You are not logged in Log in Join
You are here: Home » Members » vladap » MySQL user folder » CHANGELOG

Log in
Name

Password

 

CHANGELOG

** Version 1.0.4

  • change in the MySQLdb API: insert_id () replaced with lastrowid. - Cookie support for GRUF with Plone. - In m_USerInfo.dtml, url_quote is added for usernames in link hrefs.

** Version 1.0.3

  • "import" fix in db.py. On some installations this produced import error.

** Version 1.0.2

  • Fix in _doDelUsers () used by GRUF (Thanks to Kai)

** Version 1.0.1

  • __check_connection () was missing in authenticate (). (Thanks to Matthias Kleinschmidt).
  • v_userdb.change_user_roles () now filters out system roles, so it doesn't write them into the database - there was a problem with Plone calling _doChangeUser (). (Thanks to Matthias Kleinschmidt).

** Version 1.0.0

  • Don't connect () on __setstate__ (), but on the first request. This fixes some performase issues when there are lot of thread creations.

** Version 0.9.2

  • There is a new cfg option AUTO_CREATE_ROLES. It will create all roles from user.change_user_roles () that don't exist.

** Version 0.9.2-pre2

  • fixed typo in manage_create_users ()
  • authenticate () works if GRUF passes None as username or password.

** Version 0.9.2-pre1

  • renamed authenticate () to authenticate_main (), and same for authorize () to avoid confusion with corresponding functions of the basic user folder. Implemented authenticate () interface function.
  • _getPassword () implemented for the user object, this is needed for GRUF.
  • don't raise an error if adding roles to the parent folder fails in mysqlUserFolder creation and role creation.
  • _doAdd/Delete/Change functions are implemented.
  • Now it is possible to create/change user without any roles - manage_users_create () and manage_users_change_roles () are fixed (thanks to Alex).
  • It is also possible to leave anon_create_role empty, so new users created with user_create are without roles (thanks to Reale Fabrizio).
  • If MySQLDB returns SERVER_GONE or SERVER_LOST, __do_query () will automaticaly reconnect and reexecute the query without raising an error.
  • pwe_md5_crypt () looks a bit nicer now. (thanks to Lance Pillay).
  • getClinetAddress () method of Zope 2.7 is now supported. Variable REQUEST_RADDR_FIELD is ignored on Zope >= 2.7.
  • validate_domain_spec () changed to work properly with Zope 2.7, REQUEST_RHOST_FIELD removed from cfg.py. Domain spec validation is now done by zope function. This means that REQUEST_RADDR_FIELD is always ignored for this purpose.
  • implemented hasUsers () method.

** Version 0.9.1

  • docLogin method now receives parameter exception_raised if it is raised as an exception. This is needed because in this case, method is displayed inside standard_error_message method (so HTML headers should not be included).
  • If exception is raised during query, connection is marked (new DB API function is added: has_errors ()). Main code checks this flag, and reconnects in case of errors.
  • MD5 digest support (thanks to Filippo Natali). Password field in the database now has to have length 32.
  • Ignore error if crypt is not avaiable (it is UNIX specific).
  • manage_contents is renamed to manage_main. Add/Delete/Copy/... buttons expect this name.
  • Code will now work even if domains specification is None (although it shouldn't be - field is NOT NULL).

** Version 0.9.0

  • Domain specification for users now works.
  • user_* functions are now protected by permissions. There is "Advanced" management tab where it is possible to easily setup proxy roles for "ACT" methods.
  • System now supports crypt () passwords. Also, there is a special INVALID_PASSWORD_TYPE which denies authentication.
  • It is now possible not to put expires attribute for cookies so they will not be stored when browser exits.
  • Some cfg parameters are now stored in the folder object: life, timeout and persistence for session and user cookies, logging configuration.
  • Management screen improvements: management screens rearranged; fixed warning "manage_main != manage_contents"; after UserEdit submit user is return to the user edit screen.
  • Property dtml_user_dir is now visible only during creation, since it is not used after.
  • __connect () errors are silently dropped in __setstate__ (). Interface functions will __connect () if there is a need. Errors are handled gracefully where possible in manage functions. New interface functions is_connected () is created.
  • validate () will work without DB connection if VALIDATE_ALWAYS_SUPER is set. Some management screens will work without DB connection - now it is possible to change DB parameters when there is no connection.
  • getUserNames () now can filter results based on optional role.
  • Fixed missing "return" when VALIDATE_ONLY_ANONYMOUS is set.
  • DTMLFile is used instead of HTMLFile for management screens. Management DTML methods now use Zope's manage_page_header/footer.
  • manage_addMySQLRoles now calls _addRoles ().
  • Module random is used now instead of whrandom

** Version 0.6.4

  • Function get_path_from_request () now users REQUEST ['URL'] to construct request url. (thanks to Stephen Snyder).
  • If tokens have invalid value, they are deleted from the cache. Previously, it was done only for expired tokens.
  • Debug logging improvements.

** Version 0.6.3

  • mysqlUserFolder is now forcing basic authentication on certain ports even if cookies are used (so FTP can be used).
  • authorize () calls BasicUserFolder.authorize () now.
  • URL Query string is also passed in login_goto if exception is raised during processing. This means that user will go to the target page including parameters after login.
  • Management screen supports changing roles (thanks to Remi Houdaille).
  • Multiple roles support when creating users (thanks to Remi Houdaille).
  • Other small improvements in management screens.
  • db.py: Tables are unlocked when exception is raised.
  • Size of the username and email fields is increased to 60 in sql creation script. Management dtml methods support now getting field sizes from cfg.py
  • New parameter mysql unix socket added.
  • CACHE_USER_LIFE decreased to 60 in cfg.py

** Version 0.6.2

  • If roles argument passed in validate is None, assume Anonymous.
  • Users now have role "AUTHENTICATED".
  • Two levels of debug messages.

** Version 0.6.1

  • Cookie path and domain are now configurable.
  • Security options VALIDATE_IGNORE_ROLES and VALIDATE_ONLY_ANONYMOUS.
  • QUERY_STRING is also logged.
  • Changed [] -> () in "unlock tables" call. No more problems with MySQLdb 0.9.0 (thanks to Albert Ting ).
  • Cleared references to manage_cache. Also deleted reconnect option from management screen.
  • Deleting users from the management screen works again.

** Version 0.6.0

  • User, session and token caching.
  • Fixed cookie expiration time string when locale is used. Private function is used instead of strftime ().
  • Tokens database now has field Realm. This prevents using a same session for different realms.
  • Added minimal expiry time for cookies.
  • UserDb.refresh_user () now returns status.

** Version 0.5.3

  • mysqlUserFolder now works with MySQLdb 0.3.2 (int -> long change). Also there should be no more problems with non English characters. mysqlUserFolder now uses MySQLdb query parameters.
  • User dtmls now set no-cache headers.
  • Logging table is changed: remote address in now logged. Also, failed cookie logging attempts are logged. This isn't final logging system, there will be more changes.
  • user_login (): login_goto_path is passed to docLogin in case of failed login.

** Version 0.5.3d1

  • Cookie names can use realm, so users can be authenticated by multiple folders using different realms.

** Version 0.5.2

  • Session logging. Also, new table Log. This is still experimental, meta_type and size doesn't work for some objects. Table is going to be changed in future releases.
  • SECURITY: Fix for db.del_user (), user sessions and tokens are now deleted, when user is deleted. Please see MySQL database section in README.
  • Fix for INSTANCE_HOME installations.
  • Fixed error in __get_session_user (): Changing realm can lead to an error if there are old sessions.
  • Typing error in __setup_session () fixed.
  • Management interface improvements, thanks to Andre Schubert
  • Documentation updates.

** Version 0.5.1

  • Compliance of User and Session classes with Zope security system (Zope 2.2).
  • Changes in the TokenDb API: General (not just cookie) token support.
  • getUser () was not returning completely initialized user object.
  • Cookies: expire them before setting.
  • Session authentication method now checks realm.
  • SECURITY: Bugs fixed in session handling code: there was possibility that user was authenticated with UF using different realm.
  • Typing error in use_login (): Session was not terminated when authenticated user logs as another user.
  • validate (): Now, Anonymous is not authenticated when http auth is used. In this case, Zope's root user folder should do the authentication.
  • getUser () now returns user object that is not wrapped. Don't know why zope wants it in this way, but otherwise there are problems.
  • User's miscdata were not deleted when user was deleted.
  • Session and user timeouts are changed.
  • DTML properties screen was not showing correct database name.

** Version 0.5.0

  • Complete redesign: session support, Zope 2.2, editable user dtmls.
  • Authentication process is changed.
  • MySQL tables are changed (tables Users and Roles are not changed).
  • MiscData get function now returns default values for keys that don't exist.