------------------
- ``acl`` middleware:
- Add ``setup`` function for ``acl`` middleware to install it in aiohttp fashion.
- Fix bug in ``acl_required`` decorator.
- Fix a possible security issue with ``acl`` groups. The issue is follow: the default behavior is
to add ``user_id`` to groups for authenticated users by the acl middleware, but if
``user_id`` is equal to some of acl groups that user suddenly has the permissions he is not
allowed for. So to avoid this kind of issue ``user_id`` is not added to groups any more.
- Introduce ``AbstractACLGroupsCallback`` class in ``acl`` middleware to make it possible easily create
callable object by inheriting from the abstract class and implementing ``acl_groups`` method. It
can be useful to store additional information (such database connection etc.) within such class.
An instance of this subclass can be used in place of ``acl_groups_callback`` parameter.
- ``auth`` middleware:
- Add ``setup`` function for ``auth`` middleware to install it in aiohttp fashion.
- ``auth.auth_required`` raised now a ``web.HTTPUnauthorized`` instead of a ``web.HTTPForbidden``.
- Introduce generic authorization middleware ``autz`` that performs authorization through the same
interface (``autz.permit`` coroutine and ``autz_required`` decorator) but using different policies.
Middleware has the ACL authorization as the built in policy which works in the same way as ``acl``
middleware. Users are free to add their own custom policies or to modify ACL one.
- Add global ``aiohttp_auth.setup`` function to install ``auth`` and ``autz`` middlewares at once
in aiohttp fashion.
- Add docs.
- Rewrite tests using ``pytest`` and ``pytest-aiohttp``.