Metadata-Version: 1.0
Name: z3c.password
Version: 0.8.0
Summary: Password generation and verification utility for Zope3
Home-page: http://cheeseshop.python.org/pypi/z3c.password
Author: Stephan Richter, Roger Ineichen and the Zope Community
Author-email: zope3-dev@zope.org
License: ZPL 2.1
Description: This package provides an API and implementation of a password generation and
        verification utility. A high-security implementation is provided that is
        suitable for banks and other high-security institutions. The package also
        offers a field and a property for those fields.
        
        
        =======
        CHANGES
        =======
        
        0.8.0 (2009-01-29)
        ------------------
        
        - Feature: ``failedAttemptCheck``
        * increment failedAttempts on all/any request (this is the default)
        * increment failedAttempts only on non-resource requests
        * increment failedAttempts only on POST requests
        
        - Feature: more specific exceptions on new password verification.
        
        0.7.4 (2009-12-22)
        ------------------
        
        - Fix: ``PrincipalMixIn.passwordSetOn`` happens to be ``None`` in case the
        class is mixed in after the user was created, that caused a bug.
        
        0.7.3 (2009-12-08)
        ------------------
        
        - Fix: ``disallowPasswordReuse`` must not check ``None`` passwords.
        
        0.7.2 (2009-08-07)
        ------------------
        
        - German translations
        
        0.7.1 (2009-07-02)
        ------------------
        
        - Feature: ``passwordOptionsUtilityName`` property on the ``PrincipalMixIn``.
        This allows to set different options for a set of users instead of storing
        the direct values on the principal.
        
        
        0.7.0 (2009-06-22)
        ------------------
        
        - Feature: Even harder password settings:
        * ``minLowerLetter``
        * ``minUpperLetter``
        * ``minDigits``
        * ``minSpecials``
        * ``minOthers``
        * ``minUniqueCharacters``
        * ``minUniqueLetters``: count and do not allow less then specified number
        
        - Feature:
        * ``disallowPasswordReuse``: do not allow to set a previously used password
        
        - 100% test coverage
        
        0.6.0 (2009-06-17)
        ------------------
        
        - Features:
        ``PrincipalMixIn`` got some new properties:
        * ``passwordExpired``: to force the expiry of the password
        * ``lockOutPeriod``: to enable automatic lock and unlock on too many bad tries
        
        ``IPasswordOptionsUtility`` to have global password options:
        * ``changePasswordOnNextLogin``: not implemented here,
        use PrincipalMixIn.passwordExpired
        * ``lockOutPeriod``: global counterpart of the PrincipalMixIn property
        * ``passwordExpiresAfter``: global counterpart of the PrincipalMixIn property
        * ``maxFailedAttempts``: global counterpart of the PrincipalMixIn property
        
        Password checking goes like this (on the high level):
        1. raise AccountLocked if too many bad tries and account should be locked
        2. raise PasswordExpired if expired AND password matches
        3. raise TooManyLoginFailures if too many bad tries
        4. return whether password matches
        More details in ``principal.txt``
        
        - Added Russian translation
        
        - Refactor PrincipalMixIn now() into a separate method to facilitate
        override and testing
        
        - Changed the order the password is checked:
        1. check password against stored
        2. check maxFailedAttempts, raise TooManyLoginFailures if over
        3. if password is OK, check expirationDate, raise PasswordExpired if over
        4. return whether password matches
        
        This is because I need to be sure that PasswordExpired is raised only if the
        password *IS* valid. Entering an invalid password *MUST NOT* raise
        PasswordExpired, because I want to use PasswordExpired to allow the user
        to change it's password. This should not happen if the user did not enter a
        valid password.
        
        0.5.0 (2008-10-21)
        ------------------
        
        - Initial Release
        
Keywords: zope3 z3c password verification
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Zope3
