News ==== .. contents:: svn trunk --------- * **Backward incompatible change**: ``paste.fileapp.FileApp`` properly supports request methods, including HEAD. If you were subclassing ``FileApp`` or ``DataApp`` and overriding ``__call__()`` you may have to subclass ``get()`` instead. * paste.httpheaders now parses the HTTP Accept-Language header and returns a list of languages the browser supports in the order it prefers them. * paste.mimeparse module added that handles parsing HTTP Accept headers for quality and mime-types. * ``paste.request.construct_url`` was adding ``SERVER_PORT`` to ``HTTP_HOST``; but ``HTTP_HOST`` (from the Host header) generally contains a port when necessary, and ``SERVER_PORT`` should only be used with ``SERVER_NAME``. * Added entry point for ``paste.registry.RegistryManager`` (``egg:Paste#registry``). * ``paste.request.HeaderDict`` fixed to know that ``Content-Length`` maps to ``CONTENT_LENGTH``. * Can use ``paste.urlparser.StaticURLParser`` with sub-instances other than ``paste.fileapp.FileApp`` (if you subclass and override ``make_app``) * ``paste.fixture.TestApp.get(status=X)`` takes a list of allowed status codes for ``X``. * Added a small templating system for internal use (``paste.util.template``) * Removed a bunch of long-deprecated modules (generally modules that have been moved to other names). In paste.wsgiwrappers ~~~~~~~~~~~~~~~~~~~~~ * ``paste.wsgiwrappers.WSGIRequest`` has match_accept() function to screen incoming HTPT Accept values against a list of mime-types. * ``paste.wsgiwrappers.WSGIRequest.defaults`` now accepts a new key: ``language``: The i18n language that should be used as the fallback should a translation not occur in a language file. See docs for details. * ``paste.wsgiwrappers.WSGIRequest`` can now optionally decode form parameters to unicode when it has a ``charset`` value set. * Deprecated the ``paste.wsgiwrappers.settings`` StackedObjectProxy dictionary for ``paste.wsgiwrappers.WSGIResponse.defaults``. In paste.httpserver ~~~~~~~~~~~~~~~~~~~ * Regression in 1.1 fixed, where Paste's HTTP server would drop trailing slashes from paths. * ``paste.httpserver`` now puts a key in the environment when using a thread pool that allows you to track the thread pool and see any wedged threads. ``egg:Paste#watch_threads`` is an application that can display this information. * ``paste.httpserver`` now accepts all request methods, not just ``GET``, ``PUT``, etc. (Methods like ``MKCOL`` were previously rejected.) * ``paste.httpserver`` has a ``wsgi.input`` that now does not block if you try to read past the end (it is limited to returning the number of bytes given in ``Content-Length``). Double-reading from ``wsgi.input`` won't give you the same data, but it won't cause blocking. 1.1.1 ----- * Fixed major issue with serving static files on Windows (a regression in Paste 1.1 where most static files would return 404 Not Found). * Fixed ``parse_dict_querystring`` returning empty dicts instead of ``MultiDict``\ s. * Added ``paste.config``, a rewrite of ``paste.deploy.config`` using ``paste.registry``. This version of ``ConfigMiddleware`` will enable use of ``paste.config.CONFIG`` within the ``EvalException`` interactive debugger. * Fixed problem where ``paste.recursive`` would leave ``wsgi.input`` and ``CONTENT_LENGTH`` set for recursive requests. * Changed the static file servers to give 404 Not Found responses when you have extra parts after a static file, instead of 400 Bad Request (like when you request ``/file.html/extra/path``) 1.1 --- * Security fix for ``paste.urlparser.StaticURLParser``. The problem allowed escaping the root (and reading files) when used with ``paste.httpserver`` (this does not effect other servers, and does not apply when proxying requests from Apache to ``paste.httpserver``). * ``paste.httpserver`` and ``paste.fixture.TestApp`` url-unquote ``SCRIPT_NAME`` and ``PATH_INFO``, as specified in the CGI spec. Thanks to Jon Nelson for pointing out both these issues. * ``paste.registry`` now works within the ``EvalException`` interactive debugger. * Fixed ``paste.auth.open_id`` failures not returning a correct response. * Changed ``paste.httpexceptions.HTTPUnauthorized`` so that the ``WWW-Authenticate`` header is not required. 401 responses don't *have* to have that header. * In ``paste.fixture.TestApp``: ``
`` tags that have to ``action`` will preserve the existing query string. (Generally relative links that are completely empty should but were not preserving the query string) * Made ``paste.*`` compatible with `py2exe `_ by adding a ``modulefinder`` call in ``__init__.py`` * The ``paste.gzipper`` gzipping middleware wasn't changing the Content-Length header properly; thanks to Brad Clements for the fix. * Fixed ``paste.proxy`` to not use anything based on the dict form of ``httplib..HTTPMessage``. This form folds headers together in a way that breaks ``Set-Cookie`` headers (two ``Set-Cookie`` headers would be merged into one). * ``paste.request.parse_formvars`` didn't accept parameters in ``CONTENT_TYPE``. ``prototype.js`` sets a ``charset`` parameter, which caused a problem. * Added a ``__traceback_decorator__`` magic local variable, to allow arbitrary manipulation of the output of ``paste.exceptions.collector`` before formatting. * Added unicorn power to ``paste.pony`` (from Chad Whitacre) * For ``paste.httpserver`` SSL support: add support loading an explicit certificate context, and using ``ssl_pem='*'`` create an unsigned SSL certificate (from Jason Kirtland). * Fix some cases where ``paste.httpserver`` can have an orphaned thread pool (causing the process to not shut down properly). Patch from jek. 1.0 --- * Fixed ``parsed_formvars`` potentially locking up on wsgi.input after modification of ``QUERY_STRING``. * Fixed problem where ``paste.exceptions.errormiddleware`` didn't expose the ``.close()`` method of the app_iter that it wraps (to catch exceptions). This is a problem if the server about the errormiddleware aborts the request; it should then call ``.close()``, but won't necessarily exhaust the iterator to do so. * Added entry point for ``paste.translogger`` (``egg:Paste#translogger``) * Fixed some cases where long data (e.g., a file upload) would show up in the error report, creating a very very large report. Also, put in a monkeypatch for the ``cgi`` module so that ``repr(uploaded_field)`` won't load the entire field into memory (from its temporary file location). * Added a ``force_host`` option to ``paste.proxy.TransparentProxy``, which will force all incoming requests to the same host, but leave the ``Host`` header intact. * Added automatic cleanup of old sessions for ``paste.session``, from Amir Salihefendic. * Quote the function name in tracebacks in the exception formatter; Genshi has function names that use ``<>``. 0.9.9 ----- * Fixed ``paste.response.HeaderDict`` ``get`` and ``setdefault`` methods to be case insensitive * Fix use of ``TestApp().post(params={'key': ['list of', 'values']})`` as reported by Syver Enstad. * ``paste.fileapp.DataApp`` is now directly usable (was previously only usable as an abstract base class). 0.9.8 ----- * Fixed ``wsgiwrappers.WSGIResponse.delete_cookie``. It also now takes optional path and domain arguments * ``wsgiwrappers.WSGIResponse`` now handles generator/iterator content more cleanly, and properly encodes unicode content according to its specified charset * Fixed ``wsgiwrappers.WSGIResponse`` mishandling multiple headers of the same name * Added a Paste Deploy entry point for ``paste.auth.cookie`` * Moved Paste Deploy dependencies out of top-level modules and into Paste-Deploy-specific entry point functions. This should make Paste more-or-less Paste Deploy independent. ``paste.urlparser`` and ``paste.exceptions.errormiddleware`` still have some leftover bits. * Added another redirector type to ``paste.recursive``, ``environ['paste.recursive.include_app_iter']`` which gives access to the original app_iter (useful for tranfsering unserialized data in internal WSGI requests, as in `WSGIRemote `_ * Bug with ``wsgilib.catch_errors`` and app_iters with no ``close()`` method. * Long words in tracebacks weren't being wrapped correctly at all. Also, large data would cause the wrapping routine to give a recursion error. Now large data is truncated (at 1000 characters), and recursion won't be a problem. Also, wrapping shouldn't lose characters. * Better exception if you try to put a non-str into environ when using ``paste.auth.cookie`` * ``paste.exceptions.collector`` produces an ``exc_data.exception_type`` that is a class, not a string. This helps it get formatted better in Python 2.5. * All the tests pass on Python 2.5! * Added ``paste.proxy.TransparentProxy``, which just sends the request described in the WSGI environ on without any modification. More useful for WSGI clients than servers, it effectively allows any WSGI-based request mechanism to act like an httplib-based request mechanism. * Added a ``cache_max_age`` argument to ``paste.urlparser.StaticURLParser``, which allows you to encourage the caching of static files. Patch from Brad Clements. * Added ``suppress_http_headers`` to ``paste.proxy.Proxy``, which will filter out HTTP headers from the request before passing it on. Patch from Brad Clements. 0.9.7 ----- * The ``EvalException`` 'full traceback' button is now only displayed when the full traceback differs from the regular (includes hidden frames). * Fixed ``EvalException`` returning a Content-type of 'text-html' instead of 'text/html' in some cases. 0.9.6 ----- * Renamed the ``paste.util.multidict.multidict`` class to ``paste.util.multidict.MultiDict`` 0.9.5 ----- * Fixed a security vulnerability in ``paste.urlparser``'s StaticURLParser and PkgResourcesParser where, with some servers, you could escape the document root. * Significantly improved ``paste.httpserver``'s (egg:Paste#http) performance. It now uses a thread pool: previously it created a new thread for every request. To revert back to the old, slower behavior, set:: use_threadpool = false in the [server:main] section of the config file. * More control of where the output of ``paste.debug.prints`` goes. * Added a warning to ``paste.wsgilib.add_close`` if the upstream app_iter consumer doesn't call the ``app_iter.close()`` method. * Fixed ``testapp.post(params={})`` * Fixed ``paste.translogger.TransLogger`` to log to the Apache combined log format as advertised. * Fixed ``paste.urlparser`` classes to handle quoted characters (e.g. %20) in URL paths. * Changed ``paste.session`` to allow manipulating a session for the first time after ``start_response`` is called. * Added ``paste.wsgilib.add_start_close`` which calls a function just before returning the first chunk of the app_iter. * Changed ``paste.urlmap`` so that it matches domain-specific mappings before domain-neutral mappings. * Fixed IE 6 potentially receiving the following ``"400 Bad Request"`` error on file downloads:: Please check your system clock. According to this server, the time provided in the If-Modified-Since header is in the future. * Added a 'no' keyword argument to ``TestResponse.mustcontain``, so you can assert that a response does contain some strings at the same time that you assert that a response *does not* contain other strings, like:: res = app.get('/') res.mustcontain('this must be there', no=['error', 'unexpected']) * Fixed ``fileapp.FileApp`` to pay attention to the ``If-None-Match`` header, which does ETag matching; before only ``If-Modified-Since`` was supported, even though an ``ETag`` header was being sent; in particular Firefox would then only send ``If-None-Match`` and so conditional requests never worked. * Changed usage of ``paste.request.MultiDict`` to ``paste.util.multidict``, particularly in ``paste.wsgiwrappers`` where ``request.GET`` returns a new style of dictionary interface. * Be more careful in ``paste.request.parse_formvars`` not to let the ``cgi`` module read from ``wsgi.input`` when there are no parsable variables in the input (based on ``CONTENT_TYPE``). 0.9.4 ----- * This released was lost in a tragic clerical accident. 0.9.3 ----- * 0.9.2 Included a version of MochiKit that was no longer compatible with evalexception; 0.9.3 reverts to a previous version. * Change wsgi.run_once=False for ``paste.httpserver`` * Added entry points for debug apps 0.9.2 ----- * Fix in paste.urlmap when connecting with host:port. * Added ``/_debug/summary`` to evalexception, which gives a JSON-formatted list of all the exceptions in memory. 0.9.1 ----- * A fix for paste.errordocument, when doing an internal redirect from a POST request (the request is rewritten as a GET request) 0.9 --- * Added `paste.request.WSGIRequest `_, a request object that wraps the WSGI environment. * Added `paste.registry `_, which is middleware for registering threadlocal objects in a request. * Avoid annoying warning from paste.recursive * ``paste.httpserver`` now removes HTTPServer's transaction logging, which was doing a reverse DNS lookup. * Added ``has_session`` to ``paste.session`` * Allow for conditional ``paste.wsgilib.intercept_output`` which should be slightly faster (and streamable) compared to doing the condition manually. * Added entry point for `paste.proxy `_, plus improvements from Brad Clements (support path in target, filter request methods) * Added `paste.pony `_ so pony power can be added to any WSGI application. * Added port matching to ``paste.urlmap``. 0.5 --- * Added `paste.auth.auth_tkt `_ * Added `paste.auth.grantip `_ 0.4.1 ----- * Some bug fixes to the `built-in HTTP server `_. * Experimental `paste.progress `_ middleware for tracking upload progress * Some tweaking of how `paste.reload `_ works, especially with respect to shutdown. 0.4 --- * Fixed up paste documentation (especially for new packages/modules) * Added `paste.auth `_ package for authentication related WSGI middle-ware components: - ``basic`` and ``digest`` HTTP authentication as described by RFC 2617 - support for Yale's Central Authentication System (``cas``) - ``open_id`` supports single sign-on originally developed for LiveJournal (see http://openid.net) - ``cookie`` digitally signs cookies to record the current authenticated user (``REMOTE_USER``), session identifier (``REMOTE_SESSION``), and other WSGI entries in the ``environ``. - a ``form`` module (to be used with ``cookie`` or an equivalent) provides a simple HTML based form authentication. - the ``multi`` module is an *experimental* mechanism for choosing an authentication mechanism based on the WSGI ``environ`` * Added `paste.httpserver `_ module which provides a very simple WSGI server built upon python's ``BaseHTTPServer``; this server has support for several features: - support for SSL connections via OpenSSL - support for HTTP/1.1 ``100 Continue`` messages as required by the WSGI specification (many HTTP server implementations don't do this) - implemented as a Mix-In so that it can be used with other more enchanted versions of ``BaseHTTPServer`` - support for 'Keep-Alive' (standard in HTTP/1.1) by either providing a content-length or closing a connection if one is not available * Improved the `paste.httpexceptions `_ module: - added missing exception objects, and better descriptions - fixed several bugs in how exceptions are caught and propagated - usage as a ``wsgi_application()`` enables exceptions to be returned without throwing or catching the error - support for plain/text messages for text-only clients such as curl, python's urllib, or Microsoft Excel - allows customization of the HTML template for higher-level frameworks * Added `paste.httpheaders `_ module to provide a uniform mechanism to access/update standard HTTP headers in a WSGI ``environ`` and ``response_headers`` collection; it includes specific support for: - providing "common" header names and sorting them as suggested by RFC 2616 - validated support for ``Cache-Control`` header construction - validated support for ``Content-Disposition`` header construction - parsing of ``If-Modified-Since`` and other date oriented headers - parsing of Range header for partial-content delivery - composition of HTTP/1.1 digest ``Authorization`` responses * Improved `paste.fileapp `_ to support: - static in-memory resources - incremental downloading of files from disk - responding to 'Range' requests to handle partial downloads - allowing cache settings to be easily provided; including support for HTTP/1.0 'Expires' and HTTP/1.1 'Cache-Control' * Added an *experimental* `paste.transaction `_ module for handling commit/rollback of standard DBAPI database connections * Added a `paste.util.datetimeutil `_ module for parsing standard date/time user-generated text values * Added a `debug `_ package, which includes: - previous top-level modules ``prints``, ``profile``, ``wdg_validate`` and ``doctest_webapp`` - a ``testserver`` module suitable to test HTTP socket connections via ``py.test`` * Re-factored `paste.wsgilib `_ into several other modules: - functions regarding header manipulation moved to `paste.response `_ - functions regarding cookies and arguments moved to `paste.request `_ * Significant improvements to ``wsgiutils.wsgilib`` module: - added a ``dump_environ`` application to help debugging - fixes to ``raw_interactive`` to comply with WSGI specifications - ``raw_interactive`` now logs all 5xx exceptions and sets HTTP_HOST * Added an argument ``no_profile`` to `paste.debug.profile.profile_decorator `_; if that option is false, then don't profile the function at all. * Changed `paste.lint `_ to check that the status contains a message (e.g., ``"404 Not Found"`` instead of just ``"404"``). Check that environmental variables ``HTTP_CONTENT_TYPE`` and ``HTTP_CONTENT_LENGTH`` are no present. Made unknown ``REQUEST_METHOD`` a warning (not an error). * Added parameter ``cwd`` to `TestFileEnvironment.run `_ * `paste.fixture.TestApp `_: - Form filling code (use ``response.forms[0]`` to get a `form object `_) - Added `click method `_. - Better attribute errors. - You can force set hidden fields using ``form.fields[name].force_value(value)`` (normally setting the value of a hidden field is an error). - Frameworks can now add custom attributes to the response object. * ``paste.wsgilib.capture_output`` is deprecated in favor of `paste.wsgilib.intercept_output `_ * Remove use of exceptions in `paste.cascade.Cascade `_, which causes weird effects in some cases. Generally we aren't using exceptions internally now, only return status codes. Also in cascade, be careful to keep cascaded requests from sharing the same environment. * ``paste.wsgilib.error_response`` is deprecated (`paste.httpexceptions `_ replaces this with exception's ``.wsgi_application`` method). * Moved ``paste.login`` to the attic, since `paste.auth `_ pretty much replaces it. * `paste.urlparser `_ improvements: - Added an application `urlparser.StaticURLParser `_ for serving static files. - Added an application `urlparser.PkgResourcesParser `_ for serving static files found with ``pkg_resources`` (e.g., out of zipped Eggs). - Be less picky about ambiguous filenames when using `URLParser `_; if an exact file match exists, use that. (``file.gif.bak`` would cause a request for ``file.gif`` to be ambiguous before) - Now looks for a ``.wsgi_application`` attribute when serving Python files/modules, as a general hook for returning a WSGI application version of an object. * The `ErrorMiddleware `_: - Returns trimmed-down exceptions if there is a ``_`` GET variable in the request (which is meant to signal an XMLHttpRequest). Exceptions displayed in this context are best when they are smaller and easier to display. - Includes a text version of the traceback, for easier copy-and-paste. - Avoid printing exceptions to ``wsgi.errors`` if they are already displayed elsewhere (at least by default). - Highlight Python code. * Use ``pkg_resources.declare_namespace`` so that there are less problems about confusing the ``paste`` package that is provided by Paste, Paste Script, Paste Deploy, and Paste WebKit. Before you could get one of these at random if you didn't use ``pkg_resources.require`` first. * Cleaned up use of ``exc_info`` argument in ``start_response`` calls (both accepting and producing), in a variety of places.