Revision history for CGI-Application-Plugin-Authentication
0.25 2024-06-28 16:32:46-05:00 America/Chicago
Fix tests failing on CGI.pm >= 4.66 (thanks Chris Peterson)
0.24 2024-01-05 15:30:08-06:00 America/Chicago
Fix tests failing on CGI.pm >= 4.58 (Gregor Herrmann and Debian Perl)
0.23 2018-03-05 13:15:54-06:00 America/Chicago
Support SQLite 3.22.0 in tests (thanks to Gregor Herrmann and Debian Perl)
0.22 2018-02-07 14:24:30-06:00 America/Chicago
Fix failing tests on Win32
0.21 2017-03-15 22:54:23-05:00 America/Chicago
Fix list-context calls to CGI::param().
Fix failing tests with newer CGI versions.
0.20 Fri 29 Apr 2011
Use Test::ConsistentVersion rather than Test::CheckVersion
Fixed spelling errors and added descriptions - Closes #rt63839
Removed now unused login_styles method from core module
Added more tests completing test coverage for the Cookie module.
Changed from using the Digest::SHA1 module to usuing Digest::SHA
instead - Closes #rt67840
0.19 Wed 24 Nov 2010
Incoporated developer changes. Made pod tests only run when TEST_AUTHOR=1.
Automatically generate README.
0.18_2 Mon 20 Jul 2010
Separate out display code and provide Basic and Classic alternatives to
the login form. Added more examples. Implementd typo fix reported by
Alexandr Ciornii. Added copyright declaration for icons in the login form.
0.18_1 Thu Jun 25 2010
Put OS dependent guards in certain tests.
Removed deprecated *_DESTINATION parameters.
Added first test for devpopup and fixed undefined variable therein.
Cannot use Test::More 0.92 as that has an issue with subtests.
0.18 Mon Jun 23 2010
Completed test coverage for Driver and below
TABLES parameter was not made mandatory in DBI driver.
Fixed dependency on Test::More - must be at least version 0.90.
Fixed handling of custom filters - now they must have a $param and a $value.
Incorporated Christian Walde's suggested changes for compatibility with
CGI::Application::Plugin::ActionDispatch.
Adding tests around the HTML generated by the login_box function and
verifying that it is taint free.
Upped requiredment on CGI to 3.16 as that seems to cause unusual behaviour in returning
self referring urls and further upped requirement on CGI to 3.16 as 3.15 has an
unusual interpretation of redirection headers.
Fixed regular expressions in destination test to respect HTTP header CRLF conventions.
0.17 Thu Jan 21 19:16 GMT 2010
Bug Fixes
rt53533 - During initialization deferred checking the users credentials to the last possible moment.
This ensures that sessions are not created unless actually required.
Also attempted to document which functions add session/cookie state.
Build Fixes
rt35030 - Upped the requirement on Apache::Htpasswd to 1.8 as this simplifies our dependency management.
0.16 Mon Jan 18 22:18 GMT 2010
Release dedicated to improving CPAN readiness - see RT:50670.
Fixed spelling mistakes and added a test script that uses Test::Spelling.
Fixed dependency on Test::Exception and added a test script that uses Test::Prereq::Build.
Added test scripts to validate the MANIFEST file and Changes file.
Removed files that are generated during './Build dist' from repository.
0.15 Tue Jan 12 15:42 GMT 2010
Redist to fix tar format issues RT:45155 & 23705
0.14 Sun Oct 18 02:48:10 EST 2009
Bug Fixes
- Make sure the 'action' attribute of the login_box includes the
path_info in the URL (resolves RT:38049 patch by Alex Becker)
New Features
- Add options for LIMIT and ORDER_BY to DBI driver (requested by tbone)
- Add FORM_SUBMIT_METHOD option to the login box which allows you to
change the form method to GET instead of the default POST.
(resolves RT:34198 requested by jaldhar)
- Add hooks for devpopup (resolves RT:35989 patch by Alexandr Ciornii)
0.13 Mon Mar 30 23:58:25 EST 2009
Build fixes
- There are no code changes to this release, just fixes in the build and
test systems to solve some outstanding test failures
- unit tests now skip tests where optional modules are not installed
(gtermars@cpan.org)
- remove build dependency on Test::Exception, replacing it with hand-rolled
equivalent methods. Newer Perls have been seen to fail our tests with
"Bizarre copy of HASH in sassign..." when using Test::Exception. Cause
of the issue may be far lower/internal than Test::Exception, but
replacing these methods eliminates the issue for us. (gtermars@cpan.org)
- cleanup prerequisites and build files (Alexandr Ciornii)
0.12
Bug Fixes
- when issuing a redirect, remember to set header_type to 'redirect'
(reported by Graham TerMarsch)
Other updates
- Fix inconsistency in doc example (reported by POLETTIX)
0.11 Wed Jul 26 11:16:12 EDT 2006
- suppress warning about missing Color::Calc unless the user is actually
trying to use it (reported by Ron Savage)
- explicitly load CGI.pm since some users may be using CGI::Simple
(reported by Ron Savage)
- Fixed bug in Cookie store where the expiry time of the cookie was ignored
(patch by POLETTIX)
0.10 Thu May 18 22:59:56 EDT 2006
- Add support for Authen::Simple (all Authen::Simple modules can
be used directly as Drivers)
- Made the login page much more customizable:
- change any of the text
- customize the colours - provide one base colour and lighter and
darker shades are automatically generated (requires Color::Calc)
- offer to remember the users username in a cookie for the next
time they login
- add option for a 'forgotten password' URL
- add option for a 'register new account' URL
- add option to supress the stylesheet so you can provide your own
0.09 Thu Jan 26 20:56:29 EST 2006
API Changes
- Added option to provide your own HTML for the login box through a callback
(Shawn Sorichetti)
- Added POST_LOGIN_RUNMODE callback (Shawn Sorichetti)
0.08 Wed Nov 23 20:20:24 EST 2005
API Changes
- Removed ability to configure the DBI driver with a DSN and
username/password. CGI::Application::Plugin::DBH should be used for
that instead (Mark Stosberg)
- DBI driver defaults to $self->dbh() if DBH not provided (Mark Stosberg)
Bug Fixes
- Made MIME::Base64, Digest::SHA1 and CGI::Cookie mandatory requirements
and load them at compile time instead of runtime in the Cookie store.
(fixes problem reported by Richard Jones)
Other updates
- Added Driver that can authenticate against htpasswd files
- Fixed typo in examples/sample.cgi
- Fixed typo in lc filter example (Mark Stosberg)
- Updated docs for initialize(), and made it return true value
(Mark Stosberg)
0.07 Sat Oct 29 17:08:48 EDT 2005
API Changes
- Config parameters ending in _DESTINATION have
been renamed to _URL for clarity.
(Mark Stosberg)
Bug Fixes
- DBI Driver was incorrectly using DBH option when
it should have used the DSN option
(patch from Jim McQuillan)
- Tests were failing if certain modules were not
installed.
(fixed by Shawn Sorichetti)
Other updates
- add negative regexp example for the
'protected_runmodes' method
(suggested by Larry Leszczynski)
0.06 Fri Oct 14 14:05:52 EDT 2005
Bug Fixes
- fix autorunmode test so it doesn't fail
if the AutoRunmode plugin is not installed
0.05 Fri Oct 14 13:15:23 EDT 2005
New Stuff
- add ability to timeout logins based on last
successful login, or with a custom callback
(as well as the original last access timeout)
- add 'last_access' and 'last_login' methods
- add 'is_login_timeout' to show when a login
request is caused by an idle login session
- added lots more tests
Bug Fixes
- login timeouts were not working properly
- the Cookie Store was not honouring the EXPIRY option
- using :all in protected_runmodes now works
- fix test failure when Test::Warn not installed
(fixed by Shawn Sorichetti)
Experimental
- subroutine attributes: you can specify that a
runmode should be protected with a subroutine
attribute. example: sub my_rm :Authen { ... }
This conflicts with the AutoRunmode plugin right now
0.04 Thu Sep 22 21:06:54 EDT 2005
API Changes
- renamed 'encoders' to 'filters' - This should only affect
driver writers and not end users
New Stuff
- filters (formerly encoders) can now be chained (See docs)
- filters can take a param (See docs)
- added filters for uc, lc and trim
- added a simple sample application
- more docs (based on suggestions from Ron Savage)
0.03 Mon Sep 19 14:57:47 EDT 2005
API Changes
- renamed the 'auth' method to 'authen' to make it easier
to distinguish from the upcoming 'authz' plugin. There
is also an alias to 'authentication' for those who like
clarity over brevity.
- For the DBI driver, changed credential identifiers from
cred_1 to __CREDENTIAL_1__
New Drivers
- Dummy Driver - accepts any credentials as valid
New Stuff
- Added little icons to the default login and password
fields (only works in Mozilla based browsers)
- if STORE config is not given, the plugin will detect if
you are already using the Session plugin, and use the
Session Store instead of the Cookie Store.
- Added a lot of new documentation
Bug Fixes
- 'run_modes' method was incorrectly being used in the
test suite (reported by Ron Savage)
0.02 Fri Sep 16 00:19:10 EDT 2005
New Drivers
- DBI Driver
New Stores
- Cookie store (requires no server side storage)
New Stuff
- Added field encoding support for datastores that
keep passwords in an encoded format, like Unix crypt,
or MD5.
- Added encoders for crypt, MD5 and SHA1
- Added some more methods to Driver.pm that can simplify
the building of new Driver modules (find_option, encode,
check_encoded, strip_field_names)
- Added lots more tests to the test suite
(Cees and Shawn Sorichetti)
Bug Fixes
- Fixed Generic Driver when using array of arrays method.
- Options no longer get clobbered by the modules.
(reported by Shawn Sorichetti)
0.01 Fri Sep 9 00:44:17 EDT 2005
- original version