[cubicweb-ctl] remove "cubicweb-ctl wsgi" command following pyramid standardization

Use secure hash algorithm in WebConfiguration.sign_text Fix: PendingDeprecationWarning: HMAC() without an explicit digestmod argument is deprecated. The default hash algorithm used by hmac.new is md5. As of today, md5 is so weak that it's the equivalent of plaintext and can't be considered to be secured at all. Therefor, we switch to a secure hash algorithm. The rational for choosing sha3_512 is: * the recommended algorithm is at least sha_256 * the stronger, the more secured and sha3_512 is the stronger available * thinking about the future this should keep this part of the code safe long enough before people think about checking it again You can read more about choosing a secure hash algorithm in the NIST recommendations https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions This code modification should normally be transparent since check_text_sign is exactly this code 'self.sign_text(text) == signature' and that sign_text is only used in combination with it. The only impact is that the hash is going to move from 32 char to 128 which might make html page a bit bigger and that sha3_512 is slow to compute (which is a good thing for security)

[enh] don't catch all exceptions in notification hooks during tests

[doc] add a reference to static-messages.pot usage

[doc] Clarify sentences

[doc] Fix format and typo

Fix DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated

Fix DeprecationWarning: invalid escape sequence

[devtools/testlib] avoid hidding AttributeError in create_user() commit() might raise a AttributeError too. Use getattr(req, 'cnx', req) instead, which is a form already used to get the real cnx in some code: cubicweb/rset.py:577: cnx = getattr(self.req, 'cnx', self.req) cubicweb/schema.py:353: with getattr(_cw, 'cnx', _cw).security_enabled(read=False): We could use if hasattr(req, 'commit') here too but it lead to 3 additionals lines. Maybe we should have commit() and rollback() on cubicweb.web.request.ConnectionCubicWebRequestBase too ?

Fix DeprecationWarning: invalid escape sequence \

DeprecationWarning: The 'warn' method is deprecated, use 'warning' instead

[mod] remove backward compatible code for passlib and force modern version

DeprecationWarning: Please use assertEqual instead.

DeprecationWarning: Please use assertRaisesRegex instead.

DeprecationWarning: inspect.getargspec() is deprecated since Python 3.0, use inspect.signature() or inspect.getfullargspec()

[README] add testing instructions

Add pytest-subtests to dev requirements This pytest plugin adds support for unittest's TestCase.subTest (for Python >= 3.4). Since we we now only support python3 and since we use a fair amount of these, let's benefit of better reporting by using this plugin.

[test] use unittest.mock instead of mock library Now that we use Python 3 only, this is possible.

Drop python2 support This mostly consists in removing the dependency on "six" and updating the code to use only Python3 idioms. Notice that we previously used TemporaryDirectory from cubicweb.devtools.testlib for compatibility with Python2. We now directly import it from tempfile.

Merge with 3.26

Remove unused imports in cubicweb.pyramid.config

Added tag 3.26.9 for changeset 4d6909de765a

[pkg] Version 3.26.9

[pyramid/security] use cryptographically secure random generator Based on django source code in case SystemRandom is not available. According to python documentation: https://docs.python.org/2/library/random.html > Warning > The pseudo-random generators of this module should not be used for security > purposes. Use os.urandom() or SystemRandom if you require a cryptographically > secure pseudo-random number generator.

Reclosing branch after merge

Merging heads of old, closed branch

Reclosing branch after merge

Merging heads of old, closed branch

[doc/changes] document that legacy cube support has been dropped

[doc] replace legacy import to new style cube import in various places

[web/views] drop deprecated module cubicweb.web.views.timeline

[web/views] drop deprecated module cubicweb.web.views.massmailing

[web/views] drop deprecated module cubicweb.web.views.isioc

[web/views] drop deprecated module cubicweb.web.views.embedding

[web/views] drop deprecated module cubicweb.web.views.igeocodable

[pyramid/core] drop fallback import of legacy cubes

[cwconfig] drop importing legacy cubes This finally drop support for legacy cubes. In cwconfig, don't load modules in the "cubes" namespace. In cube_pkginfo() handle CW_MIGRATION_MAP which wasn't working with new style cube. Drop all method specific to legacy cubes importer: cubes_search_path(), extrapath(), cls_adjust_sys_path() Drop environment variables related to legacy cubes: CW_CUBES_PATH and CW_CUBES_DIR

[doc] better documentation for "cubicweb-ctl newcube" cubicweb-ctl newcube create cubicweb-<name> in current directory.

[test] make unittest_cwconfig.py does not depend on legacy cube machinery By dropping legacy cube tests in various places.

[devtools/test] drop legacy cube i18n tests test_i18ncube_legacy_layout() is droped and make others tests uses a new style cube "cubicweb_i18ntestcube", so it doesn't depends on legacy cube machinery.

[server/test] make unittest_migractions.py use new style cubes MigrationTC used old cube layout in cubicweb/server/test/data-migractions/cubes, move them to new style cubes as "cubicweb_<cubename>" in "apphome" (cubicweb/server/test/data-migractions/) which is added to PYTHONPATH by CubicWebTC.

[cwconfig] drop _cube_modname Since we drop support for legacy cubes, this is equivalent to _cube_pkgname()

[cwconfig] drop legacy cube importer We don't want to support legacy cubes anymore.

Drop more deprecated code This follows up on changeset a8c1ea390400, in which code deprecated using logilab.common.deprecation got dropped. Now we also drop code deprecated using stdlib's warn(<msg>, DeprecationWarning). Notice that, as a consequence of dropping old/new etypes aliases in cubicweb/schema.py, we drop the import ETYPE_NAME_MAP (no longer needed); but since other modules imported that name from cubicweb.schema, we need to update the import statement to use "cubicweb" directly.

Flake8 cubicweb/cwvreg.py

Drop deprecated "boxes" and "contentnavigation" registries

Drop deprecated CWCache entity type

Update i18n after "recent" changes

Drop repair_file_1-9_migration.py

Drop a left-over 3.22 deprecation warning

[doc] fix reference to ~src/cubes in tutorial ~src/cubes refer to the $HOME/cubes directory of "src" user while ~/src/cubes refer to $HOME/src/cubes directory of current user.

[doc] replace cubicweb-ctl start by cubicweb-ctl pyramid Since twisted support is gone.

[doc] make the tutorial use a python3 virtualenv

[doc] Update README "Getting started" * install using pip and with pyramid in a virtualenv * link to pyramid.ini documentation * Use pyramid to start application since twisted support is gone

Flake8 cubicweb/devtools/httptest.py

Remove Twisted web server Twisted web server is not used anymore and has been superseded by pyramid many years ago. Furthermore, our usage is not compatible with Python 3. So we drop the "etwist" sub-package. As a consequence, "all-in-one" configuration type gets dropped as it was Twisted-specific. We resurrect it in cubicweb/pyramid/config.py by only keeping options used by the "pyramid". Similarly, we introduce a AllInOneCreateHandler in cubicweb/pyramid/pyramidctl.py that is basically the one that lived in cubicweb/etwist/twctl.py and is used to create the "all-in-one" instance. Added a TODO here about "pyramid.ini" that could be generated at the end of bootstrap() method. In cubicweb/devtools/httptest.py, CubicWebServerTC is now equivalent to CubicWebWsgiTC and the latter is dropped.

Separate twisted-specific configuration from WebConfigurationBase class This is in preparation of dropping the Twisted web server backend. We thus draw a clearer line between what's specific to twisted from what's generic by moving WebConfigurationBase class into cubicweb/web/webconfig.py and only keeping twisted-related in AllInOneConfiguration (still living in cubicweb/etwist/twconfig.py).

Flake8 cubicweb/web/webconfig.py

Flake8 cubicweb/etwist/twconfig.py

Remove ctl commands using the Twisted backend This backend is not maintained, very likely no longer used in any recent instance, and not supported in Python 3.

Flake8 cubicweb/cwctl.py * run autopep8 on the file * fixed unused imports * rename "version" import as "cw_version" in order not to shadow local variables

Remove _handle_win32() method from "create" command class This method generates code in a file using etwist module that we are about to drop.

Skip tests for ldapsource with python >= 3.7 Until someone works on fixing these, this should make our CI green again. I tried to use setupModule() to check for python version, but pre_setup_database() is apparently called even when a SkipTest exception is raised there. So handle this in that method.

[doc] Update cubicweb-ctl page about how to run an instance * remove mention of start/stop/restart/status commands that do not exist anymore * briefly mention the "pyramid" and point to respective documentation page * mention that a WSGI server should be used in production