=======
CHANGES
=======

1.0.0a5 (2013-03-31)
--------------------

- More Py3 compatibility bugs in untested code.


1.0.0a4 (2013-02-28)
--------------------

- Removed support for Zope generations. It was not used and application-wide
  generations make more sense anyways. This removed the
  ``zope.app.generations`` and ``zope.generations`` dependencies.

- Made ``z3c.configurator`` support optional.

- Cleaned up source code a little bit.


1.0.0a3 (2013-02-28)
--------------------

- Changed manifest to actually include the page templates.


1.0.0a2 (2013-02-28)
--------------------

- Added version Trove classifiers.


1.0.0a1 (2013-02-28)
--------------------

- Dropped support for Python 2.4 and 2.5, added Python 3.3 support.

- Removed dependencies on ``zope.app`` packages.


0.8.1 (2011-01-21)
------------------

- Bugfix: Did not handle unicode IUser.login values.

- Fixed DeprecationWarnings.


0.8.0 (2010-01-25)
------------------

- Security Fix: move camefrom url to a session variable instead of exposing
  the url in the login form. Because the camefrom url is built at server side
  based on local information and will always only use internal traversal names.
  Exposing this camefrom query in the login url gives others only a point to
  attack because it could be simply set by a unfriendly domain with a custom
  url. This is much better since such a unfriendly 3rd party domain url doesn't
  get redirected by default based on the changes in zope.publisher's redirect
  method. (zope.publisher 3.9.3 does only redirect to urls located in the same
  domain by default)

  Remove all camefrom widgets and queries in our custom forms if you use any.
  You can just set and get the camefrom session variable in your custom forms
  if you need to.

0.7.2 (2010-01-26)
------------------

- Bugfix: Failed miserably on challenge on pages having non-ASCII names.

0.7.1 (2009-08-19)
------------------

- Bugfix: the method specialGroups applied groups everytime the method get
  called even if the group was already applied. This is a problem if the
  global shared unauthenticated principal instance is used because it will
  apply similar groups till the server get restarted and a new principal
  instance is used.

- Feature: added getUserByLogin to IUserContainer

- Added a test for user migration (that they will keep their ID)


0.7.0 (2009-05-11)
------------------

- Update dependencies:

   * Use ``zope.container`` instead of ``zope.app.container``.
   * Use ``zope.site`` instead of ``zope.app.component``.
   * Use ``zope.authentication`` and ``zope.principalregistry`` instead
     of ``zope.app.security``.
   * Use ``zope.password`` instead of maintaining a copy of password
     managers.

- Drop dependency on z3c.i18n and recreate a message factory instead.

0.6.2 (2010-01-26)
------------------

- Bugfix: Failed miserably on challenge on pages having non-ASCII names.
  (Backport from 0.7.2)

0.6.1 (2009-08-19)
------------------

- Backport bugfix 0.7.1 to 0.6.1. See branches/roger-0.6.0

  the method specialGroups applied groups everytime the method get
  called even if the group was already applied. This is a problem if the
  global shared unauthenticated principal instance is used because it will
  apply similar groups till the server get restarted and a new principal
  instance is used.


0.6.0 (2009-01-04)
------------------

- Feature: added support for local IUnauthenticatedPrincipal. This is usefull
  if you need to apply local roles to IUnauthenticatedPrincipal. This was not
  possible before and is not possible in zope.app.authentication

- Feature: implemented initial grant view based on ISource widget. Note, this
  source widget terms implementation which is very complex to understand will
  get moved to z3c.from if we fixed the ITerm dependency. Which means ITerm
  needs to get moved out of zope.app.form first.

- Feature: added support for next utility lookup in authenticate call. By
  default the principals from the global principalregistry get involved now.
  You can disable this feature by setting includeNextUtilityForAuthenticate to
  False.

- Feature: added PrincipalRegistryAuthenticatorPlugin which allows to
  authenticate principals defined in global principal registry.

- Feature: implemented z3c.form prefix support in SessionCredentialsPlugin. Now
  there is an option called prefixes which can be used for define a list of
  used z3c.form prefixes. This makes it simpler for supporting different forms
  and adjust the credential extraction.

- Renamed IGroupPrincipal to IFoundGroup which makes it more understandable
  why this adapter implementation is needed. The IFoundGroup adapter is now
  also used for zope.security.interfaces.IGroup principals. This makes it
  possible to use them in the new principalregistry credential. Provide
  deprecation message for the old IGroupPrincipal implementation.

- Removed dependency for zapi. But it's not really gone since other packages
  use zapi too.

- Removed unused InvalidPrincipalIds and InvalidGroupId exceptions

- Removed unused IMemberAwareGroup support. This interface is not used in zope
  at all.

- Added documentation for Pypi home page.


0.5.1 (2008-04-16)
------------------

- Cleanup imports and adjust dependencies


0.5.0 (2008-04-16)
------------------

- Initial Release
