Metadata-Version: 1.0
Name: Products.PluggableAuthService
Version: 1.7.0b1
Summary: Pluggable Zope2 authentication / authorization framework
Home-page: http://pypi.python.org/pypi/Products.PluggableAuthService
Author: Zope Corporation and contributors
Author-email: zope-cmf@zope.org
License: ZPL 2.1 (http://www.zope.org/Resources/License/ZPL-2.1)
Description: Products.PluggableAuthService README
        ====================================
        
        This product defines a fully-pluggable user folder, intended for
        use in all Zope2 sites.
        
        Installation
        ------------
        
        The normal way it install this package is via ``setuptools``, either
        via ``easy_install`` into a virtual environment::
        
        $ cd /path/to/virtualenv
        $ bin/easy_install Products.PluggableAuthService
        
        or by including the package in the configuration for a ``zc.buildout``-based
        deployment::
        
        $ cd /path/to/buildout
        $ grep "eggs =" buildout.cfg
        ...
        eggs = Products.PluggableAuthService
        ...
        
        The product can also be installed as a depencency of another distribution.
        
        If you want to install this package manually, without using setuptools,
        simply untar the package file downloaded from the PyPI site and look for
        the folder named "PluggableAuthService" underneath the "Products" folder
        at the root of the extracted tarball. Copy or link this
        "PluggableAuthService" folder into your Zope "Products" folder and restart
        Zope.
        
        
        Documentation
        -------------
        
        Please see the files under doc/ in the packaged software for more
        information, and consult the interfaces files under interfaces/ in
        the software package for PluggableAuthService and plugin APIs.
        
        
        
        Change Log
        ==========
        
        1.7.0b1 (2009-11-16)
        --------------------
        
        - This release requires for Zope2 >= 2.12.
        
        - Simplified buildout to just what is needed to run tests.
        
        - Don't fail on users defined in multiple user sources on the
        ZODBGroupManager listing page.
        
        - Fixed deprecation warnings for use of ``Globals under Zope 2.12.
        
        - Fixed deprecation warnings for the ``md5`` and ``sha`` modules under
        Python >= 2.6.
        
        
        1.6.2 (2009-11-16)
        ------------------
        
        - Launchpad #420319:  Fix misconfigured ``startswith`` match type filter
        in ``Products.PluggableAuthService.plugins.DomainAuthHelper``.
        
        - Fixed test setup for tests using page templates relying on the
        ``DefaultTraversable`` adapter.
        
        - Fixed broken markup in templates.
        
        
        1.6.1 (2008-11-20)
        ------------------
        
        - Launchpad #273680:  Avoid expensive / incorrect dive into ``enumerateUsers``
        when trying to validate w/o either a real ID or login.
        
        - Launchpad #300321:
        ``Products.PluggableAuthService.pluginsZODBGroupManager.enumerateGroups``
        failed to find groups with unicode IDs.
        
        
        1.6 (2008-08-05)
        ----------------
        
        - Fixed another deprecation for ``manage_afterAdd`` occurring when used
        together with Five (this time for the ``ZODBRoleManager`` class).
        
        - Ensure the ``_findUser`` cache is invalidated if the roles or groups for
        a principal change.
        
        - Launchpad #15569586:  docstring fix.
        
        - Factored out ``filter`` logic into separate classes;  added filters
        for ``startswith`` test and (if the IPy module is present) IP-range
        tests.  See https://bugs.launchpad.net/zope-pas/+bug/173580 .
        
        - Zope 2.12 compatibility - removed ``Interface.Implements`` import if
        ``zope.interface`` available.
        
        - Ensure ``ZODBRoleManagerExportImport`` doesn't fail if it tries to add a
        role that already exists (idempotence is desirable in GS importers)
        
        - Fixed tests so they run with Zope 2.11.
        
        - Split up large permission tests into individual tests.
        
        - Fixed deprecation warning occurring when used together with
        Five. (``manage_afterAdd`` got undeprecated.)
        
        - Added buildout.
        
        
        1.5.3 (2008-02-06)
        ------------------
        
        - ZODBUserManager plugin: allow unicode arguments to
        ``enumerateUsers``. (https://bugs.launchpad.net/zope-pas/+bug/189627)
        
        - plugins/ZODBRoleManager: added logging in case searchPrincipial()
        returning more than one result (which might happen in case of having
        duplicate id within difference user sources)
        
        
        1.5.2 (2007-11-28)
        ------------------
        
        - DomainAuthHelper plugin:  fix glitch for plugins which have never
        configured any "default" policy:  ``authenticateCredentials`` and
        ``getRolesForPrincipal`` would raise ValueError.
        (http://www.zope.org/Collectors/PAS/59)
        
        
        1.5.1 (2007-09-11)
        ------------------
        
        - PluggableAuthService._verifyUser: changed to use exact_match to the
        enumerator, otherwise a user with login ``foobar`` might get returned
        by _verifyUser for a query for ``login='foo'`` because the enumerator
        happened to return 'foobar' first in the results.
        
        - Add a test for manage_zmi_logout and replace a call to isImplementedBy
        with providedBy.
        (http://www.zope.org/Collectors/PAS/58)
        
        
        1.5 (2006-06-17)
        ----------------
        
        - Add support for property plugins returning an IPropertySheet
        to PropertiedUser. Added addPropertysheet to the IPropertiedUser.
        
        - Added a method to the IRoleAssignerPlugin to remove roles from a
        principal, and an implementation for it on the ZODBRoleManager.
        (http://www.zope.org/Collectors/PAS/57)
        
        - Added events infrastructure. Enabled new IPrincipalCreatedEvent and
        ICredentialsUpdatedEvent events.
        
        - Added support for registering plugin types via ZCML.
        
        - Implemented authentication caching in _extractUserIds.
        
        - Ported standard user folder tests from the AccessControl test suite.
        
        - Passwords with ":" characters would break authentication
        (http://www.zope.org/Collectors/PAS/51)
        
        - Corrected documented software dependencies
        
        - Converted to publishable security sensitive methods to only accept
        POST requests to prevent XSS attacks.  See
        http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement and
        http://dev.plone.org/plone/ticket/6310
        
        - Fixed issue in the user search filter where unrecognized keyword
        arguments were ignored resulting in duplicate search entries.
        (http://dev.plone.org/plone/ticket/6300)
        
        - Made sure the Extensions.upgrade script does not commit full
        transactions but only sets (optimistic) savepoints. Removed bogus
        Zope 2.7 compatibility in the process.
        (http://www.zope.org/Collectors/PAS/55)
        
        - Made the CookieAuthHelper only use the ``__ac_name`` field if
        ``__ac_password`` is also present. This fixes a login problem for
        CMF sites where the login name was remembered between sessions with
        an ``__ac_name`` cookie.
        
        - Made the DomainAuthHelper return the remote address, even it the
        remote host is not available (http://www.zope.org/Collectors/PAS/49).
        
        - Fixed bug in DelegatingMultiPlugin which attempted to validate the
        supplied password directly against the user password - updated to use
        AuthEncoding.pw_validate to handle encoding issues
        
        - Fixed serious security hole in DelegatingMultiPlugin which allowed
        Authentication if the EmergencyUser login was passed in.  Added
        password validation utilizing AuthEncoding.pw_validate
        
        - Fixed a set of tests that tested values computed from dictionaries
        and could break since dictionaries are not guaranteed to have any
        sort order.
        
        - Fixed test breakage induced by use of Z3 pagetemplates in Zope
        2.10+.
        
        - BasePlugin: The listInterfaces method only considered the old-style
        __implements__ machinery when determining interfaces provided by
        a plugin instance.
        
        - ZODBUserManager: Already encrypted passwords were encrypted again in
        addUser and updateUserPassword.
        (http://www.zope.org/Collectors/Zope/1926)
        
        - Made sure the emergency user via HTTP basic auth always wins, no matter
        how borken the plugin landscape.
        
        - Cleaned up code in CookieAuthHelper which allowed the form to override
        login/password if a cookie had already been set.
        
        - Removed some BBB code for Zope versions < 2.8, which is not needed
        since we require Zope > 2.8.5 nowadays.
        
        
Keywords: web application server zope zope2
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Framework :: Plone
Classifier: Framework :: Zope2
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Topic :: Software Development
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
