| | |
|---|
| | | repoze.who Changelog |
|---|
| | | ==================== |
|---|
| | | |
|---|
| | | 2.0 (2011-09-28) |
|---|
| | | ---------------- |
|---|
| | | |
|---|
| | | - ``auth_tkt`` plugin: strip any port number from the 'Domain' of generated |
|---|
| | | cookies. http://bugs.repoze.org/issue66 |
|---|
| | | |
|---|
| | | - Further harden middleware, calling ``close()`` on the iterable even if |
|---|
| | | raising an exception for a missing challenger. |
|---|
| | | http://bugs.repoze.org/issue174 |
|---|
| | | |
|---|
| | | |
|---|
| | | 2.0b1 (2011-05-24) |
|---|
| | | ------------------ |
|---|
| | | |
|---|
| | | - Enabled standard use of logging module's configuration mechanism. |
|---|
| | | See http://docs.python.org/dev/howto/logging.html#configuring-logging-for-a-library |
|---|
| | | Thanks to jgoldsmith for the patch: http://bugs.repoze.org/issue178 |
|---|
| | | |
|---|
| | | |
|---|
| | | - ``repoze.who.plugins.htpasswd``: defend against timing-based attacks. |
|---|
| | | |
|---|
| | | |
|---|
| | | 2.0a4 (2011-02-02) |
|---|
| | | ------------------ |
|---|
| | | |
|---|
| | | - Ensure that the middleware calls ``close()`` (if it exists) on the |
|---|
| | | iterable returned from thw wrapped application, as required by PEP 333. |
|---|
| | | http://bugs.repoze.org/issue174 |
|---|
| | | |
|---|
| | | - Make ``make_api_factory_with_config`` tolerant of invalid filenames / |
|---|
| | | content for the config file: in such cases, the API factory will have |
|---|
| | | *no* configured plugins or policies: it will only be useful for retrieving |
|---|
| | | the API from an environment populated by middleware. |
|---|
| | | |
|---|
| | | - Fix bug in ``repoze.who.api`` where the ``remember()`` or ``forget()`` |
|---|
| | | methods could return a None if the identifier plugin returned a None. |
|---|
| | | |
|---|
| | | - Fix ``auth_tkt`` plugin to not hand over tokens as strings to paste. See |
|---|
| | | http://lists.repoze.org/pipermail/repoze-dev/2010-November/003680.html |
|---|
| | | |
|---|
| | | - Fix ``auth_tkt`` plugin to add "secure" and "HttpOnly" to cookies when |
|---|
| | | configured with ``secure=True``: these attributes prevent the browser from |
|---|
| | | sending cookies over insecure channels, which could be vulnerable to some |
|---|
| | | XSS attacks. |
|---|
| | | |
|---|
| | | - Avoid propagating unicode 'max_age' value into cookie headers. See |
|---|
| | | https://bugs.launchpad.net/bugs/674123 . |
|---|
| | | |
|---|
| | | - Added a single-file example BFG application demonstrating the use of |
|---|
| | | the new 'login' and 'logout' methods of the API object. |
|---|
| | | |
|---|
| | | - Add ``login`` and ``logout`` methods to the ``repoze.who.api.API`` object, |
|---|
| | | as a convenience for application-driven login / logout code, which would |
|---|
| | | otherwise need to use private methods of the API, and reach down into |
|---|
| | | its plugins. |
|---|
| | | |
|---|
| | | |
|---|
| | | 2.0a3 (2010-09-30) |
|---|
| | | ------------------ |
|---|
| | | |
|---|
| | | - Deprecated the following plugins, moving their modules, tests, and docs |
|---|
| | | to a new project, ``repoze.who.deprecatedplugins``: |
|---|
| | | |
|---|
| | | - ``repoze.who.plugins.cookie.InsecureCookiePlugin`` |
|---|
| | | |
|---|
| | | - ``repoze.who.plugins.form.FormPlugin`` |
|---|
| | | |
|---|
| | | - ``repoze.who.plugins.form.RedirectingFormPlugin`` |
|---|
| | | |
|---|
| | | - Made the ``repoze.who.plugins.cookie.InsecureCookiePlugin`` take a |
|---|
| | | ``charset`` argument, and use to to encode / decode login and password. |
|---|
| | | See http://bugs.repoze.org/issue155 |
|---|
| | | |
|---|
| | | - Updated ``repoze.who.restrict`` to return headers as a list, to keep |
|---|
| | | ``wsgiref`` from complaining. |
|---|
| | | |
|---|
| | | - Helped default request classifier cope with xml submissions with an |
|---|
| | | explicit charset defined: http://bugs.repoze.org/issue145 (Lorenzo |
|---|
| | | M. Catucci) |
|---|
| | | |
|---|
| | | - Corrected the handling of type and subtype when matching an XML post |
|---|
| | | to ``xmlpost`` in the default classifier, which, according to RFC |
|---|
| | | 2045, must be matched case-insensitively: |
|---|
| | | http://bugs.repoze.org/issue145 (Lorenzo M. Catucci) |
|---|
| | | |
|---|
| | | - Added ``repoze.who.config:make_api_factory_with_config``, a convenience |
|---|
| | | method for applications which want to set up their own API Factory from |
|---|
| | | a configuration file. |
|---|
| | | |
|---|
| | | - Fixed example call to ``repoze.who.config:make_middleware_with_config`` |
|---|
| | | (added missing ``global_config`` argument). See |
|---|
| | | http://bugs.repoze.org/issue114 |
|---|
| | | |
|---|
| | | |
|---|
| | | 2.0a2 (2010-03-25) |
|---|
| | | ------------------ |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | - Adjusted logging level for some lower-level details from ``info`` |
|---|
| | | to ``debug``. |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | 2.0a1 (2010-02-24) |
|---|
| | |
|---|
| | | - ``verify`` |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | 1.0.18 (2009-11-05) |
|---|
| | | ------------------- |
|---|
| | | |
|---|
| | |
|---|
| | | ``Expires`` attributes of those cookies. |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | 1.0.17 (2009-11-05) |
|---|
| | | ------------------- |
|---|
| | | |
|---|
| | |
|---|
| | | file). |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | 1.0.16 (2009-11-04) |
|---|
| | | ------------------- |
|---|
| | | |
|---|
