| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-10-18 | csrf documentation change | Ben Fagin | |
| 2017-04-30 | standardize "non-standard" | Steve Piercy | |
| 2017-04-29 | final cleanup of csrf decoupling in #2854 | Michael Merickel | |
| - Renamed `SessionCSRFStoragePolicy` to `LegacySessionCSRFStoragePolicy` for the version that uses the legacy `ISession.get_csrf_token` and `ISession.new_csrf_token` apis and set that as the default. - Added new `SessionCSRFStoragePolicy` that stores data in the session similar to how the `SessionAuthenticationPolicy` works. - `CookieCSRFStoragePolicy` did not properly return the newly generated token from `get_csrf_token` after calling `new_csrf_token`. It needed to cache the new value since the response callback does not affect the current request. - `CookieCSRFStoragePolicy` was not forwarding the `domain` value to the `CookieProfile` causing that setting to be ignored. - Removed `check_csrf_token` from the `ICSRFStoragePolicy` interface to simplify implementations of storage policies. - Added an introspectable item for the configured storage policy so that it appears on the debugtoolbar. - Added a change note on `ISession` that it no longer required the csrf methods. - Leave deprecated shims in ``pyramid.session`` for ``check_csrf_origin`` and ``check_csrf_token``. | |||
| 2017-04-26 | Apply drafting changes to documentation. | Matthew Wilkes | |
| 2017-04-12 | Use the webob CookieProfile in the Cookie implementation, rename some ↵ | Matthew Wilkes | |
| implemenations based on feedback, split CSRF implementation and option configuration and make the csrf token function exposed as a system default rather than a renderer event. | |||
| 2017-04-12 | Rename implementation to ICSRFStoragePolicy | Matthew Wilkes | |
| 2017-04-12 | Fix tests and documentation in various places, and feedback following review | Jure Cerjak | |
| regarding naming of variables and code cleanup. | |||
| 2017-04-12 | Create a new ICSRF implementation for getting CSRF tokens, split out from ↵ | Matthew Wilkes | |
| the session machinery. Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation. | |||
| 2016-06-09 | grammar, spelling, wrapping fix | Steve Piercy | |
| 2016-06-08 | Adding a warning discouraging use of __acl__ properties attributes | Julien MIOTTE | |
| 2015-10-31 | minor grammar, rewrap to 79 columns | Steve Piercy | |
| 2015-02-17 | enhance security docs with an example of subclassing a builtin policy | Michael Merickel | |
| 2015-02-17 | grammar | Michael Merickel | |
| 2014-08-13 | some tweaks to the usage of userid in the docs | Michael Merickel | |
| 2014-08-12 | Docs: Switched first 2 paragraphs of security overview. | Karl O. Pinc | |
| 2014-08-12 | Docs: Add resource tree into security overview. | Karl O. Pinc | |
| 2014-08-12 | Docs: Include the concept of credentials in the high level security overview. | Karl O. Pinc | |
| 2014-08-12 | Docs: Make "userid" link to the glossary term. | Karl O. Pinc | |
| 2014-08-12 | Security: Change "principal" argument in security.remember() to "userid". | Karl O. Pinc | |
| Make the change througout the authentication policies, etc. as well. | |||
| 2014-08-12 | Docs: Make clear that a userid need not be a principal. | Karl O. Pinc | |
| 2014-02-10 | - Garden PR #1121 | Steve Piercy | |
| 2013-10-27 | Security APIs on pyramid.request.Request | Matt Russell | |
| The pyramid.security Authorization API function has_permission is made available on the request. The pyramid.security Authentication API functions are now available as properties (unauthenticated_userid, authenticated_userid, effective_principals) and methods (remember_userid, forget_userid) on pyramid.request.Request. Backwards compatibility: For each of the APIs moved to request method or property, the original API in the pyramid.security module proxies to the request. Reworked tests to check module level b/c wrappers call through to mixins for each API. Tests that check no reg on request now do the right thing. Use a response callback to set the request headers for forget_userid and remember_userid. Update docs. Attempt to improve a documentation section referencing the pyramid.security.has_permission function in docs/narr/resources.rst Ensures backwards compatiblity for `pyramid.security.forget` and `pyramid.security.remember`. | |||
| 2013-10-19 | mon | Chris McDonough | |
| 2013-10-19 | add admonishment against secret sharing | Chris McDonough | |
| 2013-04-05 | fix some cross-references | Tshepang Lekhonkhobe | |
| 2013-03-22 | remove unused ignore-next-block directive | Tshepang Lekhonkhobe | |
| 2013-03-18 | reorder some imports to be alphabetical | Michael Merickel | |
| 2013-03-18 | support acl as a callable | Michael Merickel | |
| 2013-03-13 | consistency: use $VENV whenever virtualenv binaries are used | Tshepang Lekhonkhobe | |
| 2013-03-10 | Merge pull request #903 from tshepang/patch-4 | Tres Seaver | |
| capitalize | |||
| 2013-03-10 | Merge pull request #902 from tshepang/patch-3 | Tres Seaver | |
| change awkward sentence | |||
| 2013-03-10 | capitalize | Tshepang Lekhonkhobe | |
| 2013-03-10 | change awkward sentence | Tshepang Lekhonkhobe | |
| 2013-03-09 | grammar | Tshepang Lekhonkhobe | |
| 2012-11-04 | merged SHA512AuthTktAuthenticationPolicy into AuthTktAuthenticationPolicy | Michael Merickel | |
| AuthTktAuthenticationPolicy now accepts a hashalg parameter and is no longer deprecated. Docs recommend overriding hashalg and using 'sha512'. | |||
| 2012-11-04 | fix docs, upgrade tutorials, add change note, deprecate using ↵ | Chris McDonough | |
| zope.deprecation instead of a warning, make hashalg arg a kwarg in certain cases in case someone (maybe me) is using nonapi function imports from authentication | |||
| 2012-01-19 | fixes #398 .. mention only method-based authN configuration, remove ↵ | Chris McDonough | |
| indications of constructor value | |||
| 2011-10-06 | remove all reference to the paster command-line utility | Chris McDonough | |
| 2011-09-07 | add squishy whats-unique section to introduction | Chris McDonough | |
| 2011-08-22 | - Use [app:main] instead of a pipeline in all scaffolds and tutorials | Chris McDonough | |
| and narrative docs. - Break out awkward description of PasteDeploy entry points from project chapter into its own Paste chapter. | |||
| 2011-08-09 | Added the `pyramid.security.NO_PERMISSION_REQUIRED` constant. | Michael Merickel | |
| Removed the undocumented version from pyramid.interfaces. | |||
| 2011-07-30 | Updated all of the docs to reflect the new pyramid.* settings prefix. | Michael Merickel | |
| 2011-07-20 | add more index markers | Chris McDonough | |
| 2011-07-10 | Adding 'I' to example custom AuthenticationPolicy; it's an interface. | ejo | |
| 2011-02-28 | Fix authentication policy example. | Chris McDonough | |
| Closes #137 | |||
| 2011-02-05 | fix conflicts | Chris McDonough | |
| 2011-02-02 | Wrong name for variable | Chris Beelby | |
| 2011-02-02 | Capitalization fix | Chris Beelby | |
| 2011-01-30 | remove reference to ZCML directives; doesnt work in printed book | Chris McDonough | |
| 2011-01-27 | module name contractions | Chris McDonough | |
 |
index : pyramid | |
| Pyramid web framework (fork of https://github.com/Pylons/pyramid). | Daniel |
| summaryrefslogtreecommitdiff |