summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-11-07tests for custom query stringsMichael Merickel
2013-11-07support encoding arbitrary query stringsMichael Merickel
2013-11-07support query string and anchor on external static urlsMichael Merickel
2013-11-07document add_adapterMichael Merickel
2013-10-30indicate defaultChris McDonough
2013-10-30indicate defaultChris McDonough
2013-10-30renderingChris McDonough
2013-10-30fix failing test (unrelated to security stuff)Chris McDonough
2013-10-30new apiChris McDonough
2013-10-30convert remember/forget to request-method-basedChris McDonough
2013-10-30note deprecationChris McDonough
2013-10-30not methods, attrsChris McDonough
2013-10-30wordingChris McDonough
2013-10-30renderingChris McDonough
2013-10-30fix wiki2 tutorial wrt request-method security APIsChris McDonough
2013-10-30copy forward views.py changes to tests stepChris McDonough
2013-10-30fix zodb tutorial wrt request-based authentication and authorization apisChris McDonough
2013-10-28wording and specify return valueChris McDonough
2013-10-28add NB notes about recursive add_response_callback policies, use req instead ↵Chris McDonough
of self for normalization with exception getting
2013-10-28avoid a deprecation warning during test runsChris McDonough
2013-10-28defer looking up headers until the response callback is called (FBO things ↵Chris McDonough
like sessionauthenticationpolicy which does its own header-setting when its remember/forget methods are called)
2013-10-28add on_exception flag to remember/forget, fix a bug in _remember_userid and ↵Chris McDonough
_forget_userid (these should always return a sequence even if there is no authentication policy), defactorize tests
2013-10-28Bring change log, API docs, and deprecations in line with normal ↵Chris McDonough
policies/processes
2013-10-28Merge branch 'security-apis-on-request' of github.com:mgrbyte/pyramid into ↵Chris McDonough
mgrbyte-security-apis-on-request
2013-10-28Merge branch 'master' of github.com:Pylons/pyramidChris McDonough
2013-10-27Security APIs on pyramid.request.RequestMatt Russell
The pyramid.security Authorization API function has_permission is made available on the request. The pyramid.security Authentication API functions are now available as properties (unauthenticated_userid, authenticated_userid, effective_principals) and methods (remember_userid, forget_userid) on pyramid.request.Request. Backwards compatibility: For each of the APIs moved to request method or property, the original API in the pyramid.security module proxies to the request. Reworked tests to check module level b/c wrappers call through to mixins for each API. Tests that check no reg on request now do the right thing. Use a response callback to set the request headers for forget_userid and remember_userid. Update docs. Attempt to improve a documentation section referencing the pyramid.security.has_permission function in docs/narr/resources.rst Ensures backwards compatiblity for `pyramid.security.forget` and `pyramid.security.remember`.
2013-10-26Merge pull request #1177 from bertjwregeer/fix/signed_serialize_deserializeMichael Merickel
digestmod() has to accept a parameter in certain cases
2013-10-26Bring coverage back to 100%Bert JW Regeer
2013-10-26digestmod() has to accept a parameter in certain casesBert JW Regeer
Due to line 69 in hmac.py in the Python standard library (2.7) it expects to be able to call the digestmod function with the current key if the key passed in exceeds the block size in length. This fixes the code so that digestmod can accept string as an extra parameter, which is passed through to hashlib.new() [1]: http://hg.python.org/cpython/file/2.7/Lib/hmac.py#l69
2013-10-23Merge branch 'fix.view-defaults-on-notfound-and-forbidden-views'Chris McDonough
2013-10-22update changelogMichael Merickel
2013-10-20notfound and forbidden decorators were ignoring view_defaultsMichael Merickel
This could be fixed in other ways but the basic problem is that because config.add_notfound_view and config.add_forbidden_view have actual signatures instead of *args, **kwargs, the arguments are squashing the view_defaults which are applied later on the call to config.add_view. Basically, by the time the args get to config.add_view, they look explicit when they are not. fix #1173
2013-10-20Merge branch 'fix.renderer-interfaces'Chris McDonough
2013-10-20fix merge conflict and prevent warning from showing up during testing (dont ↵Chris McDonough
import ITemplateRenderer)
2013-10-20add a note so we can defend the choice laterChris McDonough
2013-10-20Merge branch 'fix.basic-authentication-encodings'Chris McDonough
2013-10-20Merge branch 'master' into fix.basic-authentication-encodingsChris McDonough
2013-10-20Merge branch 'feature.bad-csrf-token-exception'Chris McDonough
2013-10-20fix merge conflictChris McDonough
2013-10-20Merge branch 'feature.signed-cookie-session'Chris McDonough
2013-10-20rewording about deprecation and cookie compatibilityChris McDonough
2013-10-19remove unnecessary length check, slices are magicMichael Merickel
2013-10-19moar typosMichael Merickel
2013-10-19remove redundant "see"Michael Merickel
2013-10-19monChris McDonough
2013-10-19add admonishment against secret sharingChris McDonough
2013-10-19use zope.deprecation for warning about the ↵Chris McDonough
UnencryptedCookieSessionFactoryConfig deprecation (it will happen at import time, rather than usage time, which is good for tests); add a few sphinx directives for deprecated and versionadded
2013-10-19link to the public renderer interfacesMichael Merickel
2013-10-19modify the docs for the renderer interfacesMichael Merickel
2013-10-19fix tests on py3Michael Merickel
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-24 03:51:29 +0000