Pyramid-fullauth

==================

Features
--------

- Add support for python 3.12 (`724 <https://https://github.com/fizyk/pyramid_fullauth/issues/724>`_)


Miscellaneus
------------

- `649 <https://https://github.com/fizyk/pyramid_fullauth/issues/649>`_, `#650 <https://https://github.com/fizyk/pyramid_fullauth/issues/650>`_, `#654 <https://https://github.com/fizyk/pyramid_fullauth/issues/654>`_, `#686 <https://https://github.com/fizyk/pyramid_fullauth/issues/686>`_, `#690 <https://https://github.com/fizyk/pyramid_fullauth/issues/690>`_, `#711 <https://https://github.com/fizyk/pyramid_fullauth/issues/711>`_

==================

Miscellaneus
------------

- Deploy documentation to github pages and change package uri to the new place documentation is being published on. (`638 <https://https://github.com/fizyk/pyramid_fullauth/issues/638>`_)

==================

Breaking changes
----------------

- pyramid_fullauth no longer supports Authentication and Authorisation legacy policies. (`636 <https://https://github.com/fizyk/pyramid_fullauth/issues/636>`_)


Features
--------

- Add Python 3.10 to the supported python versions (`495 <https://https://github.com/fizyk/pyramid_fullauth/issues/495>`_)
- Support python 3.11 (`621 <https://https://github.com/fizyk/pyramid_fullauth/issues/621>`_)
- Migrated pyramid_fullauth to the pyramid 2.0 Security policy from legacy authentication and authorization policies.

You'll have to migrate as well when upgrading pyramid_fullauth. See more at `Upgrading Authentication/Authorization <https://docs.pylonsproject.org/projects/pyramid/en/latest/whatsnew-2.0.html#upgrading-authentication-authorization>`_ (`636 <https://https://github.com/fizyk/pyramid_fullauth/issues/636>`_)


Miscellaneus
------------

- Dropped custom csrf check option. It wasn't tested internally,
wasn't actually used for views, and overshadowed official pyramid's predicate,
that was dropped in pyramid 2.0, and was deprecated since pyramid 1.7. (`387 <https://https://github.com/fizyk/pyramid_fullauth/issues/387>`_)
- Removed UserEmailMixin.__pattern_mail which was unused. (`436 <https://https://github.com/fizyk/pyramid_fullauth/issues/436>`_)
- Use towncrier to manage Changelog (`619 <https://https://github.com/fizyk/pyramid_fullauth/issues/619>`_)
- Migrate development dependency management to pipenv (`620 <https://https://github.com/fizyk/pyramid_fullauth/issues/620>`_)
- Add your info here (`622 <https://https://github.com/fizyk/pyramid_fullauth/issues/622>`_)
- Use shared automerge action for merging dependabot PRs automatically.
It's based on github actions. (`623 <https://https://github.com/fizyk/pyramid_fullauth/issues/623>`_)
- Migrate version management tool to tbump (`624 <https://https://github.com/fizyk/pyramid_fullauth/issues/624>`_)

----------

- [cleanup] Removed internal compat (pyramid_fullauth is now python 3 only)
- [cleanup] Removed references to pyramid.compat (pyramid_fullauth is now python 3 only)

----------

- [packaging] use setup.cfg to define package metadata nad options
- [cleanup] blackify codebase
- [enhancement] move CI to github-actions
- [breaking] removed dependency on tzf.pyramid_yml and pymlconf. All configuration has to be handled within .ini file now.
- [enhancement] refactored route_predicates. Now user_path_hash can handle all user hashes.
- [enhancement] Changed default cookie session factory from `UnencryptedCookieSessionFactoryConfig` to `SignedCookieSessionFactory`.
- [enhancement] Use require_csrf instead of use_csrf view decorator predicate.
This raises now 400 http error instead of 401 in case of bad or no csrf token when required.
- [enhancement] Set default session serializer as JSONSerializer to comply with pyramid's 2.0 change
- [enhancement] Require minimum pyramid 1.10.
- [enhancement] properly lint code through pylint an fix found issues
- [security] Set minimum requirement for SQLAlchemy to be at least 1.3.0 to protect against
`CVE-2019-7164 <https://nvd.nist.gov/vuln/detail/CVE-2019-7164>`_ and
`CVE-2019-7548 <https://nvd.nist.gov/vuln/detail/CVE-2019-7548>`_

-------

- increased the size of password and salt fields to 128 characters each
- default password hashing algorithm is sha256