PluggableAuthService changelog

  PluggableAuthService 1.1b2 (2005/07/14)

    - Missed a 'nocall:' in the Interfaces activation form.

  PluggableAuthService 1.1b1 (2005/07/06)

    - PAS-level id mangling is no more. All (optional) mangling is now
      done on a per-plugin basis.

    - Interfaces used by PAS are now usable in both Zope 2.7 and 2.8
      (Five compatible)

  PluggableAuthService 1.0.4 (2005/01/27)

    Features Added

      - Made 'Extensions' a package, to allow importing its scripts
        as modules.

      - Declared new 'IPluggableAuthService' interface, describing additional
        PAS-specific API.

      - Exposed PAS' 'resetCredentials' and 'updateCredentials' as public
        methods.

      - Monkey-patch ZMI's logout to invoke PAS' 'resetCredentials', if
        present.

      - CookieAuth plugin now encodes and decodes cookies in the same
        format as CookieCrumbler to provide compatibility between
        sites running PAS and CC.

      - Add a publicly callable "logout" method on the PluggableAuthService
        instance that will call resetCredentials on all activated 
        ICredentialsRest plugins, thus effecting a logout.

      - Enabled the usage of the CookieAuthHelper login screen functionality
        without actually using the CookieAuthHelper to maintain the 
        credentials store in its own auth cookie by ensuring that only
        active updateCredentials plugins are informed about a successful
        login so they can store the credentials.

      - Added a _getPAS method to the BasePlugin base class to be used
        as the canonical way of getting at the PAS instance from within
        plugins.

      - Group and user plugins can now specify their own title for a
        principal entry (PAS will not compute one if they do).

      - PAS and/or plugins can now take advantage of caching using the
        Zope ZCacheable framework with RAM Cache Managers. See
        doc/caching.stx for the details.

    Bugs Fixed

      - Make 'getUserById' pass the 'login' to '_findUser', so that
        the returned user object can answer 'getUserName' sanely.

      - Harden 'logout' against missing HTTP_REFERRER.

      - Avoid triggering "Emergency user cannot own" when adding a
        CookieAuthHelper plugin as that user.

      - Detect and prevent recursive redirecting in the CookieAuthHelper
        if the login_form cannot be reached by the Anonymous User.

      - Made logging when swallowing exceptions much less noisy (they
        *don't* necessarily require attention).

      - Clarified interface of IAuthenticationPlugin, which should return
        None rather than raising an exception if asked to authenticate an
        unknown principal;  adjusted ZODBUserManager accordingly.

      - Don't log an error in zodb_user_plugin's authenticateCredentials
        if we don't have a record for a particular username, just return None.

      - If an IAuthenticationPlugin returns None instead of a tuple
        from authenticateCredentials, don't log a tuple-unpack error in PAS
	    itself.

  PluggableAuthService 1.0.3 (2004/10/16)

    Bugs Fixed

      - Implemented support for issuing challenges via IChallengePlugins.

        - three challenge styles in particular:

          - HTTP Basic Auth

          - CookieCrumbler-like redirection

          - Inline authentication form

      - Made unit tests pass when run with cAccessControl.

      - plugins/ZODBRoleManager.py: don't claim authority for 'Authenticated'
        or 'Anonymous' roles, which are managed by PAS.

      - plugins/ZODBRoleManager.py: don't freak out if a previously assigned
        principal goes away.

      - plugins/ZODBGroupManager.py: don't freek out if a previously assigned
        principal goes away.

      - plugins/ZODBUserManager.py: plugin now uses AuthEncoding for its
        password encryption so that we can more easily support migrating
        existing UserFolders. Since PAS has been out for a while,
        though, we still will authenticate against old credentials

      - Repaired arrow images in two-list ZMI views.

      - searchPrincipals will work for exact matches when a plugin supports
        both 'enumerateUsers' and 'enumerateGroups'.

      - 'Authenticated' Role is now added dynamically by the
        PluggableAuthService, not by any role manager

      - Added WARNING-level logs with tracebacks for all swallowed
        plugin exceptions, so that you notice that there is something
        wrong with the plugins.

      - All authenticateCredentials() returned a single None when they
        could not authenticate, although all calls expected a tuple.

      - The user id in extract user now calls _verifyUser to get the ID
        mangled by the enumeration plugin, instead of mangling it with the
        authentication ID, thereby allowing the authentication and
        enumeration plugins to be different plugins.


  PluggableAuthService 1.0.2 (2004/07/15)

    Bugs Fixed

      - ZODBRoleManager and ZODBGroupManager needed the "two_lists" view,
        and associated images, which migrated to the PluginRegsitry product
        when they split;  restored them.

  PluggableAuthService 1.0.1 (2004/05/18)

    Bugs Fixed

      - CookieAuth plugin didn't successfully set cookies (first, because
        of a NameError, then, due to a glitch with long lines).

      - Missing ZPL in most modules.

  PluggableAuthService 1.0 (2004/04/29)

    - Initial release