Author: Matthew Good Maintainer: Steffen Hoffmann acct_mgr-0.5 (not yet released) - branch 0.11 resolved issues new features acct_mgr-0.4.1 (26-Dec-2012) - branch 0.11 resolved issues * #5964: Prevent multiple calls to LoginModule._remote_user() by re-using a flag introduced for account locking * #8545: Authentication always fails by introducing authentication attempt debug logging and a new option 'environ_auth_overwrite' for additional control over REMOTE_USER's value * #10134: HttpAuth login throws traceback * #10625: AssertionError in trac.db.pool.PooledConnection.__del__ * #10700: AccountModule._do_reset_password discards error from _reset_password * #10701: Reset password reports `Cannot find ... "IPasswordHashMethod"` * several fixes for unreported account guard issues acct_mgr-0.4 (01-Dec-2012) - branch 0.11 resolved issues * #3459: Authentication information not available * #4677: Admin based chaining HtDigestStore & HtPasswdStore breaks config by adding dedicated options 'htdigest_file' and 'htpasswd_file' * #5691: No cookie warning shown when trying to log in with Konqueror * #6616: Invalid entries for usernames in table by adding a cleaner macro implementation outside of `UserStatsMacro` * #8685: User deletion ordering breaks 'deleted' notification for SessionStore * #8770: AttributeError: Cannot find implementation of "IPasswordHashMethod" * #8990: HtPasswdStore and SessionStore with HtPasswdHashMethod share option by adding dedicated options 'db_htpasswd_hash_type' and 'db_htdigest_realm' * #9052: acct_mgr.web_ui.emailverificationmodule - Doesn't send email * #9079: PostgreSQL: Database error when creating new user with attributes * #9090: AccountManager plugin does not email after user registration * #9139: SvnServePasswordStore and case sensitivity * #9246: InternalError when refresh_passwd = true * #9252: All session attributes are deleted when user logs in first time * #9547: Option `persistent_sessions` is not working in `0.4dev-r10747` * #9843: New user missing in 'session' table. * #9940: Admin unable to reset password * #10023: SQL Injection in acct_mgr.api.AccountManager.lastseen() * #10028: Account delete does not purge user's auth cookie * #10123: Registration with EmailVerification should instruct more clearly * #10204: Users can delete their email address even when verify_email=true * #10276: "Unknown preference panel" when logging out from account tab * #10397: Don't allow username with all capital letters * #10412: acct_mgr-0.4dev breaking 2.4 compatibility * #10594: Some options' docs are missing * #10644: Add a real license * do AccountManager class API cleanup by moving db access to model layer * prevent duplicate action entries in Trac core permission select box new features * #874: Add new fields to register form and a registration validation system * #5295: Add optional username regexp to registration checks * #7577: Prevent spammers from registering * #8076: Add optional account email regexp to registration checks * #8791: Obsolete patch needed for authentication against Jira by adding sha256/sha512 hash support (needs `passlib` or extended `crypt`) * #9618: HttpAuthStore authentication enhancement by allowing a relative URL for `authentication_url` configuration option * #9676: Incorporate optional Single-Sign-On functionality * #9852: Embed some user information in TracWiki by introducing WikiMacros `ProjectStats` and `UserQuery` * #10142: Allow admin to override verification status * add recursion to option parser for configuration admin page and provide available valid values for an `ExtensionOption` like `IPasswordHashMethod` by a select field (dropdown box) - or meaningful message on missing options * add cleanup page for purging `session_attribute` db table via admin web UI * add randomized authentication cookie ID refreshment, average refresh rate controlled by new option `cookie_refresh_pct` * switch to case-less username duplicate checking * add unit tests i.e. for hash creation and re-written registration checks to significantly extend code coverage * add Trac style shading of odd/even rows to user lists acct_mgr-0.3.2 (26-Aug-2011) - branch 0.11 resolved issues * #9051: Unable to add users due to existing email addresses by fixing SQL statements responsible for db cleanup on account deletion * #9082: Remove cookie's `expires` param (0.12) when rememberme is unchecked * #9088: Expire trac_auth_session cookie before LoginModule._do_logout * #9091: tags in user registration notification * #9092: TypeError: __call__() got an unexpected keyword argument 'link' * #9093: A href tags in verification notice * #9095: Delete session cookie if client sent it and rememberme is unchecked * #9099: Expire session cookie whenever trac_auth cookie gets expired * #9107: Error when building the egg file * #9108: TypeError: 'NoneType' object is not iterable * #9109: TypeError: 'NoneType' object is not iterable * fix TypeError in account details admin page for not yet authenticated users * make option `verify_email` effective for `RegistrationModule` * fix bug from initial password store chaining implementation leading to false-positives on user store discovery and later unexpected login failure * change account details admin page into users admin subpage acct_mgr-0.3.1 (13-Jul-2011) - branch 0.11 resolved issues * #8963: Restore compatibility with Trac 0.11 - holding 10 different issues * further improve redirect loop protection (infinite loop after /login) * add more verbose error log messages for missing/unreadable password file * remove duplicated message in Trac 0.11 at account details admin page * prevent argument duplication on POST requests of account details admin page * enable admin to restart password hash refresh from configuration admin page acct_mgr-0.3 (07-Jul-2011) - branch 0.11 resolved issues * #3233: Infinite redirect loop after resetting the password * #3783: Form based login fails to forward nicely on referrer outside of Trac * #3989: Email verification and password reset with notification lock users * #4040: TracError instance has no attribute 'acctmgr' on new user creation * #4160: Password reset oddness with multiple projects config * #5247: Stack trace escapes to user when htdigest file is not writeable * #6821: Register and 'Forgot your password?' links can no longer be enabled * #7850: Error after upgrade from 0.11 to trunk version * #7863: Syntax error found when building egg * #7880: 'ioerror: invalid mode: Ur' in htfile.py * #8061: An input element has no child nodes * #8063: Better i18n codes * #8381: Failure to verify valid passwords after migration Windows => FreeBSD * #8534: Can't resend password reset email * #8549: Changing password in SessionStore if forced has no effect * #8663: Disable register link on the login page * #8834: TypeError: sequence item 0: expected string, int found * #8813: German docs of options, even when browser's locale isn't 'de' * #8925: Register form user field should be username * #8936: Cannot delete user using AccountModule from web_ui * #8939: Fix for "mgr" not found error in http.py * fix AccountModule.reset_password_enabled() from type list to boolean * really disable reset password page, if feature is disabled * fix password reset procedure (preventing easy account takeover) new features * #442: Add email verification for new/changed email addresses by completing a matured procedure i.e. with account details display * #809: Fit long user list in users admin page to one screen height * #816: 'forgot password' should not reset password directly by introducing a separate ResetPwStore (a SessionStore derivate) * #2966: Add user account (name, email) edit support to user account page * #6803: Add i18n/l10n support adding i18n setup and message markup and several translations complete (>95%): English (default), German, Japanese, Russian, Swedish convenient (>75%): Czech, Italian partial (>33%): Dutch, French, Spanish Check https://www.transifex.net/projects/p/Trac_Plugin-L10N/ for more recently added and updated translations * #7111: Password reset from users admin page * #7437: Lock user after configurable number of failed login attempts by a new AccountGuard module for login attempt tracking and account locking * #8257: Display PasswordStore option docs on configuration admin page * #8487: AcctMgr creates blank lines in password_file under Windows * #8563: IndexError: list index out of range * #8774: KeyError: acct_mgr.web_ui after failed import of acct_mgr.web_ui * #8814: Generic word `for` is extracted, term is difficult to translate * #8843: XHTML invalid verify_email.html * extend AccountManager class API by 'email_verified' and 'user_known' * re-design 'ugly' HTML login form adding new 'login_opt_list' option and contribute recommended CSS styles * add account details admin page * add auth cookie options introduced in Trac 0.12 * add optional password hash refresh on successful login * code cleanup and more readable multiline SQL statement formatting * add changelog (this file) * add OpenPGP signed md5 and sha1 hash lists and verification script backported - branch 0.10 * #8381: Failure to verify valid passwords after migration Windows => FreeBSD * fix password reset procedure (preventing easy account takeover) acct_mgr-0.2.x (updates to 0.2.1, never officially released) - branch 0.11 resolved issues * #831: Case sensitive Authentication, but Case in-sensitive Authorization * #1382: Make 'Delete Account' function on 'My Account' page optional * #1602: Pass old_password when changing password * #1922: ValueError with HttpAuthStore when entering invalid credentials * #2044: AccountManagerPlugin README missing an example for HttpAuth backend * #2327: Fix unicode support in htdigest password file store * #2630: Registration of usernames which can corrupt a SvnServePasswordStore * #3086: Admin "Last Login" users info should use correct time zone * #3137: Fix tests and include functional tests * #3200: Add and register user corrupts password file with no carriage return * #3343: Error onClick 'Remove selected accounts' when no account is selected * #3401: Removing email from preferences makes account unusable * #4125: Fix message wrapper for AccountModule and EmailVerificationModule * #4276: HtPasswdStore changes ownership of htpasswd file (bad file IO) * #4525: SvnServePasswordStore looks at wrong place for svnserve.conf file * #4628: Fix SessionStore unicode errors htdigest hash method * #4682: Registration of user names with colon could corrupt htpasswd file * #4830: NameError: global name 'sorted' is not defined on Python 2.3 * #4895: AccountManagerPlugin + Trac 0.12 (no attribute 'smtp_server') * #4897: TracAccountManager htpasswd file handling clobbers symlinks * #4984: Prefer hashlib over deprecated md5 and sha * #5509: EmailVerificationModule undocumented, allows email-less registration * #5514: Typo 'acct_mge' in web_ui.py in 0.11 branch * #5789: Change description on notification admin page * #6453: AttributeError: 'NoneType' object has no attribute 'encode' * #6730: AnnouncerPlugin compatibility with AccountManager * #7087: Trailing spaces are not being removed from the username * #7396: Password salts and randomness length * #7576: Users redirected with no confirmation, fail to note register success * #7687: Always redirect to referer after login * #7807: Show error into 'after-registration form' * extend and fix IPasswordStore API implementation for HttpAuthStore * improve error reporting for failures in password stores * fix a bunch of small typos in Python doc-strings and elsewhere * redirect anonymous GET '/verify_email', no more 'email already verified' * several fixes against infinite redirect loop conditions new features * #131: Add 'Remember Me' functionality adding a new 'persistent_sessions' option * #442: Email verification for new/changed addresses * #1902: Allow more granular permissions * #2282: Make default htpasswd hash type configurable * #3153: Easy option to disable email verification * #3726: Split admin pages in seperate components * #5299: Improvements to the email verification page * #7700: Allow user management without having TRAC_ADMIN permission * added support for chained password stores * added password change in the users admin page * extend username checks before registration adding a new 'username_char_blacklist' option backported - branch 0.10 * #2327: Fix unicode support in htdigest password file store * #3200: Add and register user corrupts password file with no carriage return * #4125: Fix message wrapper for AccountModule and EmailVerificationModule * #4628: Fix SessionStore unicode errors htdigest hash method * #4830: NameError: global name 'sorted' is not defined on Python 2.3 acct_mgr-0.2.1 (28-May-2008) - branch 0.11 new features * #147: Email notification of account related events ToDo: historic entries below are still incomplete - more work needed acct_mgr-0.2 (10-Nov-2006) - new branch 0.11 * add SessionStore for storing user passwords as a Trac session attribute acct_mgr-0.1.3 (13-Nov-2006) branch 0.10 new features * #173: Integrate login-related plugins by adding HttpAuthStore acct_mgr-0.1.2 (10-Nov-2006) - new branch 0.10 acct_mgr-0.1.1 (10-Jan-2006) - new branch 0.9 acct_mgr-0.1 (20-Jul-2005) - initial release