Sat, 25 Apr 2015 20:50:57 +0200 Use pyramid flash queue for messages
Christophe de Vienne <christophe@unlish.com> [Sat, 25 Apr 2015 20:50:57 +0200] rev 11566
Use pyramid flash queue for messages Use a 'cubicweb' flash queue and make sure it contains only one message so that the behavior is the same as cubicweb. Also, the 'message' property now returns both the cubicweb flash queue and the default flash queue. One big difference with the former behaviour is that messages set with set_message will survive a redirection, making set_redirect_message useless in most case. Closes #5298654
Wed, 25 Feb 2015 22:40:39 +0100 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com> [Wed, 25 Feb 2015 22:40:39 +0100] rev 11565
[doc] Document the new authentication stack
Tue, 28 Apr 2015 11:04:03 +0200 Allow tests to override pyramid_settings
Christophe de Vienne <christophe@unlish.com> [Tue, 28 Apr 2015 11:04:03 +0200] rev 11564
Allow tests to override pyramid_settings Closes #5307426
Wed, 29 Apr 2015 11:39:35 +0200 Make debug mode usable without pyramid_debugtoolbar
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 29 Apr 2015 11:39:35 +0200] rev 11563
Make debug mode usable without pyramid_debugtoolbar Add the latter in Debian recommends along the way. Closes #5310434.
Thu, 26 Feb 2015 00:56:32 +0100 [auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com> [Thu, 26 Feb 2015 00:56:32 +0100] rev 11562
[auth] Use a second authtkt policy for 'rememberme' The former solution was buggy because the expire time of the auth cookie, if set through 'remember', was lost on the first cookie reissuing. The new approach, make possible thanks to multiauth, use two different cookies. One for session bounded authentication (no 'rememberme'), and one for long lasting authentication (w 'rememberme'). The choice between the two of them is done by adding a 'persistent' argument to the top-level 'security.remember' call. Passing this argument will inhibate a policy or the other. The two policies are (a little) configurable through the 'cubicweb.auth.authtkt.[session|persistent].*' variables. Related to #4985962
Thu, 12 Feb 2015 19:21:39 +0100 [auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com> [Thu, 12 Feb 2015 19:21:39 +0100] rev 11561
[auth] Use pyramid_multiauth It makes it easier to finely tune what parts of the default authentication stack we want to use or not. It also makes it possible for any cube to add its own policy in addition to the others. Related to #4985962
Thu, 09 Apr 2015 23:58:38 +0200 [auth] remove dead code (closes #5230746)
David Douard <david.douard@logilab.fr> [Thu, 09 Apr 2015 23:58:38 +0200] rev 11560
[auth] remove dead code (closes #5230746)
Mon, 23 Feb 2015 17:17:43 +0100 [login] Test the login views
Christophe de Vienne <christophe@unlish.com> [Mon, 23 Feb 2015 17:17:43 +0100] rev 11559
[login] Test the login views
Tue, 24 Feb 2015 17:19:37 +0100 Fix project homepage url
Christophe de Vienne <christophe@unlish.com> [Tue, 24 Feb 2015 17:19:37 +0100] rev 11558
Fix project homepage url
Wed, 21 Jan 2015 14:31:30 +0100 Replace the '_' with '-' in the package name
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 14:31:30 +0100] rev 11557
Replace the '_' with '-' in the package name The change was made manually on pypi (see https://sourceforge.net/p/pypi/support-requests/459/)
Tue, 10 Feb 2015 16:35:06 +0100 On exceptions from CW, copy headers
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 16:35:06 +0100] rev 11556
On exceptions from CW, copy headers Closes #4939219
Tue, 10 Feb 2015 10:23:20 +0100 [doc] fix pyramid-auth-secret conf sample
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 10:23:20 +0100] rev 11555
[doc] fix pyramid-auth-secret conf sample
Mon, 02 Feb 2015 13:46:28 +0100 [doc] Update change list
Christophe de Vienne <christophe@unlish.com> [Mon, 02 Feb 2015 13:46:28 +0100] rev 11554
[doc] Update change list
Wed, 28 Jan 2015 00:00:05 +0100 [core] Protect session data from unwanted loading.
Christophe de Vienne <christophe@unlish.com> [Wed, 28 Jan 2015 00:00:05 +0100] rev 11553
[core] Protect session data from unwanted loading. Use specialised Session and Connection types that forward their 'data' and 'session_data' attributes to the pyramid request.session attribute. This forwarding is done with properties, instead of copying a reference, which allow to access request.session (and the session factory) if and only if Session.data or Connection.session_data is accessed. In some cases, most notably the static resources requests, it can mean no access the session during the request handling, which saves a request to the session persistence layer. Closes #4891437
(0) -10000 -3000 -1000 -300 -100 -14 +14 +100 +300 +1000 tip