URL routing test that fails currently.

CHANGES

@@ -1,6 +1,28 @@
 Werkzeug Changelog
 ==================
 
+Version 0.9
+-----------
+
+Release date to be decided, codename to be chosen.
+
+- Added support for :meth:`~werkzeug.wsgi.LimitedStream.tell`
+  on the limited stream.
+- :class:`~werkzeug.datastructures.ETags` now is nonzero if it
+  contains at least one etag of any kind, including weak ones.
+- Added a workaround for a bug in the stdlib for SSL servers.
+- Improved SSL interface of the devserver so that it can generate
+  certificates easily and load them from files.
+- Refactored test client to invoke the open method on the class
+  for redirects.  This makes subclassing more powerful.
+- :func:`werkzeug.wsgi.make_chunk_iter` and
+  :func:`werkzeug.wsgi.make_line_iter` now support processing of
+  iterators and streams.
+- URL generation by the routing system now no longer quotes
+  ``+``.
+- The :func:`werkzeug.security.generate_password_hash` and
+  check functions now support any of the hashlib algorithms.
+
 Version 0.8.4
 -------------
 

docs/installation.rst

@@ -91,9 +91,8 @@ even in your package manager.  If you use Ubuntu, try::
     $ sudo apt-get install python-virtualenv
 
 If you are on Windows and don't have the `easy_install` command, you must
-install it first.  Check the :ref:`windows-easy-install` section for more
-information about how to do that.  Once you have it installed, run the
-same commands as above, but without the `sudo` prefix.
+install it first.  Once you have it installed, run the same commands as
+above, but without the `sudo` prefix.
 
 Once you have virtualenv installed, just fire up a shell and create
 your own environment.  I usually create a project folder and an `env`

docs/quickstart.rst

@@ -184,7 +184,7 @@ True
 >>> 'utf-8' in request.accept_charsets
 True
 
-Normalization is available, so you can savely use alternative forms
+Normalization is available, so you can safely use alternative forms
 to perform containment checking:
 
 >>> 'UTF8' in request.accept_charsets
@@ -224,15 +224,15 @@ So imagine your standard WSGI "Hello World" application::
         start_response('200 OK', [('Content-Type', 'text/plain')])
         return ['Hello World!']
 
-With request objects it would look like this::
+With response objects it would look like this::
 
     from werkzeug.wrappers import Response
 
     def application(environ, start_response):
         response = Response('Hello World!')
         return response(environ, start_response)
 
-Also unlike request objects response objects are designed to be modified.
+Also, unlike request objects, response objects are designed to be modified.
 So here is what you can do with them:
 
 >>> from werkzeug.wrappers import Response

docs/serving.rst

@@ -26,6 +26,8 @@ additional files (like configuration files) you want to observe.
 
 .. autofunction:: run_simple
 
+.. autofunction:: make_ssl_devcert
+
 .. admonition:: Information
 
    The development server is not intended to be used on production systems.
@@ -118,24 +120,61 @@ is provided it will be used.  That means a server can either run in HTTP
 or HTTPS mode, but not both.  This feature requires the Python OpenSSL
 library.
 
-The easiest way to enable SSL is to start the server in adhoc-mode.  In
-that case Werkzeug will generate an SSL certificate for you::
+Quickstart
+``````````
+
+The easiest way to do SSL based development with Werkzeug is by using it
+to generate an SSL certificate and private key and storing that somewhere
+and to then put it there.  For the certificate you need to provide the
+name of your server on generation or a `CN`.
+
+1.  Generate an SSL key and store it somewhere:
+
+    >>> from werkzeug.serving import make_ssl_devcert
+    >>> make_ssl_devcert('/path/to/the/key', host='localhost')
+    ('/path/to/the/key.crt', '/path/to/the/key.key')
+
+2.  Now this tuple can be passed as ``ssl_context`` to the
+    :func:`run_simple` method:
 
     run_simple('localhost', 4000, application,
-               ssl_context='adhoc')
+               ssl_context=('/path/to/the/key.crt',
+                            '/path/to/the/key.key'))
 
-The downside of this of course is that you will have to acknowledge the
-certificate each time the server is reloaded.  You can generate a
-certificate and key in advance and provide the SSL context when the server
-is started::
+You will have to acknowledge the certificate in your browser once then.
+
+Loading Contexts by Hand
+````````````````````````
+
+Instead of using a tuple as ``ssl_context`` you can also create the
+context programmatically.  This way you have better control over it::
 
     from OpenSSL import SSL
     ctx = SSL.Context(SSL.SSLv23_METHOD)
     ctx.use_privatekey_file('ssl.key')
     ctx.use_certificate_file('ssl.cert')
     run_simple('localhost', 4000, application, ssl_context=ctx)
 
-A key and certificate can be created in advance using the openssl tool::
+Generating Certificates
+```````````````````````
+
+A key and certificate can be created in advance using the openssl tool
+instead of the :func:`make_ssl_devcert`.  This requires that you have
+the `openssl` command installed on your system::
 
     $ openssl genrsa 1024 > ssl.key
     $ openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.cert
+
+Adhoc Certificates
+``````````````````
+
+The easiest way to enable SSL is to start the server in adhoc-mode.  In
+that case Werkzeug will generate an SSL certificate for you::
+
+    run_simple('localhost', 4000, application,
+               ssl_context='adhoc')
+
+The downside of this of course is that you will have to acknowledge the
+certificate each time the server is reloaded.  Adhoc certificates are
+discouraged because modern browsers do a bad job at supporting them for
+security reasons.

docs/tutorial.rst

@@ -119,8 +119,8 @@ Step 2: The Base Structure
 
 Now let's get right into and create a module for our application.  Let's
 create a file called `shortly.py` in the `shortly` folder.  At first we
-will need a bunch of imports.  I will pull in here all the imports, even
-if they are not used right away to keep it from being confusing::
+will need a bunch of imports.  I will pull in all the imports here, even
+if they are not used right away, to keep it from being confusing::
 
     import os
     import redis

docs/wrappers.rst

@@ -97,8 +97,6 @@ are available by mixing in various mixin classes or using :class:`Request` and
 
    .. automethod:: _get_file_stream
 
-   .. automethod:: _form_parsing_failed
-
 
 .. autoclass:: BaseResponse
    :members:

setup.py

@@ -61,7 +61,7 @@
 
 setup(
     name='Werkzeug',
-    version='0.8.4-dev',
+    version='0.9-dev',
     url='http://werkzeug.pocoo.org/',
     license='BSD',
     author='Armin Ronacher',

werkzeug/__init__.py

@@ -19,7 +19,7 @@
 
 
 # the version.  Usually set automatically by a script.
-__version__ = '0.8.4-dev'
+__version__ = '0.9-dev'
 
 
 # This import magic raises concerns quite often which is why the implementation

werkzeug/contrib/atom.py

@@ -239,11 +239,11 @@ class FeedEntry(object):
                not present the URL is used, but one of both is required.
     :param updated: the time the entry was modified the last time.  Must
                     be a :class:`datetime.datetime` object. Required.
-    :param author: the author of the feed.  Must be either a string (the
+    :param author: the author of the entry.  Must be either a string (the
                    name) or a dict with name (required) and uri or
                    email (both optional).  Can be a list of (may be
                    mixed, too) strings and dicts, too, if there are
-                   multiple authors. Required if not every entry has an
+                   multiple authors. Required if the feed does not have an
                    author element.
     :param published: the time the entry was initially published.  Must
                       be a :class:`datetime.datetime` object.
@@ -254,6 +254,8 @@ class FeedEntry(object):
     :param links: additional links.  Must be a list of dictionaries with
                   href (required) and rel, type, hreflang, title, length
                   (all optional)
+    :param categories: categories for the entry. Must be a list of dictionaries
+                       with term (required), scheme and label (all optional)
     :param xml_base: The xml base (url) for this feed item.  If not provided
                      it will default to the item url.
 
@@ -273,10 +275,11 @@ def __init__(self, title=None, content=None, feed_url=None, **kwargs):
         self.updated = kwargs.get('updated')
         self.summary = kwargs.get('summary')
         self.summary_type = kwargs.get('summary_type', 'html')
-        self.author = kwargs.get('author')
+        self.author = kwargs.get('author', ())
         self.published = kwargs.get('published')
         self.rights = kwargs.get('rights')
         self.links = kwargs.get('links', [])
+        self.categories = kwargs.get('categories', [])
         self.xml_base = kwargs.get('xml_base', feed_url)
 
         if not hasattr(self.author, '__iter__') \
@@ -324,6 +327,9 @@ def generate(self):
         for link in self.links:
             yield u'  <link %s/>\n' % ''.join('%s="%s" ' % \
                 (k, escape(link[k], True)) for k in link)
+        for category in self.categories:
+            yield u'  <category %s/>\n' % ''.join('%s="%s" ' % \
+                (k, escape(category[k], True)) for k in category)
         if self.summary:
             yield u'  ' + _make_text_block('summary', self.summary,
                                            self.summary_type)

werkzeug/contrib/securecookie.py

@@ -88,7 +88,6 @@ def application(environ, start_response):
     :copyright: (c) 2011 by the Werkzeug Team, see AUTHORS for more details.
     :license: BSD, see LICENSE for more details.
 """
-import sys
 import cPickle as pickle
 from hmac import new as hmac
 from time import time
@@ -98,21 +97,7 @@ def application(environ, start_response):
 from werkzeug.security import safe_str_cmp
 
 
-# rather ugly way to import the correct hash method.  Because
-# hmac either accepts modules with a new method (sha, md5 etc.)
-# or a hashlib factory function we have to figure out what to
-# pass to it.  If we have 2.5 or higher (so not 2.4 with a
-# custom hashlib) we import from hashlib and fail if it does
-# not exist (have seen that in old OS X versions).
-# in all other cases the now deprecated sha module is used.
-_default_hash = None
-if sys.version_info >= (2, 5):
-    try:
-        from hashlib import sha1 as _default_hash
-    except ImportError:
-        pass
-if _default_hash is None:
-    import sha as _default_hash
+from hashlib import sha1 as _default_hash
 
 
 class UnquoteError(Exception):

werkzeug/contrib/sessions.py

@@ -58,10 +58,7 @@ def application(environ, start_response):
 from os import path
 from time import time
 from random import random
-try:
-    from hashlib import sha1
-except ImportError:
-    from sha import new as sha1
+from hashlib import sha1
 from cPickle import dump, load, HIGHEST_PROTOCOL
 
 from werkzeug.datastructures import CallbackDict

werkzeug/datastructures.py

@@ -2079,7 +2079,7 @@ def __call__(self, etag=None, data=None, include_weak=False):
         return etag in self._strong
 
     def __nonzero__(self):
-        return bool(self.star_tag or self._strong)
+        return bool(self.star_tag or self._strong or self._weak)
 
     def __str__(self):
         return self.to_header()

werkzeug/debug/console.py

@@ -86,6 +86,7 @@ def displayhook(obj):
         # stream._write bypasses escaping as debug_repr is
         # already generating HTML for us.
         if obj is not None:
+            _local._current_ipy.locals['_'] = obj
             stream._write(debug_repr(obj))
     displayhook = staticmethod(displayhook)
 
@@ -201,6 +202,7 @@ def __init__(self, globals=None, locals=None):
         self._ipy = _InteractiveConsole(globals, locals)
 
     def eval(self, code):
+        _local._current_ipy = self._ipy
         old_sys_stdout = sys.stdout
         try:
             return self._ipy.runsource(code)

werkzeug/formparser.py

@@ -103,7 +103,7 @@ def wrapper(self, stream, *args, **kwargs):
 
 class FormDataParser(object):
     """This class implements parsing of form data for Werkzeug.  By itself
-    it can parse multipart and url encoded form data.  It can be subclasses
+    it can parse multipart and url encoded form data.  It can be subclassed
     and extended but for most mimetypes it is a better idea to use the
     untouched stream and expose it as separate attributes on a request
     object.
@@ -235,11 +235,10 @@ def _line_parse(line):
 
 def parse_multipart_headers(iterable):
     """Parses multipart headers from an iterable that yields lines (including
-    the trailing newline symbol.  The iterable has to be newline terminated:
+    the trailing newline symbol).  The iterable has to be newline terminated.
 
-    >>> parse_multipart_headers(['Foo: Bar\r\n', 'Test: Blub\r\n',
-    ...                          '\r\n', 'More data'])
-    Headers([('Foo', 'Bar'), ('Test', 'Blub')])
+    The iterable will stop at the line where the headers ended so it can be
+    further consumed.
 
     :param iterable: iterable of strings that are newline terminated
     """
@@ -264,7 +263,6 @@ def parse_multipart_headers(iterable):
 
 
 class MultiPartParser(object):
-
     def __init__(self, stream_factory=None, charset='utf-8', errors='replace',
                  max_form_memory_size=None, cls=None, buffer_size=10 * 1024):
         self.stream_factory = stream_factory
@@ -348,8 +346,8 @@ def validate_boundary(self, boundary):
         if len(boundary) > self.buffer_size: # pragma: no cover
             # this should never happen because we check for a minimum size
             # of 1024 and boundaries may not be longer than 200.  The only
-            # situation when this happen is for non debug builds where
-            # the assert i skipped.
+            # situation when this happens is for non debug builds where
+            # the assert is skipped.
             self.fail('Boundary longer than buffer size')
 
     def parse(self, file, boundary, content_length):

werkzeug/http.py

@@ -216,8 +216,8 @@ def parse_options_header(value):
     """Parse a ``Content-Type`` like header into a tuple with the content
     type and the options:
 
-    >>> parse_options_header('Content-Type: text/html; mimetype=text/html')
-    ('Content-Type:', {'mimetype': 'text/html'})
+    >>> parse_options_header('text/html; charset=utf8')
+    ('text/html', {'charset': 'utf8'})
 
     This should not be used to parse ``Cache-Control`` like headers that use
     a slightly different format.  For these headers use the