Christophe de Vienne <christophe@unlish.com> [Mon, 06 Jul 2015 13:17:07 +0200] rev 11585
[doc] Anonymous access is not mandatory anymore
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:56:59 +0200] rev 11584
Added tag 0.4.0, debian/0.4.0-1 for changeset 897a149e8208
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:56:32 +0200] rev 11583
[pkg] add debian/watch
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:48:39 +0200] rev 11582
[pkg] 0.4.0
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:45:37 +0200] rev 11581
[pkg] add python-pyramid-multiauth dependency to debian package
Closes #5576182
Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Jun 2015 09:51:32 +0200] rev 11580
[core] adjust cnx handling for cubicweb 3.21
Closes #5731814
Julien Cristau <julien.cristau@logilab.fr> [Tue, 30 Jun 2015 11:15:03 +0200] rev 11579
set httponly on session cookie
Julien Cristau <julien.cristau@logilab.fr> [Tue, 30 Jun 2015 11:15:54 +0200] rev 11578
[bwcompat] use cubicweb error views (closes #4545130)
David Douard <david.douard@logilab.fr> [Thu, 18 Jun 2015 10:49:34 +0200] rev 11577
Added tag 0.3.1, debian/0.3.1-1 for changeset 6df91cb85ecc
David Douard <david.douard@logilab.fr> [Thu, 18 Jun 2015 10:46:09 +0200] rev 11576
[pkg] 0.3.1
Denis Laxalde <denis@laxalde.org> [Wed, 29 Apr 2015 22:46:17 +0200] rev 11575
Handle absence of anonymous user
Set cw_session and then cw_cnx request attributes to None in case anonymous
connection is not allowed (i.e. no "anon" user in config).
Then catch AuthenticationError in CubicWebPyramidHandler and return the 'login'
view.
Closes #4751862.
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 19 May 2015 08:38:08 +0200] rev 11574
[debian] Add python-wsgicors dependency as it is now available
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 17:06:36 +0200] rev 11573
Update Changes for version 0.3.0
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 15:45:14 +0200] rev 11572
Added tag pyramid-cubicweb-version-0.3.0, pyramid-cubicweb-debian-version-0.3.0-1 for changeset a80e076d3f42
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 15:34:05 +0200] rev 11571
Fix debugtoolbar pkg name
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 15:22:24 +0200] rev 11570
Set version 0.3.0
Christophe de Vienne <christophe@unlish.com> [Tue, 24 Feb 2015 17:19:58 +0100] rev 11569
[doc] update changes list
Christophe de Vienne <christophe@unlish.com> [Fri, 08 May 2015 11:38:07 +0200] rev 11568
Rollback 'uncommitable' cnx
Closes #5343870
Christophe de Vienne <christophe@unlish.com> [Wed, 29 Apr 2015 13:09:06 +0200] rev 11567
[debug] The debug mode now set pyramid.reload_templates
Christophe de Vienne <christophe@unlish.com> [Sat, 25 Apr 2015 20:50:57 +0200] rev 11566
Use pyramid flash queue for messages
Use a 'cubicweb' flash queue and make sure it contains only one message
so that the behavior is the same as cubicweb.
Also, the 'message' property now returns both the cubicweb flash queue and
the default flash queue.
One big difference with the former behaviour is that messages set with
set_message will survive a redirection, making set_redirect_message useless in
most case.
Closes #5298654
Christophe de Vienne <christophe@unlish.com> [Wed, 25 Feb 2015 22:40:39 +0100] rev 11565
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com> [Tue, 28 Apr 2015 11:04:03 +0200] rev 11564
Allow tests to override pyramid_settings
Closes #5307426
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 29 Apr 2015 11:39:35 +0200] rev 11563
Make debug mode usable without pyramid_debugtoolbar
Add the latter in Debian recommends along the way.
Closes #5310434.
Christophe de Vienne <christophe@unlish.com> [Thu, 26 Feb 2015 00:56:32 +0100] rev 11562
[auth] Use a second authtkt policy for 'rememberme'
The former solution was buggy because the expire time of the auth cookie, if
set through 'remember', was lost on the first cookie reissuing.
The new approach, make possible thanks to multiauth, use two different cookies.
One for session bounded authentication (no 'rememberme'), and one for long
lasting authentication (w 'rememberme').
The choice between the two of them is done by adding a 'persistent' argument
to the top-level 'security.remember' call. Passing this argument will inhibate
a policy or the other.
The two policies are (a little) configurable through the
'cubicweb.auth.authtkt.[session|persistent].*' variables.
Related to #4985962
Christophe de Vienne <christophe@unlish.com> [Thu, 12 Feb 2015 19:21:39 +0100] rev 11561
[auth] Use pyramid_multiauth
It makes it easier to finely tune what parts of the default authentication stack
we want to use or not.
It also makes it possible for any cube to add its own policy in addition to the
others.
Related to #4985962
David Douard <david.douard@logilab.fr> [Thu, 09 Apr 2015 23:58:38 +0200] rev 11560
[auth] remove dead code (closes #5230746)
Christophe de Vienne <christophe@unlish.com> [Mon, 23 Feb 2015 17:17:43 +0100] rev 11559
[login] Test the login views
Christophe de Vienne <christophe@unlish.com> [Tue, 24 Feb 2015 17:19:37 +0100] rev 11558
Fix project homepage url
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 14:31:30 +0100] rev 11557
Replace the '_' with '-' in the package name
The change was made manually on pypi (see
https://sourceforge.net/p/pypi/support-requests/459/)
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 16:35:06 +0100] rev 11556
On exceptions from CW, copy headers
Closes #4939219