From 10c6857185e299b4c6932c2a378ad3adb14867d8 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 19 Oct 2013 01:12:20 -0500 Subject: add deprecation for old cookie factory --- CHANGES.txt | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 550dd0a39..feea11def 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -15,6 +15,12 @@ Bug Fixes allowing traversal to continue. See https://github.com/Pylons/pyramid/issues/1104 +Deprecations +------------ + +- The ``UnencryptedCookieSessionFactoryConfig`` has been deprecated and will + be replaced by the ``SignedCookieSessionFactory``. + 1.5a2 (2013-09-22) ================== -- cgit v1.2.3 From 63bf0587066216f9879ab188691579c9565f0340 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 19 Oct 2013 01:22:35 -0500 Subject: updated changelog --- CHANGES.txt | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index feea11def..a9b9814f3 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -6,6 +6,21 @@ Documentation - Added a "Quick Tutorial" to go with the Quick Tour +Features +-------- + +- Added a new ``SignedCookieSessionFactory`` which is very similar to the + ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on + signing content. The custom serializer arguments to this function should + only focus on serializing, unlike its predecessor which required the + serializer to also perform signing. + +- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie + factory that can be used by framework implementors to create their own + session implementations. It provides a reusable API which focuses strictly + on providing a dictionary-like object that properly handles renewals, + timeouts, and conformance with the ``ISession`` API. + Bug Fixes --------- @@ -18,9 +33,9 @@ Bug Fixes Deprecations ------------ -- The ``UnencryptedCookieSessionFactoryConfig`` has been deprecated and will - be replaced by the ``SignedCookieSessionFactory``. - +- The ``UnencryptedCookieSessionFactoryConfig`` has been deprecated and is + superceded by the ``SignedCookieSessionFactory``. Cookies generated by + the two factories are not compatible. 1.5a2 (2013-09-22) ================== -- cgit v1.2.3 From 6b0889cc8f3711d5f77cb663f8f2fa432eb3ad06 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 19 Oct 2013 01:52:11 -0500 Subject: update doc references --- CHANGES.txt | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index a228fbb3a..fcfb83e4f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -10,6 +10,11 @@ Features python -3 -m pyramid.scripts.pserve development.ini +- Added a specific subclass of ``HTTPBadRequest`` named + ``pyramid.exceptions.BadCSRFToken`` which will now be raised in response + to failures in ``check_csrf_token``. + See https://github.com/Pylons/pyramid/pull/1149 + Bug Fixes --------- -- cgit v1.2.3 From 8385569b371a2586acf1680937ca656136c2502c Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 19 Oct 2013 02:02:19 -0500 Subject: reference github issues --- CHANGES.txt | 3 +++ 1 file changed, 3 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index a9b9814f3..f67291ca5 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -14,12 +14,14 @@ Features signing content. The custom serializer arguments to this function should only focus on serializing, unlike its predecessor which required the serializer to also perform signing. + See https://github.com/Pylons/pyramid/pull/1142 - Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie factory that can be used by framework implementors to create their own session implementations. It provides a reusable API which focuses strictly on providing a dictionary-like object that properly handles renewals, timeouts, and conformance with the ``ISession`` API. + See https://github.com/Pylons/pyramid/pull/1142 Bug Fixes --------- @@ -36,6 +38,7 @@ Deprecations - The ``UnencryptedCookieSessionFactoryConfig`` has been deprecated and is superceded by the ``SignedCookieSessionFactory``. Cookies generated by the two factories are not compatible. + See https://github.com/Pylons/pyramid/pull/1142 1.5a2 (2013-09-22) ================== -- cgit v1.2.3 From 42f0cb2923200f07c89e011f80fe15e3c65caf03 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 19 Oct 2013 03:18:05 -0500 Subject: update changelog --- CHANGES.txt | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index a228fbb3a..f170308b0 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -32,6 +32,12 @@ Bug Fixes - Remove unused ``renderer`` argument from ``Configurator.add_route``. +- Allow the ``BasicAuthenticationPolicy`` to work with non-ascii usernames + and passwords. The charset is not passed as part of the header and different + browsers alternate between UTF-8 and Latin-1, so the policy now attempts + to decode with UTF-8 first, and will fallback to Latin-1. + See https://github.com/Pylons/pyramid/pull/1170 + Documentation ------------- -- cgit v1.2.3 From b04ae5ac814266eb77d4a09c749e5e0394a11a1c Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sat, 19 Oct 2013 03:43:05 -0500 Subject: modify the docs for the renderer interfaces --- CHANGES.txt | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index a228fbb3a..10ebe33ae 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -40,6 +40,9 @@ Documentation - Removed mention of ``pyramid_beaker`` from docs. Beaker is no longer maintained. Point people at ``pyramid_redis_sessions`` instead. +- Add documentation for ``pyramid.interfaces.IRendererFactory`` and + ``pyramid.interfaces.IRenderer``. + Backwards Incompatibilities --------------------------- @@ -50,6 +53,12 @@ Backwards Incompatibilities situation, leaving a query string of ``a=b&key=``. See https://github.com/Pylons/pyramid/issues/1119 +Deprecations +------------ + +- Deprecate the ``pyraid.interfaces.ITemplateRenderer`` interface. It is no + longer used since Mako and Chameleon have been split into their own packages. + 1.5a2 (2013-09-22) ================== -- cgit v1.2.3 From d79087c78c273eec3118a23243b9b93d353b09f2 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sun, 20 Oct 2013 13:54:16 -0400 Subject: rewording about deprecation and cookie compatibility --- CHANGES.txt | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 80bd78808..6fdc08398 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -44,6 +44,8 @@ Bug Fixes allowing traversal to continue. See https://github.com/Pylons/pyramid/issues/1104 +- Remove unused ``renderer`` argument from ``Configurator.add_route``. + Documentation ------------- @@ -65,11 +67,13 @@ Backwards Incompatibilities Deprecations ------------ -- The ``UnencryptedCookieSessionFactoryConfig`` has been deprecated and is - superceded by the ``SignedCookieSessionFactory``. Cookies generated by - the two factories are not compatible. - See https://github.com/Pylons/pyramid/pull/1142 -- Remove unused ``renderer`` argument from ``Configurator.add_route``. +- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been + deprecated and is superseded by the + ``pyramid.session.SignedCookieSessionFactory``. Note that while the cookies + generated by the ``UnencryptedCookieSessionFactoryConfig`` + are compatible with cookies generated by old releases, cookies generated by + the SignedCookieSessionFactory are not. See + https://github.com/Pylons/pyramid/pull/1142 1.5a2 (2013-09-22) ================== -- cgit v1.2.3 From 64223904fd6330eb9e528311799cc4dd10e9daf1 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 22 Oct 2013 22:11:13 -0500 Subject: update changelog --- CHANGES.txt | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 203db1a44..895dc572f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -57,6 +57,10 @@ Bug Fixes to decode with UTF-8 first, and will fallback to Latin-1. See https://github.com/Pylons/pyramid/pull/1170 +- The ``@view_defaults`` now apply to notfound and forbidden views + that are defined as methods of a decorated class. + See https://github.com/Pylons/pyramid/issues/1173 + Documentation ------------- -- cgit v1.2.3 From 3c2f95e8049bbd45b144d454daa68005361828b2 Mon Sep 17 00:00:00 2001 From: Matt Russell Date: Thu, 24 Oct 2013 23:52:42 +0100 Subject: Security APIs on pyramid.request.Request The pyramid.security Authorization API function has_permission is made available on the request. The pyramid.security Authentication API functions are now available as properties (unauthenticated_userid, authenticated_userid, effective_principals) and methods (remember_userid, forget_userid) on pyramid.request.Request. Backwards compatibility: For each of the APIs moved to request method or property, the original API in the pyramid.security module proxies to the request. Reworked tests to check module level b/c wrappers call through to mixins for each API. Tests that check no reg on request now do the right thing. Use a response callback to set the request headers for forget_userid and remember_userid. Update docs. Attempt to improve a documentation section referencing the pyramid.security.has_permission function in docs/narr/resources.rst Ensures backwards compatiblity for `pyramid.security.forget` and `pyramid.security.remember`. --- CHANGES.txt | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 895dc572f..61f3b63f7 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,6 +4,14 @@ Unreleased Features -------- +- The :mod:``pyramid.security`` authentication API methods should now be + accessed via the request. The ``pyramid.security`` authoriztion API function + :meth:`has_permission` should now be accessed via the request. + The methods :meth:``pyramid.request.Request.forget_userid``, + meth:``pyramid.request.Request.remember_userid`` now automatically + set the headers on the response, as returned by the corrosponding + method of the current request's :term:``authentication policy``. + - Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run directly, allowing custom arguments to be sent to the python interpreter at runtime. For example:: -- cgit v1.2.3 From 0184b527725cfb634e4d57a1b033450fa8b24502 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Mon, 28 Oct 2013 15:26:31 -0400 Subject: Bring change log, API docs, and deprecations in line with normal policies/processes --- CHANGES.txt | 56 +++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 49 insertions(+), 7 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 61f3b63f7..20b7726c4 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,13 +4,34 @@ Unreleased Features -------- -- The :mod:``pyramid.security`` authentication API methods should now be - accessed via the request. The ``pyramid.security`` authoriztion API function - :meth:`has_permission` should now be accessed via the request. - The methods :meth:``pyramid.request.Request.forget_userid``, - meth:``pyramid.request.Request.remember_userid`` now automatically - set the headers on the response, as returned by the corrosponding - method of the current request's :term:``authentication policy``. +- Authentication and authorization APIs have been added as as methods of the + request: ``request.has_permission``, ``request.forget_userid``, and + ``request.remember_userid``. + + ``request.has_permission`` is a method-based alternative to the + ``pyramid.security.has_permission`` API and works exactly the same. The + older API is now deprecated. + + ``request.forget_userid`` and ``request.remember_userid`` are method-based + alternatives to ``pyramid.security.forget`` and + ``pyramid.security.remember``. These do not work exacly the same as their + function counterparts, however. These methods automatically set the headers + returned by the authentication policy on the response, whereas the older + function-based APIs returned a sequence of headers and required the caller to + set those headers. The older function-based API still works but is now + deprecated. + +- Property API attributes have been added to the request for easier access to + authentication data: ``request.authenticated_userid``, + ``request.unauthenticated_userid``, and ``request.effective_principals``. + + These are analogues, respectively, of + ``pyramid.security.authenticated_userid``, + ``pyramid.security.unauthenticated_userid``, and + ``pyramid.security.effective_principals``. They operate exactly the same, + except they are attributes of the request instead of functions accepting a + request. They are properties, so they cannot be assigned to. The older + function-based APIs are now deprecated. - Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run directly, allowing custom arguments to be sent to the python interpreter @@ -105,6 +126,27 @@ Deprecations the SignedCookieSessionFactory are not. See https://github.com/Pylons/pyramid/pull/1142 +- The ``pyramid.security.has_permission`` API is now deprecated. Instead, use + the newly-added ``has_permission`` method of the request object. + +- The ``pyramid.security.forget`` API is now deprecated. Instead, use + the newly-added ``forget_userid`` method of the request object. + +- The ``pyramid.security.remember`` API is now deprecated. Instead, use + the newly-added ``remember_userid`` method of the request object. + +- The ``pyramid.security.effective_principals`` API is now deprecated. + Instead, use the newly-added ``effective_principals`` attribute of the + request object. + +- The ``pyramid.security.authenticated_userid`` API is now deprecated. + Instead, use the newly-added ``authenticated_userid`` attribute of the + request object. + +- The ``pyramid.security.unauthenticated_userid`` API is now deprecated. + Instead, use the newly-added ``unauthenticated_userid`` attribute of the + request object. + 1.5a2 (2013-09-22) ================== -- cgit v1.2.3 From 0dcd56c2c30863c6683c0cf442aa73dfdcd11b13 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sat, 9 Nov 2013 17:11:16 -0500 Subject: undeprecate remember/forget functions and remove remember_userid/forget_userid methods from request --- CHANGES.txt | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 20b7726c4..9f780fe45 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,23 +4,13 @@ Unreleased Features -------- -- Authentication and authorization APIs have been added as as methods of the - request: ``request.has_permission``, ``request.forget_userid``, and - ``request.remember_userid``. +- An authorization API has been added as a method of the + request: ``request.has_permission``. ``request.has_permission`` is a method-based alternative to the ``pyramid.security.has_permission`` API and works exactly the same. The older API is now deprecated. - ``request.forget_userid`` and ``request.remember_userid`` are method-based - alternatives to ``pyramid.security.forget`` and - ``pyramid.security.remember``. These do not work exacly the same as their - function counterparts, however. These methods automatically set the headers - returned by the authentication policy on the response, whereas the older - function-based APIs returned a sequence of headers and required the caller to - set those headers. The older function-based API still works but is now - deprecated. - - Property API attributes have been added to the request for easier access to authentication data: ``request.authenticated_userid``, ``request.unauthenticated_userid``, and ``request.effective_principals``. -- cgit v1.2.3 From a3654e4866303695478fb7bd01dcdd602a717b4e Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 12 Nov 2013 01:36:10 -0600 Subject: update docs --- CHANGES.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 895dc572f..bf1c1ea01 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -29,6 +29,17 @@ Features timeouts, and conformance with the ``ISession`` API. See https://github.com/Pylons/pyramid/pull/1142 +- Allow ``pyramid.request.Request.route_url`` and + ``pyramid.request.Request.resource_url`` to accept strings for their + query string to enable alternative encodings. Also the anchor argument + will now be escaped to ensure minimal conformance. + See https://github.com/Pylons/pyramid/pull/1183 + +- Allow sending of ``_query`` and ``_anchor`` options to + ``pyramid.request.Request.static_url`` when an external URL is being + generated. + See https://github.com/Pylons/pyramid/pull/1183 + Bug Fixes --------- -- cgit v1.2.3 From 34ea769fba7a890ac0cc69b86ccc2002de864b15 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Mon, 18 Nov 2013 07:32:30 -0500 Subject: remove lies --- CHANGES.txt | 6 ------ 1 file changed, 6 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 9f780fe45..ad51ed174 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -119,12 +119,6 @@ Deprecations - The ``pyramid.security.has_permission`` API is now deprecated. Instead, use the newly-added ``has_permission`` method of the request object. -- The ``pyramid.security.forget`` API is now deprecated. Instead, use - the newly-added ``forget_userid`` method of the request object. - -- The ``pyramid.security.remember`` API is now deprecated. Instead, use - the newly-added ``remember_userid`` method of the request object. - - The ``pyramid.security.effective_principals`` API is now deprecated. Instead, use the newly-added ``effective_principals`` attribute of the request object. -- cgit v1.2.3 From 06aee8b0c35d5fdcd305ff6c7107d936bcdb7d32 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 27 Nov 2013 04:23:22 -0500 Subject: change the behavior of parse_url_overrides and resource_url to not quote a _query/query argument supplied as a string and document in changelog --- CHANGES.txt | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index d6f5ea792..40efecce1 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -48,17 +48,24 @@ Features timeouts, and conformance with the ``ISession`` API. See https://github.com/Pylons/pyramid/pull/1142 -- Allow ``pyramid.request.Request.route_url`` and - ``pyramid.request.Request.resource_url`` to accept strings for their - query string to enable alternative encodings. Also the anchor argument - will now be escaped to ensure minimal conformance. - See https://github.com/Pylons/pyramid/pull/1183 +- The anchor argument to ``pyramid.request.Request.route_url`` and + ``pyramid.request.Request.resource_url`` and their derivatives will now be + escaped to ensure minimal conformance. See + https://github.com/Pylons/pyramid/pull/1183 - Allow sending of ``_query`` and ``_anchor`` options to ``pyramid.request.Request.static_url`` when an external URL is being generated. See https://github.com/Pylons/pyramid/pull/1183 +- You can now send a string as the ``_query`` argument to + ``pyramid.request.Request.route_url`` and + ``pyramid.request.Request.resource_url`` and their derivatives. When a + string is sent instead of a list or dictionary. it is not URL-encoded or + quoted; the caller must perform this job before passing it in. This is + useful if you want to be able to use a different query string format than + ``x-www-form-urlencoded``. See https://github.com/Pylons/pyramid/pull/1183 + Bug Fixes --------- -- cgit v1.2.3 From ca419fb59ccf2174a87aba5139a293b807e15df6 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 27 Nov 2013 04:50:24 -0500 Subject: revert my reversion --- CHANGES.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 40efecce1..98784f3d7 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -50,7 +50,7 @@ Features - The anchor argument to ``pyramid.request.Request.route_url`` and ``pyramid.request.Request.resource_url`` and their derivatives will now be - escaped to ensure minimal conformance. See + escaped via URL quoting to ensure minimal conformance. See https://github.com/Pylons/pyramid/pull/1183 - Allow sending of ``_query`` and ``_anchor`` options to @@ -61,10 +61,10 @@ Features - You can now send a string as the ``_query`` argument to ``pyramid.request.Request.route_url`` and ``pyramid.request.Request.resource_url`` and their derivatives. When a - string is sent instead of a list or dictionary. it is not URL-encoded or - quoted; the caller must perform this job before passing it in. This is - useful if you want to be able to use a different query string format than - ``x-www-form-urlencoded``. See https://github.com/Pylons/pyramid/pull/1183 + string is sent instead of a list or dictionary. it is URL-quoted however it + does not need to be in ``k=v`` form. This is useful if you want to be able + to use a different query string format than ``x-www-form-urlencoded``. See + https://github.com/Pylons/pyramid/pull/1183 Bug Fixes --------- -- cgit v1.2.3