| Age | Commit message (Collapse) | Author |
|---|
|
|
|
custom route/view predicate in order to allow the custom predicate
some control over which predicates are "equal".
- Use ``response.headerlist.append`` instead of
``response.headers.add`` in
``repoze.bfg.request.add_global_response_headers`` in case the
response is not a WebOb response.
|
|
-------------
- Add an API chapter for the ``repoze.bfg.request`` module, which
includes documentation for the ``repoze.bfg.request.Request`` class
(the "request object").
- Modify the "Request and Response" narrative chapter to reference the
new ``repoze.bfg.request`` API chapter. Some content was moved from
this chapter into the API documentation itself.
Features
--------
- A new ``repoze.bfg.request.Request.add_response_callback`` API has
been added. This method is documented in the new
``repoze.bfg.request`` API chapter. It can be used to influence
response values before a concrete response object has been created.
Internal
--------
- The (internal) feature which made it possible to attach a
``global_response_headers`` attribute to the request (which was
assumed to contain a sequence of header key/value pairs which would
later be added to the response by the router), has been removed.
The functionality of
``repoze.bfg.request.Request.add_response_callback`` takes its
place.
|
|
---------
- Ensure that ``secure`` flag for AuthTktAuthenticationPolicy
constructor does what it's documented to do (merge Daniel Holth's
fancy-cookies-2 branch).
New Features
------------
- Add ``path`` and ``http_only`` options to
AuthTktAuthenticationPolicy constructor (merge Daniel Holth's
fancy-cookies-2 branch).
|
|
|
|
``webob.Request`` now defines its own ``__setattr__``,
``__getattr__`` and ``__delattr__`` methods, which override the
default WebOb behavior. The default WebOb behavior stores
attributes of the request in ``self.environ['webob.adhoc_attrs']``,
and retrieves them from that dictionary during a ``__getattr__``.
This behavior was undesirable for speed and "expectation" reasons.
Now attributes of the ``request`` are stored in ``request.__dict__``
(as you otherwise might expect from an object that did not override
these methods).
- The router no longer calls ``repoze.bfg.traversal._traverse`` and
does its work "inline" (speed).
|
|
|
|
directive. If this value is set, it must be an integer representing
the number of seconds which the auth tkt cookie will survive.
Mainly, its existence allows the auth_tkt cookie to survive across
browser sessions.
- The ``reissue_time`` argument to the ``authtktauthenticationpolicy``
ZCML directive now actually works. When it is set to an integer
value, an authticket set-cookie header is appended to the response
whenever a request requires authentication and 'now' minus the
authticket's timestamp is greater than ``reissue_time`` seconds.
- The router now checks for a ``global_response_headers`` attribute of
the request object before returning a response. If this value
exists, it is presumed to be a sequence of two-tuples, representing
a set of headers to append to the 'normal' response headers. This
feature is internal, rather than exposed internally, because it's
unclear whether it will stay around in the long term. It was added
to support the ``reissue_time`` feature of the authtkt
authentication policy.
- The ``authtkt`` authentication policy ``remember`` method now no
longer honors ``token`` or ``userdata`` keyword arguments.
|
|
``repoze.bfg.security.remember`` when the
``authtktauthenticationpolicy`` authentication policy is in effect.
(Patch from Andreas Zeidler).
|
|
``repoze.bfg.authentication.AuthTktAuthenticationPolicy``; if this
value is passed to ``remember``, the generated cookie will have a
corresponding Max-Age value.
|
|
authentication policies named ``RepozeWho1AuthenticationPolicy``,
``RemoteUserAuthenticationPolicy``, and
``AuthTktAuthenticationPolicy`` now must accept two positional
arguments: the orginal argument accepted by each (userid or
identity) plus a second argument, which will be the current request.
Apologies, this is required to service finding groups when there is
no "global" database connection.
|
|
``repoze.bfg.authentication.AuthTktAuthenticationPolicy``
constructor. If these are passed, cookies will be reset every so
often (cadged from the same change to repoze.who lately).
|
|
|
|
``authenticated_userid`` function APIs in ``repoze.bfg.security``,
effectively a doing reversion to 0.8 and before behavior. Both
functions now again accept only the ``request`` parameter.
|
|
credentials from an auth_tkt cookie managed by the application
itself (instead of relying on an upstream data source for
authentication data). See the Security API chapter of the
documentation for more info.
- Allow RemoteUserAuthenticationPolicy and
RepozeWho1AuthenticationPolicy to accept various constructor
arguments. See the Security API chapter of the documentation for
more info.
|
|
|
