• full python3 compatibility, since velruse migrated to py3 enabled requests-oauth

-require velruse 1.1.1 - run tests with sqlalchemy 1.0.x - small updates to conform with new linters versions embedded in pylama


  • fixed spelling for error message when user does not exist while trying to reset password.
  • require pyramid_basemodel at least version 0.3


  • python 3 compatibility (without oauth2 though)
  • cleared use of deprecated function in favour of pyramid.request.Request.authenticated_userid attribute.
  • make email fields case insensitive by using hybrid properties and CaseInsensitive comparator for model.


  • Fix issue where groupfined was returning empty list instead of None when user did not existed


  • catch all HTTPRedirect instead of just HTTPFound.
  • redirect with HTTPSeeOther instead of HTTPFound where applicable.


  • fixes to include yaml files - fixes #33.



  • configure root factory if it hasn’t been already done
  • configure session factory only if it hasn’t been configured before
  • configure authorization policy only if it hasn’t been configured before
  • configure authentication policy only if it hasn’t been configured before
  • logged in user will be redirected always away from login page
  • views reorganisation - grouping by their function
  • replaced force_logout decorator with logout request method
  • small login view simplification


  • rewritten tests to use pytest_pyramid

  • unified session with pyramid_basemodel’s

  • parametrize tests against two most recent pyramid versions and sqlalchemy

  • turned on pylama to check code with linters:
    • pep8
    • pep257
    • pyflakes
    • mccabe
  • add pytest-dbfixtures, and run tests against postgresql and mysql as well

  • drop python 2.6 from tests

  • 100% test coverage


  • weaker pyramid_yml requirements. Use registry['config'] instead of request.config which gets added only when explicitly including tzf.pyramid_yml package.
  • remove default_config with permission set for forbidden views. Throwning errors in pyramid 1.5a3
  • remove lazy=’load’ for relationship between AuthenticationProvider and User models as it was incorrect. Fixes error while using with sqlalchemy 0.9


  • copy all headers when login user. fixes issue, when headers set in AfterLogin event would not get passed


  • fixed csrf_check in password:reset:continue action
  • updated translation files


  • migrated tests to py.test

  • removed nose and lxml from test requirements

  • extracted UserEmailMixin from User model

  • validation exception improvements

  • set licensing to MIT License

  • fixed general error message for register_POST processing

  • activate action no longer gives 404 error after first use. Default is message about token being invalid or used [veronicazgirvaci]

  • extending csrf_check predicate:
    • Can be turned on/off in settings.
    • Failed check rises 401 Unauthorised error

Backwards Incompatibilities

  • token variable is changed into csrf_token in fullatuh views
  • view no longer returns error messages on failed csrf token. Rises 401 Unauthorised error instead.


  • add localize to requirements. Ability to translate registerlogin communicates
  • ability to set custom session factory [with Veronica Zgirvaci help]
  • moved password validation to one place