-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On behalf of the repoze developers, I am pleased to announce the 2.0
release of the repoze.who authentication / authorization framework for
Python web applications.
Major features
==
- - Refactored the core framework to permit usage as an API from within
application code (e.g., for tighter integration of views such as
login forms). Applications using 'repoze.who'` now fall into
one of three catgeories:
- - middleware-only applications are configured with middleware, and
use either 'REMOTE_USER' or 'repoze.who.identity' from the
environment to determing the authenticated user.
- - bare metal applications use no 'repoze.who' middleware at all:
instead, they configure and an 'APIFactory' object at startup, and
use it to create an 'API' object when needed on a per-request
basis.
- - hybrid applications are configured with 'repoze.who' middleware,
but use a new library function to fetch the 'API' object from the
environ, e.g. to permit calling 'remember' after a signup or
successful login.
- - Enabled standard use of logging module's configuration mechanism.
Deprecations
- - Deprecated the following plugins, moving their modules, tests, and
docs to a new project, 'repoze.who.deprecatedplugins':
- - 'repoze.who.plugins.cookie.InsecureCookiePlugin' (applications
should use 'repoze.who.plugins.auth_tkt.AuthTktPlugin' instead).
- - 'repoze.who.plugins.form.FormPlugin' (applications should implement
their own login forms, and use the new
'repoze.who.plugins.redirector.Redirector' plugin to issue the
appropriate challenge).
- - 'repoze.who.plugins.form.RedirectingFormPlugin' (applications should
implement their own login forms, and use the new
'repoze.who.plugins.redirector.Redirector' plugin to issue the
appropriate challenge).
Backward Incompatibilities
~~
- - The middleware used to allow identifier plugins to pre-authenticate
an identity. This feature is no longer supported: the 'auth_tkt'
plugin, which used to use the feature, is now configured to work as
an authenticator plugin (as well as an identifier).
- - The 'repoze.who.middleware:PluggableAuthenticationMiddleware' class
no longer has the following (non-API) methods (now made API methods
of the 'repoze.who.api:API' class):
- - 'add_metadata'
- - 'authenticate'
- - 'challenge'
- - 'identify'
- - The following (non-API) functions moved from 'repoze.who.middleware'
to 'repoze.who.api':
- - 'make_registries'
- - 'match_classification'
- - 'verify'
Please report bugs to the repoze bug tracker:
http://bugs.repoze.org/
Questions should be directed to the 'repoze-dev@lists.repoze.org' mailing
list.
Enjoy!
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6DdqYACgkQ+gerLs4ltQ7jqACfd38u5XScdDC7Qq3lyUeY0lZF
81MAn3FMSr20vYt+ToioRiei2ekBvfh8
=3nSc
-END PGP SIGNATURE-
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev