* Fix a problem getting encodings in the soprovidercsrf tg1 identity provider * Fix for login template issuing a traceback when viewed as a localized page (lmacken)
------
0.3.30
Not secure
------
* Added a lookup_email parameter to fedora.client.AccountSystem.gravatar_url() to allow generating gravaar urls without looking up email addresses in fas. * Fixed a bug in fedora.tg.utils.tg_absolute_url() where it was still appending the csrf_token. * Add an auth adapter for flask web apps to authenticate to FAS * New minimum version of python: requires python-2.5 or higher * Fix localization of login templates (laxathom)
---------
0.3.29
Not secure
---------
* Added a create_group method to AccountSystem to allow for creating FAS groups.
---------
0.3.28.90
---------
To finish --------- * For the faswho repoze.who plugin, allow TG1-style authentication -- ie: if all of the following are set on any URL, authenticate the user prior to loading the web page:: login=Login&user_name=$FAS_USERNAME&password=$FAS_PASSWORD
--------
0.3.28.1
Not secure
--------
* Previous fix for curl/apache interaction was incomplete. Apache returns a 417 error even if the request would have completed okay (for our case, even if the request is unauthenticated). Have to apply the workaround unconditionally.
------
0.3.28
Not secure
------
* Fix Django auth provider with Django-1.2.x or less. These versions of Django do not have the API necessary to do httponly cookies so we need to not use httponly if that's the version of Django that we're using. * Fix for a bad curl-apache < 2.2.18 interaction. Apache < 2.2.18 has a bug in processing Expect: 100-continue headers if there's data in the body that the client expects apache to process. Curl is a client that does just that. This workaround clears the Expect: header so that we do not have those issues.