WebCore

A lightweight and extremely fast Python web framework.

WebCore Change History

The following is a reverse-chronological listing of the releases with a list of changes for each version in chronological order.

Version 1.1

A feature release resolving a total of 39 tickets.

  • New: URL generation utility. #50
  • New: 98% unit test coverage! #65#76
  • New: RPC has been integrated into the WebCore package. #25 #41
  • New: JSON-RPC support. #56
  • Changed: RESTMethod is now HTTPMethod. #80
  • Changed: Template engine support has been revamped and documentation expanded. #16
  • Changed: The i18n module has been re-named locale, support has been revamped, and documentation updated. #23 #30 #38
  • Changed: You now explicitly define a callback to execute upon database instantiation. Other callbacks are deprecated. #45 #78 #63
  • Changed: Utilities internal to WebCore that duplicated functionality in marrow.util have been deprecated. #55
  • Fixed: Now correctly handles boolean-like string values on the web.trailing_slashes configuration directive. #82
  • Fixed: Middleware failures are now fatal. #27
  • Fixed: You can now return unicode template names. #64
  • Fixed: JSON serialization is now allowed of non-dictionary types. #
  • Fixed: XML-RPC now correctly raises Faults. #58
  • Fixed: It is now possible to return None from a controller. #51

Version 1.0.1

This is a bugfix release introducing a small number of changes:

  • Fixed: Added tests_require reference for Routes, allowing unit tests to pass. 27af1a
  • Fixed: Added missing global config to the error handling middleware. Warning: This may require changes to your INI files; you should reference the WebError docs for details on the acceptable arguments; WebCore prefixes these with debug.. Especially make note of debug.error_from_address vs debug.from_address as only the latter is correct. 9438ce
  • Changed: Updated the distribute bootstrapper to the latest version. f7556c
  • Changed: Documentation updates care of Alex Grönholm. 0df2ed ea12c4 5da0a3
  • New: Added support for SA session extensions via configuration (dbprefix.extensions, dot-notation lookup e.g. 'foo.bar:ClassName') and added a model callback (setup) to mutate the arguments passed to sessionmaker. d44366 44364a
  • Fixed: Removed print-based debug message. 5be7b2
  • Fixed: Adding of the i18n helpers to the template namespace no longer trashes the _ helper. 8beec4

Version 1.0.0

  • New: A La Carte’s TemplateMiddleware has been migrated into web.extras as it is specific to WebCore.
  • Changed: Now references the alacarte package instead of cti.
  • New: Added i18n functions to global template scope. This does not effect message extraction, which must be considered when choosing a templating language.
  • New: Re-usable colophon and useful version_info tuple.
  • Changed: Simplified by matching argspec and using functools.wrap on the authorize decorator.
  • New: Added BasicAuthMiddleware care of Alex Grönholm.
  • Changed: Various cleanup updates (removal of unnecessary imports, etc.) of the examples and core code.
  • Changed / Removed: Updated documentation, removed parts that should reference external documentation, and added a TODO section.

Version 0.9.0

Nearing a final, stable release comes version 0.9, featuring:

  • Fixed: The default SQLAlchemy pool_recycle is now 3600 seconds, resolving issue #15.
  • Changed: The force argument is no longer passed to the developer-supplied authentication callback function. Your code may need to be updated to remove this argument.
  • New: Used the SQLAlchemy transactional middleware as a template for a new generic transactional API, and updated the SA middleware to use this API.
  • Removed: The constant profiling (web.extras.cprofile) middleware has been removed in this version. It will be re-released in a separate package along with controllers capable of analyzing the data.
  • Changed: The web.core.dialects module has been split into multiple modules within the new web.core.dialects package.
  • Removed: Import cleanup and removed a Rakefile used for the first attempt at integration testing.
  • Removed: Unused AuthKit support. If the demand is there, I can try to create better integration, but as it stands I don’t know enough about AuthKit to integrate it properly.
  • Added: A number of new unit tests, improving overall unit test coverage for a number of modules.
  • Changed: The RESTMethod dialect now lower-cases the verb no matter the input, _verb query_string override or from HTTP.
  • Added: Filename extensions are now allowed and are stored in web.core.request.format, allowing you to conditionally return based on requested format. E.g. data.xml vs. data.json.
  • Added: Added compatibility with other frameworks with RESTful dispatch; you can now port code and receive friendly warnings about the use of _method to override the HTTP verb.
  • Added: Routes-based dispatch.
  • Added: A new package namespace is available, web.app, for you to place your own applications in. This eliminates the need to pollute the top-level Python package namespace.

Version 0.6.2

This is a critical security release pushed out to correct a potential privilege escalation issue in the WebAuth authentication method. Specifically, if a user manages to construct malformed data that is capable of producing an exception from within the developer-supplied authenticate callback, or an exception is raised under other circumstances from the same callback, the user will be authenticated regardless of having provided valid credentials or not. (Only the identifier need be correct.) This release corrects this behavior.

  • Fixed: Corrected the security flaw mentioned above.
  • Updated: Numerous updates to the experimental “Constant Profiling” middleware.
  • Added: The application configuration is now available in the 'web’ template namespace.

Version 0.6.1

This is a bugfix release primarily focused on reversing breaking changes introduced in version 0.6.

  • Fixed: Fixed a breaking change in the handling of SQLAlchemy thread-local sessions. (Everything is back to normal now, no change to application code needed.)
  • Fixed: Fixed SQLAlchemy middleware handling of non-2xx HTTP status codes.

Version 0.6

  • Fixed: Reduced logging output of SA DB layer to prevent log clutter from missing favicon.ico and robots.txt files.
  • Fixed: i18n: More careful about using Beaker sessions, in case they aren’t available.
  • New: i18n: `_` function now automatically detects which (of `ugettext` or `ungettext`) should be called depending on the argument count. There is now also a lazy version available called `L_`.
  • New: i18n: Made get_translator public.
  • New: Added more obvious logging to help diagnose issues with badly assigned root controllers. You can use a raw WSGI application as your root controller, it just raises a warning now in case that isn’t the desired behaviour.
  • Fixed: Fix for import errors of the 'http’ aliased module.
  • Fixed: Fixed non-UNIX paths in bootstrap script.
  • Updated: Fixed double-management of SQLAlchemy sessions. Now relies on SA’s native scoped_session and SqlSoup’s objectstore.
  • Fixed: Removed the SQLAlchemy middleware’s dependancy on WebCore structures; web.db.sa is now WSGI clean.
  • Fixed: Non-WebCore database middleware can now be loaded by name.

Version 0.5.4

  • Fixed: Configuration is now assigned to web.core.config before root controller instantiation, allowing you to use it in your application’s configuration.

Version 0.5.3

  • New: Allow overriding of the REST verb for non-RESTful clients by way of the _verb QUERY_STRING argument.
  • Fixed: (Security) Removed potentially revealing authorization error for private attribute access failthrough.
  • New: At least partial unit test coverage for the authentication and authorization middleware and predicates.
  • New: You can now pass in Python callables instead of dot-notation strings for the CoreAuth callbacks, facilitating simple (non-INI) deployment.
  • Fixed: Armoured the CoreAuth predicates against use of the web.auth.user variable outside standard WSGI requests.
  • New: Added a localhost REMOTE_USER on all unit test WSGI requests.
  • New: Extended the object dispatch dialect to support generic callables as return values from __lookup__.

Version 0.5.2

  • Fixed: Corrected off-by-one slicing of the Beaker Cache middleware configuration keys.

Version 0.5.1

  • Fixed: Corrected a number of issues with the use of the Distribute relocatable and virtualenv bootstrap script generator.
  • Fixed: Corrected import error of CoreAuth due to missing has_permission predicate, which should never have been there to start.

Version 0.5

  • New: Initial “preview” release.
  • Breaking: Earlier (Git master) versions of the Object Dispatch component used default and lookup magic methods to perform advanced dispatch. These methods have been re-named __default__ and __lookup__ respectively to clear the namespace for your own code.
Created by Alice Bevan-McGregor . Last modified .