Authentication support for Silva CMS
In a Silva instance, you cannot mix PAS acl_user and regular Zope 2 one.
This extension require at least Silva 3.0 or higher. For previous release of Silva, please use previous versions of silva.pas.base.
In Silva 3.0, it is installed by default.
You can find the code of this extension in Git: https://github.com/silvacms/silva.pas.base
- Update icons.
- Make possible to configure settings in SMI too.
- Update cookie and cascading to support broken third-party plugins. They will now log errors of others plugins in order to facilitate their configuration. They now support other type of return values for those plugins too.
- Change HTML and CSS of the public login page.
- Make the cookie plugin implement updateCredentials, that can be used by other plugins. This is usefull than the authentication is not done via the login page.
- Update cookie path to use top level path provided by IVirtualHost.
- Make the protection against request replay on the login form optional. Some dubious browser plugins replay all request, making impossible for people using such browser to login in (which is the goal of this protection).
- Add an option to display users email address in the Access tab.
- Propose to install a PAS acl_users if one isn’t already installed in the service.
- Fix default buttons on various screens.
- Update API to Silva 3.0c1.
- Add more options to the cookie PAS handler.
- Improve login mechanism when using AJAX requests, login form and login cookie.
- Improve tests.
- Update for Zope 2.13 and Python 2.7.
- Update SMI interfaces to use silva.ui.
- Improve cookie PAS plugin.
- Update code to use new member service API (MemberErrorLookup).
- Refactor login form HTML (complete change to use div).
- Update code to use Zope 2.12.
- Remove deprecation under Silva 2.3. This is now the required minimal version. We now use Grok to register ourselves.
- Update the cookie plugin: the username and password are no longer contained in the cookie, but a secret validated against the Silva Secret Service.
- Update the cookie plugin: the login is now a page that is rendered inside the public layout.
- The member service have been extends to support PAS groups. This is now the official method to implement groups in Silva.
- Set a lifetime to the cookie set by SilvaCookieAuthHelper. [antonin]
- Always unquote came_from when it’s fetched from the request in the logout link. Some proxy requote it more. [sylvain]
- Support for local users. [sylvain]
- Support cascading of PAS acl_users. Add a plugin which does look in the parent one needed information to let people authenticate. It’s an extension of the SearchPrincipalPlugin. [sylvain]
- Let Anonymous people access the login form by default (the acquired permission might not be right). [sylvain]
- Don’t delete the login_form when you reinstalled/refresh the extension. [sylvain]
- Look for came_from in URL as well on logout. [sylvain]
- Add a message on log out (so if you have a login page again, you known you have been logged out). [sylvain]
- Fix authentication validation in cookie helper. [sylvain]
- Fix an error when you ask a member which doesn’t exist and use the direct lookup mode in Silva. [sylvain]
- Add a silva cookie auth helper which check that you type user and password,
- Add feedback on the login page,
- Add translation markers.
- Initial version