summaryrefslogtreecommitdiffstats
path: root/NEWS
blob: aa7c8516e3bd390717b0f284dc82526a2e90c04c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
NEWS
====

2.1.13 - Match 23th 2015
------------------------

Never say never, another Django 1.5 release. It fixes slowdown in homepage when
a lot of service providers are registered.

Commits
~~~~~~~

6 files changed, 267 insertions(+), 91 deletions(-)

 - prepare 2.1.13
 - ldap: update block saved in LDAP users objects with default values (#6784) (2d8fbdc)
 - Optimize queries in SamlBackend.service_list() (22d382e)
 - In get_sp_options_policy() and get_idp_options_policy() cache query for default and all queries (96ab51e)
 - Add decorator to cache function results in request (d69eec9)

2.1.12 - March 13th 2015
------------------------

It's the last release supporting Django 1.5 & 1.6, the next will be Django 1.7
only. You will need to update to this release before updating to the next one
for migrations to work. Notables changes:
 - new CAS 1.0 & 2.0 idp with support for proxy tickets and authorization
	 between services
 - expiration of SamlKeyValue objects
 - worked around problem of CSRF cookie change when navigating in different
	 tabs
 - email authentication is now activated by default
 - password change over LDAP works
 - LDAP now support STARTTLS
 - log a warning when user fails to log in more than a certain times
 - add an exponential retry timeout before authentication failures
 - add a flag to force user to change their password at next login
 - add the possibility to validate passwords by using regular expression

Commits
~~~~~~~

855 files changed, 55961 insertions(+), 51943 deletions(-)

 - Reorder migrations of the saml application (e30917e)
 - ldap: fix logging call (3648e4a)
 - Do not pass homepage url through settings, use variables set in the template
	 context by a template context processor (refs #6690) (7a9423e)
 - login label updated when email authentication enabled (6669) (f41a12b)
 - Support variable MANAGER_HOMEPAGE_URL and MANAGER_HOMEPAGE_TILE for the
	 first element of the manager breadcrumb (fixes #6690) (6b9606a)
 - Add created filed to SamlKeyValue to permit expiration of stored values
	 (fixes #5639) (c38ee5e)
 - Add an ExpireManager to share common code around expiration of models (refs
	 #5639) (d5675f2)
 - Remove LibertyFederation model (refs #5639) (1d6a4d9)
 - Add missing newline in translations that broke msgfmt (4df0d05)
 - Deactivate custom csrf view for tests (6f4c045)
 - update French translation (5907b85)
 - Use new CSRF cookie validation on login view (refs #5617) (f257370)
 - Update french translation (fixes #5617) (8fd5446)
 - Use new mixin on registration view to show a form error on CSRF token
	 validation error instead of a redirect (refs #5617) (0baa91c)
 - Allow validation of CSRF cookie to be done in view using a CBV mixin or an
	 helper function (refs #5617) (31c743d)
 - Use setting CSRF_FAILURE_VIEW to prevent user seeing 403 on CSRF failure,
	 instead redirect them to the same page and display a warning (refs #5617)
	 (25ef99f)
 - registration tests updated to new settings (#6661) (28a1581)
 - email authentication enabled by default (7de4f82)
 - locale: french translation for registration backend (4b74662)
 - typo fix on login choices page (#6634) (8a97ddd)
 - first and last names mandatory on registration (#6653) (a025418)
 - user fullname prefixed by account number on login choices page (#6634)
	 (433737b)
 - auth model backend path fix (#6635) (1051624)
 - limit username to 30 chars (#6636) (e9d6739)
 - Only remove the opened session cookie when the feature is activated (#6265)
	 (a838d08)
 - Use a valid python identifier for lable of SAML 2.0 IdP AppConfig (#6518)
	 (ab50dce)
 - Fix OpenID 2.0 IdP migrations since the application was renamed (6b48ab8)
 - Fix use of the logout view by SAML 2.0 IdP (5f018c7)
 - Remove Ticket.identifier from the admin, the field has been removed
	 (976ab8e)
 - Add a CAS IdP module (9b958d3)
 - Makes make_url() accepts a fragment in the base url (b8716b9)
 - Makes registration tests pass without network (e927faf)
 - Add helper methods to normalize attributes values (69df370)
 - Move to_list() and to_iter() in utils.py (a73adab)
 - Add a helper method to retrieve the user from a session given the session
	 key (ab3dd57)
 - Make compile_translations target of setup.py compatible with Django 1.7
	 (8dd988a)
 - Add helper method check_session_key() to verify that session is still valid
	 (4d15508)
 - Refactor SAML 2.0 SP initiated slo to use the refactored logout view
	 (e0db633)
 - Rename idp/logout.html template to authentic2/logout.html (15d87d5)
 - Refactor the logout view (ef59354)
 - Add check_referer() helper method to check that referer match the current
	 domain (581f34d)
 - Create a ModelAdmin mixin for adding a default cleanup action to any model
	 admin (0bee142)
 - Add test method to check XML contents for some properties (9f796c0)
 - Create a base class for tests providing 2 new helper methods (09e8a66)
 - With Django >= 1.7 activate ATOMIC_REQUESTS on the default db (e2d3f04)
 - Add new helper method redirect_to_logout (cfac918)
 - Adapt SAML 2.0 IdP to new authentication events recording (15d4dde)
 - Refactor testing for fresh authentication by storing the nonce in the
	 session (45da549)
 - password change view restored (3d81025)
 - misc: add a settings option to disable https ssl checks (#6539) (783977b)
 - misc: raise an urllib2.HTTPError if get_url returns a non 200 response
	 (#6539) (f8543c9)
 - style: add non-prefixed css properties (#6510) (c0c0706)
 - At least install tox and pylnt (d6156bc)
 - Just use tox (358a8e7)
 - jenkins.sh: just install authentic2 using pip (4d62374)
 - [django-1.7] SortedDict.insert() method was removed (c687a87)
 - Rename README.rst to README to supress a warning (fe4f447)
 - Fix typo in setup.py (4a3c9b6)
 - [django-1.7] Rename all migrations/ directories to south_migrations/
	 (5ac3c8a)
 - [django-1.7] tox: adapt settings and commands (40850ef)
 - [django-1.7] Monkey patch default Django user model for Django 1.7 (f328f6f)
 - [django-1.7] Prevent Django 1.7 showing a warning about test suites
	 initialized before Django 1.6 (db95cc2)
 - [django-1.7] Natural primary key support have been added to Django 1.7, we
	 only need natural generic foreign key support now (252476d)
 - [django-1.6] Not settings Meta.fields or Meta.exclude has been deprecated
	 (cbdcf5d)
 - [django-1.6] Add missing default value to AttributePolicy.enabled field
	 (0a4acfb)
 - [django-1.7] Use allow lazy to apply string tranformation to translatable
	 string in models definitions (db8dc58)
 - [django-1.7] Use application configuration to rename the SAML 2.0 idp
	 application and prevent name collision (af4ea67)
 - [django-1.7] Use new application config ready() method to fix user models
	 (6000feb)
 - [django-1.7] User profiles were deprecated in django 1.5, partially remove
	 the functionnality from our copy of AbstractUser (3d24f74)
 - [django-1.7] Declare authentic2 compatible with django 1.7 (32d1c6f)
 - Simplify default logging settings (f7bdd57)
 - OpenID IdP: raise ImproperlyConfigured if it is enabled but python-openid is
	 not installed (fcae7f2)
 - Update local_settings.py.example (8837014)
 - Rename environment variable DJANGO_CONFIG_FILE to AUTHENTIC2_CONFIG
	 (c43721b)
 - Move test_settings in the tests/ subdirectory (31927d1)
 - Make a plugin from the OpenID 2.0 IdP (4be3b68)
 - tests: Add templates (4fbcbeb)
 - Remove include of gadjo files (72c3242)
 - Move authentic2 into src/ (2949cfe)
 - Remove init scripts not used anymore (e2f03ef)
 - test fix (4e01add)
 - registration: custom save method added (809f8bd)
 - removed modules import fixed (ec69ab2)
 - Merge branch 'wip/registration' (a8fd23b)
 - remove cache on metadata view (#6487) (3a83a64)
 - boolean attributes convertered to unicode and lower-cased and the other
	 converted to unicode (262a8a1)
 - middleware: allow other view restrictions from plugins (6a168d2)
 - ldap_backend: add a new backend LDAPBAckendPasswordLost for use by lost
	 passwords views (6ba68b5)
 - ldap_backend: move all initialization of the password in
	 LDAPUser.ldap_init() (98ddc4b)
 - ldap_backend: ignore `user_basedn` if it's empty or None (8aebe1e)
 - ldap_backend: remove the uri parameter to the return*user class of functions
	 (7c3ef42)
 - ldap_password: if no password is stored, LDAPUser.get_connection() should
	 return the default connection (6359ac9)
 - ldap_backend: do not raise if LDAPUser.get_password() fails, returns None
	 (70aaa6b)
 - ldap_backend: reimplement password change (5c07c39)
 - models_backend: abandon if username if empty or None (954de2e)
 - manager: add missing template user_edit.html (dd03347)
 - auth_frontends: add an exponential retry timeout after authentication
	 (6adba07)
 - implement an object to compute exponential retry timeout (39a9d42)
 - utils: add form_add_error an helper method to set a global error on a form
	 (9a6224b)
 - backends: signal if login with an account failed more than n times (984f98f)
 - middleware: permit logout event a view restriction is applied (9014877)
 - locale: update french translation (d98d55c)
 - manager: add buttons to force user to reset its password on next login
	 (c516cad)
 - middleware: implement restriction to the password change view when password
	 reset is requested (6cf91d2)
 - registration: add a next URL parameter to the password change view (d8ffeaa)
 - forms: new form mixin to store next URL parameter in forms (a6d7e9e)
 - utils: new helper method redirect_and_come_back to redirect to a view
	 passing it the current URL as the next parameter (3dd3106)
 - admin: register PasswordReset in the admin application (597d763)
 - models: add __unicode__ method to PasswordReset (91a1f08)
 - fix_user_model: dispatch monkey patching of user related models and forms in
	 their respective files (59f3e12)
 - tests: add tests on the password validator (3c61e02)
 - validators: make possible to validate password using a regular expression
	 (62de751)
 - validators: add digits as a character class when validating passwords
	 (43d9d45)
 - ctl: do not consider --help as an invalid option (b0b5bce)
 - Fix error in call to parent implementation (5d74ae7)
 - handling metadata from the web (81ca01d)
 - In the admin allow filtering provider by their policy, remove protocol
	 conformance column from the listing (a89df5f)
 - Set on_delete attribute on foreign keys of the saml application's models
	 (1823cb1)
 - Fix missing import (7b066c2)
 - ldap: remove reference to undefined variable (ba4d5e3)
 - ldap: do not retrieve attributes in the base search for users (d2a356a)
 - LDAP attribute can be multivalued, any reference to a mono-valued attribute
	 must be suffixed with [0] (c7ab420)
 - Fix app_settings of SAML and OpenID IdP, they forced their prefix on all
	 access to the settings module (eafe34f)
 - Come back to explicit path for LOGIN_URL and LOGOUT_URL and it break
	 compatibility with Django 1.5 (ed4be3d)
 - Replace use of authentic2.idp.saml.common.redirect_to_login by
	 authentic2.utils.login_require (f30c356)
 - Add a next_url parameter to login_require to come back to another URL than
	 the current one (53c23d9)
 - Do not change the type of INSTALLED_APPS keep it as a tuple (7ee6f4b)
 - Remove unused imported symbols (1a3440c)
 - Change default external_id_tuple to use uid as the primary key with the LDAP
	 server (6b96d6e)
 - user's account history information display updated (2e939d5)
 - username is uuid, not viewable or editable by user (461c3e4)
 - user full name and account creation, last login date displayed on login
	 choices (33e7c80)
 - login page text fix (14ca8a7)
 - account creation and login urls refactored (3027128)
 - on user multiple accounts propose to log in with one of them or create a new
	 account (c6a9960)
 - Registration refactored: email validation done first and registration
	 process finished on profile completion. (efa4305)
 - ldap to database users synchronization command. ldap backend's methods
	 refactored (717c7ee)
 - ldap_backend: username computed from uid by default (c984435)
 - Set DJANGO_CONFIG_FILE only if local_settings.py exists (0ab6736)
 - Adapt tox tests to cleaned settings (e3082f8)
 - Make authentic2-ctl default to load the local_settings.py file in the
	 current directory (50c4737)
 - Improve test on the login_require helper function (e4c9362)
 - Fix assertEqualsURL, query string is index 3 in a splitted URL (1f979f8)
 - Add new --config flag to authentic2-ctl (fixes #5960) (7ae6ffd)
 - Simplify settings, remove all extraction from environment (refs #5960)
	 (b47b151)
 - Remove caching of server object in SAML 2.0 IdP, it's incompatible with
	 multi-tenant (refs #5960) (3addece)
 - Remove the PUSH_PROFILE_UPDATES feature (refs #5960) (97d4e14)
 - Use app_settings to set default value for TEMPLATE_VARS settings (refs
	 #5960) (155f895)
 - Remove loading of debug toolbar in urls.py (refs #5960) (1892fef)
 - Refactor default settings for the SAML 2.0 IdP (refs #5960) (6556776)
 - Do not cache settings in disco_responder use late binding (refs #5960)
	 (e7535f0)
 - Remove IDP_OPENID setting, rename it A2_IDP_OPENID_ENABLE and store default
	 in an app_settings.py file (refs #5960) (f3481b3)
 - Convert urls.py in OpenID IdP for direct import of views (refs #5960)
	 (54d03aa)
 - Add a feature to force users to change before using the IdP (f3e884a)
 - Add helper function to compare URLs in tests (7f8aef2)
 - In utils.make_url if the target URL contains a query string, extract it and
	 use it as a base for building the new query string (fixes #6314) (8d8cb91)
 - Add a default value for the user_basedn setting (7766d65)
 - Do not traceback when request is too old during SAML login or logout request
	 handling (fixes #6306) (3830935)
 - Add missing start_tls_s() in the LDAP authentication code (76dff5f)
 - Try to not overflow the limit on SQL statement length by doing filtering
	 client side instead of using a NOT IN clause (6ffa1a1)
 - Remove SSL registration view as it's not working anymore, must be redone
	 using new registration views (f1a41e2)
 - Update idp_openid with new redirect helpers (62e351c)
 - Remove legacy redirect_to_login helper method (8412402)
 - Use new helper methods in decorators (d58ddf2)
 - Use new helper methods in default login/password authentication frontend
	 (822ab9a)
 - Use new helper method in auth2_ssl (e86916d)
 - Add helper method to require a login (6c72edf)
 - Add helper method for logging in an user doing all needed bookkeeping
	 (67e2c2d)
 - Add helper method to record an authentication event (b9f5b1b)
 - Add helper method to redirect user to next URL (072df70)
 - Add helper method to request a login, copying nonce and next parameters
	 (c1dd770)
 - Add new utilities to help building URLs with parameters (2676e6f)
 - Make the logout set a cookie to let other views know that a logout occured
	 recently (e57015b)
 - Distribute locale for SAML 2.0 IdP (65058be)
 - Default to use starttls on ldap:// connections, also allow to set
	 python-ldap options locally or globally (fixes #6097) (3ea847e)
 - Fix error logging when an exception occur during admin bind in LDAP backend
	 (fixes #6036) (0b2e5c1)
 - Use a second field for confirmation of emails, not a special widget
	 (7a7870c)
 - idp/saml: use get_sp_options_policy() to get the policy in
	 get_attribute_definitions (542c806)
 - trivial: fix typo in error message (#6203) (7ba9603)
 - Always show the login page (b564e15)
 - Validate email domain containing non ASCII characters (72f6433)
 - Add Django 1.7 environment to tox configuration (58d827d)
 - Run tox as part of the continuous integration script, stop the script on any
	 error (bf4754d)
 - Add default value to test_setting to accomodate needs of Django tests
	 (0c36445)
 - Add setting A2_VALIDATE_EMAIL_DOMAIN to completely disable email domain
	 checking (c498ab7)
 - Create a base_no_sekizai.html base template for 404 and 500 templates as
	 they are used by Django tests which do not install django-sekizai (956a520)
 - changed mimetype to content_type as per django1.5 deprecation rules.
	 (a17812b)
 - changed .raw_post_data to .body as per django1.4 deprecation rules.
	 (8cb6fa6)
 - Added tox as a test-runner. (e2213b9)
 - [django-1.6] add default value to all BooleanField missing it (242815a)
 - [django-1.6] LDAPUser application cannot be deduced without a Meta.app_label
	 (266e6ed)
 - [django-1.6] authentication backends import path must match the canonical
	 __module__.__class__ (f72155c)
 - [django-1.6] use ATOMIC_REQUESTS setting instead of TransactionMiddleware
	 (010b922)
 - [django-1.6] middleware: do not store set() object in sessions only lists
	 (b3def63)
 - [django-1.6] adapt to API change on EmailValidator (e031cab)
 - [django-1.6] fix import path of FieldDoesNotExist exception (c2e98e1)
 - documentation: fix block of code displays in quick ldap backend file.
	 (9f37735)
 - misc: minor change to French translation (#6124) (92edfa2)
 - Fix bug introduced in commit 52f380d (95d9e48)
 - documentation: update mapping subject of attribute management. (6e3622d)
 - Prevent circular imports of settings (92af1ff)
 - NEw experimental attribute source computed_targeted_id to create
	 eduPersonTargetedId like values from existing attributes (ed8bab6)
 - Do not block on failure of the topological sort of attribute sources by
	 their dependencies (7467d3d)
 - Refactor SAML 2.0 IdP and attributes engine interface (52f380d)

2.1.11 - Decembre 5th 2014
--------------------------

 16 commits, 12 files changed, 705 insertions, 79 deletions

- refactor LDAP password storage, check and modifications
- fix some french translations
- enlarge AuthenticationEvent.how column to accomodate currently used value 'password-on-https'
- remove model LibertyProviderPolicy only use SPOptionsIdPPolicy now
- fix bug in login view introduced in last release

2.1.10 - December 3rd 2014
--------------------------

- set LDAP backend default to create Django users (transien=False)
- do not fail when lasso is uninstalled, instead show a warning in a 404 error
	page
- set root logger level to WARNING and only activate DEBUG level on authentic2
	logger when DEBUG is True
- DEBUG=True is now the default
- removed the default cache stored on filesystem
- documentation refactoring
- use django-sekizai to load stylesheet and javascript files
- make the logout URL used for simple logout uncacheable by adding a varying parameter,
- add new way for authentication frontend to render their login block by implementing a
	simple view named login(), this view can use django-sekizai to add CSS or JS
	assets and receive the a share rendering context in the `context_instance`
	keyword argument,
- store URL of metadata file in provider objects, separated from entity_id as
	in somes cases it does not match. A migration was created to initialize the
	field in existing providers with the entity_id. A new method
	update_metadata() was created on LibertyProvider, the admin action was
	rewritten around it.
- user creation form's username field maximum length was fixed (finally)
- french translations were added for the SAML 2.0 IdP
- refactored the login view, new frontend API is supported where frontend only
	implement a login() view

2.1.9 - November 14th 2014
--------------------------

- better interoperability with LDAP directories, all attribute names are lowercased on
	input to limit problem with case
- you can now use username multiple times in the LDAP user filter (you can put
	many %s patterns)
- new support a limited range of Shibboleth attribute filter policies that you
	can load when synchronizing with a SAML 2.0 education&research federation.
- users can now delete their federation on their account page.

2.1.8 - Movember 6th 2014
-------------------------

101 commits,  114 files changed, 1778 insertions(+), 2110 deletions(-)

- full support for natural keys to SAML models
- new setting key to disable profile edit, password change and email change
	views
- new decorator setting_enabled to deactivate a view based on a setting
- new urlpatterns decorator required to wrapp all view in an urlpatterns with a
	decorator
- validation of LDAP setting keys: it stops when an unknown key is used
- validate DNS in email fields, for profile edit and registration
- removed auth2_openid idp backend
- lot of improvements to error management in SAML idp
- default logging configuration now log the function names
- add CSV export feature to new manager
- LDAP user passwords are now stored in the session, no need for a shared cache
	anymore
- authentic2 version is now available in templates in the variable AUTHENTIC2_VERSION
- tracebacks during cleaning of models are now logged
- idp sso can be initiated using a GET

2.1.7 - August 21th 2014
------------------------

21 commits, 50 files changed, 3153 insertions(+), 233 deletions(-)

- new manager for users and groups on /manage
- simple password policy validation on registration and profile update
- password authentication can be disabled

2.1.6 - August 5th 2014
-----------------------

29 commits, 23 files changed, 473 insertions(+), 166 deletions(-)

69b4da5 settings: do not produce duplicate log when using DEBUG_LOG setting
599073c settings: uniformize use of to_boolean for boolean settings
bcc592a settings: add support for y, yes, n, no values to the to_boolean() parser
8fcbcda backends/ldap_backend: do not fail when LDAP_AUTH_SETTINGS is not defined
fed533c backends/ldap_backend: convert attributes name to str
7aa5332 attributes_ng/sources: add an ldap source
6f2fc98 models: fix AttributeError in UserExternalId.__repr__
4930227 compat: add work-around for Django < 1.8 and commit_on_success
e8a1f0a auth2_auth/migrations: protect data modifying code with "if not db.dry_run"
bdcf55b backends/ldap_backend: add legacy field mapping to attributes to import
6cb5602 settings: don't print "Debugging mode is active"
adda44a settings: allow to override field names in A2_PROFILE_FIELDS and A2_REGISTRATION_FIELDS
e3135d4 settings: set LOCALE_PATHS
b056b26 views: if A2_PROFILE_FIELDS is empty, use A2_REGISTRATION_FIELDS completed with extra attributes
c48796b views: in profile view filter out empty attribute values
9ae7590 backends/models_backend: filter user email case-insensitively
d2ccb7e views: refactor profile view, use CBV, and honor A2_PROFILE_FIELDS
e8c49e5 views: return to profile page after validating an email change
c3fa0ac views: return to profile after requesting an email change
8673268 saml: SAMLAttribute.attribute_name must not be constrained at the model level
3a25ebc saml/models: add natural key to LibertyFederation
eeec701 saml/models: add natural keys to LibertyServiceProvider and LibertyIdentityProvider
1c3c922 settings: import A2_ACCEPT_EMAIL_AUTHENTICATION from environment
45135ff settings: load all custom password hashers
8f0db6e hashers: always convert OpenLDAP hash algo to uppercase
ce67ec4 commands: add new command load-ldif
34778e3 saml/admin: fix missing blank value for SAMLAttribute.attribute_name
e025d56 l10n: change translation of "Account activation failed" (#5144)
93ab270 views: do not use django.contrib.sites in the email change view

2.1.5 - skipped
---------------

2.1.4 - July 15th 2014
----------------------

1 commit, 2 files changed, 93 insertions(+), 2 deletions(-)

Changes:
 - new hashers for loading OpenLDAP passwords

2.1.3 - July 15th 2014
----------------------

249 commits, 252 files changed, 11140 insertions, 11139 deletions

Changes:
- a2c2ade registration_backend/views: fix registration of new users
- aedcb83 management: add missing __init__.py files
- 720e2d4 middleware: fixes OpenedSessionCookieMiddleware middleware
- df80753 saml: do not configure choice for attribute names at the model level as it breaks model validation before running migrations
- ed76842 management: add new command clean-unused-accounts
- 02f3a2b forms: allow ordering of fields on profile page
- 56592e6 middleware: do not reset root logger to level 0
- 69514f9 run.sh: do not make DEBUG=1 a default
- ad4d83e settings: do not disable existing loggers, it's clear now that it is wrong
- 6c20a1a ldap_backend: replace dn lookup by an external_id lookup
- 2383d81 ldap_backend: fail cleanly when attribute retrieval fails and log an error
- a5172a5 ldap_backend: add dn to the attribute dict
- 7dcd2ad ldap_backend: remove redefinition of LDAPBackendError
- a535158 models: add string cast to UserExternalId
- 79e6f3d registration_backend/forms: use A2_REGISTRATION_FIELDS to reorder fields in the registration form
- 383b776 idp/locale: update french translations
- d655013 locale: grammar correction
- c1a4f93 admin: show attribute name in listing of attribute definitions
- 33f533f attribute_kinds: remove siret attribute which is too specific
- d870b23 attribute_kinds: pick attribute kinds from settings
- c863427 compat: add settings to add user model fields to the registration form
- 4c2ca1e settings: load /etc/authentic2/config.py if available
- 95e407a context_processors: add settings.TEMPLATE_VARS in template context
- 83a0d42 fix_user_model: fix username length check also in overriden forms
- fcd2259 fix_user_model: fix widget maxlength attribute
- b50e22f fix_user_model: fix also username length in user change and creation forms
- 85c24a5 middleware: add a middleware to install a cookie when the user has an open session
- 9b878e5 templates: fix back link closing tag
- f4fdc4e saml: use GET binding when the HTTP method is HEAD
- 5d3b800 fix_user_model: patch directly the user model
- fa53721 fix_user_model: importing django.contrib.auth.forms inside a function does not work
- a26d3ae fix_user_model: also fix admin forms when changing validation regex for username
- 1fcee43 views: add a logged-in jsonp web service
- b0af1b6 idp/saml/saml2_endpoints: fix typo
- 74765bb idp/saml/saml2_endpoints: in add_attributes add debug log of attribute values
- 080f5bd idp/saml/saml2_endpoints: in add_attributes() fix query for SAML2Attribute objects
- 0ecad21 attributes_ng/source/django_user: add missing attribute django_user_identifier
- a4dbd4d saml/admin: explicitely list fields to show on change form
- df00c9d idp/saml: add attribute to assertions based on new attribute definitions
- 20362c3 saml/admin: add inline admin forms for SAML attribute definitions
- 0fb3681 saml: add attribute definition model
- 0965fbd start new attributes-ng subproject
- 97b819f attribute_aggregator/user_profile: only set attributes from user model fields if get_attributes() did not return an equivalent value
- 203e7af fix_user_model: allow overriding django User model username regex validator and help text
- e48714a makes sure msg is defined before asserting on it
- 5008e25 registration/views: fix n-th misuse by me of get_or_create()
- e23a700 add setting A2_REGISTRATION_GROUPS to affect default groups to self-registered users
- f189317 models: change UserExternalId definition
- 1b7148a decorators: add to_iter() decorator to transform any generator into an iterable object
- eba089c models: make LogoutUrlAbstract.get_logout_url() take a request object
- d84a21c models: fix typo in LogoutUrlAbstract.get_logout_url()
- 1a822a8 settings: set special formatter for syslog
- 64b53f9 attribute_aggregator/user_profile: fix initialization of a variable
- c8a75ae attribute_aggregator/user_profile: if user has a get_attributes() method, ignore legacy mapping
- a0f4816 settings: fix typo
- 6cd91ca settings: extract PASSWORD_HASHERS setting from environment
- cd883ff settings: fix typo
- 3a6f01f settings: add A2_HOMEPAGE_URL
- 0d83d64 ldap_backend: do not convert to string before testing for nullity
- 2be7bdf jenkins.sh: restrict pylint to version 1.1.0 which raised less warnings
- a605052 validators: accept email when greylisting is used
- 74507b2 ldap_backend: escape the user DN before interpolating it into the group filter
- 706342d ldap_backend: force the username template to be unicode as the result must be
- 391e597 ldap_backend: escape string used to build the user DN when using a DN template
- bd68fe2 setup.py: remove dependency link to fork of django-registration
- 00a896a models_backend: use a dynamic proxy user model
- 2a3a165 idp/saml: improve handling of lasso errors on processing of AuthnRequest
- f542916 saml,idp/saml: if NameQualifier or SPNameQualifier is missing, use implicit knowledge of the IdP or SP identities
- a9aa567 attribute_aggregator/user_profile: add support for relations use it to fix the role attribute
- 562aee0 idp/saml: when a provider is missing, propose to add it directly
- 5c5222d ldap_backend: if LDAP is configured but the ldap module is missing, raise ImproperlyConfigured
- 89feb7c ldap_backend: if no LDAP config exists, returns None
- 233fd6e ldap_backend: do not break if an attribute is not UTF-8 (jpegPhoto ?)
- 6dbfbd9 templates: add a default registration/registration_closed.html template
- 49c13f0 fix_user_model: add validation of email domains to user model
- e8ae079 rename fix_username_length module to fix_user_model
- da64050 add validators module with a first email validator
- 1c9f0a4 backends/ldap: when mapping attribute names, convert original name to string first
- 4845d63 backends/ldap: convert attributes to unicode on input
- 15479b4 settings: user ldap backend before model backend
- 8c860e1 backends/ldap: add option to pass all realms to an LDAP backend (bis)
- 1ba9df2 backends/ldap: add option to pass all realms to an LDAP backend
- a92e80c admin: add email to user editable fields
- 6357356 backends/ldap: when creating the UserExternalId, verify that the user exists in the database
- 6bfbaf5 backends/ldap: remove dead import
- e78854c idp/saml/saml2_endpoints: request failure because the requested NameID format is not supported are not an error but a warning
- bc95b39 update french translation
- 500ef9f admin: add a clear expired sessions action
- 4765b64 admin: fix SessionAdmin.user method, does not assume there is always a user set in a session
- aefccd1 settings: use Django specific raven/sentry configuration
- dc360f3 backends/ldap: fix missing definition of the User model
- 8305292 admin,dashboard: show see technical models admin pages even if DEBUG is False
- 361c135 dashboard: show session admin in debug panel
- e4790ae admin: in the Session admin, show user and ips
- da52fe7 add a new middleware to collect ips in the session
- 510c396 backends/ldap: add lookup by username, make password change work with Django models
- e8ec5a8 backends/ldap: add an option to update username on all login
- 83cc9f2 backends/ldap: improve log
- ef9fe77 backends/ldap: improve logs
- e1ae3b7 backends: in LDAPBackend allow the user query to return multiple records
- 890717e settings: add loading from YAML files
- 995aacf update french translation
- d0497f4 settings: if LOG_DEBUG is present, do not set level to DEBUG on root logger
- 4ddd6cc admin: customize admin for technical models
- 370e727 admin: activate Session model admin also when the engine is cached_db
- c143ffc admin: add filter on whether an use has an external identifier or not
- dbfafc7 dashboard: expose DeletedUser model
- 372b45e models: complete verbose_name attributes
- 9f41f0e remove dead application auth2_user
- 6202e4b backends/ldap: fix lookup of UserExternalId missing in commit 6fde3843bdfa
- 6b1761c idp: fix renamed authentication backend reference (bis)
- 45b450b idp: fix renamed authentication backend reference
- 8437ad4 update french translation
- d627a4b forms: fix user edition on group admin form
- 692a195 authentic2-ctl: do not set DEBUG=1 in the environment
- 8f9ae8e settings: set syslog log level to DEBUG, and reset handlers on django.db logger
- b6cd5dc settings: display a message when DEBUG is on
- 5685b31 settings: add a DEBUG_LOG setting to limit debugging log to certain domains
- e71728e settings: remove useless LANGUAGES setting
- 4531ced settings: improve naming of path related settings
- 08ca448 run.sh: run with debugging on
- 8a4fd00 settings: remove redefinition of VAR_DIR
- 7a7318e templates: fix typo in password_reset_email.html
- fb9b1d4 style.css: make help text display under form fields
- 9e1518b admin: register the Session model if the db session engine is used
- e1657ca backends/ldap: populate the user.attributes dictionary for transient users
- 640b6a0 backends/ldap: remove remaining catchall except blocks
- 8cc48f4 admin: in user list view add filter on realms
- a3cde8f app_settings,backends/model: add REALMS setting to aggregate realm from all sources
- b352b07 backends/ldap: move configuration check in get_config()
- f5a9d7e backends: rename module models to models_backend to prevent collision in imports
- ab20bee backends/models: if the login form pass a realm use it
- 6fde384 backends/ldap: add setting username_template for building usernames
- dfd51e4 backend/ldap: add a realm attribute defaulting to ldap
- f106505 backends: in the model backend try to lookup user also by appending known realms
- 1eb2e11 registration_backend: allow a default realm for self-registrated accounts
- db1b762 settings: unique email for accounts should not be the default
- a7d4b9e settings: django.contrib.sites is not necessary
- d4df5f6 idp/saml: remove wrong backend class
- b68320c idp/saml2: add decorator never_cache to all views
- c7771d4 idp/saml/saml2_endpoints: add new model backend to supported backends
- cefa5d5 backends: add new ModelBackend handling multiple matching users and email as username
- 0159f71 backends/ldap_backend: fix import path
- 2509410 backends: rename ldap backend module to fix collision with global namespace
- b2783e2 serializers: fix missing import and not handled case of new models
- c179273 add a backends directory, mv LDAP backend into backends/ldap.py
- 31a7b00 add serializer supporting natural primary keys
- 64c1bc3 move User.username length fix outside of __init__.py as it breaks loading of wsgi application
- edb77e3 managers: extract GetBySlugQuerySet/Manager from saml.managers
- 6cb51c1 app_settings: fix typo
- f6ebdc9 models,managers: add a custom manager to AttributeValue model
- 12ce6cd admin: only use authentic user admin if the classic user model is used
- 846fac3 migrations: add migration to add Attribute and AttributeValue
- 9823957 admin: unregister the user model only if it's already registered
- 0e18014 admin,dashboard: add support for custom user model
- 5750fe7 models: add natural key support to model Attribute
- e2086b0 commit missing file from the custom attribute support commit
- 06a9e33 authentic2: only patch User.username if this field exists
- d4fd5b2 dashboard: show internal models when DEBUG is True
- 7c4b9b1 update french locale
- b9c0f7e add custom attributes support to Django user model
- 7de5f17 decorators: add decorator to_list() to make a list returning function from a generator
- a09abf3 managers: fix filter in with_federation() and without_federation()
- 6ef54cd idp/saml2: fix path for the redirect_to_logout view
- 98f7d2f authentic2/idp/static was move into authentic2/static
- bb413cd models: patch Django user-model username max_length to be 255 characters
- 856bb9a move static files at root of python packages
- 4710346 ignore ./static not all static directories
- cdd695b settings: apply new standard layout for system static and template directories
- 31059e6 app_settings: add key AUTH_FRONTENDS
- 37c7617 use getattr for getting AUHT_OPENID, DISCO_SERVICE and AUTH_SSL settings
- b72dc3a app_settings,utils: move IDP_BACENDS default value into app_settings
- 5594936 app_settings: fix capitalisation of username field on registration page
- 75422cb settings.py: add option USE_MEMCACHE
- c1fd142 models: initialize plugins there
- 4c21a7b saml/managers: add method to convert LibertySession queryset to LassoSession dump
- d408895 saml/models: LibertySession.federation and assertion can be blank (=NULL)
- 4a31b11 settings: load authentication backends, auth frontends and idp backends from plugins
- fb669c6 plugins: define a DEFAULT_GROUP_NAME and use it in as default group name in functions
- 41f02e8 remove AUTH_OATH setting description
- 386bb66 auth2_ssl/backend: do not clutter saml2_endpoints with authncontext declaration, use authentication backend hook
- 4789396 settings.py: add a default configuration for a file based cache
- 466d1b8 saml/common.py: use assertion for checking if a message is a SOAP one
- d38dc84 saml/models: set LibertyProvider manager to LibertyProviderManager
- 21dc8ce saml/managers.py: remove dead import
- 3529ec7 saml/managers.py: add helper method to LibertyProviderQuerySet
- dc346d7 remove the CAS idp, as it is now out of tree
- 94d52b8 models: FederationId, a generic model to store federation identifiers
- 8653edb models: LogoutUrl, new generic model to store logout urls of providers
- 0fa8329 utils: in accumulate_from_backends, ask also to plugins
- 9cc17bd middleware: add a new LogCollector middleware
- 8781ebd saml/models: move all managers to their own module
- e90a4a7 saml/common: in soap_call return the original exception through SOAPException
- 770ef7f saml/common: SOAPException does not need any specialization
- 8c84456 saml/common: add assertion on presence of a name_id in parameters of add_federation
- 0f980ea saml/common: add more debugging log
- 9564cc1 saml/common: change provider_id to entity_id in load_provider to uniformize vocabulary
- 0214e2b saml/common: add assertion and debug logging in SAML2 message extraction functions
- c38112a saml/saml2utils: simplify log messages in authnresponse_checking
- 6623566 saml/common: simplify debug log in soap_call
- f049de7 saml/common: add debug log to return_saml2
- 9745156 saml/common: add a logger
- ecc5601 views: simplify server_error view
- 2e0e3e6 remove authsaml2, it's reborn as plugin authentic2-auth-saml2
- 833191a auth2_ssl: simplify and adapt for nginx
- dc16ce9 frontends: remove the next parameter to the profile view,
- f29db4a urls: if DEBUG is True, serve static files
- 5ae30ce auth2_ssl: refactoring [module reorg]
- dbab288 move all content of the auth2_auth module into authentic2 module [module reorg]~
- 9dd8a60 remove dead import
- 2f7eebd auth2_auth: remove dead admin module
- 92e53bc fix import error on NONCE_FIELD_NAME
- 21b4e11 auth2_ssl: refactoring [module reorg]
- e0e065d auth2_ssl: consolidat urls in an urls module [module reorg]
- c651f68 move constant NONCE_FIELD_NAME in module authentic.constants [module reorg]
- 2aa09a6 idp/urls: do not assume IDP_CAS or IDP_SAML are defined
- 82544a8 idp: refactoring [module reorg]
- 9ee9d1c remove dead view error_ssl
- c79b2af move login view from auth2_auth to idp [module reorg]
- 9fa3537 auth2_auth/views: remove unused view password_change
- 1ee99e2 idp/urls: refer to interaction views by name, attribute global name [module reorg]
- 1a68a68 registration_backend/forms.py: validate that username is not already taken
- 9c6e238 registration_backend/views.py: call the user model clean() method when creating temporary user on registration
- 34ad76d registration_backend/forms.py: validate that passwords match on registration
- d02d903 registration_backend/forms.py: copy validators from user model to form
- 4a950fb settings: extract any environment var named SETTING_
- ed5ba7f settings: load middleware from plugins
- 0f8942d dashboard: load admin modules from plugins
- fdf03e8 utils: add IterableFactory to make fresh iterable from generators
- 8f9df53 settings: add environment setting SECURE_PROXY_SSL_HEADER
- dde3007 plugins: set a default group_name for plugins
- 51cf993 admin: allow editing group's users from the group change form
- 835759f urls: import django.contrib.admin directly
- 43d6cef settings: restore normal order of applications in INSTALLED_APPS
- 44e9581 backends: in LDAPBackend fix missing variable reference in string template
- a31e6d3 backends: remove referral results from results before counting found user records
- 2e17383 backends: remove 1s default timeout for LDAP requests
- 7c8bbba backends: in LDAPBackend do not follow LDAP referrals by default
- 9cddce0 add a plugin system
- 3c1ce8f auth2_auth: fix bug in auth_ssl urls
- 20ebabd backends: do not force flags on LDAP users
- 478dadd attribute_aggregator/core: simplify load_or_create_user_profile() using Model.get_or_create() to remove a race condition
- f256267 setup.py: adapt to change in Django compilemessages
- 5605186 auth2_auth/views: allow staff to see the login page even when logged
- dfbbe03 auth2_auth/urls: use the auth_login name for the login view
- e5567b3 setup.py: force version of django-admin-tools to >= 0.5
- dd7794d fix wrong commit count in NEWS
- c552e9e idp/saml/saml2_endpoints: use the new SPOptionsIdPPolicy.http_method_for_slo_request field when initializing a new SLO request
- 7883fa0 saml/models: add field SPOptionsIdPPolicy.http_method_for_slo_request


2.1.2 - January 8th 2014
------------------------

20 commits, 25 files changed, 683 insertions, 3308 deletions

Changes:
- we abandonned our fork of django-registration to use the upstream 1.0 release
- fixed bug in sync-metadata in the building of the slug when two providers share the same name
- added support of new mdui: namespace for building provider names in sync-metadata
- you can now choose to send logout request using iframe or img on a provider basis

2.1.1 - January 8th 2014
------------------------

- Fix missing dependency upon django-admin-tools in setup.py
- Raise dependency on south to 0.8.4

2.1.0 - December 15th 2013
--------------------------

506 commits, 370 files changed, 18136 insertions, 10906 deletions

Changes:
- New discovery service
- Improved OpendID idp
- OpenID trusted root whitelist
- New internal LDAP authentication backend (no more depend upon
	django-auth-ldap), with support for AD and password change
- New LDAP only user mode, allow to work with a read-only DB
- Many settings can be extracted from process environment variables
- No homepage mode, for a technical IdP
- Single logout improvements in proxy settings
- Improved translations
- Federation deletion can be propagated and inercepted using a signal
- Adaptation for Django 1.5 custom user models
- Email change form with token-by-mail validation
- Improvement in sync-metadata for loading federation metadata files
- Improvement of the user_profile source of attribute aggregator
- Using attribute as federation id in the service provider
- Added signals to modify attribute loading
- Attribute mapping module is customizable through a setting
- Improvements for supporting legacy CAS clients
- Remove of auth2_oath authentication backend for copyright reasons
- Support for Drupal 7 hashed passwords
- Support for attributes in CAS tickets

Bugs:
- Too much to be listed

2.0.2 - May 11th 2012
---------------------

7 commits, 15 files changed, 920 insertions, 163 deletions

Changes:
* The setup script is based on setuptools and handle dependencies.
* Prefer using pycurl instead of M2Crypto to retrieve HTTPs URLS as it
supports server name indication

Bugs:
* Fix data files not installed with the setup

Other:
* Documentation updated.

2.0.1 - April 27th 2012
--------------------------

48 commits, 97 files changed, 1456 insertions, 1112 deletions

Changes:
* Authentic2 now runs with Django1.4. Deprecated functions removal is still
  in progress.
* CsrfMiddleware is not used anymore.
* Debug is the default mode.
* Limit dependency of attribute aggregator on python-ldap.
* Modification of the attribute aggregator mapping file.
* The private key from Lasso dumps is not logged anymore.

Features:
* As a SAML2 IdP, the user consent for federation when a transient nameID is
  served is not asked anymore.
* As a SAML2 SP, it is now possible to ask another authentication when a
  transient nameID is received.

Bugs:
* Fix in cache_and_validate.
* Fix service provider list on homepage.
* Fix in attribute aggregator profile creation.

Other:
* Beginning of a pep8 review.
* Documentation updated.
* Translation updated.

2.0.0 - December 22nd 2011
--------------------------

Main Features:

* SAML 2.0 Identity provider
* ID-FF 1.2 Identity provider
* OpenID provider
* CAS server
* SAML 2.0 Service provider
* ID-FF 1.2 Service provider
* OpenID relying party
* Protocol proxying
* Authentication by simple password
* Authentication by one-time password OATH and google-authenticator
* Authentication by self-signed X509 certificates avoer SSL/TLS
* Authentication on LDAP
* Authentication on PAM
* Attribute management for attributes in SAML2 authentication requests
* Attribute namespace mapping