Author: Zope Foundation and Contributors


        Products.PluggableAuthService README

This product defines a fully-pluggable user folder, intended for
use in all Zope2 sites.


The normal way it install this package is via ``setuptools``, either
via ``easy_install`` into a virtual environment::

  $ cd /path/to/virtualenv
  $ bin/easy_install Products.PluggableAuthService

or by including the package in the configuration for a ``zc.buildout``-based

  $ cd /path/to/buildout
  $ grep "eggs =" buildout.cfg
  eggs = Products.PluggableAuthService

The product can also be installed as a depencency of another distribution.

If you want to install this package manually, without using setuptools,
simply untar the package file downloaded from the PyPI site and look for
the folder named "PluggableAuthService" underneath the "Products" folder 
at the root of the extracted tarball. Copy or link this 
"PluggableAuthService" folder into your Zope "Products" folder and restart 


Please see the files under doc/ in the packaged software for more
information, and consult the interfaces files under interfaces/ in
the software package for PluggableAuthService and plugin APIs.

Change Log

1.10.0 (2013-02-19)

- Allow specifying a policy for transforming / normalizing login names
  for all plugins in a PAS:

  - Added ``login_transform`` string property to PAS.

  - Added ``applyTransform`` method to PAS, which looks for a method on PAS
    with the name specified in the ``login_transform`` property.

  - Added two possible transforms to PAS: ``lower`` and ``upper``.

  - Changed the methods of PAS to call ``applyTransform`` wherever needed.

  - Added the existing ``updateUser`` method of ZODBUserManager to the
    IUserEnumerationPlugin interface.

  - Added a new ``updateEveryLoginName`` method to ZODBUserManager and the
    IUserEnumerationPlugin interface.

  - Added three methods to PAS and IPluggableAuthService:
    ``updateLoginName``, ``updateOwnLoginName``, ``updateAllLoginNames``.
    These methods call ``updateUser`` or ``updateEveryLoginName`` on every
    IUserEnumerationPlugin. Since these are later additions to the plugin
    interface, we log a warning when a plugin does not have these methods
    (for example the ``mutable_properties`` plugin of PlonePAS) but will
    not fail.  When no plugin is able to update a user, this will raise an
    exception: we do not want to quietly let this pass when for example a
    login name is already taken by another user.

  - Changing the ``login_transform`` property in the ZMI will call
    ``PAS.updateAllLoginNames``, unless ``login_transform`` is the same or
    has become an empty string.

  - The new ``login_transform`` property is empty by default. In that case,
    the behavior of PAS is the same as previously. The various
    ``applyTransform`` calls will have a (presumably very small)
    performance impact.

- Launchpad #1079204:  Added CSRF protection for the ZODBUserManager,
  ZODBGroupManager, ZODBRoleManger, and DynamicGroupsPlugin plugins.

1.9.0 (2012-08-30)

- Launchpad #649596:  add a protocol for plugins which check whether a
  non-top-level PAS instance is "competent" to authenticate a given request;
  if not, the instance defers to higher-level instances.  Thanks to Dieter
  Maurer for the patch.

1.8.0 (2012-05-08)

- Added export / import support for the ChallengeProtocolChooser plugin's
  label - protocols mapping.

1.7.8 (2012-05-08)

- In authenticateCredentials do NOT fall back to using the login as
  userid when there is no match, as that gives a high chance of
  seeming to log in successfully, but in reality failing.

1.7.7 (2012-02-27)

- Explicitly encode/decode data for GS

1.7.6 (2011-10-31)

- Launchpad #795086:  fixed creation of PropertiesUpdated event.

1.7.5 (2011-05-30)

- Launchpad #789858:  don't allow conflic