Repoze-who

------------------

- Fix auth_tkt plugin to set the same cookies in its ``remember``
method that it does in its ``forget`` method. Previously, logging
out and relogging back in to a site that used auth_tkt identifier
plugin was slightly dicey and would only work sometimes.

- The FormPlugin plugin has grown a redirect-on-unauthorized feature.
Any response from a downstream application that causes a challenge
and includes a Location header will cause a redirect to the value of
the Location header.

------------------

- Added a key to the '[general]' config section: ``remote_user_key``.
If you use this key in the config file, it tells who to 1) not
perform any authentication if it exists in the environment during
ingress and 2) to set the key in the environment for the downstream
app to use as the REMOTE_USER variable. The default is
``REMOTE_USER``.

- Using unicode user ids in combination with the auth_tkt plugin would
cause problems under mod_wsgi.

- Allowed 'cookie_path' argument to InsecureCookiePlugin (and config
constructor). Thanks to Gustavo Narea.

------------------

- A bug in the middleware's ``authenticate`` method made it impossible
to authenticate a user with a userid that was null (e.g. 0, False),
which are valid identifiers. The only invalid userid is now None.

- Applied patch from Olaf Conradi which logs an error when an invalid
filename is passed to the HTPasswdPlugin.

------------------

- Fix bug found by Chris Perkins: the auth_tkt plugin's "remember"
method didn't handle userids which are Python "long" instances
properly. Symptom: TypeError: cannot concatenate 'str' and 'long'
objects in "paste.auth.auth_tkt".

- Added predicate-based "restriction" middleware support
(repoze.who.restrict), allowing configuratio-driven authorization as
a WSGI filter. One example predicate, 'authenticated_predicate', is
supplied, which requires that the user be authenticated either via
'REMOTE_USER' or via 'repoze.who.identity'. To use the filter to
restrict access::

[filter:authenticated_only]
use = egg:repoze.whoauthenticated

or::

[filter:some_predicate]
use = egg:repoze.whopredicate
predicate = my.module:some_predicate
some_option = a value

------------------

- Remove dependency-link to dist.repoze.org to prevent easy_install
from inserting that path into its search paths (the dependencies are
available from PyPI).

-----------------

- The plugin at plugins.form.FormPlugin didn't redirect properly after
collecting identification information. Symptom: a downstream app
would receive a POST request with a blank body, which would
sometimes result in a Bad Request error.

- Fixed interface declarations of
'classifiers.default_request_classifier' and
'classifiers.default_password_compare'.

- Added actual config-driven middleware factory,
'config.make_middleware_with_config'

- Removed fossilized 'who_conf' argument from plugin factory functions.

- Added ConfigParser-based WhoConfig, implementing the spec outlined at
http://www.plope.com/static/misc/sphinxtest/intro.htmlmiddleware-configuration-via-config-file,
with the following changes:

- "Bare" plugins (requiring no configuration options) may be specified
as either egg entry points (e.g., 'egg:distnameentry_point_name') or
as dotted-path-with-colon (e.g., 'dotted.name:object_id').

- Therefore, the separator between a plugin and its classifier is now
a semicolon, rather than a colon. E.g.::

[plugins:id_plugin]
use = egg:another.packageidentify_with_frobnatz
frobnatz = baz

[identifiers]
plugins =
egg:my.eggidentify;browser
dotted.name:identifier
id_plugin