NEWS
====

.. contents::

SVN trunk
---------

(nothing at this time)

0.4
---

* fixed up paste documentation (especially for new packages/modules)

* added ``paste.auth`` package for authentication-related WSGI
  middle-ware components; this includes a number of lower-level
  utilities upon which a framework can be constructed:

  - The ``basic`` and ``digest`` support HTTP authentication as
    described by RFC 2617.

  - The ``cas`` authentication module supports Yale's Central
    Authentication System (as used by many other universities).

  - The ``open_id`` module provides support for single sign-on
    originally developed for LiveJournal (see http://openid.net)

  - The ``cookie`` module provides for digitally signed cookies
    to record the current authenticated user, session identifier,
    and other WSGI entries in the ``environ``.

  - The ``form`` module (to be used with ``cookie`` or an equivalent)
    provides a simple HTML based form authentication.

  - The ``multi`` module is an *experimental* mechanism for choosing
    an authentication mechanism based on the request.  It is meant
    to address environments with multiple routes to user authentication.

* added ``wsgi.util.httpserver`` module which provides a very simple
  WSGI server built upon python's ``BaseHTTPServer``; this server has
  support for several features:

  - It supports SSL connections via OpenSSL

  - It supports HTTP/1.1 ``100 Continue`` messages as required by the
    WSGI specification (many HTTP server implementations don't do this)

  - It is implemented as a Mix-In so that it can be used with other
    more enchanted versions of ``BaseHTTPServer``

  - It supports 'Keep-Alive' (standard in HTTP/1.1) by either providing
    a content-length or closing a connection if one is not available.

  - It is being used in medium-traffic production making paste a
    one-stop shopping source for web-framework development.

* improved the ``paste.httpexceptions`` module:

  - added missing exception objects, and better descriptions

  - fixed several bugs in how exceptions are caught and propagated

  - Exceptions can now be re-used without raising them via the
    ``wsgi_application()`` method (or just use ``__call__``).

  - The module now supports plain/text messages for text-only clients
    such as curl, python's urllib, or Microsoft Excel.

  - It is now possible to override the HTML template so that
    higher-level frameworks can re-use this module with their own
    exception styling.

* added ``paste.httpheaders`` module which provides a uniform
  mechanism to access/update standard HTTP headers in a WSGI
  ``environ`` and ``response_headers`` collection; it includes
  specific support for:

  - providing "common" header names and sorting them as suggested
    by RFC 2616

  - validated support for ``Cache-Control`` header construction

  - validated support for ``Content-Disposition`` header construction

  - parsing of ``If-Modified-Since`` and other date oriented headers

  - parsing of Range header for partial-content delivery

  - composition of HTTP/1.1 digest ``Authorization`` responses

* added a ``paste.fileapp`` module to support static-content; this
  module supports:

  - static in-memory resources

  - incremental downloading of files from disk

  - handling of content-type (guessing from the file extension,
    but allowing overrides) and content-length

  - responding to 'Range' requests to handle partial downloads

  - allowing cache settings to be easily provided; including
    support for HTTP/1.0 'Expires' and HTTP/1.1 'Cache-Control'

* added an *experimental* ``paste.transaction`` module for handling
  commit/rollback of standard DBAPI database connections

* added a ``paste.util.datetimeutil`` module for parsing standard
  date/time user-generated text values

* added a ``debug`` package, which includes:

  - previous top-level modules ``prints``, ``profile``,
    ``wdg_validate`` and ``doctest_webapp``

  - a ``testserver`` module suitable to test HTTP socket
    connections via ``py.test``

* re-factored ``paste.wsgilib`` into several sub-modules:

  - added depreciation warnings to all functions that have moved

  - functions regarding header manipulation moved to ``paste.response``

  - functions regarding cookies and arguments moved to ``paste.request``

* significant improvements to ``wsgiutils.wsgilib`` module:

  - added a ``dump_environ`` application to help debugging

  - fixes to ``raw_interactive`` to comply with WSGI specifications

  - ``raw_interactive`` now logs all 5xx exceptions and sets HTTP_HOST

* Added an argument ``no_profile`` to
  `paste.debug.profile.profile_decorator
  <module-paste.debug.profile.html#profile_decorator>`_; if that
  option is false, then don't profile the function at all.

* Changed `paste.lint <module-paste.lint.html>`_ to check that the
  status contains a message (e.g., ``"404 Not Found"`` instead of just
  ``"404"``).  Check that environmental variables
  ``HTTP_CONTENT_TYPE`` and ``HTTP_CONTENT_LENGTH`` are no present.
  Made unknown ``REQUEST_METHOD`` a warning (not an error).

* Added parameter ``cwd`` to `TestFileEnvironment.run
  <class-paste.fixture.TestFileEnvironment.html#run>`_

* `paste.fixture.TestApp <class-paste.fixture.TestApp.html>`_:

  - Form filling code (use ``response.forms[0]`` to get a `form object
    <class-paste.fixture.Form.html>`_)

  - Added `click method
    <class-paste.fixture.TestResponse.html#click>`_.

  - Better attribute errors.

  - You can force set hidden fields using
    ``form.fields[name].force_value(value)`` (normally setting the
    value of a hidden field is an error).

  - Frameworks can now add custom attributes to the response object.

* ``paste.wsgilib.capture_output`` is deprecated in favor of
  `paste.wsgilib.intercept_output
  <module-paste.wsgilib.html#intercept_output>`_

* Remove use of exceptions in `paste.cascade.Cascade
  <class-paste.cascade.Cascade.html>`_, which causes weird effects in
  some cases.  Generally we aren't using exceptions internally now,
  only return status codes.  Also in cascade, be careful to keep
  cascaded requests from sharing the same environment.

* ``paste.wsgilib.error_response`` is deprecated
  (`paste.httpexceptions <module-paste.httpexceptions.html>`_ replaces
  this with exception's ``.wsgi_application`` method).

* Moved ``paste.login`` to the attic, since `paste.auth
  <module-paste.auth.html>`_ pretty much replaces it.

* `paste.urlparser <module-paste.urlparser.html>`_ improvements:

  - Added an application `urlparser.StaticURLParser
    <class-paste.urlparser.StaticURLParser.html>`_ for serving static
    files.

  - Added an application `urlparser.PkgResourcesParser
    <class-paste.urlparser.PkgResourcesParser.html>`_ for serving static
    files found with ``pkg_resources`` (e.g., out of zipped Eggs).

  - Be less picky about ambiguous filenames when using `URLParser
    <class-paste.urlparser.URLParser.html>`_; if an exact file match
    exists, use that.  (``file.gif.bak`` would cause a request for
    ``file.gif`` to be ambiguous before)

  - Now looks for a ``.wsgi_application`` attribute when serving
    Python files/modules, as a general hook for returning a WSGI
    application version of an object.

* The `ErrorMiddleware
  <class-paste.exceptions.errormiddleware.ErrorMiddleware.html>`_:

  - Returns trimmed-down exceptions if there is a ``_`` GET variable
    in the request (which is meant to signal an XMLHttpRequest).
    Exceptions displayed in this context are best when they are smaller
    and easier to display.

  - Includes a text version of the traceback, for easier
    copy-and-paste.

  - Avoid printing exceptions to ``wsgi.errors`` if they are already
    displayed elsewhere (at least by default).

  - Highlight Python code.

* Use ``pkg_resources.declare_namespace`` so that there are less
  problems about confusing the ``paste`` package that is provided by
  Paste, Paste Script, Paste Deploy, and Paste WebKit.  Before you
  could get one of these at random if you didn't use
  ``pkg_resources.require`` first.

* Cleaned up use of ``exc_info`` argument in ``start_response`` calls
  (both accepting and producing), in a variety of places.


