** Version 1.0.5 - Functions _doAddUser () and _doChangeUser () now use default password type of the mysqlUserFolder. - AUTO_CREATE_ROLES now creates roles in create_user () too. - Removed unused __del__ () from mysqlUser. ** Version 1.0.4 - change in the MySQLdb API: insert_id () replaced with lastrowid. - Cookie support for GRUF with Plone. - In m_USerInfo.dtml, url_quote is added for usernames in link hrefs. ** Version 1.0.3 - "import" fix in db.py. On some installations this produced import error. ** Version 1.0.2 - Fix in _doDelUsers () used by GRUF (Thanks to Kai) ** Version 1.0.1 - __check_connection () was missing in authenticate (). (Thanks to Matthias Kleinschmidt). - v_userdb.change_user_roles () now filters out system roles, so it doesn't write them into the database - there was a problem with Plone calling _doChangeUser (). (Thanks to Matthias Kleinschmidt). ** Version 1.0.0 - Don't connect () on __setstate__ (), but on the first request. This fixes some performase issues when there are lot of thread creations. ** Version 0.9.2 - There is a new cfg option AUTO_CREATE_ROLES. It will create all roles from user.change_user_roles () that don't exist. ** Version 0.9.2-pre2 - fixed typo in manage_create_users () - authenticate () works if GRUF passes None as username or password. ** Version 0.9.2-pre1 - renamed authenticate () to authenticate_main (), and same for authorize () to avoid confusion with corresponding functions of the basic user folder. Implemented authenticate () interface function. - _getPassword () implemented for the user object, this is needed for GRUF. - don't raise an error if adding roles to the parent folder fails in mysqlUserFolder creation and role creation. - _doAdd/Delete/Change functions are implemented. - Now it is possible to create/change user without any roles - manage_users_create () and manage_users_change_roles () are fixed (thanks to Alex). - It is also possible to leave anon_create_role empty, so new users created with user_create are without roles (thanks to Reale Fabrizio). - If MySQLDB returns SERVER_GONE or SERVER_LOST, __do_query () will automaticaly reconnect and reexecute the query without raising an error. - pwe_md5_crypt () looks a bit nicer now. (thanks to Lance Pillay). - getClinetAddress () method of Zope 2.7 is now supported. Variable REQUEST_RADDR_FIELD is ignored on Zope >= 2.7. - validate_domain_spec () changed to work properly with Zope 2.7, REQUEST_RHOST_FIELD removed from cfg.py. Domain spec validation is now done by zope function. This means that REQUEST_RADDR_FIELD is always ignored for this purpose. - implemented hasUsers () method. ** Version 0.9.1 - docLogin method now receives parameter exception_raised if it is raised as an exception. This is needed because in this case, method is displayed inside standard_error_message method (so HTML headers should not be included). - If exception is raised during query, connection is marked (new DB API function is added: has_errors ()). Main code checks this flag, and reconnects in case of errors. - MD5 digest support (thanks to Filippo Natali). Password field in the database now has to have length 32. - Ignore error if crypt is not avaiable (it is UNIX specific). - manage_contents is renamed to manage_main. Add/Delete/Copy/... buttons expect this name. - Code will now work even if domains specification is None (although it shouldn't be - field is NOT NULL). ** Version 0.9.0 - Domain specification for users now works. - user_* functions are now protected by permissions. There is "Advanced" management tab where it is possible to easily setup proxy roles for "ACT" methods. - System now supports crypt () passwords. Also, there is a special INVALID_PASSWORD_TYPE which denies authentication. - It is now possible not to put expires attribute for cookies so they will not be stored when browser exits. - Some cfg parameters are now stored in the folder object: life, timeout and persistence for session and user cookies, logging configuration. - Management screen improvements: management screens rearranged; fixed warning "manage_main != manage_contents"; after UserEdit submit user is return to the user edit screen. - Property dtml_user_dir is now visible only during creation, since it is not used after. - __connect () errors are silently dropped in __setstate__ (). Interface functions will __connect () if there is a need. Errors are handled gracefully where possible in manage functions. New interface functions is_connected () is created. - validate () will work without DB connection if VALIDATE_ALWAYS_SUPER is set. Some management screens will work without DB connection - now it is possible to change DB parameters when there is no connection. - getUserNames () now can filter results based on optional role. - Fixed missing "return" when VALIDATE_ONLY_ANONYMOUS is set. - DTMLFile is used instead of HTMLFile for management screens. Management DTML methods now use Zope's manage_page_header/footer. - manage_addMySQLRoles now calls _addRoles (). - Module random is used now instead of whrandom ** Version 0.6.4 - Function get_path_from_request () now users REQUEST ['URL'] to construct request url. (thanks to Stephen Snyder). - If tokens have invalid value, they are deleted from the cache. Previously, it was done only for expired tokens. - Debug logging improvements. ** Version 0.6.3 - mysqlUserFolder is now forcing basic authentication on certain ports even if cookies are used (so FTP can be used). - authorize () calls BasicUserFolder.authorize () now. - URL Query string is also passed in login_goto if exception is raised during processing. This means that user will go to the target page including parameters after login. - Management screen supports changing roles (thanks to Remi Houdaille). - Multiple roles support when creating users (thanks to Remi Houdaille). - Other small improvements in management screens. - db.py: Tables are unlocked when exception is raised. - Size of the username and email fields is increased to 60 in sql creation script. Management dtml methods support now getting field sizes from cfg.py - New parameter mysql unix socket added. - CACHE_USER_LIFE decreased to 60 in cfg.py ** Version 0.6.2 - If roles argument passed in validate is None, assume Anonymous. - Users now have role "AUTHENTICATED". - Two levels of debug messages. ** Version 0.6.1 - Cookie path and domain are now configurable. - Security options VALIDATE_IGNORE_ROLES and VALIDATE_ONLY_ANONYMOUS. - QUERY_STRING is also logged. - Changed [] -> () in "unlock tables" call. No more problems with MySQLdb 0.9.0 (thanks to Albert Ting ). - Cleared references to manage_cache. Also deleted reconnect option from management screen. - Deleting users from the management screen works again. ** Version 0.6.0 - User, session and token caching. - Fixed cookie expiration time string when locale is used. Private function is used instead of strftime (). - Tokens database now has field Realm. This prevents using a same session for different realms. - Added minimal expiry time for cookies. - UserDb.refresh_user () now returns status. ** Version 0.5.3 - mysqlUserFolder now works with MySQLdb 0.3.2 (int -> long change). Also there should be no more problems with non English characters. mysqlUserFolder now uses MySQLdb query parameters. - User dtmls now set no-cache headers. - Logging table is changed: remote address in now logged. Also, failed cookie logging attempts are logged. This isn't final logging system, there will be more changes. - user_login (): login_goto_path is passed to docLogin in case of failed login. ** Version 0.5.3d1 - Cookie names can use realm, so users can be authenticated by multiple folders using different realms. ** Version 0.5.2 - Session logging. Also, new table Log. This is still experimental, meta_type and size doesn't work for some objects. Table is going to be changed in future releases. - SECURITY: Fix for db.del_user (), user sessions and tokens are now deleted, when user is deleted. Please see MySQL database section in README. - Fix for INSTANCE_HOME installations. - Fixed error in __get_session_user (): Changing realm can lead to an error if there are old sessions. - Typing error in __setup_session () fixed. - Management interface improvements, thanks to Andre Schubert - Documentation updates. ** Version 0.5.1 - Compliance of User and Session classes with Zope security system (Zope 2.2). - Changes in the TokenDb API: General (not just cookie) token support. - getUser () was not returning completely initialized user object. - Cookies: expire them before setting. - Session authentication method now checks realm. - SECURITY: Bugs fixed in session handling code: there was possibility that user was authenticated with UF using different realm. - Typing error in use_login (): Session was not terminated when authenticated user logs as another user. - validate (): Now, Anonymous is not authenticated when http auth is used. In this case, Zope's root user folder should do the authentication. - getUser () now returns user object that is not wrapped. Don't know why zope wants it in this way, but otherwise there are problems. - User's miscdata were not deleted when user was deleted. - Session and user timeouts are changed. - DTML properties screen was not showing correct database name. ** Version 0.5.0 - Complete redesign: session support, Zope 2.2, editable user dtmls. - Authentication process is changed. - MySQL tables are changed (tables Users and Roles are not changed). - MiscData get function now returns default values for keys that don't exist.