CHANGES
=======

3.2.1
-----

* Sem-Ver: bugfix upgrade cryptography from using a version >= 2.0.3 < 2.1.0 to use a version >= 2.1.3 and < 2.2.0
* Sem-Ver: bugfix upgrade CacheControl from version 0.12.1 to 0.12.3 Signed-off-by: David Black <dblack@atlassian.com>

3.2.0
-----

* Update release notes for version 3.2.0 and update the AUTHORS file
* Cleanup responses from requires_asap
* Sem-Ver: bugfix Check authorization scheme in requires_asap and also send a WWW-Authenticate header where appropriate
* Sem-Ver: bugfix Clean up the django and flask requires_asap decorators by sharing their code
* Sem-Ver: bugfix HTTPSMultiRepositoryPublicKeyRetriever should raise PublicKeyRetrieverException and not KeyError when a key is not found
* Sem-Ver: bugfix Improvements to the readme file
* Sem-Ver: bugfix Make _seen_jti a ringbuffer and increase its capacity to 1000

3.1.0
-----

* Update release notes for version 3.1.0 and update the AUTHORS file
* Add release notes for version 3.1.0
* Add Django middleware to auth forwarded clients
* Sem-Ver: bugfix upgrade cryptography from using a version >= 1.8.1 < 1.9.0 to use a version >= 2.0.3 and < 2.1.0

3.0.1
-----

* Add release notes for version 3.0.1
* Sem-Ver: bugfix upgrade PyJWT from version 1.4.2 to use a version >= 1.5.2 but less than 2.0.0 

3.0.0
-----

* Add release notes for version 3.0.0
* Sem-Ver: feature Add a new HTTPSMultiRepositoryPublicKeyRetriever class which allows using multiple public key repositories. (#50)
* Sem-Ver: feature Add and use library specific exceptions instead of using ValueError
* Sem-Ver: api-break Add support for customising the value of the leeway used in the django and flask contrib code through the ASAP_VALID_LEEWAY setting & switch to a default leeway of 0 seconds

2.11.2
------

* Add release notes for version 2.11.2
* Sem-Ver: bugfix Fix the requires_asap decorator for python 3 by forcing the HTTP_AUTHORIZATION header into bytes before parsing it
* Add .mailmap to resolve some duplicate identities

2.11.1
------

* Add release notes for version 2.11.1 and update the AUTHORS file
* Sem-Ver: bugfix Fix the default value for the auth header used in the Django requires_asap decorator to work in Python 3
* Sem-Ver: bugfix Warn when an import error occurs when importing aiohttp so that the tests do not fail in python >= 3.5 when aiohttp is not installed

2.11.0
------

* Add release notes for version 2.11.0 and update the AUTHORS file
* Sem-Ver: feature Provide aiohttp support

2.10.2
------

* Add release notes for version 2.10.2
* Sem-Ver: bugfix Fix the decorator for Django (#38)

2.10.1
------

* Add release notes for version 2.10.1
* Sem-Ver: bugfix upgrade cryptography from using a version >= 1.5.0 < 1.6.0 to use a version >= 1.8.1 and < 1.9.0
* Sem-Ver: bugfix upgrade CacheControl from version 0.11.6 to 0.12.1

2.10.0
------

* Add release notes for version 2.10.0 and update the AUTHORS file
* Sem-Ver: feature support passing in additional claims to contrib.requests.JWTAuth

2.9.0
-----

* Add release notes for version 2.9.0 and update the AUTHORS file
* BBCDEV-4046 Add Django support (#35)

2.8.1
-----

* Add release notes for version 2.8.1
* Sem-Ver: bugfix upgrade cryptography from using a version >= 1.3.0 < 1.4.0 to use a version >= 1.5.0 and < 1.6.0

2.8.0
-----

* Add release notes for version 2.8.0
* Sem-Ver: feature Added ASAP_KEY_RETRIEVER_CLASS to simplify Flask testing(#32)
* Sem-Ver: bugfix HTTPSPublicKeyRetriever should raise a ValueError if the base_url is None. (#33)
* Sem-Ver: bugfix Fix an issue where Flask config values were not referenced properly

2.7.0
-----

* Add release notes for version 2.7.0
* Sem-Ver: feature add to contrib flask_app that provides a @requires_asap decorator and PyJWT to version 1.4.2
* Sem-Ver: bugfix upgrade PyJWT from version 1.4.0 to 1.4.1

2.6.0
-----

* Add release notes for version 2.6.0
* Sem-Ver: feature support passing through kwargs for the signer created in create_jwt_auth
* Test the JWTAuthSigner with a FilePrivateKeyRetriever with both RS256 and ES256. Also generate the test keys during testing
* Add tests to cover using the JWTAuth class using ES256 in addition to RS256
* Generate a universal wheel

2.5.2
-----

* Add release notes for version 2.5.2
* Sem-Ver: bugfix make the DataUriPrivateKeyRetriever able to be used with a signer to generate jwt
* Test that the DataUriPrivateKeyRetriever can be used with a signer to generate a jwt
* Sem-Ver: bugfix support content-type headers that contain parameters in addition to the media-type. Signed-off-by: David Black <dblack@atlassian.com>
* Add tests for the HTTPSPublicKeyRetriever class

2.5.1
-----

* Add release notes for version 2.5.1
* Sem-Ver: bugfix upgrade cryptography from using a version >= 1.2.2 < 1.3.0 to use a version >= 1.3.0 and < 1.4.0

2.5.0
-----

* Add release notes for version 2.5.0
* Tiny style fix up
* Add support for obtaining a key identifier and private key from a data uri. Sem-Ver: feature
* Standardise the PrivateKeyRepository classes and add docstring to the FilePrivateKeyRepository class
* Sem-Ver: bugfix upgrade CacheControl from version 0.11.5 to 0.11.6
* Sem-Ver: bugfix upgrade cryptography from version 1.2.2 to use a version >= 1.2.2 and < 1.3.0

2.4.0
-----

* Add release notes for version 2.4.0 and update the AUTHORS file
* Support providing additional_claims when generating a jwt. Sem-Ver: feature
* Update the location of the asap specification
* Rearranged the README and added badge for pypi

2.3.0
-----

* Add release notes for version 2.3.0 and update the AUTHORS file
* Added atlassian_jwt_auth.contrib.requests.JWTAuth
* Move test requirements out of setup.py and into test-requirements.txt
* Update pbr from version 1.0.1 to 1.8.1
* Explicitly configure travis to not need sudo
* Note in setup.cfg that python 3.5 is supported. Sem-Ver: feature
* Test with python 3.5 in ci. Sem-Ver: feature

2.2.0
-----

* Add release notes for 2.2.0
* Sem-Ver: bugfix upgrade cryptography from version 1.1.1 to 1.2.1
* Add the ability to accept JWT where the subject does not match the issuer

2.1.1
-----

* Release 2.1.1
* Sem-Ver: bugfix upgrade cryptography from version 1.1 to 1.1.1 
* Sem-Ver: bugfix use a version of requests >= 2.8.1 but less than 3.0.0. Signed-off-by: David Black <dblack@atlassian.com>
* Sem-Ver: bugfix upgrade cryptography from version 1.0.2 to 1.1 

2.1.0
-----

* Add release notes for 2.1.0
* Sem-Ver: feature to support leeway was added in the previous commit
* Pass leeway param through to jwt.decode
* Add release notes for 2.0.0

2.0.0
-----

* Update the changelog file
* Make use of new require_iat and require_exp options that PyJWT now accepts
* Sem-Ver: bugfix update the PyJWT dep from 1.3.0 to 1.4.0
* Sem-Ver: bugfix update the cryptography dep from 0.9.1 to 1.0.2
* Update the AUTHORS and the ChangeLog files
* Make the private key repository scanning actually work
* Clean up imports to follow google python style guides
* Support scanning for key file each time generate_jwt is called
* Sem-Ver: bugfix - update the build location information to reflect the build status of the master branch
* Update the ChangeLog
* Sem-Ver: bugfix - update the build location information
* Sem-Ver: bugfix - update the installation instructions
* release 1.0.8

1.0.8
-----

* add the generated pbr changelog file changes in
* Add authors file

1.0.7
-----

* Add CI build information to the readme file
* Merged in update_cryptography_from_0.9_to_0.9.1 (pull request #4)
* Merged in use_supported_jwt_api_to_get_header (pull request #3)
* Use the new pyjwt api to get an verified header instead of calling their internal API
* update cryptography from 0.9 to 0.9.1
* Use pbr for setup configuration
* Add a mostly-generated Changelog file

1.0.6
-----

* Release version 1.0.6
* Merged in update_dependencies_28_05_2015 (pull request #2)
* Update PyJWT from version 1.1.0 to 1.3.0
* Upgrade CacheControl from version 0.11.2 to 0.11.5
* Upgrade cryptography from 0.8.2 to 0.9

1.0.5
-----

* release 1.0.5
* Merged in add_caching_for_key_retriever (pull request #1)
* update requests from 2.6.0 to 2.7.0
* Add caching to public key retrieval requests via cachecontrol

1.0.4
-----

* specify the version in setup.py from __init__.py - which now contains a __version__ field

1.0.3
-----

* bump the version to 1.0.3
* rename the private _key field of the JWTAuthSigner class to _private_key_pem
* s/signed_claims/a_jwt/ in the test code
* http headers are case insensitive - so the content-type check should be done in a case insensitive fashion
* pass through requests_kwargs through to public_key_retriever.retrieve(...)
* extract the key_id obtaining code from the jwt header out into a function
* s/verify_claims/verify_jwt/
* s/get_signed_claims/generate_jwt/
* s/_get_claims/_generate_claims/
* rename the JWTAuthSigner 'key' parameter to 'private_key_pem'
* update the readme with example use of the package
* set the pep8 version to 1.6.2 in the travis-ci file
* Add a travis-ci yaml file

0.0.2
-----

* release 0.0.2
* s/assertNotEquals/assertNotEqual/
* add support for python 2.7.X
* README.md edited online with Bitbucket

0.0.1
-----

* Make HTTPSPublicKeyRetriever take in and pass through keyword arguments for the requests.get(.
* remove the unused get_new_rsa_private_key_in_pem_format import from test_verifier
* pep8 fix ups
* update the test_signer code to use the new mixins
* Update the test_verifier code
* s/get_new_private_key/get_new_private_key_in_pem_format/ in the mixin classes
* Add JWTAuthVerifierRSATest and JWTAuthVerifierECDSATest classes which used the new mixins. Also rename TestJWTAuthVerifier to BaseJWTAuthVerifierTest
* Add some jwt algorithm mixins
* Make the KeyIdentifier.key_id field a property
* pep8 fix up
* Add a test to check that an jwt with a jti that has already been used is rejected
* update the jti rejection message
* wording change
* minor change to test_verify_claims_with_jwt_lasting_gt_max_time
* Add a test to check that jwt with lifetimes longer than the allowed maximum by the specification are rejected
* add a test to cover when claims['iss'] != claims['sub']
* if a key identifier does not contain a / then check if the key_id is equal to the claims issuer in verify_claims
* add a test to cover that if key_identifier does not start with issuer then an error is raised in verify_claims
* remove the superfluous 'the' in the issuer does not own the supplied public key message
* re-factor the TestJWTAuthVerifier class
* use the utils.get_example_jwt_auth_signer method in test_signer
* Add get_example_jwt_auth_signer to tests/utils
* Add a test for the JWTAuthVerifier
* Add a get_public_key_pem_for_private_key_pem to tests/utils
* create the JWTAuthSigner instance in get_example_jwt_auth_signer with key as a non-keyword style argument
* s/jws/a_jwt/ in verify_claims
* restructure the tests
* Use nose for running tests
* Add a test for JWTAuthSigner.get_signed_claims
* Set test_suite in setup.py
* Add a test to check that the jti changes between _get_claims calls
* use the timestamp of now in the jti instead of the string representation of the datetime object
* Add some tests
* Extract and fix getting the time in signer.py
* Fix up some minor errors in signer.py
* remove the unused os import from setup.py
* '..' is not permitted in a key identifier
* validate_key_identifier should never of taken in 'self' it only needs a key identifier
* add a setup.py file
* Add completely untested code
* init
