General:
* Removed the migration directory, as the scripts there are now maintained in
a dedicated git repository:
https://github.com/RestAuth/migration
* Add a test fixture that can be used by the manage.py testserver. setup.py
now includes a 'testserver' command that automatically loads that fixture.
Libraries that require a testserver for testing should run 'setup.py
testserver' instead of the now deprecated test.sh script.
* The WSGI script now passes the RESTAUTH_HOST environment variable.
doc/config/multiple-instances.rst suggests using this variable, but WSGI
applications never receive this variable otherwise. Likewise, the
DJANGO_SETTINGS_MODULE is passed through if set.
* Generated passwords no longer contain whitespace, a backslash, single or
double quotes.
* Fix a bug that broke Service passwords with a colon (':')
* Most of the code now adheres to python coding standards.
* restauth-service now has set-hosts, add-hosts and rm-hosts, which is in line
with the new permission system. The 'add' command can no longer add hosts in
one step, since the command would be too overloaded.
Django 1.4.0 compatibility fixes:
* 'setup.py testserver' now works different for 1.4.0, because 'manage.py
testserver' is broken in 1.4.0. See:
https://code.djangoproject.com/ticket/18019
Permissions:
* RestAuth now offers a brand-new permission system. Services can only perform
the operations they are explicitly configured for. This improves security,
because leaked service credentials limit the potential damage an attacker
can do.
* The permissions are managed with restauth-service. The new commands are
set-permissions, add-permissions and rm-permissions.
* The available permissions are documented in the man-page for
restauth-service and here:
https://server.restauth.net/restauth-service.html
build-related:
* The 'debian' branch now includes a ready-to-use debian package. Several
distro-specific branches include packages for older distributions.
* The new command 'prepare_debian_changelog' updates debian/changelog to the
newest version
* scripts found in bin/ are now automatically installed.
* manage.py gets an automatic symlink in $PREFIX/bin
Passwords:
* Support empty salts (some legacy systems to not use a salt)
* You can now implement support for a custom hash and add it to RestAuth using
the HASH_FUNCTIONS setting
* Support two new algorithms:
* 'crypt': Store passwords using the systems 'crypt' routine
* 'apr1': Store passwords using the apache modified version of MD5
commonly used in .htpasswd files
* Added test-functions for custom hashing algorithms
Validators:
* Massively rewrote the validator system. It is now way faster and more
powerul:
* deprecated SKIP_VALIDATORS setting
* introduced the new VALIDATORS setting (essentially the inverse to the
former)
* validators are now classes instead of functions
* rewritten and optimized the validation function
* new 'drupal' validator that actually uncovers a bug in Drupal (see
documentation). This validator is much more restrictive than drupal at this
moment.
Groups:
* Speed up group creation
* some code-cleanup (remove one-line functions, etc.)
* Improve speed of getting groups of a user
Documentation:
* Improved documentation in lots of places
* Add upgrade notes
* setup.py includes the new target build_html
* Add minimal manpage for restauth-manage
* Add developer/testserver documenting how to run a testserver for library
testing
* Add installation instructions for RHEL and Fedora
* Add installation instructions for ArchLinux