Changelog
=========

1.3 (2010-02-24)

 - Fixed issue that prevented removing an additional authentication clause
   once it had been added.
   [davisagli]

 - Fixed issue with creating query for enumerating users when an additional
   authentication clause was configured.
   [davisagli]

1.2 (2010-01-25)

 - Add workaround for issue where the type of a user property returning a
   null value from Salesforce couldn't be guessed, resulting in breakage of
   the Plone user preferences page and other things that fetch the full
   property sheet.
   [davisagli]

1.1 (2009-12-17)

 - Zope 2.12 and Plone 4 are now supported.
   [davisagli]

 - Don't try to authenticate if the credentials don't contain a login and
   password (such as if they are from the session plugin). This avoids
   some spurious swallowed exceptions, and drastically reduces the need for
   turning CACHE_PASSWORDS on to avoid needless queries to Salesforce --
   although turning it on might still be a good idea if you're routinely
   logging in users from other sources alongside Salesforce.
   [davisagli]

1.1rc1 (2009-09-16)

 - In the case of a SoapFaultError when trying to connect to Salesforce,
   catch the exception, log a warning, and return None so that PAS tries
   the next plugin.  This makes it easier to recover after the password
   gets changed in Salesforce.
   [davisagli]

1.1b1 (2009-09-08)

 - Updated query calls to use a full SOQL statement.
   [davisagli]

 - _buildAuthenticationQuery now returns a full SOQL statement rather than
   the old set of 3 parameters that used to be expected by
   salesforcebaseconnector's query method.
   [davisagli]

 - Updated version spec for dependency on beatbox.
   [davisagli]

1.0b2

 - Critical fix for security vulnerability when using 
   collective.salesforce.authplugin with configuration constant 
   CACHE_PASSWORDS enabled. The view stored within the 
   SalesforceAuthPluginCache RAM Cache Manager as 
   authenticateCredentials-username doesn't include a hash of the user's 
   password thereby allowing others to log into the portal with a correct 
   username, but incorrect password after a successful login has been 
   accomplished with the correct credentials for the length of the cache 
   period. Though CACHE_PASSWORDS is disabled by default, most users are 
   likely to have enabled this option in attempt to either improve performance 
   or save Salesforce.com API requests.  Users of versions prior to 1.0b2 with 
   CACHE_PASSWORDS enabled are encouraged to upgrade immediately!
   [andrewb, thanks to Quintagroup for discovery and patch]
 
 - Stop using trademarked Salesforce.com icon. [davisagli]

 - More gracefully handle Plone's default sharing tab which searches for 
   similarities to a given query within id, login, and fullname. The latter 
   was leading to erroneous results and often completely exceeding the timeout
   period for XHR calls from the form itself. The workaround is to inspect the
   search parameters for fullname and if not mapped within the
   'authentication' or 'properties' treat the search query as a login so the 
   search doesn't timeout and lose other valid results. [jessesnyder]
 
 - User Enumeration accounts for Additional Condition Clause, which was 
   previously supported in authentication, but various search forms would 
   return ineligible users per the site's configuration. [andrewb]

1.0b1

 - Initial release of egg-based Salesforce Auth Plugin product with 
   significant historical influence from various other proof of concept 
   implementations. [Thanks to Salesforce.com Foundation, Enfold Systems, 
   ONE/Northwest, NPower Seattle, Web Collective, The Plone/Salesforce 
   Integration crew (http://groups.google.com/group/plonesf)]
