Releases: mozilla/django-browserid
v2.0.1
v2.0.0
Welcome to django-browserid 2.0.0! django-browserid is a library that integrates BrowserID/Persona authentication into Django.
This release is (for a very small minority of projects) backwards-incompatible with 1.0.2.
Python and Django versions
django-browserid is tested on Python 2.7 up to 2.5, and on Django 1.7, to 1.9. It may work on other version combinations, but we haven't gotten around to testing them yet, so you should expect possible errors.
What's new in django-browserid 2.0.0
Backwards-incompatible data-next change.
2.0.0 introduces a small, but backwards-incompatible change that shouldn't affect most users. You are only affected if you:
- Use the
browserid_loginorbrowserid_logouttemplate helpers to generate your login/logout buttons, and - Use custom JavaScript that relies on the
data-nextattribute on the buttons generate by these helpers.
If both of the above apply to you, then you may have to update your custom JavaScript, as the helpers now default to a blank data-next value instead of defaulting to the LOGIN_REDIRECT_URL/LOGOUT_REDIRECT_URL settings.
The default JavaScript does not rely on this, and it's not expected that any project relies on this either. Most projects should be able to upgrade to the new version with no changes.
Credits
Special thanks for this release goes to @alanbriolat for noticing and fixing #296, the source of the backwards-incompatible fix.
v1.0.0
Welcome to django-browserid 1.0.0! django-browserid is a library that integrates BrowserID/Persona authentication into Django.
This release is backwards-compatible with 0.11.1.
Python and Django versions
django-browserid is tested on Python 2.7, 3.2, 3.3, and 3.4, and on Django 1.7 and 1.8. It may work on other version combinations, but we haven't gotten around to testing them yet, so you should expect possible errors.
What's new in django-browserid 1.0.0
Frozen API
As per semver, the public API is now frozen. It's been a long time since we ran into a case where the API needed to change to accommodate a use case, and I don't anticipate any future changes.
Django 1.8 Support and Dropped 1.4 to 1.6 Support.
We now officially test on Django 1.8. We also dropped our automated testing for Django 1.4 to 1.6, as 1.8 is the new LTS release and supporting the older Django versions is the cause of some of the crufty code we still have hanging around.
Next Release?
As of now there's no plans for another release; Persona isn't changing and there's no obvious new features to run out and implement. There's a few opportunities for cleaning up some old code that tries to support older Django versions, and there's some documentation improvements around people using the built-in Jinja support for Django 1.8 or a library like django-jinja, but other than that, I'm pretty happy with where the library is.
Of course, bug reports and fixes/improvements are always welcome, and we'll do more small releases if anything like that comes up.
Credits
Special thanks for this release goes to @abompard for adding Django 1.8 support and @toolness and @edmorley for their documentation fixes.
v0.11.1
Welcome to django-browserid 0.11.1! django-browserid is a library that integrates BrowserID/Persona authentication into Django.
This release is backwards-compatible with 0.11.
Python and Django versions
django-browserid is tested on Python 2.6, 2.7, 3.2, 3.3, and 3.4, and on Django 1.4, 1.5, 1.6, and 1.7. It may work on other version combinations, but we haven't gotten around to testing them yet, so you should expect possible errors.
What's new in django-browserid 0.11.1
Jingo import loop fixed
Users of jingo were unable to upgrade to the latest django-browserid due to an issue where the helper functions weren't available in their templates. This was caused by a circular import which happened because jingo loads all the Django apps listed in INSTALLED_APPS on module load. This is now fixed; the import in question was moved to helpers.py, which is loaded as late as possible by jingo in order to avoid exactly this problem.
Credits
Special thanks for this release goes to @bobsilverberg for originally reporting the issue and bravely dealing with it for months, and @rlr for providing a way to replicate the issue and reviewing the fix.
v0.11
Welcome to django-browserid 0.11! django-browserid is a library that integrates BrowserID/Persona authentication into Django.
This release is backwards-compatible with 0.10.1.
Python and Django versions
django-browserid is tested on Python 2.6, 2.7, 3.2, 3.3, and 3.4, and on Django 1.4, 1.5, 1.6, and 1.7. It may work on other version combinations, but we haven't gotten around to testing them yet, so you should expect possible errors.
What's new in django-browserid 0.11
Local Assertion Verification
When a user logs in, they retrieve an assertion from Persona, and submit it to your server. Your server then sends it to a remote verification service hosted by Mozilla, which verifies and assertion and returns the email that the user is asserting that they control.
Now, if PyBrowserID is installed, you can verify assertions locally instead of relying on the remote service, which should speed up login times as well as remove the dependency on the remote service. The Customization docs have a section on using local assertion verification.
Auto-login Backend for Offline Development
Offline development on a Persona-enabled site is difficult to impossible since the login popup (and verification if you're not using local verification) rely on internet access. To remedy this, we added an auto-login feature that automatically logs you in under a specific email when you click the login button. Setting up for offline development is covered in the Extras section of the documentaiton.
Django 1.7 Tests
Our automated test suite is now running against Django 1.7 on Python 2.7, 3.2, 3.3, and 3.4. And they just passed without any changes. Yay!
Other fixes
A handful of minor fixes and features also landed, such as support for passing on_ready to navigator.id.watch while using the django-browserid JavaScript API, fixing the broken Django admin integration, and several documentation fixes. The full changelog can be found in CHANGELOG.rst.
Next Release
Well, the plan used to be to let 0.10 stew and consider a 1.0 release, but clearly that didn't quite work out. The number of changes this time were much smaller though, so we're again going to watch how this version works out and consider a 1.0 release. This feels very close though, so here's to hoping for a final frozen API!
Credits
Special thanks for this release goes to @willkg and @peterbe for their continued maintainer work reviewing and merging changes.
A massive thank you to all the contributors to django-browserid 0.11:
v0.10.1
v0.10
Welcome to django-browserid 0.10!
This release features some backwards-incompatible changes. Luckily, it also features an upgrading guide to help you move up to the latest version!
Python and Django versions
django-browserid is tested on Python 2.6, 2.7, 3.2, and 3.3, and on Django 1.4, 1.5, and 1.6. It may work on other version combinations, but we haven't gotten around to testing them yet, so you should expect possible errors.
What's new in django-browserid 0.10
Expanded Documentation
Almost all of the documentation has been rewritten to provide better support to developers using django-browserid. There's now a Quickstart for getting up and running, better info on Customization, a section on Upgrading from older versions, an expanded Troubleshooting page, and Contributing Guidelines to help new contributors learn how to write patches.
Python 3 Support
django-browserid now supports and is tested on Python 3.2 and 3.3 under Django 1.5 and 1.6. You should totally switch to Python 3 if you haven't already. It's a higher number!
AJAX-based Login and Logout
Previously, login was triggered by submitting a hidden form embedded on your web page. Now, login and logout is done via AJAX calls, making it easier for sites that want to support login/logout without refreshing the page. This also means there's less boilerplate you need to add to your templates to get django-browserid up and running.
Disabled Automatic Login
Normally, Persona tracks if a user is supposed to be logged in to your site, and automatically logs them in or out if Persona's state doesn't match your site's state. However, this has several side effects, including errors when a user with multiple tabs open to your site attempts to login. This release includes a workaround that avoids Persona's automatically triggered logins and only logs the user if they initiated the login themselves, and only in the tab they clicked.
Improved Customization Hooks
Several changes were made to the backend code, including replacing the verify function with a set of classes, called Verifiers, that handle verifying assertions from Persona. This will lay the groundwork for supporting local verification, and also allows you to subclass existing verifiers and customize their behavior easily.
SITE_URL is now BROWSERID_AUDIENCES
The SITE_URL setting has been replaced by BROWSERID_AUDIENCES, which is a list of valid audiences for your site. This makes it easier to support sites with multiple audiences (such as sites with multiple subdomains). BROWSERID_AUDIENCES is also optional when DEBUG is True, making it easier to support local development environments.
Next Release
Our current plan is to let 0.10 stew for a while to see how people enjoy it. There are a few small changes we'd like to make, but if nothing major comes up, we will consider calling the next release 1.0 and finalizing the API. Of course, I make no promises, and have been known to be a liar. Anything could happen!
Credits
Special thanks for this release go to @callahad for his help in getting the automatic login workaround landed, and to @willkg and @peterbe for their continued maintainer work reviewing and merging changes.
A massive thank you to all the contributors to django-browserid 0.10: