Author: Matthew Good <trac@matt-good.net>
Maintainer: Steffen Hoffmann <hoff.st@web.de>

acct_mgr-0.5 (not yet released) - branch 0.11
 resolved issues
 * #8217: Race condition when creating new accounts
 * #8796: notifications also get sent to the smtp_always_cc address
 * #10740: Checkbox columns are too wide on the Accounts: Cleanup page
 * #10754: Selected checkboxes should determine Accounts: Cleanup page items
 * #10772: ProgrammingError: operator does not exist: text = integer
 * #10829: Consider renaming 'Save' buttons to 'Apply changes'
 * #10910: Unable to change full name
 * #11038: Login fails due to issues with opening sibling Trac environments
 * #11090: Error on user creation "gaierror: [Errno -2] Name or service ..."
 * #11111: Please add a MANIFEST.in
 * #11213: The username input doesn't have focus when the page loads
 * #11312: Variable 'user' does not exist (in api.py)
 * #11469: Exceptions in AccountModule are not trapped in Trac 1.0.2dev
 * #11798: Display message when account is pending approval
 * #11867: Incorrect body for reset password email notification
 * #11991: RegistrationError cannot initialize on Python 2.4
 * #12024: Username not inserted from admin panel
 * #12050: Ticket preferences are not saved
 * #12058: Bad email default regexp
 * #12067: Impossible to delete email
 * fix access to account properties clean-up from user admin panel
 * always show associated email in user details admin panel
 * fix and unify web-UI feedback on user and admin actions
 * prevent bypassing email address policy via user preferences
 * add modular user ID change support for Trac core as well as for some other
   Trac plugins, currently:
  * AnnouncerPlugin > 0.12.1
  * ScreenshotsPlugin (all versions)
  * TracFormsPlugin > v0.2
  * VotePlugin (all versions)

 new features
 * #843: Make admin approval required for account registration
 * #6788: Add a RadiusAuthStore to AccountManagerPlugin
 * #7426: Dynamicity of Trac (Show number of registered users)
 * #8930: Setup wizard for AcctMgr
 * #8595: Ability to ban accounts
 * #10680: Provide confirmation when password is changed
 * #10684: Provide feedback when performing actions on the Users page
 * #10739: Move 'Back to Accounts' button to the contextual navigation
 * #10741: Provide email verification status indicator on user admin panel
 * #10742: Rename "Update" button to "Refresh" on Review Account Details page
 * #10745: Add 'Select all' checkbox to header of list in user admin panel
 * #11214: Rename db_cleanup to admin_db_cleanup
 * #11215: Set focus when admin Users page loads
 * #11894: Make (clear that) username policy (is) configurable
 * #12054: add QuestionRegisterPlugin-like functionality
 * #12097: Provide confirmation when deleting accounts
 * #12534: Configuration admin can be disabled independent of User admin
 * add unit tests for db access functions
 * add account guard configuration to config admin panel
 * filter account list in user admin panel by account status
 * remake account editor following Trac admin panel style i.e. for enums


acct_mgr-0.4.4 (03-Apr-2014) - branch 0.11
 resolved issues
 * escape email for notification message against reported xss vulnerability


acct_mgr-0.4.3 (13-Feb-2013) - branch 0.11
 resolved issues
 * #8927: LoginModule with .htpasswd & passwd reset => not working
 * #10681: User with empty password can't reset their password
 * #10765: AttributeError: 'NoneType' object has no attribute 'strip'
 * #10871: AccountGuard destroys trac.ini
 * prevent two ways for a user to bypass a forced password change
 * skip BotTrapCheck on admin user requests, i.e. from inside user admin panel
 * keep trac.auth.LoginModule options defined after disabling that component
   by defining all options in acct_mgr.web_ui.LoginModule as well

 new features
 * allow logging-in into password-less accounts via acct_mgr.LoginModule


acct_mgr-0.4.2 (27-Dec-2012) - branch 0.11
 resolved issues
 * #10730: AccountGuard.lock_time effectively disables account locking


acct_mgr-0.4.1 (26-Dec-2012) - branch 0.11
 resolved issues
 * #5964: Prevent multiple calls to LoginModule._remote_user()
   by re-using a flag introduced for account locking
 * #8545: Authentication always fails
   by introducing authentication attempt debug logging and a new option
   'environ_auth_overwrite' for additional control over REMOTE_USER's value
 * #10134: HttpAuth login throws traceback
 * #10625: AssertionError in trac.db.pool.PooledConnection.__del__
 * #10700: AccountModule._do_reset_password discards error from _reset_password
 * #10701: Reset password reports `Cannot find ... "IPasswordHashMethod"`
 * several fixes for unreported account guard issues


acct_mgr-0.4 (01-Dec-2012) - branch 0.11
 resolved issues
 * #3459: Authentication information not available
 * #4677: Admin based chaining HtDigestStore & HtPasswdStore breaks config
   by adding dedicated options 'htdigest_file' and 'htpasswd_file'
 * #5691: No cookie warning shown when trying to log in with Konqueror
 * #6616: Invalid entries for usernames in table
   by adding a cleaner macro implementation outside of `UserStatsMacro`
 * #8685: User deletion ordering breaks 'deleted' notification for SessionStore
 * #8770: AttributeError: Cannot find implementation of "IPasswordHashMethod"
 * #8990: HtPasswdStore and SessionStore with HtPasswdHashMethod share option
   by adding dedicated options 'db_htpasswd_hash_type' and 'db_htdigest_realm'
 * #9052: acct_mgr.web_ui.emailverificationmodule - Doesn't send email
 * #9079: PostgreSQL: Database error when creating new user with attributes
 * #9090: AccountManager plugin does not email after user registration
 * #9139: SvnServePasswordStore and case sensitivity
 * #9246: InternalError when refresh_passwd = true
 * #9252: All session attributes are deleted when user logs in first time
 * #9547: Option `persistent_sessions` is not working in `0.4dev-r10747`
 * #9843: New user missing in 'session' table.
 * #9940: Admin unable to reset password
 * #10023: SQL Injection in acct_mgr.api.AccountManager.lastseen()
 * #10028: Account delete does not purge user's auth cookie
 * #10123: Registration with EmailVerification should instruct more clearly
 * #10204: Users can delete their email address even when verify_email=true
 * #10276: "Unknown preference panel" when logging out from account tab
 * #10397: Don't allow username with all capital letters
 * #10412: acct_mgr-0.4dev breaking 2.4 compatibility
 * #10594: Some options' docs are missing
 * #10644: Add a real license
 * do AccountManager class API cleanup by moving db access to model layer
 * prevent duplicate action entries in Trac core permission select box

 new features
 * #874: Add new fields to register form and a registration validation system
 * #5295: Add optional username regexp to registration checks
 * #7577: Prevent spammers from registering
 * #8076: Add optional account email regexp to registration checks
 * #8791: Obsolete patch needed for authentication against Jira
   by adding sha256/sha512 hash support (needs `passlib` or extended `crypt`)
 * #9618: HttpAuthStore authentication enhancement
   by allowing a relative URL for `authentication_url` configuration option
 * #9676: Incorporate optional Single-Sign-On functionality
 * #9852: Embed some user information in TracWiki
   by introducing WikiMacros `ProjectStats` and `UserQuery`
 * #10142: Allow admin to override verification status
 * add recursion to option parser for configuration admin page and provide
   available valid values for an `ExtensionOption` like `IPasswordHashMethod`
   by a select field (dropdown box) - or meaningful message on missing options
 * add cleanup page for purging `session_attribute` db table via admin web UI
 * add randomized authentication cookie ID refreshment, average refresh rate
   controlled by new option `cookie_refresh_pct`
 * switch to case-less username duplicate checking
 * add unit tests i.e. for hash creation and re-written registration checks
   to significantly extend code coverage
 * add Trac style shading of odd/even rows to user lists


acct_mgr-0.3.2 (26-Aug-2011) - branch 0.11
 resolved issues
 * #9051: Unable to add users due to existing email addresses
   by fixing SQL statements responsible for db cleanup on account deletion
 * #9082: Remove cookie's `expires` param (0.12) when rememberme is unchecked
 * #9088: Expire trac_auth_session cookie before LoginModule._do_logout
 * #9091: <b> tags in user registration notification
 * #9092: TypeError: __call__() got an unexpected keyword argument 'link'
 * #9093: A href tags in verification notice
 * #9095: Delete session cookie if client sent it and rememberme is unchecked
 * #9099: Expire session cookie whenever trac_auth cookie gets expired
 * #9107: Error when building the egg file
 * #9108: TypeError: 'NoneType' object is not iterable
 * #9109: TypeError: 'NoneType' object is not iterable
 * fix TypeError in account details admin page for not yet authenticated users
 * make option `verify_email` effective for `RegistrationModule`
 * fix bug from initial password store chaining implementation leading to
   false-positives on user store discovery and later unexpected login failure
 * change account details admin page into users admin subpage


acct_mgr-0.3.1 (13-Jul-2011) - branch 0.11
 resolved issues
 * #8963: Restore compatibility with Trac 0.11 - holding 10 different issues
 * further improve redirect loop protection (infinite loop after /login)
 * add more verbose error log messages for missing/unreadable password file
 * remove duplicated message in Trac 0.11 at account details admin page
 * prevent argument duplication on POST requests of account details admin page
 * enable admin to restart password hash refresh from configuration admin page


acct_mgr-0.3 (07-Jul-2011) - branch 0.11
 resolved issues
 * #3233: Infinite redirect loop after resetting the password
 * #3783: Form based login fails to forward nicely on referrer outside of Trac
 * #3989: Email verification and password reset with notification lock users
 * #4040: TracError instance has no attribute 'acctmgr' on new user creation
 * #4160: Password reset oddness with multiple projects config
 * #5247: Stack trace escapes to user when htdigest file is not writeable
 * #6821: Register and 'Forgot your password?' links can no longer be enabled
 * #7850: Error after upgrade from 0.11 to trunk version
 * #7863: Syntax error found when building egg
 * #7880: 'ioerror: invalid mode: Ur' in htfile.py
 * #8061: An input element has no child nodes
 * #8063: Better i18n codes
 * #8381: Failure to verify valid passwords after migration Windows => FreeBSD
 * #8534: Can't resend password reset email
 * #8549: Changing password in SessionStore if forced has no effect
 * #8663: Disable register link on the login page
 * #8834: TypeError: sequence item 0: expected string, int found
 * #8813: German docs of options, even when browser's locale isn't 'de'
 * #8925: Register form user field should be username
 * #8936: Cannot delete user using AccountModule from web_ui
 * #8939: Fix for "mgr" not found error in http.py
 * fix AccountModule.reset_password_enabled() from type list to boolean
 * really disable reset password page, if feature is disabled
 * fix password reset procedure (preventing easy account takeover)

 new features
 * #442: Add email verification for new/changed email addresses
   by completing a matured procedure i.e. with account details display
 * #809: Fit long user list in users admin page to one screen height
 * #816: 'forgot password' should not reset password directly
   by introducing a separate ResetPwStore (a SessionStore derivate)
 * #2966: Add user account (name, email) edit support to user account page
 * #6803: Add i18n/l10n support
   adding i18n setup and message markup and several translations
    complete   (>95%): English (default), German, Japanese, Russian, Swedish
    convenient (>75%): Czech, Italian
    partial    (>33%): Dutch, French, Spanish
   Check https://www.transifex.net/projects/p/Trac_Plugin-L10N/
   for more recently added and updated translations
 * #7111: Password reset from users admin page
 * #7437: Lock user after configurable number of failed login attempts
   by a new AccountGuard module for login attempt tracking and account locking
 * #8257: Display PasswordStore option docs on configuration admin page
 * #8487: AcctMgr creates blank lines in password_file under Windows
 * #8563: IndexError: list index out of range
 * #8774: KeyError: acct_mgr.web_ui after failed import of acct_mgr.web_ui
 * #8814: Generic word `for` is extracted, term is difficult to translate
 * #8843: XHTML invalid account_verify_email.html
 * extend AccountManager class API by 'email_verified' and 'user_known'
 * re-design 'ugly' HTML login form
   adding new 'login_opt_list' option and contribute recommended CSS styles
 * add account details admin page
 * add auth cookie options introduced in Trac 0.12
 * add optional password hash refresh on successful login
 * code cleanup and more readable multiline SQL statement formatting
 * add changelog (this file)
 * add OpenPGP signed md5 and sha1 hash lists and verification script

 backported - branch 0.10
 * #8381: Failure to verify valid passwords after migration Windows => FreeBSD
 * fix password reset procedure (preventing easy account takeover)


acct_mgr-0.2.x (updates to 0.2.1, never officially released) - branch 0.11
 resolved issues
 * #831: Case sensitive Authentication, but Case in-sensitive Authorization
 * #1382: Make 'Delete Account' function on 'My Account' page optional
 * #1602: Pass old_password when changing password
 * #1922: ValueError with HttpAuthStore when entering invalid credentials
 * #2044: AccountManagerPlugin README missing an example for HttpAuth backend
 * #2327: Fix unicode support in htdigest password file store
 * #2630: Registration of usernames which can corrupt a SvnServePasswordStore
 * #3086: Admin "Last Login" users info should use correct time zone
 * #3137: Fix tests and include functional tests
 * #3200: Add and register user corrupts password file with no carriage return
 * #3343: Error onClick 'Remove selected accounts' when no account is selected
 * #3401: Removing email from preferences makes account unusable
 * #4125: Fix message wrapper for AccountModule and EmailVerificationModule
 * #4276: HtPasswdStore changes ownership of htpasswd file (bad file IO)
 * #4525: SvnServePasswordStore looks at wrong place for svnserve.conf file
 * #4628: Fix SessionStore unicode errors htdigest hash method
 * #4682: Registration of user names with colon could corrupt htpasswd file
 * #4830: NameError: global name 'sorted' is not defined on Python 2.3
 * #4895: AccountManagerPlugin + Trac 0.12 (no attribute 'smtp_server')
 * #4897: TracAccountManager htpasswd file handling clobbers symlinks
 * #4984: Prefer hashlib over deprecated md5 and sha
 * #5509: EmailVerificationModule undocumented, allows email-less registration
 * #5514: Typo 'acct_mge' in web_ui.py in 0.11 branch
 * #5789: Change description on notification admin page
 * #6453: AttributeError: 'NoneType' object has no attribute 'encode'
 * #6730: AnnouncerPlugin compatibility with AccountManager
 * #7087: Trailing spaces are not being removed from the username
 * #7396: Password salts and randomness length
 * #7576: Users redirected with no confirmation, fail to note register success
 * #7687: Always redirect to referer after login
 * #7807: Show error into 'after-registration form'
 * extend and fix IPasswordStore API implementation for HttpAuthStore
 * improve error reporting for failures in password stores
 * fix a bunch of small typos in Python doc-strings and elsewhere
 * redirect anonymous GET '/verify_email', no more 'email already verified'
 * several fixes against infinite redirect loop conditions

 new features
 * #131: Add 'Remember Me' functionality
   adding a new 'persistent_sessions' option
 * #442: Email verification for new/changed addresses
 * #1902: Allow more granular permissions
 * #2282: Make default htpasswd hash type configurable
 * #3153: Easy option to disable email verification
 * #3726: Split admin pages in seperate components
 * #5299: Improvements to the email verification page
 * #7700: Allow user management without having TRAC_ADMIN permission
 * added support for chained password stores
 * added password change in the users admin page
 * extend username checks before registration
   adding a new 'username_char_blacklist' option

 backported - branch 0.10
 * #2327: Fix unicode support in htdigest password file store
 * #3200: Add and register user corrupts password file with no carriage return
 * #4125: Fix message wrapper for AccountModule and EmailVerificationModule
 * #4628: Fix SessionStore unicode errors htdigest hash method
 * #4830: NameError: global name 'sorted' is not defined on Python 2.3


acct_mgr-0.2.1 (28-May-2008) - branch 0.11
 new features
 * #147: Email notification of account related events


 ToDo: historic entries below are still incomplete - more work needed


acct_mgr-0.2 (10-Nov-2006) - new branch 0.11
 * add SessionStore for storing user passwords as a Trac session attribute


acct_mgr-0.1.3 (13-Nov-2006) branch 0.10
 new features
 * #173: Integrate login-related plugins
   by adding HttpAuthStore


acct_mgr-0.1.2 (10-Nov-2006) - new branch 0.10

acct_mgr-0.1.1 (10-Jan-2006) - new branch 0.9

acct_mgr-0.1 (20-Jul-2005) - initial release