RestAuth 0.6.3 (30 May 2013)

  * Fix a major bug that meant no password verification for services when
    using SECURE_CACHE = True

  Dependencies:
  * RestAuth is now fully tested with Python3.2 and higher.
    * Running RestAuth with Python3 requires Django>=1.5 and South>=0.8.
	* six is used to ensure Python3 compatability.
  * Add requirements3.txt file which excludes wsgiref as dependency.
  * On Python2, RestAuth now requires Python2 >= 2.6.5. 
  * RestAuth now requires Django >= 1.4.2 or greater.
  * Generally relax dependencies in requirements.txt

  Command-line scripts:
  * Fix imports in restauth-group.
  * restauth-service, restauth-user and restauth-group now have a rename
    action, renaming services/users/groups.
  * New 'set-service' action for restauth-group which sets the service of a
    group.

RestAuth 0.6.2 (22 April 2013)

  * Fix loading of validators.
  * Validator classes now are in CamelCase.
  * Loaded validators are now instances, which mostly enables more rigid
    testing of validator-loading.
  * Update requirements.txt
  * Add the CONTENT_HANDLERS setting to localsettings.py
  * Add installation instructions for PIP
  * Use djangos backport of unittest in some cases.

RestAuth 0.6.1 (01 April 2013)

  Dependencies:
  * This release requires Django 1.4 or later and is tested with Django 1.5.
  * This release requires Python 2.6 or newer.
  * Python 3.2 or newer is supported by our codebase, but some dependencies
    (mimeparse, south) do not yet work with Python 3.

  Backends:
  * RestAuth now features a pluggable backend system to store its data.
    Different backends can be used to store user data, properties and groups.
	RestAuth comes with a backends using the Django ORM, providing the
	previous functionality and a Redis plugin to store property data. Please
	see:
		https://server.restauth.net/developer/backends.html
	for more information.

  Password hashing
  * RestAuth now uses the password hashing API provided by Django 1.4 or
    later. Consequently, the HASH_ALGORITHM and HASH_FUNCTIONS settings have
	been deprecated by the standard Django PASSWORD_HASHERS setting.
  * Existing validators need to be rewritten. Please see the current document
  		https://server.restauth.net/config/custom-hashes.html
	for more information.
  * Because of the above changes, hashing is now provided by public functions
    that can be used in custom backends as well (see documentation).
  * The SERVICE_PASSWORD_HASHER setting overrides the default password hasher
  	for services. Using md5 gives a significant speed improvement, but has some
	security implications (see documentation).
  * RestAuth now supports hashes as generated by Phpass (WordPress, phpBB3)
    and the enhanced phpass-like sha512 hashes found in Drupal7.

  General improvements:
  * Most received data is now validated using assertions. This makes verifying
    the input data format both faster and more exact.
  * Content handlers are now configured with the CONTENT_HANDLERS setting. The
    handlers are now used as global classes and are never reloaded.

  Caching:
  * The CACHES setting is no longer overriden by settings, enabling Djangos
	in-memory caching mechanisms by default.
  * The cache middlewares are no longer automatically added, as they
    introduce unreliable behaviour in some situations.
  * The new SECURE_CACHE setting tells RestAuth if the cache can be considered
    a secure data storage (default: False). If True, Django will cache service
	information within the cache, significantly speeding up RestAuth.

  Command-line scripts:
  * Move all scripts to RestAuth/bin/ to be more virtualenv friendly.
  * Command-line scripts also use the new backend system, so changing backends
    directly affects their output.
  * restauth-service: Display services in alphabetical order.
  * restauht-service: Verify set/added hosts to be valid IPv4/IPv6 addresses.

  Testing:
  * Update testerver fixture to include example.{com,net,org} services.
  * Most tests (except those testing individual hashers) now use a faster MD5
    hasher. This speeds up tests significantly.
  * Tests also use the new backend system, so they can be used to test
    different backends as well.

  Bugfixes:
  * Fix a broken Foreign Key constraint that broke adding IP-Adresses to
    services.
  * When calling group members, users were returned multiple times under
    certain conditions.
  * Fix migrations on a bare SQLite3 database

  Other assorted changes and improvements:
  * The Exception- and Request middlewares have been merged for a minor speed
    improvement.
  * Killed the last traces of epydoc documentation.
  * python setup.py build no longer builds documentation.

RestAuth 0.6.0 (15 September 2012)

  General:
  * Greatly simplify default logging configuration
  * Migration to Django generic class-based views
  * Globally cache username validators and pasword hashers
  * Automatically set the 'date joined' property upon user creation
  * New setting GROUP_RECURSION_DEPTH defines level of group recursion

  Compliance with RestAuth:
  * This release complies with RestAuth 0.6, adding support for setting
    multiple properties at once. Support for status code 403 was already added
    in the previous release.
  * All resource names (names of users, groups and properties) are now
    consistantly lower-cased.

  Database schema:
  * Many new indizes
  * Remove useless subclass-relation for services
  * Uniqueness for groups is now enforced on a schema-level

  Testing:
  * Most testcases no longer use transactions speeding up testruns a bit
  * Hashing tests for custom hashes also check shorter usernames
  * The @override_settings decorator now ships with RestAuth and is used with
    Django 1.3.

RestAuth 0.5.3 (11 August 2012)

  General:
  * Removed the migration directory, as the scripts there are now maintained in
    a dedicated git repository:
        https://git.fsinf.at/restauth/migration
  * Add a test fixture that can be used by the manage.py testserver. setup.py
    now includes a 'testserver' command that automatically loads that fixture.
    Libraries that require a testserver for testing should run 'setup.py
    testserver' instead of the now deprecated test.sh script.
  * The WSGI script now passes the RESTAUTH_HOST environment variable.
    doc/config/multiple-instances.rst suggests using this variable, but WSGI
    applications never receive this variable otherwise. Likewise, the
    DJANGO_SETTINGS_MODULE is passed through if set.
  * Generated passwords no longer contain whitespace, a backslash, single or
    double quotes.
  * Fix a bug that broke Service passwords with a colon (':')
  * Most of the code now adheres to python coding standards.
  * restauth-service now has set-hosts, add-hosts and rm-hosts, which is in line
    with the new permission system. The 'add' command can no longer add hosts in
    one step, since the command would be too overloaded.
  
  Django 1.4.0 compatibility fixes:
  * 'setup.py testserver' now works different for 1.4.0, because 'manage.py
    testserver' is broken in 1.4.0. See: 
        https://code.djangoproject.com/ticket/18019
  
  Permissions:
  * RestAuth now offers a brand-new permission system. Services can only perform
    the operations they are explicitly configured for. This improves security,
    because leaked service credentials limit the potential damage an attacker
    can do.
  * The permissions are managed with restauth-service. The new commands are
    set-permissions, add-permissions and rm-permissions.
  * The available permissions are documented in the man-page for
    restauth-service and here:
        https://server.restauth.net/restauth-service.html
  
  build-related:
  * The 'debian' branch now includes a ready-to-use debian package. Several
    distro-specific branches include packages for older distributions.
  * The new command 'prepare_debian_changelog' updates debian/changelog to the
    newest version
  * scripts found in bin/ are now automatically installed.
  * manage.py gets an automatic symlink in $PREFIX/bin

  Passwords:
  * Support empty salts (some legacy systems to not use a salt)
  * You can now implement support for a custom hash and add it to RestAuth using
    the HASH_FUNCTIONS setting
  * Support two new algorithms:
    * 'crypt': Store passwords using the systems 'crypt' routine
    * 'apr1': Store passwords using the apache modified version of MD5
      commonly used in .htpasswd files
  * Added test-functions for custom hashing algorithms

  Validators:
  * Massively rewrote the validator system. It is now way faster and more
    powerul:
    * deprecated SKIP_VALIDATORS setting
    * introduced the new VALIDATORS setting (essentially the inverse to the
      former)
    * validators are now classes instead of functions
    * rewritten and optimized the validation function
  * new 'drupal' validator that actually uncovers a bug in Drupal (see
    documentation). This validator is much more restrictive than drupal at this
    moment.

  Groups:
  * Speed up group creation
  * some code-cleanup (remove one-line functions, etc.)
  * Improve speed of getting groups of a user

  Documentation:
  * Improved documentation in lots of places
  * Add upgrade notes
  * setup.py includes the new target build_html
  * Add minimal manpage for restauth-manage
  * Add developer/testserver documenting how to run a testserver for library
    testing
  * Add installation instructions for RHEL and Fedora
  * Add installation instructions for ArchLinux

RestAuth 0.5.2 (13 November 2011)

  * Add basic routers for common replication scenarios
  * Adapt to changes in RestAuthCommon (CONTENT_HANDLERS now is in
    RestAuthCommon.handlers)
  * No longer use deprecated functions in RestAuthCommon
  * Remove a lot of deprecated code, unused parameters, etc
  * Fix traceback when deleting hosts in services
  * Reserved usernames are no really blocked
  
  Documentation:
  * Add documentation on running multiple instances on the same host
  * Fix many spelling mistakes in the documentation
  
  Testing:
  * Add 'test' target to setup.py that runs all tests
  * Add 'coverage' target to setup.py that creates test-coverage in
    doc/coverage/
  * Many additional tests to improve test-coverage
  * Optimize Tests to use common methods

RestAuth 0.5.1 (10 September 2011)

  * Also install RestAuth.Test (this should have been installed).
  * Add this ChangeLog.

RestAuth 0.5.0 (29 August 2011)

  * Initial version based on version 0.5 of the RestAuth protocol.
