ZORDRAK / RT-Authen-ExternalAuth-0.05 / ChangeLog 
v0.05    2008-04-09    Mike Peachey <zordrak@cpan.org>

    * lib/RT/Authen/User_Vendor.pm

        Typo on line 962. s/servicen/service/

    * html/Callbacks/ExternalAuth/autohandler/Auth

        Deprecated $user_autocreated. It was being used to prevent a call
        to RT::User::UpdateFromExternal in User_Vendor.pm because it was
        deemed an unecessary expense to set the user's info and then look
        it up again straight after. However, I have since realised that
        UpdateFromExternal is the only code doing a check to see if the
        user has been disabled in the external source and so bypassing
        it when users are created allows new users to log in once even
        if they have not been "enabled". 

        I will be doing a small rewrite of this code in the future to
        abstract the External disable-lookup code from UpdateFromExternal
        and perhaps remove the function altogether, but for now everything
        will work fine.

    * ChangeLog

        I did it again. I added a / on the front of the path to 
        ExternalAuth.pm. What a plonker!

    * lib/RT/Authen/ExternalAuth.pm

        Version updated to 0.05

v0.04    2008-04-03    Mike Peachey <zordrak@cpan.org>

    * etc/RT_SiteConfig.pm
        
        The example LDAP ExternalSettings configuration did not contain
        example values for user and pass for RT's connection to an LDAP
        server. These have now been added.

        Thanks to Andrew Fay <andrew.fay@hotmail.com> for noticing this one.

    * ChangeLog

        Removed a "/" from the start of the ExternalAuth.pm file line in 0.03

    * lib/RT/Authen/ExternalAuth.pm

        Version updated to 0.04

v0.03    2008-03-31    Mike Peachey <zordrak@cpan.org>

    * html/Callbacks/ExternalAuth/autohandler/Auth 

        Bug found on lines 94-100.

        The ELSE block starting on line 95 was assigned to the IF starting
        on 85 instead of the IF block starting on line 86. This meant that
        if the user entered at the login screen exists no password would
        be checked.

        It was doing this:

        If session has current user who has an ID
            If password has already been validated
                SUCCESS
            Else
                Return to autohandler with valid session & implicit auth
        Else delete session

    
        This has now been corrected to this:

        If session has current user who has an ID
            If password has already been validated
                SUCCESS
            Else
                Delete session
        Else return to autohandler with whatever we had before the block

    * lib/RT/Authen/ExternalAuth.pm

        Version updated to 0.03

v0.02    2008-03-17    Mike Peachey <zordrak@cpan.org>

    * lib/RT/User_Vendor.pm

        Bug #1 found on line 446. 

        CanonicalizeUserInfo was being called directly, instead of being 
        called on the $self user object.
        
        This was causing CanonicalizeUserInfo to shift the e-mail address 
        it was passed into the $self var instead of the $email var. It was
        therefore returning a blank e-mail address regardless of the input.

    * lib/RT/User_Vendor.pm

        Header comments altered to reflect that the file is part of the
        RT::Authen::ExternalAuth extension.

    * /lib/RT/Authen/ExternalAuth.pm

        Version updated to 0.02

v0.01    2008-03-13    Mike Peachey <zordrak@cpan.org>

    * Initial Release