Christophe de Vienne <christophe@unlish.com> [Thu, 23 Oct 2014 16:38:28 +0200] rev 11642
Prepare release
Christophe de Vienne <christophe@unlish.com> [Fri, 19 Sep 2014 19:55:33 +0200] rev 11641
Add a --no-daemon option
Christophe de Vienne <christophe@unlish.com> [Fri, 19 Sep 2014 19:20:35 +0200] rev 11640
Use 'wsgicors' for CORS handling.
The CW CORS handling (in web/cors.py) is only able to work on cubicweb requests.
When a request is not handled by bwcompat, we need a proper solution.
The `wsgicors` library provides what we need as a wsgi middleware.
Denis Laxalde <denis.laxalde@logilab.fr> [Fri, 19 Sep 2014 18:23:57 +0200] rev 11639
Watch for i18n files changes for auto-reload
Christophe de Vienne <christophe@unlish.com> [Fri, 19 Sep 2014 11:44:13 +0200] rev 11638
Auto-reload now survives failed reload
When the server stops within the reloader and let a list of files that were
monitored, the reloader waits for any of these files to change and re-attempt
to start the server.
This work well when a syntax error is saved to a file: there is no need to
restart manually the server anymore.
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 22:33:04 +0200] rev 11637
Implements auto-reload and daemon mode.
Heavily inspired by pyramid pserve, with pieces of code taken from it.
auto-reload
Start the server in a subprocess that auto-stops when a file is modified,
and exit with a specific code.
daemon mode
Uses some code from pserve, but use the cw configuratione so the command
is compatible with 'status' and 'stop' commands.
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 12:03:25 +0200] rev 11636
Add the 'pyramid-auth-secret' option to all-in-one.conf
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 11:17:57 +0200] rev 11635
Add the 'pyramid-session-secret' option to all-in-one.conf
This value is used by pyramid_cubicweb to initialize the cookie factory.
Christophe de Vienne <christophe@unlish.com> [Fri, 05 Sep 2014 18:48:33 +0200] rev 11634
Add a CWSession entity.
It is a subset of the CWSession that will be added to cubicweb in a future version.
Closes #4317363
Christophe de Vienne <christophe@unlish.com> [Fri, 05 Sep 2014 12:38:13 +0200] rev 11633
Implements the 'pyramid' command.
It load an instance config, and load in the pyramid scaffolding provided by pyramid_cubicweb.
The application is then served by a waitress server.
Closes #4317312
Christophe de Vienne <christophe@unlish.com> [Fri, 05 Sep 2014 12:32:03 +0200] rev 11632
Project structure
Yann Voté <yann.vote@logilab.fr> [Mon, 26 Sep 2016 14:52:12 +0200] rev 11631
Merge with pyramid-cubicweb
The following tasks have been done:
- merge packaging files
- merge documentation
- move pyramid_cubicweb package at cubicweb/pyramid and update imports
accordingly
- rename tests directory into test
- move pyramid-cubicweb README.rst into README.pyramid.rst until better idea
- add a test dependency on unreleased cubicweb-pyramid to have both py27 and
py34 tests pass
Closes #14023058.
Denis Laxalde <denis.laxalde@logilab.fr> [Thu, 07 Jul 2016 14:30:32 +0200] rev 11630
Port to Python3 (closes #14159555)
Add py34 environments to tox configuration (only for CubicWeb >= 3.23).
And depend on hg version of cubicweb-pyramid since it is not currently
Python3-compatible.
Sylvain Thénault <sylvain.thenault@logilab.fr> [Tue, 28 Jun 2016 11:03:20 +0200] rev 11629
Use opened connections as much as possible
instead of opening a new internal connection to set the session cookie or
retrieve the session data, which may exhaust the connection pools.
Sylvain Thénault <sylvain.thenault@logilab.fr> [Wed, 01 Jun 2016 17:27:29 +0200] rev 11628
Test and fix status code and content of the login form on authentication error
The status code was 200 and is now fixed to 403, but the content part of the
test will fail until cset 02328f8cbd5c is integrated in cubicweb.
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 28 Jun 2016 09:44:08 +0200] rev 11627
Added tag 0.7.0, debian/0.7.0-1, centos/0.7.0-1 for changeset 0cf2972d2011
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 28 Jun 2016 09:33:20 +0200] rev 11626
[pkg] Version 0.7.0
Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 03 Jun 2016 17:59:49 +0200] rev 11625
retrieve session data in a single query
instead of two (one for the session object, the other for its cwsessiondata attribute).
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 28 Jun 2016 09:07:12 +0200] rev 11624
[tox] Update CubicWeb version targets
* In -release, no need to specify cubicweb dependency, its pulled by setup.py.
* Use 3.22 as -compat.
* Point to "default" branch for -dev.
Also remove test directory from posargs.
Philippe Pepiot <philippe.pepiot@logilab.fr> [Thu, 16 Jun 2016 16:25:32 +0200] rev 11623
wsgi: clearer exception when CW_INSTANCE is missing
instance_name is mandatory for cwcfg.config_for()
Raise with a KeyError: 'CW_INSTANCE' instead of hard to read exception.
Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 03 Jun 2016 17:58:43 +0200] rev 11622
typo
David Douard <david.douard@logilab.fr> [Wed, 11 May 2016 11:26:16 +0200] rev 11621
[doc] update a bit the documentation
Also convert the README in rst (so it can be properly displayed on
cubicweb.org).
Arthur Lutz <arthur.lutz@logilab.fr> [Fri, 17 Jun 2016 17:57:11 +0200] rev 11620
split collecting setting before using them, so the function can be reused when inserting WSGI middlewares
Arthur Lutz <arthur.lutz@logilab.fr> [Thu, 02 Jun 2016 12:11:07 +0200] rev 11619
[bwcompat] log execption even when cubicweb.bwcompat.errorhandler = True (closes #13421901)
Samuel Trégouët <samuel.tregouet@logilab.fr> [Fri, 27 May 2016 10:49:27 +0200] rev 11618
[pkg] add spec file
David Douard <david.douard@logilab.fr> [Tue, 12 Apr 2016 16:17:06 +0200] rev 11617
Added tag 0.6.1, debian/0.6.1-1 for changeset 2621daafa10c
David Douard <david.douard@logilab.fr> [Tue, 12 Apr 2016 15:41:09 +0200] rev 11616
[pkg] 0.6.1
Julien Cristau <julien.cristau@logilab.fr> [Fri, 01 Apr 2016 16:50:12 +0200] rev 11615
[bwcompat] send 403 on authentication errors (closes #12219849)
200 is just wrong.
Julien Cristau <julien.cristau@logilab.fr> [Fri, 01 Apr 2016 16:48:14 +0200] rev 11614
[bwcompat] set response headers on AuthenticationError (closes #12219860)
Turns out sending a response without a Content-Type header (among
others) is suboptimal. 5b36399b6b21 was not good enough.
David Douard <david.douard@logilab.fr> [Thu, 24 Mar 2016 12:08:59 +0100] rev 11613
Added tag 0.6.0, debian/0.6.0-1 for changeset 94d1a024b3bf
David Douard <david.douard@logilab.fr> [Fri, 18 Mar 2016 17:34:13 +0100] rev 11612
[pkg] 0.6.0
David Douard <david.douard@logilab.fr> [Tue, 22 Mar 2016 14:01:44 +0100] rev 11611
[tests] add a __main__ handler
the relative import in test_rest_api.py needs to be modified to prevent a
ValueError: Attempted relative import in non-package
David Douard <david.douard@logilab.fr> [Tue, 22 Mar 2016 13:58:38 +0100] rev 11610
[pkg] add a requirements-test.txt file
for test dependencies on WebTest and cubicweb-pyramid
Sylvain Thénault <sylvain.thenault@logilab.fr> [Fri, 18 Mar 2016 17:13:43 +0100] rev 11609
[login] fix the redirect url after login (closes #11689118)
redirecting to '/' by default after login doesn't work properly when a prefix
is used, whether we're sitting behind a PrefixMiddleware or not. To fix this,
rely on cubicweb's build_url to turn any relative path into an absolute url.
Adrien Di Mascio <Adrien.DiMascio@logilab.fr> [Tue, 08 Mar 2016 16:12:01 +0100] rev 11608
keep track of all traceback in error handling, not just the exception message (closes #11689093)
Julien Cristau <julien.cristau@logilab.fr> [Wed, 25 Nov 2015 12:32:59 +0100] rev 11607
[bwcompat] also set response headers in error cases
I had this sitting around in my local copy, I don't remember why I
needed this but it seems correct.
David Douard <david.douard@logilab.fr> [Mon, 29 Feb 2016 16:16:33 +0100] rev 11606
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082)
Introduce a new config entry (in pyramid.ini) for this (cubicweb.session.secret)
to replace the (now deprecated) pyramid-session-secret (in all-in-one.conf).
So we have now 3 secrets to configure:
- cubicweb.session.secret: to encrypt session's data ID stored in a cookie,
- cubicweb.auth.authtkt.session.secret: to encrypt auth cookie
- cubicweb.auth.authtkt.persistent.secret: to encrypt persistent session auth cookie
Denis Laxalde <denis.laxalde@logilab.fr> [Mon, 07 Mar 2016 10:47:11 +0100] rev 11605
Document how to configure the "secure" flag for authentication policies
Closes #11376233.
Denis Laxalde <denis.laxalde@logilab.fr> [Thu, 21 Jan 2016 15:20:55 +0100] rev 11604
[tox] Let posargs override py.test args
Denis Laxalde <denis.laxalde@logilab.fr> [Fri, 11 Dec 2015 17:21:58 +0100] rev 11603
[tox] Use py.test
Rename test view so that py.test does not consider it as a test function.
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 25 Nov 2015 13:39:53 +0100] rev 11602
Add a tox configuration
Christophe de Vienne <cdevienne@gmail.com> [Wed, 16 Sep 2015 16:39:53 +0200] rev 11601
Register predicates from the predicates module
Rabah Meradi <rabah.meradi@logilab.fr> [Fri, 24 Jul 2015 13:39:18 +0200] rev 11600
[refactoring] Move MatchIsETypePredicate to a separate module
Rabah Meradi <rabah.meradi@logilab.fr> [Fri, 24 Jul 2015 13:40:36 +0200] rev 11599
[refactoring] Move EntityResource and ETypeResource to a separate module
Rabah Meradi <rabah.meradi@logilab.fr> [Mon, 15 Jun 2015 09:31:37 +0200] rev 11598
use CubicWeb request to execute RQL
rset should be retrieved with cw_request, as it's then bound to it and propagate to all entities created from this rset (._cw). From there it may reach code expecting a request, not a connection (view, selector, etc).
Rabah Meradi <rabah.meradi@logilab.fr> [Thu, 27 Aug 2015 11:25:42 +0200] rev 11597
[views] Rename entities to rest_api
Christophe de Vienne <christophe@unlish.com> [Tue, 09 Jun 2015 11:34:17 +0200] rev 11596
[routes] Add a 'cwentities' route with traversal
The route uses a factory that produces ETypeResource and EntityResource as
a context.
A 'delete' view serve as a test and demonstration.
The module being experimental, it has to be explicitely included.
Christophe de Vienne <cdevienne@gmail.com> [Wed, 16 Sep 2015 15:48:37 +0200] rev 11595
Added tag 0.5.0, debian/0.5.0-1 for changeset 61f69ac2d6bc
Christophe de Vienne <cdevienne@gmail.com> [Mon, 10 Aug 2015 17:42:47 +0200] rev 11594
[pkg] 0.5.0
Christophe de Vienne <cdevienne@gmail.com> [Fri, 07 Aug 2015 11:59:07 +0200] rev 11593
[auth] Authtkt http_only and secure by default
The test suite is now full 'https'.
Closes #4731765
Christophe de Vienne <cdevienne@gmail.com> [Fri, 07 Aug 2015 11:52:08 +0200] rev 11592
[auth] Make the configuration cookies completely configurable
Also transfert the secret setting from all-in-one.conf to pyramid.ini,
with backward compatibility.
Closes #5999625
Julien Cristau <julien.cristau@logilab.fr> [Mon, 03 Aug 2015 18:11:10 +0200] rev 11591
Added tag 0.4.1, debian/0.4.1-1 for changeset 398b2c840e14
Christophe de Vienne <christophe@unlish.com> [Mon, 03 Aug 2015 16:27:16 +0200] rev 11590
[pkg] 0.4.1
Christophe de Vienne <christophe@unlish.com> [Fri, 24 Jul 2015 16:59:13 +0200] rev 11589
[core] Adjust cw<3.21 compatibility
Most of cubibweb < 3.21 expects a ClientConnection as the main connection.
Related to #5731814
Closes #5878592
Christophe de Vienne <christophe@unlish.com> [Fri, 24 Jul 2015 14:21:13 +0200] rev 11588
[bwcompat] Make the error handler optional
Closes #5739625
Christophe de Vienne <christophe@unlish.com> [Mon, 06 Jul 2015 14:51:06 +0200] rev 11587
[doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com> [Mon, 06 Jul 2015 14:16:55 +0200] rev 11586
[config] Move most config code to a includeme()
The goal is to make it easier to use pyramid_cubicweb from a pyramid
application.
Christophe de Vienne <christophe@unlish.com> [Mon, 06 Jul 2015 13:17:07 +0200] rev 11585
[doc] Anonymous access is not mandatory anymore
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:56:59 +0200] rev 11584
Added tag 0.4.0, debian/0.4.0-1 for changeset 897a149e8208
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:56:32 +0200] rev 11583
[pkg] add debian/watch
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:48:39 +0200] rev 11582
[pkg] 0.4.0
Julien Cristau <julien.cristau@logilab.fr> [Thu, 23 Jul 2015 17:45:37 +0200] rev 11581
[pkg] add python-pyramid-multiauth dependency to debian package
Closes #5576182
Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Jun 2015 09:51:32 +0200] rev 11580
[core] adjust cnx handling for cubicweb 3.21
Closes #5731814
Julien Cristau <julien.cristau@logilab.fr> [Tue, 30 Jun 2015 11:15:03 +0200] rev 11579
set httponly on session cookie
Julien Cristau <julien.cristau@logilab.fr> [Tue, 30 Jun 2015 11:15:54 +0200] rev 11578
[bwcompat] use cubicweb error views (closes #4545130)
David Douard <david.douard@logilab.fr> [Thu, 18 Jun 2015 10:49:34 +0200] rev 11577
Added tag 0.3.1, debian/0.3.1-1 for changeset 6df91cb85ecc
David Douard <david.douard@logilab.fr> [Thu, 18 Jun 2015 10:46:09 +0200] rev 11576
[pkg] 0.3.1
Denis Laxalde <denis@laxalde.org> [Wed, 29 Apr 2015 22:46:17 +0200] rev 11575
Handle absence of anonymous user
Set cw_session and then cw_cnx request attributes to None in case anonymous
connection is not allowed (i.e. no "anon" user in config).
Then catch AuthenticationError in CubicWebPyramidHandler and return the 'login'
view.
Closes #4751862.
Denis Laxalde <denis.laxalde@logilab.fr> [Tue, 19 May 2015 08:38:08 +0200] rev 11574
[debian] Add python-wsgicors dependency as it is now available
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 17:06:36 +0200] rev 11573
Update Changes for version 0.3.0
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 15:45:14 +0200] rev 11572
Added tag pyramid-cubicweb-version-0.3.0, pyramid-cubicweb-debian-version-0.3.0-1 for changeset a80e076d3f42
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 15:34:05 +0200] rev 11571
Fix debugtoolbar pkg name
Christophe de Vienne <christophe@unlish.com> [Mon, 11 May 2015 15:22:24 +0200] rev 11570
Set version 0.3.0
Christophe de Vienne <christophe@unlish.com> [Tue, 24 Feb 2015 17:19:58 +0100] rev 11569
[doc] update changes list
Christophe de Vienne <christophe@unlish.com> [Fri, 08 May 2015 11:38:07 +0200] rev 11568
Rollback 'uncommitable' cnx
Closes #5343870
Christophe de Vienne <christophe@unlish.com> [Wed, 29 Apr 2015 13:09:06 +0200] rev 11567
[debug] The debug mode now set pyramid.reload_templates
Christophe de Vienne <christophe@unlish.com> [Sat, 25 Apr 2015 20:50:57 +0200] rev 11566
Use pyramid flash queue for messages
Use a 'cubicweb' flash queue and make sure it contains only one message
so that the behavior is the same as cubicweb.
Also, the 'message' property now returns both the cubicweb flash queue and
the default flash queue.
One big difference with the former behaviour is that messages set with
set_message will survive a redirection, making set_redirect_message useless in
most case.
Closes #5298654
Christophe de Vienne <christophe@unlish.com> [Wed, 25 Feb 2015 22:40:39 +0100] rev 11565
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com> [Tue, 28 Apr 2015 11:04:03 +0200] rev 11564
Allow tests to override pyramid_settings
Closes #5307426
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 29 Apr 2015 11:39:35 +0200] rev 11563
Make debug mode usable without pyramid_debugtoolbar
Add the latter in Debian recommends along the way.
Closes #5310434.
Christophe de Vienne <christophe@unlish.com> [Thu, 26 Feb 2015 00:56:32 +0100] rev 11562
[auth] Use a second authtkt policy for 'rememberme'
The former solution was buggy because the expire time of the auth cookie, if
set through 'remember', was lost on the first cookie reissuing.
The new approach, make possible thanks to multiauth, use two different cookies.
One for session bounded authentication (no 'rememberme'), and one for long
lasting authentication (w 'rememberme').
The choice between the two of them is done by adding a 'persistent' argument
to the top-level 'security.remember' call. Passing this argument will inhibate
a policy or the other.
The two policies are (a little) configurable through the
'cubicweb.auth.authtkt.[session|persistent].*' variables.
Related to #4985962
Christophe de Vienne <christophe@unlish.com> [Thu, 12 Feb 2015 19:21:39 +0100] rev 11561
[auth] Use pyramid_multiauth
It makes it easier to finely tune what parts of the default authentication stack
we want to use or not.
It also makes it possible for any cube to add its own policy in addition to the
others.
Related to #4985962
David Douard <david.douard@logilab.fr> [Thu, 09 Apr 2015 23:58:38 +0200] rev 11560
[auth] remove dead code (closes #5230746)
Christophe de Vienne <christophe@unlish.com> [Mon, 23 Feb 2015 17:17:43 +0100] rev 11559
[login] Test the login views
Christophe de Vienne <christophe@unlish.com> [Tue, 24 Feb 2015 17:19:37 +0100] rev 11558
Fix project homepage url
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 14:31:30 +0100] rev 11557
Replace the '_' with '-' in the package name
The change was made manually on pypi (see
https://sourceforge.net/p/pypi/support-requests/459/)
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 16:35:06 +0100] rev 11556
On exceptions from CW, copy headers
Closes #4939219
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 10:23:20 +0100] rev 11555
[doc] fix pyramid-auth-secret conf sample
Christophe de Vienne <christophe@unlish.com> [Mon, 02 Feb 2015 13:46:28 +0100] rev 11554
[doc] Update change list
Christophe de Vienne <christophe@unlish.com> [Wed, 28 Jan 2015 00:00:05 +0100] rev 11553
[core] Protect session data from unwanted loading.
Use specialised Session and Connection types that forward their 'data' and
'session_data' attributes to the pyramid request.session attribute.
This forwarding is done with properties, instead of copying a reference, which
allow to access request.session (and the session factory) if and only if
Session.data or Connection.session_data is accessed.
In some cases, most notably the static resources requests, it can mean no
access the session during the request handling, which saves a request to the
session persistence layer.
Closes #4891437
Christophe de Vienne <christophe@unlish.com> [Mon, 26 Jan 2015 18:06:58 +0100] rev 11552
[core] Use tools.cached_user_build for better performances
Closes #4870347
Christophe de Vienne <christophe@unlish.com> [Mon, 26 Jan 2015 18:04:57 +0100] rev 11551
[doc] Document tools
Related to #4870347
Christophe de Vienne <christophe@unlish.com> [Mon, 26 Jan 2015 17:59:10 +0100] rev 11550
[tools] Provide a faster build_user
The main trick is to use a cache of user entities.
To do so, a few tools are needed since the entities are not supposed to be
copied around between connexions.
Related to #4870347
Christophe de Vienne <christophe@unlish.com> [Fri, 23 Jan 2015 14:00:02 +0100] rev 11549
Added tag pyramid_cubicweb-version-0.2.1, pyramid_cubicweb-debian-version-0.2.1-1 for changeset 1ae61c25299a
Christophe de Vienne <christophe@unlish.com> [Fri, 23 Jan 2015 12:57:16 +0100] rev 11548
Prepare version 0.2.1
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 17:28:30 +0100] rev 11547
[cors] Fix 'headers' and 'methods' parameters
Closes #4849874