summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-11-28rewrite parse_digest_response for escapesHelmut Grohne
The previous version did not handle escapes at all. Now I added two test cases for escaping and rewrote the function to meet all test cases.
2011-11-26broaden AuthDigestMiddleware.authorization_requiredHelmut Grohne
The interface of this internal function has changed in a backwards incompatible way. The last parameter is no longer the bool stale, but an exception now, which encodes more information than the previous bool. This was made possible by the previous commit. This exception can then be used by the new method www_authenticate to generate a suitable WWW-Authenticate header. The idea behind this change is that at some point it should be possible to override authorization_required (still internal now) to evaluate what condition lead to the failure and to generate custom error pages.
2011-11-02improved extensibility of error handling in digest.pyHelmut Grohne
Instead of randomly raising KeyErrors or ValueErrors we can now see more meaningful ProtocolViolations and StaleNonces. Note that this change should be invisible to users who do not mess with internals.
2011-11-02added digest auth test with qop=authHelmut Grohne
2011-11-01digest: support gentoken without algoHelmut Grohne
2011-08-19scgi: support reusing a listen socketHelmut Grohne
This is useful when used in combination with e.g. systemd.
2011-07-25fixed epydoc markup errors in digest moduleHelmut Grohne
2011-07-25added more nonce store test cases to digest moduleHelmut Grohne
2011-07-24add more assertions for types of passed parametersHelmut Grohne
2011-07-24filters.escape_string: do not consider \ printableHelmut Grohne
Otherwise escape_string is not reversible.
2011-07-24removed execute bit from wsgitools/digest.pyHelmut Grohne
It probably gained this bit later than shown in history due to darcs not tracking execute bits. The bit was probably added for doc tests which moved to a designated file later.
2011-07-22BasicAuthMiddleware docstring: mention REMOTE_USERHelmut Grohne
2011-07-18adapt exc_info handling for python 3Helmut Grohne
2011-06-08more testcasesHelmut Grohne
2011-06-08added test cases for BasicAuthMiddlewareHelmut Grohne
2011-06-02test.py: exit non-zero on failureHelmut Grohne
The exit status is now the number of failures.
2011-06-01reworked digest.AuthTokenGeneratorHelmut Grohne
AuthTokenGenerator gained a base class AbstractTokenGenerator. This class provides an additional method check_password implementing the interface required by BasicAuthMiddleware. In addition AbstractTokenGenerator gained two subclasses HtdigestTokenGenerator and UpdatingHtdigestTokenGenerator. They both read authentication information from a apache htdigest file. The latter also checks the file for updates.
2011-06-01improved doc string for middlewares.ContentLengthMiddlewareHelmut Grohne
2011-06-01added test case for middlewares.ContentLengthMiddlewareHelmut Grohne
2011-06-01added a test case for applications.StaticFileHelmut Grohne
2011-06-01test.py: improved header checkHelmut Grohne
It previously only checked for the validity of a header and now also checks for the presence of a header.
2011-06-01README: installation and test suite instructionsHelmut Grohne
2011-06-01include epydoc.conf in MANIFEST.inHelmut Grohne
2011-01-12DictAuthChecker.__call__ should take an environwsgitools-0.2.2Helmut Grohne
as this is tried by BasicAuthMiddleware first.
2011-01-12improved AuthDigestMiddleware doc stringHelmut Grohne
2011-01-12scgi.asynchronous catches more errors nowHelmut Grohne
This addresses a disputed denial of service condition described in http://bugs.python.org/issue6706. Note that wsgitools is not hit as hard as pyftplib.
2011-01-12explicitly target python 2.x in setup.pyHelmut Grohne
2011-01-12bug fix for StaticContent and CachingMiddlewareHelmut Grohne
PEP333 says that the headers list passed to start_response may be modified by servers or middlewares. In fact this happens in DigestAuthMiddleware. The StaticContent and CachingMiddleware classes did not take this into account and returned the same headers list multiple times which is wrong and can lead to denial of service.
2010-09-04added note about ContentLengthMiddleware's wsgi conformanceHelmut Grohne
2010-09-04CachingMiddleware: automatic cache pruning implementedHelmut Grohne
2010-09-04middlewares.CachingMiddleware: include request method in keyHelmut Grohne
2010-09-02employ wsgiref.validate.validator in the test suiteHelmut Grohne
2010-09-02improved digest documentationHelmut Grohne
2010-08-31bugfix: io module from py2.6 provides incompatible StringIOHelmut Grohne
2010-06-04flush log file in RequestLogWSGIFilter by defaultHelmut Grohne
2010-05-29release 0.2.1 for security fixwsgitools-0.2.1Helmut Grohne
2010-05-29security fix: filters.RequestLogWSGIFilter must escape stringsHelmut Grohne
2010-05-25bugfix: endless loop for closed connection in scgi.forkpoolHelmut Grohne
2010-01-31fix shared default argument to parse_digest_responseHelmut Grohne
2009-10-25observed SocketFileWrapper bug fixedHelmut Grohne
2009-10-25more SocketFileWrapper (forkpool) bugsHelmut Grohne
2009-10-25SocketFileWrapper from forkpool contained more bugsHelmut Grohne
2009-10-25socket.socket.recv requires a parameterHelmut Grohne
2009-10-25extended application.StaticContentHelmut Grohne
It gained the capability to server content to unknown methods. For a backwards-compatible API this has to be enabled by an optional boolean.
2009-08-25added enable_sighandler for scgi.forkpoolHelmut Grohne
2009-07-04change version to 0.2wsgitools-0.2Helmut Grohne
2009-07-04declared beta state in setup.pyHelmut Grohne
2009-07-04added testsuiteHelmut Grohne
2009-07-04two new digest doctestsHelmut Grohne
2009-07-04more docstring/epydoc improvementsHelmut Grohne
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 02:19:51 +0000