Add the 'pyramid-auth-secret' option to all-in-one.conf

Add the 'pyramid-session-secret' option to all-in-one.conf This value is used by pyramid_cubicweb to initialize the cookie factory.

Add a CWSession entity. It is a subset of the CWSession that will be added to cubicweb in a future version. Closes #4317363

Implements the 'pyramid' command. It load an instance config, and load in the pyramid scaffolding provided by pyramid_cubicweb. The application is then served by a waitress server. Closes #4317312

Project structure

Merge with pyramid-cubicweb The following tasks have been done: - merge packaging files - merge documentation - move pyramid_cubicweb package at cubicweb/pyramid and update imports accordingly - rename tests directory into test - move pyramid-cubicweb README.rst into README.pyramid.rst until better idea - add a test dependency on unreleased cubicweb-pyramid to have both py27 and py34 tests pass Closes #14023058.

Port to Python3 (closes #14159555) Add py34 environments to tox configuration (only for CubicWeb >= 3.23). And depend on hg version of cubicweb-pyramid since it is not currently Python3-compatible.

Use opened connections as much as possible instead of opening a new internal connection to set the session cookie or retrieve the session data, which may exhaust the connection pools.

Test and fix status code and content of the login form on authentication error The status code was 200 and is now fixed to 403, but the content part of the test will fail until cset 02328f8cbd5c is integrated in cubicweb.

Added tag 0.7.0, debian/0.7.0-1, centos/0.7.0-1 for changeset 0cf2972d2011

[pkg] Version 0.7.0

retrieve session data in a single query instead of two (one for the session object, the other for its cwsessiondata attribute).

[tox] Update CubicWeb version targets * In -release, no need to specify cubicweb dependency, its pulled by setup.py. * Use 3.22 as -compat. * Point to "default" branch for -dev. Also remove test directory from posargs.

wsgi: clearer exception when CW_INSTANCE is missing instance_name is mandatory for cwcfg.config_for() Raise with a KeyError: 'CW_INSTANCE' instead of hard to read exception.

typo

[doc] update a bit the documentation Also convert the README in rst (so it can be properly displayed on cubicweb.org).

split collecting setting before using them, so the function can be reused when inserting WSGI middlewares

[bwcompat] log execption even when cubicweb.bwcompat.errorhandler = True (closes #13421901)

[pkg] add spec file

Added tag 0.6.1, debian/0.6.1-1 for changeset 2621daafa10c

[pkg] 0.6.1

[bwcompat] send 403 on authentication errors (closes #12219849) 200 is just wrong.

[bwcompat] set response headers on AuthenticationError (closes #12219860) Turns out sending a response without a Content-Type header (among others) is suboptimal. 5b36399b6b21 was not good enough.

Added tag 0.6.0, debian/0.6.0-1 for changeset 94d1a024b3bf

[pkg] 0.6.0

[tests] add a __main__ handler the relative import in test_rest_api.py needs to be modified to prevent a ValueError: Attempted relative import in non-package

[pkg] add a requirements-test.txt file for test dependencies on WebTest and cubicweb-pyramid

[login] fix the redirect url after login (closes #11689118) redirecting to '/' by default after login doesn't work properly when a prefix is used, whether we're sitting behind a PrefixMiddleware or not. To fix this, rely on cubicweb's build_url to turn any relative path into an absolute url.

keep track of all traceback in error handling, not just the exception message (closes #11689093)

[bwcompat] also set response headers in error cases I had this sitting around in my local copy, I don't remember why I needed this but it seems correct.

[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) Introduce a new config entry (in pyramid.ini) for this (cubicweb.session.secret) to replace the (now deprecated) pyramid-session-secret (in all-in-one.conf). So we have now 3 secrets to configure: - cubicweb.session.secret: to encrypt session's data ID stored in a cookie, - cubicweb.auth.authtkt.session.secret: to encrypt auth cookie - cubicweb.auth.authtkt.persistent.secret: to encrypt persistent session auth cookie

Document how to configure the "secure" flag for authentication policies Closes #11376233.

[tox] Let posargs override py.test args

[tox] Use py.test Rename test view so that py.test does not consider it as a test function.

Add a tox configuration

Register predicates from the predicates module

[refactoring] Move MatchIsETypePredicate to a separate module

[refactoring] Move EntityResource and ETypeResource to a separate module

use CubicWeb request to execute RQL rset should be retrieved with cw_request, as it's then bound to it and propagate to all entities created from this rset (._cw). From there it may reach code expecting a request, not a connection (view, selector, etc).

[views] Rename entities to rest_api

[routes] Add a 'cwentities' route with traversal The route uses a factory that produces ETypeResource and EntityResource as a context. A 'delete' view serve as a test and demonstration. The module being experimental, it has to be explicitely included.

Added tag 0.5.0, debian/0.5.0-1 for changeset 61f69ac2d6bc

[pkg] 0.5.0

[auth] Authtkt http_only and secure by default The test suite is now full 'https'. Closes #4731765

[auth] Make the configuration cookies completely configurable Also transfert the secret setting from all-in-one.conf to pyramid.ini, with backward compatibility. Closes #5999625

Added tag 0.4.1, debian/0.4.1-1 for changeset 398b2c840e14

[pkg] 0.4.1

[core] Adjust cw<3.21 compatibility Most of cubibweb < 3.21 expects a ClientConnection as the main connection. Related to #5731814 Closes #5878592

[bwcompat] Make the error handler optional Closes #5739625

[doc] Document embedding in a pyramid app

[config] Move most config code to a includeme() The goal is to make it easier to use pyramid_cubicweb from a pyramid application.

[doc] Anonymous access is not mandatory anymore

Added tag 0.4.0, debian/0.4.0-1 for changeset 897a149e8208

[pkg] add debian/watch

[pkg] 0.4.0

[pkg] add python-pyramid-multiauth dependency to debian package Closes #5576182

[core] adjust cnx handling for cubicweb 3.21 Closes #5731814

set httponly on session cookie

[bwcompat] use cubicweb error views (closes #4545130)

Added tag 0.3.1, debian/0.3.1-1 for changeset 6df91cb85ecc

[pkg] 0.3.1

Handle absence of anonymous user Set cw_session and then cw_cnx request attributes to None in case anonymous connection is not allowed (i.e. no "anon" user in config). Then catch AuthenticationError in CubicWebPyramidHandler and return the 'login' view. Closes #4751862.

[debian] Add python-wsgicors dependency as it is now available

Update Changes for version 0.3.0

Added tag pyramid-cubicweb-version-0.3.0, pyramid-cubicweb-debian-version-0.3.0-1 for changeset a80e076d3f42

Fix debugtoolbar pkg name

Set version 0.3.0

[doc] update changes list

Rollback 'uncommitable' cnx Closes #5343870

[debug] The debug mode now set pyramid.reload_templates

Use pyramid flash queue for messages Use a 'cubicweb' flash queue and make sure it contains only one message so that the behavior is the same as cubicweb. Also, the 'message' property now returns both the cubicweb flash queue and the default flash queue. One big difference with the former behaviour is that messages set with set_message will survive a redirection, making set_redirect_message useless in most case. Closes #5298654

[doc] Document the new authentication stack

Allow tests to override pyramid_settings Closes #5307426

Make debug mode usable without pyramid_debugtoolbar Add the latter in Debian recommends along the way. Closes #5310434.

[auth] Use a second authtkt policy for 'rememberme' The former solution was buggy because the expire time of the auth cookie, if set through 'remember', was lost on the first cookie reissuing. The new approach, make possible thanks to multiauth, use two different cookies. One for session bounded authentication (no 'rememberme'), and one for long lasting authentication (w 'rememberme'). The choice between the two of them is done by adding a 'persistent' argument to the top-level 'security.remember' call. Passing this argument will inhibate a policy or the other. The two policies are (a little) configurable through the 'cubicweb.auth.authtkt.[session|persistent].*' variables. Related to #4985962

[auth] Use pyramid_multiauth It makes it easier to finely tune what parts of the default authentication stack we want to use or not. It also makes it possible for any cube to add its own policy in addition to the others. Related to #4985962

[auth] remove dead code (closes #5230746)

[login] Test the login views

Fix project homepage url

Replace the '_' with '-' in the package name The change was made manually on pypi (see https://sourceforge.net/p/pypi/support-requests/459/)

On exceptions from CW, copy headers Closes #4939219

[doc] fix pyramid-auth-secret conf sample

[doc] Update change list

[core] Protect session data from unwanted loading. Use specialised Session and Connection types that forward their 'data' and 'session_data' attributes to the pyramid request.session attribute. This forwarding is done with properties, instead of copying a reference, which allow to access request.session (and the session factory) if and only if Session.data or Connection.session_data is accessed. In some cases, most notably the static resources requests, it can mean no access the session during the request handling, which saves a request to the session persistence layer. Closes #4891437

[core] Use tools.cached_user_build for better performances Closes #4870347

[doc] Document tools Related to #4870347

[tools] Provide a faster build_user The main trick is to use a cache of user entities. To do so, a few tools are needed since the entities are not supposed to be copied around between connexions. Related to #4870347

Added tag pyramid_cubicweb-version-0.2.1, pyramid_cubicweb-debian-version-0.2.1-1 for changeset 1ae61c25299a

Prepare version 0.2.1

[cors] Fix 'headers' and 'methods' parameters Closes #4849874

Fix the 0.2.0 release date

Change project url

Added tag pyramid_cubicweb-version-0.2.0, pyramid_cubicweb-debian-version-0.2.0-1 for changeset cd8308245d20

set debian version

Prepare version 0.2.0

Document the changes

Fix configuration loading when 'cubicweb.includes' is not set Closes #4849314

pep8

Provides requirements for rtd Related to #4849313

Initial documentation. Closes #4849313

Remove dead code

[profile] Add a profiling tool

[config] Read pyramid settings in a 'pyramid.ini' file If a 'pyramid-debug.ini' file is present, it will be used instead when debugmode is on. Closes #4811298

Move auth-related configuration to a dedicated module.

Fix cors 'origin' parameter passing Closes #4783343

[auth] Fix the config option name in the warning message

session -> cnx

Added tag pyramid_cubicweb-debian-version-0.1.3-1, pyramid_cubicweb-version-0.1.3 for changeset 0a7769e583c2

Set version 0.1.3

Cookie 'max_age' must be a integer, not a string. If not, the value is used verbatim for the 'expires' of the cookie, which is invalid. Closes #4731764.

Added tag pyramid_cubicweb-version-0.1.2, pyramid_cubicweb-debian-version-0.1.2-1 for changeset 5eb4e27e9998

Update debian changelog