Sylvain Thénault <sylvain.thenault@logilab.fr> [Tue, 20 Mar 2012 18:20:20 +0100] rev 8319
[manage / default index views] discard login/logout templates
Pierre-Yves David <pierre-yves.david@logilab.fr> [Fri, 16 Mar 2012 14:23:58 +0100] rev 8318
devtools-request: transmit the headers keyword argument to the request class
Otherwise the headers kwargs end up in the form.
This is very useful for testing publish logic related to http header (as cache).
Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 16 Mar 2012 17:59:48 +0100] rev 8317
[security] use a stronger encryption algorythm for password, keeping bw compat
Administrator should ask their users to reenter new password so they
benefit from the new encryption.
Also, new encryption is cross-platform compatible, eg you may now move an instance
from windows to linux painlessly
Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Thu, 15 Mar 2012 17:59:27 +0100] rev 8316
[cache] factorize _validate_cache() logic implemented in wsgi and twisted handlers
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:57:40 +0100] rev 8315
[fake-request] support `http_method()`
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 18:34:59 +0100] rev 8314
[Web-Request] Use rich header (closes #2204164)
Unify header management. All web request use the Headers class now (imported
from twisted). Code dedicated to header management have been merged into the
base WebRequest class.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:54:40 +0100] rev 8313
http-header: support __contains__ in Headers
You can now use::
>>> 'expires" in headers
True
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:48:20 +0100] rev 8312
[web] Move request handling logic into cubicweb application. (closes #2200684)
We improve http status handling in the process:
``application.publish`` have been renamed to ``application.handle`` to better
reflect it's roles.
The request object gain a status_out attribute to convey the HTTP status of the
response.
WSGI and etwist code have been updated.
Exception gain status attribute
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 15 Mar 2012 17:42:31 +0100] rev 8311
[login] split authentication logic from post authentication logic (closes #2200755)
* The Session manager is now only in charge of providing a valid session.
* LoginControllers are now used in all case but wrong credential.
* The LoginControllers are in charge of redirecting the user to the page wanted
to see in the first place, expected to see.
* The login form is now always submitted to the login controller with an extra
argument pointing to the url we should redirect too after successful
authentication.
The ``"log out first logic"`` logic on login controller is removed because:
1. Other web actor do not do that.
2. Removed code do not need to be reimplemented.
3. We can only get it to work again in a single case: use do a GET request on
http://www.my-cw-stuff.io/login
4. I do not see it's purpose.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 01 Mar 2012 12:08:35 +0100] rev 8310
[LoginForm] refactor to ease other implementation
An Abstract BaseLoginForm is created. It is intended to be used by cubes who
want to implement new login form. It gather common login form elements in
particular the form action.
This will ease redefinition of this form action in later commit.