866 lines
33 KiB
Plaintext
Raw Permalink Normal View History

2020-09-26 16:19:37 +02:00
Changes for 0.50.1
Add a README.Upgrading file to explain the impact of the 0.50.0 source
restructure, since people don't seem to be reading this file. --akm
Fix the default docLogin to use &dtml-URL as the default destination.
I porked the fcrypt import. It obviously doesn't get imported here since
I have a crypt module installed. -- akm
Fixed; https://sourceforge.net/tracker/?func=detail&aid=1084903&group_id=36318&atid=416446
thanks to vigine -- akm
Changes for 0.50.0
Restructured Source Tree. This will make this version incompatible with
previous versions, as the classes have moved. This breaks upgrading existing
installs unless you keep the old classes around. If you only use external
Auth/Prop/Group sources, you will probably be unaffected.
o Auth Sources moved to single directory
o Prop Sources moved to single directory
o Group Sources moved to single directory
o Docs moved to doc directory
--akm
Added Pluggable Crypto methods. Any authSource that contains a
cryptPassword method, will have it's method called, otherwise the
method selected by the user is called. --akm
Removed the cryptPassword method from existing Auth Sources. --akm
docLoginRedirect is no longer used. --akm
Changes for 0.20.2
BLAH! I missed some LDAP changes! --akm
Changes for 0.20.1
Fix import problem for pgPropSource --akm
Add performance boost to pgAuthSource and pgPropSource --akm
Make zodbAuthSource.listUsernames return a list. --akm
Update some LDAP Auth source bugs. --akm
Change references to "Authorisation" to "Authentication" since XUF
auth sources authenticate, they don't authorise. --akm
Changed the <h3> tags to <b> tags in the manage_adds.
Changes for 0.20.0
Fix:
https://sourceforge.net/tracker/index.php?func=detail&aid=547327&group_id=36318&atid=416446
https://sourceforge.net/tracker/index.php?func=detail&aid=616485&group_id=36318&atid=416448
https://sourceforge.net/tracker/index.php?func=detail&aid=594081&group_id=36318&atid=416448
https://sourceforge.net/tracker/index.php?func=detail&aid=594526&group_id=36318&atid=416448
Added LDAPAuthSource, based on the auth_ldap module for Apache
(http://www.rudedog.org/auth_ldap/) and the NDS Auth Source of
Phil Harris (AKA ftmpsh). This is only lightly tested, I don't have
the LDAP resources here to test all the features. Binding using uid/
cn and using various filters works (if the userPassword item is
present). This needs more testing by people with better LDAP setups
that I do. --akm
Padded docLoginRedirect to prevent IE from displaying "Friendly" error
messages when -D flag not present when running Zope --akm.
Update UZG to contain entry for LDAPAuthSource. Reformat text
slightly. --akm
Propogate "unable to auth" here requests up. This means the Manager
doesn't get locked out in cookie mode after adding an XUF instance.
It also means that people using a non-existant username at this level
get thrown up a level higher. This might not be what people want to
happen. --akm
Added method makeRedirectPath which is called from docLoginRedirect.
This makes the destination include any querystring that was present
when needing to redirect. -- akm.
Removed some Class globals from exUseFolder.py. These are now set
in __set_state__ if not present in the class so that upgrading users
don't get a crash (hopefully). -- akm.
pgPropSource was losing track of properties under heavy load.
Only noticable if you were setting and deleting a lot of temporary
properties. There is a global property timeout for pgPropSource. --akm
Jason Gibson <jason.gibson@sbcglobal.net> provided a nisAuthSource,
I've added it here --akm.
Refactored validate method to behave a lot more like BasicUserFolder.
Among other things, this fixes the issue where a local role could not
be granted to a user and granted permissions on the same object. --mb
Add NuxUserGroups support (previously on NuxUserGroups_support_branch)
and group sources. --bmh, mb
Now passes authFailedCode to Membership Login Page, The Default Login
Page as defined in the README.Membership will correctly display reason
for login being required --cab
Fixed Edit management pages for user-supplied auth and property
sources --bmh
Removed overriding of __len__ to return the number of users. This was
causing performance problems during authentication. See
http://sourceforge.net/mailarchive/message.php?msg_id=2230743 for
details. WARNING: this means using len(acl_users) to get the number
of users will no longer work! If you were using this trick, please
use len(acl_users.listUsers()) instead. --bmh
Make title property editable --bmh
Make Group Sources changeable dynamically after the acl_users folder has
been created --bmh
Inital import of https Auth source. Also, added a listUsers method
to the zodbBTreeProps source to support listUsers. -- jsb <jonah at cloud9.net>
Changes for 0.10.10
Added mysql Auth and mysql Prop source and mysql.sql schema. Just a
copy of the appropriate pg source with sql that works with myqsl -cab
Fixed negative user cache lookup in std_validade so that it actually
works for users being authenticated thru basic auth, especially if
they're authenticating in outer user folders -- rochael
Made smbAuthSource catch NetBIOSTimeout errors during authentication -- rochael
Fixed dtml/mainUser.dtml to be virtualhost-sensitive when displaying user
icons -- rochael
Updated UZG per user request. Fixed numbering, added information about
addition parameters like Negative Caching.
Changes for 0.10.9
Made dummyZBabelTag compatible to replace the NoBabel in OrderedFolder
while keeping its functionality in XUF -- cab
Changed _doAddUser, _doChangeUser to work with the public interface for
userfolders introduced in Zope2.5. Optional keyword arguments can now
be passed to _doAddUser and _doChangeUser.
PropertySource: Please note that createUser and updateUser, when called
from _doAddUser and _doChangeUser, will no longer be passed a REQUEST,
but a mapping with items from REQUEST updated with those from the
optional keyword arguments. -- pj
Fixed the problem with upgrading from 0.10.7 and below that didn't
account for existing XUF's not having a MessageDialog in their
contents. Now unless specificy replace it will use the MessageDialog
provided. Added how to do that to FAQ and README.Membership --cab
Made docLoginRedirect provide an absolute URL --bmh
MessageDialog in common no longer uses mangage_page_header and
mangage_page_footer v--cab
Changes for 0.10.8
Added the ability for members to change properties, and a default page
in the README.Membership to show how to do it --cab
MessageDialog is now an object in the ZODB that can be changed to fit
the site --cab
Now with 100% guaranteed race-condition-free UserCache goodness! Those
subclassing XUFUser, you will have to change your code. See User.py
for details. --mb
zodbBTreePropSource was returning None instead of the requested
default value, when called with (e.g.) someuser.getProperty('shoesize',13).
(Other property sources didn't have that bug.)
--davidc@debian.org
The tutorial loginform was wrong for Membership in README.Membership
Seems delProperty has never worked.. fixed --akm
Seems delProperty for pgPropSource has never worked.. fixed --akm
Fixed Basic Auth not auth problem. --akm
Fixed Basic Auth not cache problem. --akm
Fixed Cached Users bypassing some auth checks. --akm
Added usPropSource, which allows users to supply property methods TTW.
--bmh
Changes for 0.10.7
PropertyEditor had a typo in dtml and was casting int to None. --zxc
BasicAuth is now broken the other way, it'll allow any user to validate
with any password. --akm
Negative cache checking move was bogus. --akm
redirectToLogin didn't have a security declaration so 2.5.0 refused to
work in cookie mode *sigh* --akm
Fixed the 'None' object has no attribute 'load' setstate errors that
could crop up on propSources, and preemptively took care of the
authSources as well. Also fixed some of the weirder bugs relating to
user object acquisition context. --mb
Bug fixes from sf applied. --akm
Changes for 0.10.6
dummyZBabelTag used the python 2 re, which broke installations using
python 1.5 which still used the now deprecated regex, changed it to
catch the exception and use regex instead for python 1.5, else still
use re --cab
The redirectToLogin without Membership had a little logic problem where it
would basically garantee the existence of a query string, with at least a
lonely question mark even when there was no query string in the original
URL --rochael
smbAuthSource needed to cast NULL role properties to an empty list --akm
smbAuthSource had some dodgey zLOGing in it. --akm
smbAuthSource had some methods that should return [] instead of None. --akm
s/postgres/RADIUS/ in the radiusAuthSource DTML --akm
cookie_validate no longer pulls you from the cache if you're
logging in (which means your cookie wouldn't get set). --akm
Cookies are no longer expired if you're successfully authenticated but
merely unauthorized. --mb
Basic auth resynched with standard user folder, trying to fix
some basic auth issues. --akm.
Negative cache checking now performed outside of the two specific
validate methods. --akm.
A fairly innocuous print debug statement turned into a zLOG at error
level, removed --akm.
Clean up smbAuthSource log messages, and quieten. Only truly
exceptional cases are now logged above BLATHER. --mb
Changes for 0.10.5
Membership redirecting to login was still broken. It should be better
now (twice) --akm
logout() wasn't clearing the advanced cookie. --akm
Negative Cache Value wasn't being passed through to the XUF constructor. --akm
Log Users Out DTML code was broken, should work now. --akm
The User object now contains the authSource as well as the propSource,
making access to roles for custom User-objects possible. --dlk
Following akm's advice, fixed manage_beforeDelete to use two separate
try:except blocks to ensure that if cache-removal fails, deleting
the container.__allow_groups__ property is attempted. This should
fix the problem where deleted xuf instances remain as "ghost" products
causing interference with newer versions of xuf, and also fixes the
problem where deleting a xuf acl_users in a folder makes that folder
inaccessible. --dlk
Fixed cache_delete that was missing the "self" parameter in the method
defintion. --dlk
Fixed xcache_delete that was missing the "self" parameter in the method
definition --akm d8)
These previous two fix the problems with manage_beforeDelete, but, it
will stay the same for now --akm.
Fixed cache_deleteCookieCache that was missing the "self" parameter in
the method defintion. --dlk ;)
Changes for 0.10.4
The instructions for File Based Auth were incorrect in the UZG --akm
redirectToLogin was totally wrong for membership... --akm
docLogin was fixed for VHM use. --akm
Advanced Cookie Mode has changed so that it no longer sends the username
and password. Instead a hash is used as a key into a module level cache.
This should be 100% more secure than standard cookie mode, and removes
the stupid back doors I enabled in the previous version. This work was
based on conversations I had with Stuart Bishop (I basically lifted
the hashing scheme from GUF). This makes use of the Module level cache
code. --akm
There was a code cleanup and a slight reorganisation of some files. --akm
The main User Object has migrated to XUFUser and simarly with the
AnonUser. There is now an empty [Anon]User class that has XUFUser as
it's base. This allows people to create custom User Objects without
jumping through hoops (and simplifies maintaining patches) --akm
Cache Code has changed again. Now there is a module level cache, so
that auth data is shared between threads for a single XUF (thanks to
Stuart Bishop for an enlightening discussion on this and other issues,
and thanks to Chris McDonough for talking me through setting up module
level globals [and sending me some code to work from]) --akm
A Negative User Cache now exists. This is only generally useful for
use with remote auth sources where repeatedly trying to auth non-existant
users is very expensive (where they are authed at a higher level).
You can enable this on creation or from the parameters screen (positive
time in seconds enables). --akm
Domain checking code finally removed. --akm
zodbBTreePropSource changed to be friendlier about users that exist
in remote locations (i.e. aren't create as such through the ZMI). -- akm
Changed some 'print's in the code to use zLOG.LOG
instead. Files affected so far (more to follow): -- rochael
* exUserFolder.py
* basicMemberSource/basicMemberSource.py
* zodbBTreePropSource/zodbBTreePropSource.py
* zodbPropSource/zodbPropSource.py
Changed a couple things in smbAuthSource.py: -- rbanffy
* Method _authenticate_retry now logs several kinds of information
for debugging and diagnostics.
* Modified socket.error handling in _authenticate_retry: changed
"raise" to "return 0".
* Since this generated more problems (failed authentications) than
it solved (our impression it was not right not to return 0 in an
auth fail even due to a communications malfunction), we also
changed socket.error handling to retry no mather what errno tells
us (it said different things for the same problem under Windows
and Linux).
* In order to prevent infinite retries, changed retry handling a
bit. It now retries 3 times. Real-use data will tell us if we
should increase or not retries. To better convey the meaning of
the parameter, changed "retry_depth" to "retries". I strongly
advise the use of credential caching with smbAuthSource, tough, as
it reduces socket errors and load on the domain controllers.
Changes for 0.10.3.1
Readded support for I18N without ZBabel installation, somehow missed
during the transition to SF CVS.
Some text changes as well as an update to the dictionary while we're
at it. No functional changes for this release though.
Changes for 0.10.3
Missed a few LoginRequireds.
Fixed a bug with __allow_groups__ not being set after paste
(probably also not after import).
The sources are now sorted by name in the drop down box..
a BTree version of zodbAuthSource
a BTree version of zodbPropSource
These aren't really all that different to the originals that were
provided by Alex, but, they use BTrees instead of PersistentMappings,
and try to avoid various persistence problems associated with dicts.
Both versions will continue to be supported.
Patches from SF applied.
Advanced Cookie Mode added.
This mode adds a rotor cipher around the cookie. A secret is provided
in order to encode the cookie. The username and password are placed
within a small class which is pickled and then encrypted and then
base64 encoded for transport. There is also a timestamp inside the cookie,
so the ultra-paranoid of you can rotate the cookie based on the timestamp
inside.
Abstracted out the setting and decoding of cookies.
Changes for 0.10.2
all raise 'LoginRequired' <- raise 'Unauthorized'
Raising unauthorizes breaks a million things. CMF people can just
put up with configuring their portal properly.
Radius resynced with version from sourceforge.
manage_tabs redone to be ZBabel'd and to look like standard tabs.
German Language added to the ZBabel dictionary.
Changes for 0.10.1
all raise 'LoginRequired' -> raise 'Unauthorized'
Bug in etcAuthSource listUsers fixed,
and cryptPassword also fixed to get the actual salt.
Zope 2.4.3 has dicked with security settings again.. I've had a round
of permission whacking.
Buggy handling of empty role lists was fixed.
Change to smbAuthSource to use string.lower on usernames for
python 1.5.2 compatibility?
Changes for 0.10.0
Added explicit roles for manage_editUser and friends, to allow
the "Manage users" permission to be useful to non-Manager Users.
Thanks to Heimo Laukkanen <huima@fountainpark.org> for reporting this
one.
zodbAuthSource made more persistent <alex@quad.com.ar>
zodbPropSource was blowing when deleting temporary properties.
XUF is now ZBabel'd which means you can view XUF in different languages
for logging in and installation, if your browser locale is set up.
You will need the latest ZBabel installed. The translation file is in the
I18N directory.
Import this (using Import/Export in ZODB) at the same level as your
ZBabelTower, and then import it from ZBabel. If you have ZBabel installed,
but, your application can't find a ZBabelTower, because of a bug in the
current dtml-fish tag, you might experience some problems. This ZBabel
bug should be fixed sometime soon.
You do not need ZBabel installed to run XUF, XUF installs a dummy
interface for ZBabel so that XUF can continue to run (sorry folks it
defaults to Australian English).
getUserNames() was returning the wrong stuff (notably affected TheJester's
WorkOrders Product)
There is a now an 'Advanced Postgres' Auth Source that uses a seperate
Roles table and a 'more relational' layout. The schema is with the
auth source in pgAuthSourceAlt. Contributed by
Adam Manock <abmanock@earthlink.net>
If you had a membership source and had specified a login page, XUF was
still using the stock docLogin instead of the membership specified page
(for redirectToLogin, exceptions still raise the docLogin).
I changed the icon to something a *little* less hideous
Leonardo Rochael Almeida <leo@hiper.com.br> made the following changes
to smbAuthSource
* Added a 'winsserver' constructor parameter and a '_winsserver'
instance variable to the 'smbAuthSource' class. This variable should
be the empty string, meaning that the authenticaton host will be
looked up by broadcast, or an IP address string pointing to a WINS
server.
* Modified the dtml templates to ask for the above mentioned WINS
server (and also to replace 'Add' with 'Change' in
'manage_editsmbAuthSourceForm').
* Refactored the smbAuthSource class to isolate all smb interaction
inside well defined methods.
Changes for 0.9.0
Messages are now sent back to the docLogin form. There's a file called
LoginRequiredMessages.py where the messages are kept for now (it might
end up a run-time configurable thing later).
There's a new docLogin.dtml file on disk that shows how to use the new
messages. Because docLogin is in the ZODB this won't be automatically
upgraded.
Idle Session Timeouts are in (this is the reason for the minor bump).
If you flick the switch, then users are forced back to the login form
(with a message saying their session timed out), when they're removed
from the cache.
I made some adjustments to the tabs on the management interface because
they were too big, and I cleaned it up a bit for times when they run
together.
The internal API was inconsistent, so that's been updated.
AuthSources no longer need to provide getUsers(), it was never
being called anyway since exUserFolder built it's own.
listUsers now returns the same data as listOneUser, this is used in
other places as if it were a list of listOneUser calls.
Fixed pgAuthSource to deal with NULL rather than empty roles
columns (legacy columns).
Changed Home Directory creation to use copy & paste functions to
copy the skeleton data.
Changes for 0.8.5
I forgot to update the schema file for userproperties to reflect
the temporary properties flag.
Checks for existing cache weren't being performed before removing users
from it, when their data was updated.
Reversed the order for checking in cookie_validate, to allow logging
in as a new user, when session tracking was on. Also now you can
login as a different user, without logging out first, which might
be useful to some people.
etcAuthSource now looks for the correct salt from the file for
encrypting the user supplied password
Changes for 0.8.4
Activating Session Tracking and then adding a new user when there
were none in the XUF was broken.
Changes for 0.8.3
The idle users are flushed from the cache when you ask for the list
of cache users (since it's iterating over the whole list anyway). So
you can manually clear your cache by looking at the Cache Stats page.
If you display the list of logged in users on your site, then your cache
will be flushed for you automagically.
Allowed a destination to be sent to redirectToLogin to allow you to
manually override the destination after logging in.
Added in a __setstate__ for pgPropSource to deal with new ZSQL Methods
being added.
Changes for 0.8.2
A number of bugs related to temp properties fixed in pgPropSource
FTP Access to folders protected with cookie_mode has been fixed, it
now reverts to std_auth (which handles the FTP connection fine), since
FTP auths are handled by getting a "Basic" auth tag coming through, which
should never happen in cookie mode.
This has the knock-on effect of authenticating users that auth from a
higher acl_users that doesn't use cookies, 'more' correctly now. Which is
if you have a user defined above, and in XUF and the XUF user has less
permissions, it'll 401 you if you don't have permissions locally
(which is the correct behaviour). This bit me in the arse when I changed it,
and I'm still leaving it this way. d8)
Users are now flushed from the cache when you edit them (in case you changed
roles), so that new roles should take effect immediately.
The credential cache now uses the (Zope) builtin BTree Module for caching
rather than the AVL Tree implementation. There was a nasty issue with users
appearing multiple times in the AVL Tree which sucked.
There is a report of the Radius Auth Source being broken (most likely
by me), if your radius source stops working, you can try copying the
py-radius.py file from sourceforge over the top of radius.py. If someone
gives me a traceback, I can fix it. I don't seem to be having problems,
but, I don't have a full time RADIUS source either.
Changes for 0.8.1
A bug in _doAddUser was fixed
A bug in the User Object unconditionally calling the prop source was fixed.
Changes for 0.8.0
Experimental "Session Tracking" added (why is it called that? we don't really
track anything, just associate arbitrary data with anonymous users).
This relies on the credential cache being active. Your session will
automatically expire when the anonymous user is so idle that they are
expired from the cache. This is not currently acceptable (to me), but,
it might be to other people, I await feedback on how sessions should expire
gracefully.
Updated the README.txt file to point at the UZG and to explain the
version numbering system.
All this time you couldn't delete properties from a user... who knew?
It's fixed now.
Temporary properties now available, you can setTempProperty() on a
user object, and also flushTempProperties() on a user object.
Temporary properties are accessed like normal properties, and can be
deleted in the same way. flushTempProperties is there to do a quick
flush of all the crap you might have inserted (useful for sessions).
If your user is flushed from the cache, then all temp properties will
also be removed at that point.
Propsource providers should look at the new temp properties stuff and
update accordingly.
Alex provided a whole heap of patches to make basicMembership more usable,
well make it actually work.
Matt Behrens supplied patches to prevent null logins and to allow case
insensitive logins for smbAuthSource
Added a basic FAQ.
Changes for 0.7.10
Active Users type functionality was added. The new function is called
getUserCacheUsers(). It returns a list of dicts;
{'username': theusername, 'lastAccessed': float_value}
lastAccessed represents the last time the user touched something.
The Cache Stats page shows an example usage showing idle time (very cool
I think :-)
The logout method was not correctly removing users from the cache,
although the cookie was removed, so logins were still enforced. I'm not
sure of any side-effects related to it, but,
Some permissions were a little too liberal, including allowing arbitrary
users to set and get Properties on the acl_users folder.
Copy/Paste support for pasting exUserFolders into the root was added.
I'm not sure I like the way this is done. I haven't found any side effects
so far, but, just be wary. Adding an exUserFolder to the root becomes
semi-trivial now. Create one in a sub-folder. Login as the emergency user.
CUT the exUserFolder. Delete the standard acl_users folder. Paste exUserFolder.
You should be away. At least it worked fine for me... YMMV
_doChangeUser and _doDelUsers added so users can be altered and deleted
like for Standard UserFolder.
_createInitialUser added so there should always be your initUser (hopefully)
when you create your exUserFolder.
Emergency User checking brought into line with Standard Folder
__creatable_by_emergency_user_ added and returns 1 to explicitly allow this.
Unenlightened Zopistas Guide updated to have a 'Recipe' like section.
Currently contains a section about adding exUserFolders from python.
Changes for 0.7.9
RADIUS authSource had a problem with non-integers being extracted from
REQUEST (I wish someone at DC would fix this already). I worked around
this problem
Default port for RADIUS is now 1812 in line with the IANA sanctioned list.
Unenlightened Zopistas Guide to exUserFolder version 0.0 included,
covers installation and authentication sources, and the most common
configuration mistake (or misunderstanding).
I almost released with the daggy management screens all Purple or SkyBlue,
so consider yoursevles lucky. This would have been the "Blue" release.
Changes for 0.7.8
zodbPropSource had a bug that must have been there since 0.0.0 where
_p_changed wasn't being called on create, update, or delete user.
Thanks to Bouke Scheurwater for spotting that one.
Alex provided a number of patched to fix a whole bunch of goofy stuff
with Basic Member Source that was stupidly wrong.
Matt Behrens provided a patch to allow emergency user to own exUserFolders
and some of the sources. I've grudgingly updated all the sources to allow
this. It's just a hey nonny nonny to people using it as a root authenticator
now.
Matt Behrens also provided a patch to fix 'broken pipe' problems with
smbAuthSource.
pySMB is now at 0.2 for smbAuthSource WARNING: This will try to use DES
encrypted passwords. Apparently it should be ok if your server doesn't want
them. However if it breaks, unpack the pySMB distribution in the
smbAuthSource directory, there are registry examples there to turn
it off. It unfortunately needs the mxCrypto tools for encrypted passwords
to work. When I've got a bit more time, I'll see if I can make it use
crypt or fcrypt if available instead.
Explicit checks for the emergency user were placed into the cookie_validate
routines. I suspect this may have been the cause of some grief with people
doing weird things like trying to make it the root auth folder.
Changes for 0.7.7
Some Auth sources had problems coping with no roles being selected when
a user was created from the management interface, the stock ones were fixed.
I screwed up some of the DTML, and forgot to change the loading of two of
the methods from the dtml directory.
NO MORE TRACEBACKS ON LOGIN FORMS, there is a little redirector dtml file
dtml/docLoginRedirect that redirects to acl_users/docLogin with destination
set to take them back to where they were going. If you have a custom loginPage
change the redirector dtml to point to your new page.
standard_html swapped for manage_page on Management Pages. Hopefully
this doesn't break someone with an old copy of Zope.
Credential Caching is now available by default for all Authentication Sources,
upgrading installs will get this defaulted to 0 for no caching. You can alter
the cache level from the Parameters Tab. Authors of external sources should
remove any internal auth caching they're doing, and allow the user to decide
how long to cache the credentials for.
Changes for 0.7.6
smbAuthSource included. Doesn't require any external libraries, or compiling.
Uses pySMB from Micheal Teo <michaelteo@bigfoot.com>
Changes for 0.7.5
The Management Interface now batches the user list by 10. This isn't
configurable at the moment (just change the dtml).
The code was re-organised slightly, with all the DTML moving into its
own directory for core.
radiusAuthSource added, but, is so far untested. It is a direct port of
ZRadius for GUF, but, I haven't had a chance to setup a RADIUS server to
test it out.
You can add properties to a user from the management interface.
List Properties on users can be added and edited, if I can work out a decent
way to edit Dicts/Mappings, I'll add that feature in.
This paves the way for defining a set of properties in the Membership
source, so it can create a Signup and Edit page for you automatically.
You will also be able to specify which properties the user can edit, or
roles required to edit a property, this will be in a later release though.
pgPropSource was updated to take into account non-scalar types, and now
pickles all data going into the database, this means ints will stay as ints,
et al.
There is code in there to cope with older properties coming out as strings.
The Schema remains the same.
Changes for 0.7.2
Changes to make it work with older version of python
Some minor bug fixes for membership.
Changes for 0.7.1
DTML Change for cmfPropSource
Changes for 0.7.0
exUserFolder was a little too liberal in removing its cruft, this is now
fixed.
cmfPropSource was provided by Alan Runyan which is a layer around the CMF
property stuff. It's conditionally imported, so if you don't have CMF
installed you don't need to worry that'll it'll break.
Property Sources are optional, and there is a NULL Property Source for this
purpose.
Membership hooks, and a rough start at membership (basicMemberSource),
which has some usable functionality (you MUST read README.Membership before
using this).
Membership Sources are optional and there is a NULL Membership Source for
this purpose.
Changes for 0.6.2
exUserFolder was leaving cruft around when it was being deleted from
Folders. The cruft should now be obliterated if you delete an exUserFolder.
Changes for 0.6.1
Ownership tab enabled, for those sick monkeys that want to use it as a root
Folder (there are some).
fcrypt got the __init__.py that was missing from the 0.6.0 release
zodbAuthSource updated to pull in fcrypt if crypt was missing.
Changes for 0.6.0
Updated for 2.4.1 / Python 2.1
Bug in pgPropSource not deleting users from the property cache fixed.
Bug with Local Roles not getting what it expected fixed.
Alex Verstraeten provided zodbAuthSource, there's a README.zodbAuthSource,
and the same README inside the zodbAuthSource directory.
fcrypt is now included and used if crypt cannot be imported. More information
on fcrypt can be found at http://home.clear.net.nz/pages/c.evans/sw/. This
should help particularly Windows users a lot.
Rudimentary API doc included.
Changes for 0.5.0
A serious bug in zodbPropSource was fixed.
There is now the option of providing a 'Remote Auth' function for
validating. This allows things like IMAP/LDAP auth sources to do their
authentication, since they don't return passwords you can use in general.
There's already a 3rd Party solution that provides IMAP/POP3 authentication,
using the new API.
Changes for 0.4.6
Minor dtml hacks
Changes for 0.4.5
Hooks for 'editing' Authentication and Property Sources were added, along
with the relevant methods in each of the sources.
The management interfaces got a little overhaul, just to make them
a little different (yes I know everything I do looks the same). The two
I didn't want to mess with still have the acquired management interfaces.
A fix for the ZODB Property Source which was missing a few methods.
Changes for 0.4.0
Based on an idea from Martin von Loewis, I added in support for defining
roles for etcAuthSource. This basically uses the current Prop source to
store a 'roles' property. The default role is still there as well for
those of you who might be using it.
Changes for 0.3.0
Adrien Hernot noticed that properties for new users using zodbPropSource
were causing havoc, and that the version.txt file was completely wrong.
Andreas also noticed the version.txt was wrong.
I've been bugged enough by the pair of them to change the single +=
into 1.5.2 compliant syntax.
I don't make any claims about it working under 1.5.2 though.
Changes for 0.2.0
Even more embarassment...
Andreas Heckel provided fixes for some stupid things I left out including;
o Fixing the way I was handling multiple roles coming out of the database
o The wrong icon in the user display
o Alerting me to the fact that pgPropSource didn't actually have a
deleteUsers hook
o Providing a schema for automatically deleting properties in postgres
if you delete a user from the auth source (you have to be using both
pg sources for this to work, and they'd have to be in the same database)
I've put Andreas schema into the distribution, if you want to use
exUserFolder as a straight pgUserFolder, you'll also need to edit
exUserFolder.py and comment out the line indicated in deleteUsers()
Changes for 0.1.0
Pretty embarassing really.
M. Adam Kendall (DaJoker) found some stupid things in the 0.0.0 release
including the fact you couldn't edit user properties, or update them,
or actually change a user in anyway.
I also discovered I was resetting the password to empty if you left it
empty..