site that used auth_tkt identifier |
| | | plugin was slightly dicey and would only work sometimes. |
| | | |
| | | - The FormPlugin plugin has grown a redirect-on-unauthorized feature. |
| | | Any response from a downstream application that causes a challenge |
| | | and includes a Location header will cause a redirect to the value of |
| | | the Location header. |
| | | |
| | | |
| | | 1.0.4 (2008-08-22) |
| | | ------------------ |
| | | |
| | | - Added a key to the '[general]' config section: ``remote_user_key``. |
| | | If you use this key in the config file, it tells who to 1) not |
| | | perform any authentication if it exists in the environment during |
| | | ingress and 2) to set the key in the environment for the downstream |
| | | app to use as the REMOTE_USER variable. The default is |
| | | ``REMOTE_USER``. |
| | | |
| | | - Using unicode user ids in combination with the auth_tkt plugin would |
| | | cause problems under mod_wsgi. |
| | | |
| | | - Allowed 'cookie_path' argument to InsecureCookiePlugin (and config |
| | | constructor). Thanks to Gustavo Narea. |
| | | |
| | | |
| | | 1.0.3 (2008-08-16) |
| | | ------------------ |
| | | |
| | | - A bug in the middleware's ``authenticate`` method made it impossible |
| | | to authenticate a user with a userid that was null (e.g. 0, False), |
| | | which are valid identifiers. The only invalid userid is now None. |
| | | |
| | | - Applied patch from Olaf Conradi which logs an error when an invalid |
| | | filename is passed to the HTPasswdPlugin. |
| | | |
| | | |
| | | 1.0.2 (2008-06-16) |
| | | ------------------ |
| | | |
| | | - Fix bug found by Chris Perkins: the auth_tkt plugin's "remember" |
| | | method didn't handle userids which are Python "long" instances |
| | | properly. Symptom: TypeError: cannot concatenate 'str' and 'long' |
| | | objects in "paste.auth.auth_tkt". |
| | | |
| | | - Added predicate-based "restriction" middleware support |
| | | (repoze.who.restrict), allowing configuratio-driven authorization as |
| | | a WSGI filter. One example predicate, 'authenticated_predicate', is |
| | | supplied, which requires that the user be authenticated either via |
| | | 'REMOTE_USER' or via 'repoze.who.identity'. To use the filter to |
| | | restrict access:: |
| | | |
| | | [filter:authenticated_only] |
| | | use = egg:repoze.who#authenticated |
| | |
| | | predicate = my.module:some_predicate |
| | | some_option = a value |
| | | |
| | | 1.0.1 |
| | | |
| | | - Remove dependency-link to dist.repoze.org to prevent easy_install |
| | | from inserting that path into its search paths (the dependencies |
| | | are available from PyPI). |
| | | 1.0.1 (2008-05-24) |
| | | ------------------ |
| | | |
| | | 1.0 |
| | | - Remove dependency-link to dist.repoze.org to prevent easy_install |
| | | from inserting that path into its search paths (the dependencies are |
| | | available from PyPI). |
| | | |
| | | - The plugin at plugins.form.FormPlugin didn't redirect properly |
| | | after collecting identification information. Symptom: a downstream |
| | | app would receive a POST request with a blank body, which would |
| | | sometimes result in a Bad Request error. |
| | | |
| | | - Fixed interface declarations of 'classifiers.default_request_classifier' |
| | | and 'classifiers.default_password_compare'. |
| | | 1.0 (2008-05-04) |
| | | ----------------- |
| | | |
| | | - Added actual config-driven middleware factory, |
| | | 'config.make_middleware_with_config' |
| | | - The plugin at plugins.form.FormPlugin didn't redirect properly after |
| | | collecting identification information. Symptom: a downstream app |
| | | would receive a POST request with a blank body, which would |
| | | sometimes result in a Bad Request error. |
| | | |
| | | - Removed fossilized 'who_conf' argument from plugin factory functions. |
| | | - Fixed interface declarations of |
| | | 'classifiers.default_request_classifier' and |
| | | 'classifiers.default_password_compare'. |
| | | |
| | | - Added ConfigParser-based WhoConfig, implementing the spec outlined at |
| | | http://www.plope.com/static/misc/sphinxtest/intro.html#middleware-configuration-via-config-file, with the following changes: |
| | | - Added actual config-driven middleware factory, |
| | | 'config.make_middleware_with_config' |
| | | |
| | | o "Bare" plugins (requiring no configuration options) may be specified |
| | | - Removed fossilized 'who_conf' argument from plugin factory functions. |
| | | |
| | | - Added ConfigParser-based WhoConfig, implementing the spec outlined at |
| | | http://www.plope.com/static/misc/sphinxtest/intro.html#middleware-configuration-via-config-file, |
| | | with the following changes: |
| | | |
| | | - "Bare" plugins (requiring no configuration options) may be specified |
| | | as either egg entry points (e.g., 'egg:distname#entry_point_name') or |
| | | as dotted-path-with-colon (e.g., 'dotted.name:object_id'). |
| | | |
| | | o Therefore, the separator between a plugin and its classifier is |
| | | now a semicolon, rather than a colon. E.g.: |
| | | - Therefore, the separator between a plugin and its classifier is now |
| | | a semicolon, rather than a colon. E.g.:: |
| | | |
| | | [plugins:id_plugin] |
| | | use = egg:another.package#identify_with_frobnatz |
| | |
| | | dotted.name:identifier |
| | | id_plugin |
| | | |
| | | 0.9.1 (2008-04-27) |
| | | |
| | | - Fix auth_tkt plugin to be able to encode and decode integer user |
| | | ids. |
| | | 0.9.1 (2008-04-27) |
| | | ------------------ |
| | | |
| | | - Fix auth_tkt plugin to be able to encode and decode integer user |
| | | ids. |
| | | |
| | | |
| | | 0.9 (2008-04-01) |
| | | ---------------- |
| | | |
| | | - Fix bug introduced in FormPlugin in 0.8 release (rememberer headers not |
| | | set). |
| | | - Fix bug introduced in FormPlugin in 0.8 release (rememberer headers |
| | | not set). |
| | | |
| | | - Add PATH_INFO to started and ended log info. |
| | | - Add PATH_INFO to started and ended log info. |
| | | |
| | | - Add a SQLMetadataProviderPlugin (in plugins/sql). |
| | | - Add a SQLMetadataProviderPlugin (in plugins/sql). |
| | | |
| | | - Change constructor of SQLAuthenticatorPlugin: it now accepts only |
| | | "query", "conn_factory", and "compare_fn". The old constructor |
| | | accepted a DSN, but some database systems don't use DBAPI DSNs. |
| | | The new constructor accepts no DSN; the conn_factory is assumed to |
| | | do all the work to make a connection, including knowing the DSN if |
| | | one is required. The "conn_factory" should return something that, |
| | | when called with no arguments, returns a database connection. |
| | | - Change constructor of SQLAuthenticatorPlugin: it now accepts only |
| | | "query", "conn_factory", and "compare_fn". The old constructor |
| | | accepted a DSN, but some database systems don't use DBAPI DSNs. The |
| | | new constructor accepts no DSN; the conn_factory is assumed to do |
| | | all the work to make a connection, including knowing the DSN if one |
| | | is required. The "conn_factory" should return something that, when |
| | | called with no arguments, returns a database connection. |
| | | |
| | | - The "make_plugin" helper in plugins/sql has been renamed |
| | | "make_authenticator_plugin". When called, this helper will return |
| | | a SQLAuthenticatorPlugin. A bit of helper logic in the |
| | | "make_authenticator_plugin" allows a connection factory to be |
| | | computed. The top-level callable referred to by conn_factory in |
| | | this helper should return a function that, when called with no |
| | | arguments, returns a datbase connection. The top-level callable |
| | | itself is called with "who_conf" (global who configuration) and any |
| | | number of non-top-level keyword arguments as they are passed into |
| | | the helper, to allow for a DSN or URL or whatever to be passed in. |
| | | - The "make_plugin" helper in plugins/sql has been renamed |
| | | "make_authenticator_plugin". When called, this helper will return a |
| | | SQLAuthenticatorPlugin. A bit of helper logic in the |
| | | "make_authenticator_plugin" allows a connection factory to be |
| | | computed. The top-level callable referred to by conn_factory in |
| | | this helper should return a function that, when called with no |
| | | arguments, returns a datbase connection. The top-level callable |
| | | itself is called with "who_conf" (global who configuration) and any |
| | | number of non-top-level keyword arguments as they are passed into |
| | | the helper, to allow for a DSN or URL or whatever to be passed in. |
| | | |
| | | - A "make_metatata_plugin" helper has been added to plugins/sql. When |
| | | called, this will make a SQLMetadataProviderPlugin. See the |
| | | implementation for details. It is similar to the |
| | | "make_authenticator_plugin" helper. |
| | | - A "make_metatata_plugin" helper has been added to plugins/sql. When |
| | | called, this will make a SQLMetadataProviderPlugin. See the |
| | | implementation for details. It is similar to the |
| | | "make_authenticator_plugin" helper. |
| | | |
| | | |
| | | 0.8 (2008-03-27) |
| | | ---------------- |
| | | |
| | | - Add a RedirectingFormIdentifier plugin. This plugin is willing to |
| | | redirect to an external (or downstream application) login form to |
| | | perform identification. The external login form must post to the |
| | | "login_handler_path" of the plugin (optimally with a "came_from" |
| | | value to tell the plugin where to redirect the response to if the |
| | | authentication works properly). The "logout_handler_path" of this |
| | | plugin can be visited to perform a logout. The "came_from" value |
| | | also works there. |
| | | - Add a RedirectingFormIdentifier plugin. This plugin is willing to |
| | | redirect to an external (or downstream application) login form to |
| | | perform identification. The external login form must post to the |
| | | "login_handler_path" of the plugin (optimally with a "came_from" |
| | | value to tell the plugin where to redirect the response to if the |
| | | authentication works properly). The "logout_handler_path" of this |
| | | plugin can be visited to perform a logout. The "came_from" value |
| | | also works there. |
| | | |
| | | - Identifier plugins are now permitted to set a key in the |
| | | environment named 'repoze.who.application' on ingress (in |
| | | 'identify'). If an identifier plugin does so, this application is |
| | | used instead of the "normal" downstream application. This feature |
| | | was added to more simply support the redirecting form identifier |
| | | plugin. |
| | | - Identifier plugins are now permitted to set a key in the environment |
| | | named 'repoze.who.application' on ingress (in 'identify'). If an |
| | | identifier plugin does so, this application is used instead of the |
| | | "normal" downstream application. This feature was added to more |
| | | simply support the redirecting form identifier plugin. |
| | | |
| | | |
| | | 0.7 (2008-03-26) |
| | | ---------------- |
| | | |
| | | - Change the IMetadataProvider interface: this interface used to have |
| | | a "metadata" method which returned a dictionary. This method is |
| | | not part of that API anymore. It's been replaced with an |
| | | "add_metadata" method which has the signature: |
| | | - Change the IMetadataProvider interface: this interface used to have |
| | | a "metadata" method which returned a dictionary. This method is not |
| | | part of that API anymore. It's been replaced with an "add_metadata" |
| | | method which has the signature:: |
| | | |
| | | def add_metadata(environ, identity): |
| | | """ |
| | |
| | | retrieved from the identity via identity['repoze.who.userid'] for |
| | | metadata plugins that rely on that value. |
| | | |
| | | |
| | | 0.6 (2008-03-20) |
| | | ---------------- |
| | | |
| | | - Renaming: repoze.pam is now repoze.who |
| | | - Renaming: repoze.pam is now repoze.who |
| | | |
| | | - Bump ez_setup.py version. |
| | | - Bump ez_setup.py version. |
| | | |
| | | - Add IMetadataProvider plugin type. Chris says 'Whit rules'. |
| | | - Add IMetadataProvider plugin type. Chris says 'Whit rules'. |
| | | |
| | | |
| | | 0.5 (2008-03-09) |
| | | ---------------- |
| | | |
| | | - Allow "remote user key" (default: REMOTE_USER) to be overridden |
| | | (pass in remote_user_key to middleware constructor). |
| | | - Allow "remote user key" (default: REMOTE_USER) to be overridden |
| | | (pass in remote_user_key to middleware constructor). |
| | | |
| | | - Allow form plugin to override the default form. |
| | | - Allow form plugin to override the default form. |
| | | |
| | | - API change: IIdentifiers are no longer required to put both 'login' |
| | | and 'password' in a returned identity dictionary. Instead, an |
| | | IIdentifier can place arbitrary key/value pairs in the identity |
| | | dictionary (or return an empty dictionary). |
| | | - API change: IIdentifiers are no longer required to put both 'login' |
| | | and 'password' in a returned identity dictionary. Instead, an |
| | | IIdentifier can place arbitrary key/value pairs in the identity |
| | | dictionary (or return an empty dictionary). |
| | | |
| | | - API return value change: the "failure" identity which IIdentifiers |
| | | return is now None rather than an empty dictionary. |
| | | - API return value change: the "failure" identity which IIdentifiers |
| | | return is now None rather than an empty dictionary. |
| | | |
| | | - The IAuthenticator interface now specifies that IAuthenticators |
| | | must not raise an exception when evaluating an identity that does |
| | | not have "expected" key/value pairs (e.g. when an IAuthenticator |
| | | that expects login and password inspects an identity returned by an |
| | | IP-based auth system which only puts the IP address in the |
| | | identity); instead they fail gracefully by returning None. |
| | | - The IAuthenticator interface now specifies that IAuthenticators must |
| | | not raise an exception when evaluating an identity that does not |
| | | have "expected" key/value pairs (e.g. when an IAuthenticator that |
| | | expects login and password inspects an identity returned by an |
| | | IP-based auth system which only puts the IP address in the |
| | | identity); instead they fail gracefully by returning None. |
| | | |
| | | - Add (cookie) "auth_tkt" identification plugin. |
| | | - Add (cookie) "auth_tkt" identification plugin. |
| | | |
| | | - Stamp identity dictionaries with a userid by placing a key named |
| | | 'repoze.pam.userid' into the identity for each authenticated |
| | | identity. |
| | | - Stamp identity dictionaries with a userid by placing a key named |
| | | 'repoze.pam.userid' into the identity for each authenticated |
| | | identity. |
| | | |
| | | - If an IIdentifier plugin inserts a 'repoze.pam.userid' key into the |
| | | identity dictionary, consider this identity "preauthenticated". No |
| | | authenticator plugins will be asked to authenticate this identity. |
| | | This is designed for things like the recently added auth_tkt |
| | | plugin, which embeds the user id into the ticket. This effectively |
| | | alllows an IIdentifier plugin to become an IAuthenticator plugin |
| | | when breaking apart the responsibility into two separate plugins is |
| | | "make-work". Preauthenticated identities will be selected first |
| | | when deciding which identity to use for any given request. |
| | | - If an IIdentifier plugin inserts a 'repoze.pam.userid' key into the |
| | | identity dictionary, consider this identity "preauthenticated". No |
| | | authenticator plugins will be asked to authenticate this identity. |
| | | This is designed for things like the recently added auth_tkt plugin, |
| | | which embeds the user id into the ticket. This effectively alllows |
| | | an IIdentifier plugin to become an IAuthenticator plugin when |
| | | breaking apart the responsibility into two separate plugins is |
| | | "make-work". Preauthenticated identities will be selected first |
| | | when deciding which identity to use for any given request. |
| | | |
| | | - Insert a 'repoze.pam.identity' key into the WSGI environment on |
| | | ingress if an identity is found. Its value will be the identity |
| | | dictionary related to the identity selected by repoze.pam on |
| | | ingress. Downstream consumers are allowed to mutate this |
| | | dictionary; this value is passed to "remember" and "forget", so its |
| | | main use is to do a "credentials reset"; e.g. a user has changed |
| | | his username or password within the application, but we don't want |
| | | to force him to log in again after he does so. |
| | | - Insert a 'repoze.pam.identity' key into the WSGI environment on |
| | | ingress if an identity is found. Its value will be the identity |
| | | dictionary related to the identity selected by repoze.pam on |
| | | ingress. Downstream consumers are allowed to mutate this |
| | | dictionary; this value is passed to "remember" and "forget", so its |
| | | main use is to do a "credentials reset"; e.g. a user has changed his |
| | | username or password within the application, but we don't want to |
| | | force him to log in again after he does so. |
| | | |
| | | |
| | | 0.4 (03-07-2008) |
| | | ---------------- |
| | | |
| | | - Allow plugins to specify a classifiers list per interface (instead |
| | | of a single classifiers list per plugin). |
| | | - Allow plugins to specify a classifiers list per interface (instead |
| | | of a single classifiers list per plugin). |
| | | |
| | | |
| | | 0.3 (03-05-2008) |
| | | ---------------- |
| | | |
| | | - Make SQLAuthenticatorPlugin's default_password_compare use |
| | | hexdigest sha instead of base64'ed binary sha for simpler |
| | | conversion. |
| | | - Make SQLAuthenticatorPlugin's default_password_compare use hexdigest |
| | | sha instead of base64'ed binary sha for simpler conversion. |
| | | |
| | | |
| | | 0.2 (03-04-2008) |
| | | ---------------- |
| | | |
| | | - Added SQLAuthenticatorPlugin (see plugins/sql.py). |
| | | - Added SQLAuthenticatorPlugin (see plugins/sql.py). |
| | | |
| | | |
| | | 0.1 (02-27-2008) |
| | | ---------------- |
| | | |
| | | Initial release (no configuration file support yet). |
| | | |
| | | - Initial release (no configuration file support yet). |