Geofront

-------------

Released on March 30, 2017.

- Geofront now supports ECDSA key.
Under the hood, :func:`geofront.keystore.parse_openssh_pubkey()` function
becomes to be possible to parse ECDSA public keys. [:issue:`14`]
- Geofront now supports Atlassian Bitbucket Cloud.
See also :mod:`geofront.backends.bitbucket` module. [:issue:`4`]
- Geofront now can generate other than RSA master key (e.g. ECDSA).
The new configuration :data:`~config.MASTER_KEY_TYPE` is added to
choose the type of the master key Geofront will generate.
It's :class:`~paramiko.rsakey.RSAKey` by default.
- Added :mod:`geofront.backends.oauth` module which provides
base team implementations for OAuth.
- Added ``key_type`` optional parameter to
:func:`~geofront.masterkey.renew_master_key()` function,
:class:`~geofront.masterkey.PeriodicalRenewal` class constructor, and
:func:`~geofront.regen.regenerate()` function.
- Since ``key_type`` now can be other than :class:`~paramiko.rsakey.RSAKey`,
the ``bits`` optional parameter of
:func:`~geofront.masterkey.renew_master_key()` function,
:class:`~geofront.masterkey.PeriodicalRenewal` class constructor, and
:func:`~geofront.regen.regenerate()` function now have the default value
:const:`None` instead of 2048. :const:`None` automatically choose
the appropriate bits of the ``key_type``.
- Added :func:`~geofront.masterkey.generate_key()` function and
:exc:`~geofront.masterkey.KeyGenerationError` that it raises.
- Added ``alias_namer`` option to :class:`CloudRemoteSet
<geofront.backends.cloud.CloudRemoteSet>` constructor.
- Added :const:`geofront.team.GroupSet` type which is alias of
:class:`~typing.AbstractSet`\ [:class:`~typing.Hashable`].
- Now master key can be found without token through
:http:get:`/masterkey/` API. The server root :http:get:`/` also became
to contain a :http:header:`Link` header to it and ``"master_key_url"`` field.
- Deprecated :http:get:`/tokens/(token_id:token_id)/masterkey/`.
Use :http:get:`/masterkey/` instead.
The existing url redirects to the new url :http:get:`/masterkey/` with
:http:statuscode:`301`.
- Fixed bug that :meth:`CloudKeyStore.list_keys()
<~geofront.backends.cloud.CloudKeyStore>` sometimes returned an empty set
even if there were stored keys.
- Geofront becomes to require Paramiko 2.0.1 or higher.
- Geofront becomes to require Werkzeug 0.11 or higher.
- Geofront becomes to require Flask 0.10.1 or higher.
- Geofront becomes to require Apache Libcloud 1.1.0 or higher.
- Geofront becomes to require OAuthLib 1.1.1 or higher.
- Geofront becomes to require Waitress 1.0.2 or higher.
- Goefront becomes to require typeguard_ 2.1.1 or higher.
- :mod:`geofront.util` is gone now. Geofront instead became to require
:mod:`typing` and typeguard_.

.. _typeguard: https://github.com/agronholm/typeguard

-------------

Released on March 7, 2016.

- Added :class:`~geofront.remote.RemoteSetUnion` to make union view of
multiple remote sets.
- Fixed :exc:`AttributeError` on :meth:`StashKeyStore.register()
<geofront.backends.stash.StashKeyStore.register>` or
:meth:`StashKeyStore.deregister()
<geofront.backends.stash.StashKeyStore.deregister>` being called.

-------------

Released on January 19, 2016.

- Added :class:`~geofront.remote.RemoteSetFilter` to dynamically filter
set of remotes.
- Fixed a regression bug introduced since 0.3.0
(:commit:`9db44659c423ed33a89de712fb645186b7c722cc`) that
:class:`~geofront.backends.github.GitHubOrganization` fails to authenticate.
[:issue:`12`]

-------------

Released on January 15, 2016.

- Geofront becomes to require Paramiko 1.15.0 or higher.
- Added save check for :class:`~geofront.remote.AuthorizedKeyList`.
[:issue:`5`]
- :meth:`Team.request_authentication()
<geofront.team.Team.request_authentication>` method becomes to no more take
``auth_nonce`` and return :class:`~geofront.team.AuthenticationContinuation`
value instead of simple url :class:`str`, so that arbitrary value more
general than simple nonce :class:`str` can be shared between
:meth:`~geofront.team.Team.request_authentication()` and
:meth:`Team.authenticate() <geofront.team.Team.authenticate>`. If arbitrary
nonce is needed, :meth:`~geofront.team.Team.request_authentication()`
method has to generate one by itself.
- Geofront now supports Atlassian Bitbucket Server (which was Stash).
See also :mod:`geofront.backends.stash` module.
- :class:`~geofront.masterkey.TwoPhaseRenewal` became to raise
:exc:`ConnectionError` with attempted remote address instead of
:exc:`socket.gaierror` which is hard to troubleshoot.
- Fixed signature mismatch errors of
:class:`~geofront.backends.cloud.CloudMasterKeyStore` when it's used with
AWS S3.

-------------

Released on July 8, 2014.

- Became to depend on apache-libcloud 0.15.0 or later.
- Added HSTS_ support:

- Added :data:`~config.ENABLE_HSTS` configuration.
- Added :option:`--force-https <geofront-server --force-https>` option
to :program:`geofront-server` command.

- Fixed a bug of :meth:`KeyPairDoesNotExistError.save()
<geofront.backends.cloud.KeyPairDoesNotExistError.save>` method that
leaks :exc:`~libcloud.common.types.MalformedResponseError` raised by
:class:`~libcloud.compute.drivers.ec2.EC2NodeDriver` which ought to
raise proper :exc:`libcloud.compute.types.KeyPairDoesNotExistError`.

.. _HSTS: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security

-------------

Released on June 16, 2014.

- Fixed an authentication bug of :class:`~geofront.masterkey.TwoPhaseRenewal`
raised due to not specify login username.
- More detailed message logging of exceptions that rise during master key
renewal.