|
CHANGES.txt
PluggableAuthService changelog
PluggableAuthService 1.2-beta (2006/02/25)
New Features
- Added suppport for exporting / importing a PAS and its content via
the GenericSetup file export framework.
- Made ZODBRoleManager plugin check grants to the principal's groups,
as well as those made to the principal directly.
- Added two new interfaces, IChallengeProtocolChooser and
IRequestTypeSniffer. Those are used to select the
authorization
protocol or challenger protocol to be used for challenging
according to the incoming request type.
Bugs Fixed
- Repaired warings appearing in Zope 2.8.5 due to a couple typos
in security declarations.
- Repaired DeprecationWarnings due to use of Zope2 interface verification.
- Repaired unit test breakage (unittest.TestCase instances have
failUnless /failIf , rather than assertTrue /assertFalse ).
- Fixed a couple more places where Zope 2-style ``__implements__``
were being used to standardize on using ``classImplements``.
- Fixed fallback implementations of ``providedBy`` and
``implementedBy`` to always return a tuple.
- Make sure challenge doesn't break if existing instances of the
PluginRegistry don't yet have ``IChallengeProtocolChooser`` as a
registered interface. (Would be nice to have some sort of
migration for the PluginRegistry between PAS releases)
- Don't assume that just because zope.interface can be imported
that Five is present.
PluggableAuthService 1.1b2 (2005/07/14)
Bugs Fixed
- Repaired a missing
nocall: in the Interfaces activation form.
PluggableAuthService 1.1b1 (2005/07/06)
New Features
- PAS-level id mangling is no more. All (optional) mangling is now
done on a per-plugin basis.
- Interfaces used by PAS are now usable in both Zope 2.7 and 2.8
(Five compatible)
PluggableAuthService 1.0.5 (2005/01/31)
Bugs Fixed
- Simplified detection of the product directory using
package_home .
- Set a default value for the
login attribute of a PAS, to avoid
UnboundLocalError.
PluggableAuthService 1.0.4 (2005/01/27)
Features Added
- Made
Extensions a package, to allow importing its scripts
as modules.
- Declared new
IPluggableAuthService interface, describing additional
PAS-specific API.
- Exposed PAS'
resetCredentials and updateCredentials as public
methods.
- Monkey-patch ZMI's logout to invoke PAS'
resetCredentials , if
present.
- CookieAuth plugin now encodes and decodes cookies in the same
format as CookieCrumbler to provide compatibility between
sites running PAS and CC.
- Add a publicly callable "logout" method on the PluggableAuthService
instance that will call resetCredentials on all activated
ICredentialsRest plugins, thus effecting a logout.
- Enabled the usage of the CookieAuthHelper login screen functionality
without actually using the CookieAuthHelper to maintain the
credentials store in its own auth cookie by ensuring that only
active updateCredentials plugins are informed about a successful
login so they can store the credentials.
- Added a _getPAS method to the BasePlugin base class to be used
as the canonical way of getting at the PAS instance from within
plugins.
- Group and user plugins can now specify their own title for a
principal entry (PAS will not compute one if they do).
- PAS and/or plugins can now take advantage of caching using the
Zope ZCacheable framework with RAM Cache Managers. See
doc/caching.stx for the details.
Bugs Fixed
- Make
getUserById pass the login to _findUser , so that
the returned user object can answer getUserName sanely.
- Harden
logout against missing HTTP_REFERRER.
- Avoid triggering "Emergency user cannot own" when adding a
CookieAuthHelper plugin as that user.
- Detect and prevent recursive redirecting in the CookieAuthHelper
if the login_form cannot be reached by the Anonymous User.
- Made logging when swallowing exceptions much less noisy (they
don't necessarily require attention).
- Clarified interface of IAuthenticationPlugin, which should return
None rather than raising an exception if asked to authenticate an
unknown principal; adjusted ZODBUserManager accordingly.
- Don't log an error in zodb_user_plugin's authenticateCredentials
if we don't have a record for a particular username, just return None.
- If an IAuthenticationPlugin returns None instead of a tuple
from authenticateCredentials, don't log a tuple-unpack error in PAS
itself.
PluggableAuthService 1.0.3 (2004/10/16)
Bugs Fixed
- Implemented support for issuing challenges via IChallengePlugins.
- three challenge styles in particular:
- HTTP Basic Auth
- CookieCrumbler-like redirection
- Inline authentication form
- Made unit tests pass when run with cAccessControl.
- plugins/ZODBRoleManager.py: don't claim authority for
Authenticated
or Anonymous roles, which are managed by PAS.
- plugins/ZODBRoleManager.py: don't freak out if a previously assigned
principal goes away.
- plugins/ZODBGroupManager.py: don't freek out if a previously assigned
principal goes away.
- plugins/ZODBUserManager.py: plugin now uses AuthEncoding for its
password encryption so that we can more easily support migrating
existing UserFolders. Since PAS has been out for a while,
though, we still will authenticate against old credentials
- Repaired arrow images in two-list ZMI views.
- searchPrincipals will work for exact matches when a plugin supports
both
enumerateUsers and enumerateGroups .
Authenticated Role is now added dynamically by the
PluggableAuthService, not by any role manager
- Added WARNING-level logs with tracebacks for all swallowed
plugin exceptions, so that you notice that there is something
wrong with the plugins.
- All authenticateCredentials() returned a single None when they
could not authenticate, although all calls expected a tuple.
- The user id in extract user now calls _verifyUser to get the ID
mangled by the enumeration plugin, instead of mangling it with the
authentication ID, thereby allowing the authentication and
enumeration plugins to be different plugins.
PluggableAuthService 1.0.2 (2004/07/15)
Bugs Fixed
- ZODBRoleManager and ZODBGroupManager needed the "two_lists" view,
and associated images, which migrated to the PluginRegsitry product
when they split; restored them.
PluggableAuthService 1.0.1 (2004/05/18)
Bugs Fixed
- CookieAuth plugin didn't successfully set cookies (first, because
of a NameError, then, due to a glitch with long lines).
- Missing ZPL in most modules.
PluggableAuthService 1.0 (2004/04/29)
|