Restauth

Latest version: v0.6.4

Safety actively analyzes 688792 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

0.7.0

General:
* Update requirements.
* RestAuth no longer supports separate backends, instead there is a common backend for all data.

Documentation:
* Remove last traces of old git host.

0.6.4

General:
* This project now lives on GitHub: https://github.com/RestAuth/server
* RestAuth now requires Django 1.6 or newer and uses the app-layout introduced in Django 1.5.
* The source code no longer includes a localsettings.py file but an example-file instead. This
file is included in the pip-packages and eases configuration for installations via pip.
* The restauth import data format now just has a raw 'hash' key which contains a raw hash as
stored by the application (plus the "hash" key identifying the type of hash).
* The backend interface function set_password_hash now only understands the "algorithm" and
"hash" keyword arguments, where "hash" is the raw password hash.
* More consistently lowercase input and output names of users and groups.
* Improve documentation in many small ways.
* django backend now verifies that the hash is supported when importing hashes.

Settings:
* SECURE_CACHE is now True by default, since the default cache is an in-memory cache anyway.

Command-line scripts:
* Fix listing of subgroups for "restauth-groups view".
* Usernames of users created via "restauth-user add" are now subject to the same limitations as
via the RestAuth interface.
* Fixed restauth-user view --service=...
* restauth-import now correctly sets the 'date joined' property for users it created.

Testsuite:
* The testsuite fully tests all command-line scripts.
* The testsuite features 100% test coverage.
* Fix tests in some python2.6 versions.

Development:
* Code now (partially) uses a line-width of 99 characters.
* All files use unicode literals and declare a utf-8 source code encoding.
* Move development dependencies to requirements-dev.txt

0.6.3

* Fix a major bug that meant no password verification for services when
using SECURE_CACHE = True

Dependencies:
* RestAuth is now fully tested with Python3.2 and higher.
* Running RestAuth with Python3 requires Django>=1.5 and South>=0.8.
* six is used to ensure Python3 compatability.
* Add requirements3.txt file which excludes wsgiref as dependency.
* On Python2, RestAuth now requires Python2 >= 2.6.5.
* RestAuth now requires Django >= 1.4.2 or greater.
* Generally relax dependencies in requirements.txt

Command-line scripts:
* Fix imports in restauth-group.
* restauth-service, restauth-user and restauth-group now have a rename
action, renaming services/users/groups.
* New 'set-service' action for restauth-group which sets the service of a
group.

0.6.2

Not secure
* Fix loading of validators.
* Validator classes now are in CamelCase.
* Loaded validators are now instances, which mostly enables more rigid
testing of validator-loading.
* Update requirements.txt
* Add the CONTENT_HANDLERS setting to localsettings.py
* Add installation instructions for PIP
* Use djangos backport of unittest in some cases.

0.6.1

Not secure
Dependencies:
* This release requires Django 1.4 or later and is tested with Django 1.5.
* This release requires Python 2.6 or newer.
* Python 3.2 or newer is supported by our codebase, but some dependencies
(mimeparse, south) do not yet work with Python 3.

Backends:
* RestAuth now features a pluggable backend system to store its data.
Different backends can be used to store user data, properties and groups.
RestAuth comes with a backends using the Django ORM, providing the
previous functionality and a Redis plugin to store property data. Please
see:
https://server.restauth.net/developer/backends.html
for more information.

Password hashing
* RestAuth now uses the password hashing API provided by Django 1.4 or
later. Consequently, the HASH_ALGORITHM and HASH_FUNCTIONS settings have
been deprecated by the standard Django PASSWORD_HASHERS setting.
* Existing validators need to be rewritten. Please see the current document
https://server.restauth.net/config/custom-hashes.html
for more information.
* Because of the above changes, hashing is now provided by public functions
that can be used in custom backends as well (see documentation).
* The SERVICE_PASSWORD_HASHER setting overrides the default password hasher
for services. Using md5 gives a significant speed improvement, but has some
security implications (see documentation).
* RestAuth now supports hashes as generated by Phpass (WordPress, phpBB3)
and the enhanced phpass-like sha512 hashes found in Drupal7.

General improvements:
* Most received data is now validated using assertions. This makes verifying
the input data format both faster and more exact.
* Content handlers are now configured with the CONTENT_HANDLERS setting. The
handlers are now used as global classes and are never reloaded.

Caching:
* The CACHES setting is no longer overriden by settings, enabling Djangos
in-memory caching mechanisms by default.
* The cache middlewares are no longer automatically added, as they
introduce unreliable behaviour in some situations.
* The new SECURE_CACHE setting tells RestAuth if the cache can be considered
a secure data storage (default: False). If True, Django will cache service
information within the cache, significantly speeding up RestAuth.

Command-line scripts:
* Move all scripts to RestAuth/bin/ to be more virtualenv friendly.
* Command-line scripts also use the new backend system, so changing backends
directly affects their output.
* restauth-service: Display services in alphabetical order.
* restauht-service: Verify set/added hosts to be valid IPv4/IPv6 addresses.

Testing:
* Update testerver fixture to include example.{com,net,org} services.
* Most tests (except those testing individual hashers) now use a faster MD5
hasher. This speeds up tests significantly.
* Tests also use the new backend system, so they can be used to test
different backends as well.

Bugfixes:
* Fix a broken Foreign Key constraint that broke adding IP-Adresses to
services.
* When calling group members, users were returned multiple times under
certain conditions.
* Fix migrations on a bare SQLite3 database

Other assorted changes and improvements:
* The Exception- and Request middlewares have been merged for a minor speed
improvement.
* Killed the last traces of epydoc documentation.
* python setup.py build no longer builds documentation.

0.6.0

General:
* Greatly simplify default logging configuration
* Migration to Django generic class-based views
* Globally cache username validators and pasword hashers
* Automatically set the 'date joined' property upon user creation
* New setting GROUP_RECURSION_DEPTH defines level of group recursion

Compliance with RestAuth:
* This release complies with RestAuth 0.6, adding support for setting
multiple properties at once. Support for status code 403 was already added
in the previous release.
* All resource names (names of users, groups and properties) are now
consistantly lower-cased.

Database schema:
* Many new indizes
* Remove useless subclass-relation for services
* Uniqueness for groups is now enforced on a schema-level

Testing:
* Most testcases no longer use transactions speeding up testruns a bit
* Hashing tests for custom hashes also check shorter usernames
* The override_settings decorator now ships with RestAuth and is used with
Django 1.3.

Page 1 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.