[Checkins] SVN: Products.PluggableAuthService/trunk/ Prep 1.6.1 release.
Tres Seaver
tseaver at palladion.com
Sun Nov 15 22:43:36 EST 2009
Log message for revision 105679:
Prep 1.6.1 release.
Changed:
A Products.PluggableAuthService/trunk/CHANGES.txt
D Products.PluggableAuthService/trunk/Products/PluggableAuthService/README.txt
D Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/CHANGES.txt
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/version.txt
U Products.PluggableAuthService/trunk/README.txt
-=-
Copied: Products.PluggableAuthService/trunk/CHANGES.txt (from rev 105678, Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/CHANGES.txt)
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt (rev 0)
+++ Products.PluggableAuthService/trunk/CHANGES.txt 2009-11-16 03:43:36 UTC (rev 105679)
@@ -0,0 +1,169 @@
+Change Log
+==========
+
+1.6.1 (unreleased)
+------------------
+
+- Launchpad #420319: Fix misconfigured ``startswith`` match type filter
+ in ``plugins.DomainAuthHelper``.
+
+- Fixed test setup for tests using page templates relying on the
+ DefaultTraversable adapter.
+
+- Fixed broken markup.
+
+- Don't fail on users defined in multiple user sources on the
+ ZODBGroupManager listing page.
+
+- Fixed deprecation warnings for use of Globals and avoid deprecation
+ warnings for the md5 and sha modules.
+
+- Launchpad #273680: Avoid expensive / incorrect dive into ``enumerateUsers``
+ when trying to validate w/o either a real ID or login.
+
+- Launchpad #300321: ZODBGroupManager.enumerateGroups failed to find
+ groups with unicode IDs.
+
+
+1.6 (2008-08-05)
+----------------
+
+- Fixed another deprecation for manage_afterAdd occurring when used
+ together with Five (this time for the ZODBRoleManager class).
+
+- Ensure the _findUser cache is invalidated if the roles or groups for
+ a principal change.
+
+- Launchpad #15569586: docstring fix.
+
+- Factored out ``filter`` logic into separate classes; added filters
+ for ``startswith`` test and (if the IPy module is present) IP-range
+ tests. See https://bugs.launchpad.net/zope-pas/+bug/173580 .
+
+- Zope 2.12 compatibility - removed Interface.Implements import if
+ zope.interface available.
+
+- Ensure ZODBRoleManagerExportImport doesn't fail if it tries to add a
+ role that already exists (idempotence is desirable in GS importers)
+
+- Fixed tests so they run with Zope 2.11.
+
+- Split up large permission tests into individual tests.
+
+- Fixed deprecation warning occurring when used together with
+ Five. (manage_afterAdd got undeprecated.)
+
+- Added buildout.
+
+
+1.5.3 (2008-02-06)
+------------------
+
+- ZODBUserManager plugin: allow unicode arguments to
+ ``enumerateUsers``. (https://bugs.launchpad.net/zope-pas/+bug/189627)
+
+- plugins/ZODBRoleManager: added logging in case searchPrincipial()
+ returning more than one result (which might happen in case of having
+ duplicate id within difference user sources)
+
+
+1.5.2 (2007-11-28)
+------------------
+
+- DomainAuthHelper plugin: fix glitch for plugins which have never
+ configured any "default" policy: ``authenticateCredentials`` and
+ ``getRolesForPrincipal`` would raise ValueError.
+ (http://www.zope.org/Collectors/PAS/59)
+
+
+1.5.1 (2007-09-11)
+------------------
+
+- PluggableAuthService._verifyUser: changed to use exact_match to the
+ enumerator, otherwise a user with login ``foobar`` might get returned
+ by _verifyUser for a query for ``login='foo'`` because the enumerator
+ happened to return 'foobar' first in the results.
+
+- Add a test for manage_zmi_logout and replace a call to isImplementedBy
+ with providedBy.
+ (http://www.zope.org/Collectors/PAS/58)
+
+
+1.5 (2006-06-17)
+----------------
+
+- Add support for property plugins returning an IPropertySheet
+ to PropertiedUser. Added addPropertysheet to the IPropertiedUser.
+
+- Added a method to the IRoleAssignerPlugin to remove roles from a
+ principal, and an implementation for it on the ZODBRoleManager.
+ (http://www.zope.org/Collectors/PAS/57)
+
+- Added events infrastructure. Enabled new IPrincipalCreatedEvent and
+ ICredentialsUpdatedEvent events.
+
+- Added support for registering plugin types via ZCML.
+
+- Implemented authentication caching in _extractUserIds.
+
+- Ported standard user folder tests from the AccessControl test suite.
+
+- Passwords with ":" characters would break authentication
+ (http://www.zope.org/Collectors/PAS/51)
+
+- Corrected documented software dependencies
+
+- Converted to publishable security sensitive methods to only accept
+ POST requests to prevent XSS attacks. See
+ http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement and
+ http://dev.plone.org/plone/ticket/6310
+
+- Fixed issue in the user search filter where unrecognized keyword
+ arguments were ignored resulting in duplicate search entries.
+ (http://dev.plone.org/plone/ticket/6300)
+
+- Made sure the Extensions.upgrade script does not commit full
+ transactions but only sets (optimistic) savepoints. Removed bogus
+ Zope 2.7 compatibility in the process.
+ (http://www.zope.org/Collectors/PAS/55)
+
+- Made the CookieAuthHelper only use the ``__ac_name`` field if
+ ``__ac_password`` is also present. This fixes a login problem for
+ CMF sites where the login name was remembered between sessions with
+ an ``__ac_name`` cookie.
+
+- Made the DomainAuthHelper return the remote address, even it the
+ remote host is not available (http://www.zope.org/Collectors/PAS/49).
+
+- Fixed bug in DelegatingMultiPlugin which attempted to validate the
+ supplied password directly against the user password - updated to use
+ AuthEncoding.pw_validate to handle encoding issues
+
+- Fixed serious security hole in DelegatingMultiPlugin which allowed
+ Authentication if the EmergencyUser login was passed in. Added
+ password validation utilizing AuthEncoding.pw_validate
+
+- Fixed a set of tests that tested values computed from dictionaries
+ and could break since dictionaries are not guaranteed to have any
+ sort order.
+
+- Fixed test breakage induced by use of Z3 pagetemplates in Zope
+ 2.10+.
+
+- BasePlugin: The listInterfaces method only considered the old-style
+ __implements__ machinery when determining interfaces provided by
+ a plugin instance.
+
+- ZODBUserManager: Already encrypted passwords were encrypted again in
+ addUser and updateUserPassword.
+ (http://www.zope.org/Collectors/Zope/1926)
+
+- Made sure the emergency user via HTTP basic auth always wins, no matter
+ how borken the plugin landscape.
+
+- Cleaned up code in CookieAuthHelper which allowed the form to override
+ login/password if a cookie had already been set.
+
+- Removed some BBB code for Zope versions < 2.8, which is not needed
+ since we require Zope > 2.8.5 nowadays.
+
Property changes on: Products.PluggableAuthService/trunk/CHANGES.txt
___________________________________________________________________
Added: svn:keywords
+ Author Date Id Revision
Added: svn:mergeinfo
+
Added: svn:eol-style
+ native
Deleted: Products.PluggableAuthService/trunk/Products/PluggableAuthService/README.txt
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/README.txt 2009-11-16 03:37:30 UTC (rev 105678)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/README.txt 2009-11-16 03:43:36 UTC (rev 105679)
@@ -1,26 +0,0 @@
-===============================
- Products.PluggableAuthService
-===============================
-
-This product defines a fully-pluggable user folder, intended for
-use in all Zope sites.
-
-.. contents::
-
-Manual Installation
-===================
-
-If you want to install this package manually, without using setuptools,
-simply untar the package file downloaded from the PyPI site and look for
-the folder named "PluggableAuthService" underneath the "Products" folder
-at the root of the extracted tarball. Copy or link this
-"PluggableAuthService" folder into your Zope "Products" folder and restart
-Zope.
-
-Documentation
-=============
-
-Please see the files under doc/ in the packaged software for more
-information, and consult the interfaces files under interfaces/ in
-the software package for PluggableAuthService and plugin APIs.
-
Deleted: Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/CHANGES.txt 2009-11-16 03:37:30 UTC (rev 105678)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/CHANGES.txt 2009-11-16 03:43:36 UTC (rev 105679)
@@ -1,168 +0,0 @@
-PluggableAuthService changelog
-==============================
-
-PluggableAuthService 1.7 (unreleased)
--------------------------------------
-
-- Launchpad #420319: Fix misconfigured ``startswith`` match type filter
- in ``plugins.DomainAuthHelper``.
-
-- Fixed test setup for tests using page templates relying on the
- DefaultTraversable adapter.
-
-- Fixed broken markup.
-
-- Don't fail on users defined in multiple user sources on the ZODBGroupManager
- listing page.
-
-- Fixed deprecation warnings for use of Globals and avoid deprecation
- warnings for the md5 and sha modules.
-
-- Launchpad #273680: Avoid expensive / incorrect dive into ``enumerateUsers``
- when trying to validate w/o either a real ID or login.
-
-- Launchpad #300321: ZODBGroupManager.enumerateGroups failed to find
- groups with unicode IDs.
-
-PluggableAuthService 1.6 (2008-08-05)
--------------------------------------
-
-- Fixed another deprecation for manage_afterAdd occurring when used
- together with Five (this time for the ZODBRoleManager class).
-
-- Ensure the _findUser cache is invalidated if the roles or groups for
- a principal change.
-
-- Launchpad #15569586: docstring fix.
-
-- Factored out ``filter`` logic into separate classes; added filters
- for ``startswith`` test and (if the IPy module is present) IP-range
- tests. See https://bugs.launchpad.net/zope-pas/+bug/173580 .
-
-- Zope 2.12 compatibility - removed Interface.Implements import if
- zope.interface available.
-
-- Ensure ZODBRoleManagerExportImport doesn't fail if it tries to add a
- role that already exists (idempotence is desirable in GS importers)
-
-- Fixed tests so they run with Zope 2.11.
-
-- Split up large permission tests into individual tests.
-
-- Fixed deprecation warning occurring when used together with
- Five. (manage_afterAdd got undeprecated.)
-
-- Added buildout.
-
-
-PluggableAuthService 1.5.3 (2008-02-06)
----------------------------------------
-
-- ZODBUserManager plugin: allow unicode arguments to
- ``enumerateUsers``. (https://bugs.launchpad.net/zope-pas/+bug/189627)
-
-- plugins/ZODBRoleManager: added logging in case searchPrincipial()
- returning more than one result (which might happen in case of having
- duplicate id within difference user sources)
-
-
-PluggableAuthService 1.5.2 (2007-11-28)
----------------------------------------
-
-- DomainAuthHelper plugin: fix glitch for plugins which have never
- configured any "default" policy: ``authenticateCredentials`` and
- ``getRolesForPrincipal`` would raise ValueError.
- (http://www.zope.org/Collectors/PAS/59)
-
-
-PluggableAuthService 1.5.1 (2007-09-11)
----------------------------------------
-
-- PluggableAuthService._verifyUser: changed to use exact_match to the
- enumerator, otherwise a user with login ``foobar`` might get returned
- by _verifyUser for a query for ``login='foo'`` because the enumerator
- happened to return 'foobar' first in the results.
-
-- Add a test for manage_zmi_logout and replace a call to isImplementedBy
- with providedBy.
- (http://www.zope.org/Collectors/PAS/58)
-
-
-PluggableAuthService 1.5 (2006-06-17)
--------------------------------------
-
-- Add support for property plugins returning an IPropertySheet
- to PropertiedUser. Added addPropertysheet to the IPropertiedUser.
-
-- Added a method to the IRoleAssignerPlugin to remove roles from a
- principal, and an implementation for it on the ZODBRoleManager.
- (http://www.zope.org/Collectors/PAS/57)
-
-- Added events infrastructure. Enabled new IPrincipalCreatedEvent and
- ICredentialsUpdatedEvent events.
-
-- Added support for registering plugin types via ZCML.
-
-- Implemented authentication caching in _extractUserIds.
-
-- Ported standard user folder tests from the AccessControl test suite.
-
-- Passwords with ":" characters would break authentication
- (http://www.zope.org/Collectors/PAS/51)
-
-- Corrected documented software dependencies
-
-- Converted to publishable security sensitive methods to only accept
- POST requests to prevent XSS attacks. See
- http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement and
- http://dev.plone.org/plone/ticket/6310
-
-- Fixed issue in the user search filter where unrecognized keyword
- arguments were ignored resulting in duplicate search entries.
- (http://dev.plone.org/plone/ticket/6300)
-
-- Made sure the Extensions.upgrade script does not commit full
- transactions but only sets (optimistic) savepoints. Removed bogus
- Zope 2.7 compatibility in the process.
- (http://www.zope.org/Collectors/PAS/55)
-
-- Made the CookieAuthHelper only use the ``__ac_name`` field if
- ``__ac_password`` is also present. This fixes a login problem for
- CMF sites where the login name was remembered between sessions with
- an ``__ac_name`` cookie.
-
-- Made the DomainAuthHelper return the remote address, even it the
- remote host is not available (http://www.zope.org/Collectors/PAS/49).
-
-- Fixed bug in DelegatingMultiPlugin which attempted to validate the
- supplied password directly against the user password - updated to use
- AuthEncoding.pw_validate to handle encoding issues
-
-- Fixed serious security hole in DelegatingMultiPlugin which allowed
- Authentication if the EmergencyUser login was passed in. Added
- password validation utilizing AuthEncoding.pw_validate
-
-- Fixed a set of tests that tested values computed from dictionaries
- and could break since dictionaries are not guaranteed to have any
- sort order.
-
-- Fixed test breakage induced by use of Z3 pagetemplates in Zope
- 2.10+.
-
-- BasePlugin: The listInterfaces method only considered the old-style
- __implements__ machinery when determining interfaces provided by
- a plugin instance.
-
-- ZODBUserManager: Already encrypted passwords were encrypted again in
- addUser and updateUserPassword.
- (http://www.zope.org/Collectors/Zope/1926)
-
-- Made sure the emergency user via HTTP basic auth always wins, no matter
- how borken the plugin landscape.
-
-- cleaned up code in CookieAuthHelper which allowed the form to override
- login/password if a cookie had already been set.
-
-- Removed some BBB code for Zope versions < 2.8, which is not needed
- since we require Zope > 2.8.5 nowadays.
-
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/version.txt
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/version.txt 2009-11-16 03:37:30 UTC (rev 105678)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/version.txt 2009-11-16 03:43:36 UTC (rev 105679)
@@ -1 +1 @@
-1.7dev
+1.6.1
Modified: Products.PluggableAuthService/trunk/README.txt
===================================================================
--- Products.PluggableAuthService/trunk/README.txt 2009-11-16 03:37:30 UTC (rev 105678)
+++ Products.PluggableAuthService/trunk/README.txt 2009-11-16 03:43:36 UTC (rev 105679)
@@ -1 +1,41 @@
-(See Products/PluggableAuthService/README.txt).
+Products.PluggableAuthService README
+====================================
+
+This product defines a fully-pluggable user folder, intended for
+use in all Zope2 sites.
+
+Installation
+------------
+
+The normal way it install this package is via ``setuptools``, either
+via ``easy_install`` into a virtual environment::
+
+ $ cd /path/to/virtualenv
+ $ bin/easy_install Products.PluggableAuthService
+
+or by including the package in the configuration for a ``zc.buildout``-based
+deployment::
+
+ $ cd /path/to/buildout
+ $ grep "eggs =" buildout.cfg
+ ...
+ eggs = Products.PluggableAuthService
+ ...
+
+The product can also be installed as a depencency of another distribution.
+
+If you want to install this package manually, without using setuptools,
+simply untar the package file downloaded from the PyPI site and look for
+the folder named "PluggableAuthService" underneath the "Products" folder
+at the root of the extracted tarball. Copy or link this
+"PluggableAuthService" folder into your Zope "Products" folder and restart
+Zope.
+
+
+Documentation
+-------------
+
+Please see the files under doc/ in the packaged software for more
+information, and consult the interfaces files under interfaces/ in
+the software package for PluggableAuthService and plugin APIs.
+
More information about the checkins
mailing list