PluggableAuthService changelog

  PluggableAuthService 1.2 (2006/05/14)

    Bugs Fixed

      - Fix manage_zmi_logout which stopped working correctly as soon as the
        PluggableAuthService product code was installed by correcting the
        monkeypatch for it in __init__.py.
        (http://www.zope.org/Collectors/PAS/12)

      - Add missing interface for IPropertiedUser and tests
        (http://www.zope.org/Collectors/PAS/16)

    Other

      - Removed STX links from README.txt which do nothing but return 
        404s when clicked from the README on zope.org.
        (http://www.zope.org/Collectors/PAS/6)

      - Fixing up inconsistent searching in the listAvailablePrincipals
        method of the ZODBRoleManager and ZODBGroupManager plugins. Now both
        constrain searches by ID.
        (http://www.zope.org/Collectors/PAS/11)

      - Convert from using zLOG to using the Python logging module.
        (http://www.zope.org/Collectors/PAS/14)


  PluggableAuthService 1.2-beta (2006/02/25)

    New Features

      - Added suppport for exporting / importing a PAS and its content via
        the GenericSetup file export framework.

      - Made ZODBRoleManager plugin check grants to the principal's groups,
        as well as those made to the principal directly.

      - Added two new interfaces, IChallengeProtocolChooser and
        IRequestTypeSniffer. Those are used to select the 'authorization
        protocol' or 'challenger protocol' to be used for challenging
        according to the incoming request type.

    Bugs Fixed

      - Repaired warings appearing in Zope 2.8.5 due to a couple typos
        in security declarations.

      - Repaired DeprecationWarnings due to use of Zope2 interface verification.

      - Repaired unit test breakage (unittest.TestCase instances have
        'failUnless'/'failIf', rather than 'assertTrue'/'assertFalse').

      - Fixed a couple more places where Zope 2-style ``__implements__``
        were being used to standardize on using ``classImplements``.

      - Fixed fallback implementations of ``providedBy`` and
        ``implementedBy`` to always return a tuple.

      - Make sure challenge doesn't break if existing instances of the
        PluginRegistry don't yet have ``IChallengeProtocolChooser`` as a
        registered interface. (Would be nice to have some sort of
        migration for the PluginRegistry between PAS releases)

      - Don't assume that just because zope.interface can be imported
        that Five is present.

  PluggableAuthService 1.1b2 (2005/07/14)

    Bugs Fixed

      - Repaired a missing 'nocall:' in the Interfaces activation form.

  PluggableAuthService 1.1b1 (2005/07/06)

    New Features

      - PAS-level id mangling is no more. All (optional) mangling is now
        done on a per-plugin basis.

      - Interfaces used by PAS are now usable in both Zope 2.7 and 2.8
        (Five compatible)

  PluggableAuthService 1.0.5 (2005/01/31)

    Bugs Fixed

      - Simplified detection of the product directory using 'package_home'.

      - Set a default value for the 'login' attribute of a PAS, to avoid
        UnboundLocalError.

  PluggableAuthService 1.0.4 (2005/01/27)

    Features Added

      - Made 'Extensions' a package, to allow importing its scripts
        as modules.

      - Declared new 'IPluggableAuthService' interface, describing additional
        PAS-specific API.

      - Exposed PAS' 'resetCredentials' and 'updateCredentials' as public
        methods.

      - Monkey-patch ZMI's logout to invoke PAS' 'resetCredentials', if
        present.

      - CookieAuth plugin now encodes and decodes cookies in the same
        format as CookieCrumbler to provide compatibility between
        sites running PAS and CC.

      - Add a publicly callable "logout" method on the PluggableAuthService
        instance that will call resetCredentials on all activated 
        ICredentialsRest plugins, thus effecting a logout.

      - Enabled the usage of the CookieAuthHelper login screen functionality
        without actually using the CookieAuthHelper to maintain the 
        credentials store in its own auth cookie by ensuring that only
        active updateCredentials plugins are informed about a successful
        login so they can store the credentials.

      - Added a _getPAS method to the BasePlugin base class to be used
        as the canonical way of getting at the PAS instance from within
        plugins.

      - Group and user plugins can now specify their own title for a
        principal entry (PAS will not compute one if they do).

      - PAS and/or plugins can now take advantage of caching using the
        Zope ZCacheable framework with RAM Cache Managers. See
        doc/caching.stx for the details.

    Bugs Fixed

      - Make 'getUserById' pass the 'login' to '_findUser', so that
        the returned user object can answer 'getUserName' sanely.

      - Harden 'logout' against missing HTTP_REFERRER.

      - Avoid triggering "Emergency user cannot own" when adding a
        CookieAuthHelper plugin as that user.

      - Detect and prevent recursive redirecting in the CookieAuthHelper
        if the login_form cannot be reached by the Anonymous User.

      - Made logging when swallowing exceptions much less noisy (they
        *don't* necessarily require attention).

      - Clarified interface of IAuthenticationPlugin, which should return
        None rather than raising an exception if asked to authenticate an
        unknown principal;  adjusted ZODBUserManager accordingly.

      - Don't log an error in zodb_user_plugin's authenticateCredentials
        if we don't have a record for a particular username, just return None.

      - If an IAuthenticationPlugin returns None instead of a tuple
        from authenticateCredentials, don't log a tuple-unpack error in PAS
	    itself.

  PluggableAuthService 1.0.3 (2004/10/16)

    Bugs Fixed

      - Implemented support for issuing challenges via IChallengePlugins.

        - three challenge styles in particular:

          - HTTP Basic Auth

          - CookieCrumbler-like redirection

          - Inline authentication form

      - Made unit tests pass when run with cAccessControl.

      - plugins/ZODBRoleManager.py: don't claim authority for 'Authenticated'
        or 'Anonymous' roles, which are managed by PAS.

      - plugins/ZODBRoleManager.py: don't freak out if a previously assigned
        principal goes away.

      - plugins/ZODBGroupManager.py: don't freek out if a previously assigned
        principal goes away.

      - plugins/ZODBUserManager.py: plugin now uses AuthEncoding for its
        password encryption so that we can more easily support migrating
        existing UserFolders. Since PAS has been out for a while,
        though, we still will authenticate against old credentials

      - Repaired arrow images in two-list ZMI views.

      - searchPrincipals will work for exact matches when a plugin supports
        both 'enumerateUsers' and 'enumerateGroups'.

      - 'Authenticated' Role is now added dynamically by the
        PluggableAuthService, not by any role manager

      - Added WARNING-level logs with tracebacks for all swallowed
        plugin exceptions, so that you notice that there is something
        wrong with the plugins.

      - All authenticateCredentials() returned a single None when they
        could not authenticate, although all calls expected a tuple.

      - The user id in extract user now calls _verifyUser to get the ID
        mangled by the enumeration plugin, instead of mangling it with the
        authentication ID, thereby allowing the authentication and
        enumeration plugins to be different plugins.


  PluggableAuthService 1.0.2 (2004/07/15)

    Bugs Fixed

      - ZODBRoleManager and ZODBGroupManager needed the "two_lists" view,
        and associated images, which migrated to the PluginRegsitry product
        when they split;  restored them.

  PluggableAuthService 1.0.1 (2004/05/18)

    Bugs Fixed

      - CookieAuth plugin didn't successfully set cookies (first, because
        of a NameError, then, due to a glitch with long lines).

      - Missing ZPL in most modules.

  PluggableAuthService 1.0 (2004/04/29)

    - Initial release
