Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 16 Mar 2012 17:59:48 +0100] rev 8317
[security] use a stronger encryption algorythm for password, keeping bw compat
Administrator should ask their users to reenter new password so they
benefit from the new encryption.
Also, new encryption is cross-platform compatible, eg you may now move an instance
from windows to linux painlessly
Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Thu, 15 Mar 2012 17:59:27 +0100] rev 8316
[cache] factorize _validate_cache() logic implemented in wsgi and twisted handlers
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:57:40 +0100] rev 8315
[fake-request] support `http_method()`
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 18:34:59 +0100] rev 8314
[Web-Request] Use rich header (closes #2204164)
Unify header management. All web request use the Headers class now (imported
from twisted). Code dedicated to header management have been merged into the
base WebRequest class.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:54:40 +0100] rev 8313
http-header: support __contains__ in Headers
You can now use::
>>> 'expires" in headers
True
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:48:20 +0100] rev 8312
[web] Move request handling logic into cubicweb application. (closes #2200684)
We improve http status handling in the process:
``application.publish`` have been renamed to ``application.handle`` to better
reflect it's roles.
The request object gain a status_out attribute to convey the HTTP status of the
response.
WSGI and etwist code have been updated.
Exception gain status attribute
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:42:31 +0100] rev 8311
[login] split authentication logic from post authentication logic (closes #2200755)
* The Session manager is now only in charge of providing a valid session.
* LoginControllers are now used in all case but wrong credential.
* The LoginControllers are in charge of redirecting the user to the page wanted
to see in the first place, expected to see.
* The login form is now always submitted to the login controller with an extra
argument pointing to the url we should redirect too after successful
authentication.
The ``"log out first logic"`` logic on login controller is removed because:
1. Other web actor do not do that.
2. Removed code do not need to be reimplemented.
3. We can only get it to work again in a single case: use do a GET request on
http://www.my-cw-stuff.io/login
4. I do not see it's purpose.