-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On behalf of the repoze developers, I am pleased to announce the 2.0 release of the repoze.who authentication / authorization framework for Python web applications.
Major features ============== - - Refactored the core framework to permit usage as an API from within application code (e.g., for tighter integration of views such as login forms). Applications using 'repoze.who'` now fall into one of three catgeories: - - "middleware-only" applications are configured with middleware, and use either 'REMOTE_USER' or 'repoze.who.identity' from the environment to determing the authenticated user. - - "bare metal" applications use no 'repoze.who' middleware at all: instead, they configure and an 'APIFactory' object at startup, and use it to create an 'API' object when needed on a per-request basis. - - "hybrid" applications are configured with 'repoze.who' middleware, but use a new library function to fetch the 'API' object from the environ, e.g. to permit calling 'remember' after a signup or successful login. - - Enabled standard use of logging module's configuration mechanism. Deprecations ============ - - Deprecated the following plugins, moving their modules, tests, and docs to a new project, 'repoze.who.deprecatedplugins': - - 'repoze.who.plugins.cookie.InsecureCookiePlugin' (applications should use 'repoze.who.plugins.auth_tkt.AuthTktPlugin' instead). - - 'repoze.who.plugins.form.FormPlugin' (applications should implement their own login forms, and use the new 'repoze.who.plugins.redirector.Redirector' plugin to issue the appropriate challenge). - - 'repoze.who.plugins.form.RedirectingFormPlugin' (applications should implement their own login forms, and use the new 'repoze.who.plugins.redirector.Redirector' plugin to issue the appropriate challenge). Backward Incompatibilities ~~~~~~~~~~~~~~~~~~~~~~~~~~ - - The middleware used to allow identifier plugins to "pre-authenticate" an identity. This feature is no longer supported: the 'auth_tkt' plugin, which used to use the feature, is now configured to work as an authenticator plugin (as well as an identifier). - - The 'repoze.who.middleware:PluggableAuthenticationMiddleware' class no longer has the following (non-API) methods (now made API methods of the 'repoze.who.api:API' class): - - 'add_metadata' - - 'authenticate' - - 'challenge' - - 'identify' - - The following (non-API) functions moved from 'repoze.who.middleware' to 'repoze.who.api': - - 'make_registries' - - 'match_classification' - - 'verify' Please report bugs to the repoze bug tracker: http://bugs.repoze.org/ Questions should be directed to the 'repoze-dev@lists.repoze.org' mailing list. Enjoy! Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6DdqYACgkQ+gerLs4ltQ7jqACfd38u5XScdDC7Qq3lyUeY0lZF 81MAn3FMSr20vYt+ToioRiei2ekBvfh8 =3nSc -----END PGP SIGNATURE----- _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev