| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-12-06 | bumped version to 0.2.3wsgitools-0.2.3 | Helmut Grohne | |
| 2011-12-06 | drop useless tail recursion param from parse_digest_response | Helmut Grohne | |
| 2011-12-01 | respect RFC2617 in terms of what is quoted | Helmut Grohne | |
| Said RFC is quite precise on which values of a challenge are to be quoted. I didn't honour those parts and many applications do not enforce these requirements, so I didn't notice. Now I explain which values are to be quoted in the hopes that it works with "Wget/1.10.2 (Red Hat modified)". | |||
| 2011-11-30 | documentation update | Helmut Grohne | |
| * added a number of internal links (L{...}) * some fixes * some additions | |||
| 2011-11-30 | Merge branch 'authrefactor' | Helmut Grohne | |
| Conflicts: wsgitools/digest.py | |||
| 2011-11-30 | shrink AuthenticationMiddleware.authenticate interface | Helmut Grohne | |
| The method no longer receives a start_response and is no longer responsible for calling self.app. Instead it returns a dictionary with the result of the authentication. | |||
| 2011-11-28 | added format_digest | Helmut Grohne | |
| This is the inverse of parse_digest_response and also supports escaping of backslashes and quotes. | |||
| 2011-11-28 | rewrite parse_digest_response for escapes | Helmut Grohne | |
| The previous version did not handle escapes at all. Now I added two test cases for escaping and rewrote the function to meet all test cases. | |||
| 2011-11-28 | digest: generate Authentication-Info before invoking app | Helmut Grohne | |
| This shrinks the possibility of raising something from start_response and maybe enables to factor out this start_response modification later. | |||
| 2011-11-27 | added new base class AuthenticationMiddleware | Helmut Grohne | |
| The BasicAuthMiddleware and AuthDigestMiddleware now derive from AuthenticationMiddleware which provides common functionality. | |||
| 2011-11-26 | broaden AuthDigestMiddleware.authorization_required | Helmut Grohne | |
| The interface of this internal function has changed in a backwards incompatible way. The last parameter is no longer the bool stale, but an exception now, which encodes more information than the previous bool. This was made possible by the previous commit. This exception can then be used by the new method www_authenticate to generate a suitable WWW-Authenticate header. The idea behind this change is that at some point it should be possible to override authorization_required (still internal now) to evaluate what condition lead to the failure and to generate custom error pages. | |||
| 2011-11-02 | improved extensibility of error handling in digest.py | Helmut Grohne | |
| Instead of randomly raising KeyErrors or ValueErrors we can now see more meaningful ProtocolViolations and StaleNonces. Note that this change should be invisible to users who do not mess with internals. | |||
| 2011-11-02 | added digest auth test with qop=auth | Helmut Grohne | |
| 2011-11-01 | digest: support gentoken without algo | Helmut Grohne | |
| 2011-08-19 | scgi: support reusing a listen socket | Helmut Grohne | |
| This is useful when used in combination with e.g. systemd. | |||
| 2011-07-25 | fixed epydoc markup errors in digest module | Helmut Grohne | |
| 2011-07-25 | added more nonce store test cases to digest module | Helmut Grohne | |
| 2011-07-24 | add more assertions for types of passed parameters | Helmut Grohne | |
| 2011-07-24 | filters.escape_string: do not consider \ printable | Helmut Grohne | |
| Otherwise escape_string is not reversible. | |||
| 2011-07-24 | removed execute bit from wsgitools/digest.py | Helmut Grohne | |
| It probably gained this bit later than shown in history due to darcs not tracking execute bits. The bit was probably added for doc tests which moved to a designated file later. | |||
| 2011-07-22 | BasicAuthMiddleware docstring: mention REMOTE_USER | Helmut Grohne | |
| 2011-07-18 | adapt exc_info handling for python 3 | Helmut Grohne | |
| 2011-06-08 | more testcases | Helmut Grohne | |
| 2011-06-08 | added test cases for BasicAuthMiddleware | Helmut Grohne | |
| 2011-06-02 | test.py: exit non-zero on failure | Helmut Grohne | |
| The exit status is now the number of failures. | |||
| 2011-06-01 | reworked digest.AuthTokenGenerator | Helmut Grohne | |
| AuthTokenGenerator gained a base class AbstractTokenGenerator. This class provides an additional method check_password implementing the interface required by BasicAuthMiddleware. In addition AbstractTokenGenerator gained two subclasses HtdigestTokenGenerator and UpdatingHtdigestTokenGenerator. They both read authentication information from a apache htdigest file. The latter also checks the file for updates. | |||
| 2011-06-01 | improved doc string for middlewares.ContentLengthMiddleware | Helmut Grohne | |
| 2011-06-01 | added test case for middlewares.ContentLengthMiddleware | Helmut Grohne | |
| 2011-06-01 | added a test case for applications.StaticFile | Helmut Grohne | |
| 2011-06-01 | test.py: improved header check | Helmut Grohne | |
| It previously only checked for the validity of a header and now also checks for the presence of a header. | |||
| 2011-06-01 | README: installation and test suite instructions | Helmut Grohne | |
| 2011-06-01 | include epydoc.conf in MANIFEST.in | Helmut Grohne | |
| 2011-01-12 | DictAuthChecker.__call__ should take an environwsgitools-0.2.2 | Helmut Grohne | |
| as this is tried by BasicAuthMiddleware first. | |||
| 2011-01-12 | improved AuthDigestMiddleware doc string | Helmut Grohne | |
| 2011-01-12 | scgi.asynchronous catches more errors now | Helmut Grohne | |
| This addresses a disputed denial of service condition described in http://bugs.python.org/issue6706. Note that wsgitools is not hit as hard as pyftplib. | |||
| 2011-01-12 | explicitly target python 2.x in setup.py | Helmut Grohne | |
| 2011-01-12 | bug fix for StaticContent and CachingMiddleware | Helmut Grohne | |
| PEP333 says that the headers list passed to start_response may be modified by servers or middlewares. In fact this happens in DigestAuthMiddleware. The StaticContent and CachingMiddleware classes did not take this into account and returned the same headers list multiple times which is wrong and can lead to denial of service. | |||
| 2010-09-04 | added note about ContentLengthMiddleware's wsgi conformance | Helmut Grohne | |
| 2010-09-04 | CachingMiddleware: automatic cache pruning implemented | Helmut Grohne | |
| 2010-09-04 | middlewares.CachingMiddleware: include request method in key | Helmut Grohne | |
| 2010-09-02 | employ wsgiref.validate.validator in the test suite | Helmut Grohne | |
| 2010-09-02 | improved digest documentation | Helmut Grohne | |
| 2010-08-31 | bugfix: io module from py2.6 provides incompatible StringIO | Helmut Grohne | |
| 2010-06-04 | flush log file in RequestLogWSGIFilter by default | Helmut Grohne | |
| 2010-05-29 | release 0.2.1 for security fixwsgitools-0.2.1 | Helmut Grohne | |
| 2010-05-29 | security fix: filters.RequestLogWSGIFilter must escape strings | Helmut Grohne | |
| 2010-05-25 | bugfix: endless loop for closed connection in scgi.forkpool | Helmut Grohne | |
| 2010-01-31 | fix shared default argument to parse_digest_response | Helmut Grohne | |
| 2009-10-25 | observed SocketFileWrapper bug fixed | Helmut Grohne | |
| 2009-10-25 | more SocketFileWrapper (forkpool) bugs | Helmut Grohne | |
 |
index : ~helmut/wsgitools.git | |
| See http://subdivi.de/~helmut/wsgitools/ | Helmut Grohne |
| summaryrefslogtreecommitdiff |