Thu, 26 Feb 2015 00:56:32 +0100 [auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com> [Thu, 26 Feb 2015 00:56:32 +0100] rev 11562
[auth] Use a second authtkt policy for 'rememberme' The former solution was buggy because the expire time of the auth cookie, if set through 'remember', was lost on the first cookie reissuing. The new approach, make possible thanks to multiauth, use two different cookies. One for session bounded authentication (no 'rememberme'), and one for long lasting authentication (w 'rememberme'). The choice between the two of them is done by adding a 'persistent' argument to the top-level 'security.remember' call. Passing this argument will inhibate a policy or the other. The two policies are (a little) configurable through the 'cubicweb.auth.authtkt.[session|persistent].*' variables. Related to #4985962
Thu, 12 Feb 2015 19:21:39 +0100 [auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com> [Thu, 12 Feb 2015 19:21:39 +0100] rev 11561
[auth] Use pyramid_multiauth It makes it easier to finely tune what parts of the default authentication stack we want to use or not. It also makes it possible for any cube to add its own policy in addition to the others. Related to #4985962
Thu, 09 Apr 2015 23:58:38 +0200 [auth] remove dead code (closes #5230746)
David Douard <david.douard@logilab.fr> [Thu, 09 Apr 2015 23:58:38 +0200] rev 11560
[auth] remove dead code (closes #5230746)
Mon, 23 Feb 2015 17:17:43 +0100 [login] Test the login views
Christophe de Vienne <christophe@unlish.com> [Mon, 23 Feb 2015 17:17:43 +0100] rev 11559
[login] Test the login views
Tue, 24 Feb 2015 17:19:37 +0100 Fix project homepage url
Christophe de Vienne <christophe@unlish.com> [Tue, 24 Feb 2015 17:19:37 +0100] rev 11558
Fix project homepage url
Wed, 21 Jan 2015 14:31:30 +0100 Replace the '_' with '-' in the package name
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 14:31:30 +0100] rev 11557
Replace the '_' with '-' in the package name The change was made manually on pypi (see https://sourceforge.net/p/pypi/support-requests/459/)
Tue, 10 Feb 2015 16:35:06 +0100 On exceptions from CW, copy headers
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 16:35:06 +0100] rev 11556
On exceptions from CW, copy headers Closes #4939219
Tue, 10 Feb 2015 10:23:20 +0100 [doc] fix pyramid-auth-secret conf sample
Christophe de Vienne <christophe@unlish.com> [Tue, 10 Feb 2015 10:23:20 +0100] rev 11555
[doc] fix pyramid-auth-secret conf sample
Mon, 02 Feb 2015 13:46:28 +0100 [doc] Update change list
Christophe de Vienne <christophe@unlish.com> [Mon, 02 Feb 2015 13:46:28 +0100] rev 11554
[doc] Update change list
Wed, 28 Jan 2015 00:00:05 +0100 [core] Protect session data from unwanted loading.
Christophe de Vienne <christophe@unlish.com> [Wed, 28 Jan 2015 00:00:05 +0100] rev 11553
[core] Protect session data from unwanted loading. Use specialised Session and Connection types that forward their 'data' and 'session_data' attributes to the pyramid request.session attribute. This forwarding is done with properties, instead of copying a reference, which allow to access request.session (and the session factory) if and only if Session.data or Connection.session_data is accessed. In some cases, most notably the static resources requests, it can mean no access the session during the request handling, which saves a request to the session persistence layer. Closes #4891437
Mon, 26 Jan 2015 18:06:58 +0100 [core] Use tools.cached_user_build for better performances
Christophe de Vienne <christophe@unlish.com> [Mon, 26 Jan 2015 18:06:58 +0100] rev 11552
[core] Use tools.cached_user_build for better performances Closes #4870347
Mon, 26 Jan 2015 18:04:57 +0100 [doc] Document tools
Christophe de Vienne <christophe@unlish.com> [Mon, 26 Jan 2015 18:04:57 +0100] rev 11551
[doc] Document tools Related to #4870347
Mon, 26 Jan 2015 17:59:10 +0100 [tools] Provide a faster build_user
Christophe de Vienne <christophe@unlish.com> [Mon, 26 Jan 2015 17:59:10 +0100] rev 11550
[tools] Provide a faster build_user The main trick is to use a cache of user entities. To do so, a few tools are needed since the entities are not supposed to be copied around between connexions. Related to #4870347
Fri, 23 Jan 2015 14:00:02 +0100 Added tag pyramid_cubicweb-version-0.2.1, pyramid_cubicweb-debian-version-0.2.1-1 for changeset 1ae61c25299a
Christophe de Vienne <christophe@unlish.com> [Fri, 23 Jan 2015 14:00:02 +0100] rev 11549
Added tag pyramid_cubicweb-version-0.2.1, pyramid_cubicweb-debian-version-0.2.1-1 for changeset 1ae61c25299a
Fri, 23 Jan 2015 12:57:16 +0100 Prepare version 0.2.1
Christophe de Vienne <christophe@unlish.com> [Fri, 23 Jan 2015 12:57:16 +0100] rev 11548
Prepare version 0.2.1
Wed, 21 Jan 2015 17:28:30 +0100 [cors] Fix 'headers' and 'methods' parameters
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 17:28:30 +0100] rev 11547
[cors] Fix 'headers' and 'methods' parameters Closes #4849874
Wed, 21 Jan 2015 15:14:11 +0100 Fix the 0.2.0 release date
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 15:14:11 +0100] rev 11546
Fix the 0.2.0 release date
Wed, 21 Jan 2015 15:13:43 +0100 Change project url
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 15:13:43 +0100] rev 11545
Change project url
Wed, 21 Jan 2015 13:45:35 +0100 Added tag pyramid_cubicweb-version-0.2.0, pyramid_cubicweb-debian-version-0.2.0-1 for changeset cd8308245d20
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 13:45:35 +0100] rev 11544
Added tag pyramid_cubicweb-version-0.2.0, pyramid_cubicweb-debian-version-0.2.0-1 for changeset cd8308245d20
Wed, 21 Jan 2015 13:27:54 +0100 set debian version
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 13:27:54 +0100] rev 11543
set debian version
Wed, 21 Jan 2015 11:11:28 +0100 Prepare version 0.2.0
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 11:11:28 +0100] rev 11542
Prepare version 0.2.0
Wed, 21 Jan 2015 10:24:42 +0100 Document the changes
Christophe de Vienne <christophe@unlish.com> [Wed, 21 Jan 2015 10:24:42 +0100] rev 11541
Document the changes
Fri, 16 Jan 2015 22:50:05 +0100 Fix configuration loading when 'cubicweb.includes' is not set
Christophe de Vienne <christophe@unlish.com> [Fri, 16 Jan 2015 22:50:05 +0100] rev 11540
Fix configuration loading when 'cubicweb.includes' is not set Closes #4849314
Mon, 05 Jan 2015 15:54:12 +0100 pep8
Christophe de Vienne <christophe@unlish.com> [Mon, 05 Jan 2015 15:54:12 +0100] rev 11539
pep8
Sun, 04 Jan 2015 00:12:29 +0100 Provides requirements for rtd
Christophe de Vienne <christophe@unlish.com> [Sun, 04 Jan 2015 00:12:29 +0100] rev 11538
Provides requirements for rtd Related to #4849313
Sat, 03 Jan 2015 22:06:03 +0100 Initial documentation.
Christophe de Vienne <christophe@unlish.com> [Sat, 03 Jan 2015 22:06:03 +0100] rev 11537
Initial documentation. Closes #4849313
Mon, 05 Jan 2015 12:02:01 +0100 Remove dead code
Christophe de Vienne <christophe@unlish.com> [Mon, 05 Jan 2015 12:02:01 +0100] rev 11536
Remove dead code
Sat, 03 Jan 2015 16:51:32 +0100 [profile] Add a profiling tool
Christophe de Vienne <christophe@unlish.com> [Sat, 03 Jan 2015 16:51:32 +0100] rev 11535
[profile] Add a profiling tool
Sat, 03 Jan 2015 02:36:06 +0100 [config] Read pyramid settings in a 'pyramid.ini' file
Christophe de Vienne <christophe@unlish.com> [Sat, 03 Jan 2015 02:36:06 +0100] rev 11534
[config] Read pyramid settings in a 'pyramid.ini' file If a 'pyramid-debug.ini' file is present, it will be used instead when debugmode is on. Closes #4811298
Sat, 03 Jan 2015 01:24:38 +0100 Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com> [Sat, 03 Jan 2015 01:24:38 +0100] rev 11533
Move auth-related configuration to a dedicated module.
Tue, 23 Dec 2014 10:22:49 +0100 Fix cors 'origin' parameter passing
Christophe de Vienne <christophe@unlish.com> [Tue, 23 Dec 2014 10:22:49 +0100] rev 11532
Fix cors 'origin' parameter passing Closes #4783343
Sat, 03 Jan 2015 00:14:06 +0100 [auth] Fix the config option name in the warning message
Christophe de Vienne <christophe@unlish.com> [Sat, 03 Jan 2015 00:14:06 +0100] rev 11531
[auth] Fix the config option name in the warning message
Tue, 02 Dec 2014 15:21:29 +0100 session -> cnx
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 02 Dec 2014 15:21:29 +0100] rev 11530
session -> cnx
Mon, 08 Dec 2014 20:38:32 +0100 Added tag pyramid_cubicweb-debian-version-0.1.3-1, pyramid_cubicweb-version-0.1.3 for changeset 0a7769e583c2
Christophe de Vienne <christophe@unlish.com> [Mon, 08 Dec 2014 20:38:32 +0100] rev 11529
Added tag pyramid_cubicweb-debian-version-0.1.3-1, pyramid_cubicweb-version-0.1.3 for changeset 0a7769e583c2
Mon, 08 Dec 2014 20:25:31 +0100 Set version 0.1.3
Christophe de Vienne <christophe@unlish.com> [Mon, 08 Dec 2014 20:25:31 +0100] rev 11528
Set version 0.1.3
Mon, 08 Dec 2014 20:21:55 +0100 Cookie 'max_age' must be a integer, not a string.
Christophe de Vienne <christophe@unlish.com> [Mon, 08 Dec 2014 20:21:55 +0100] rev 11527
Cookie 'max_age' must be a integer, not a string. If not, the value is used verbatim for the 'expires' of the cookie, which is invalid. Closes #4731764.
Sat, 15 Nov 2014 21:07:25 +0100 Added tag pyramid_cubicweb-version-0.1.2, pyramid_cubicweb-debian-version-0.1.2-1 for changeset 5eb4e27e9998
Christophe de Vienne <christophe@unlish.com> [Sat, 15 Nov 2014 21:07:25 +0100] rev 11526
Added tag pyramid_cubicweb-version-0.1.2, pyramid_cubicweb-debian-version-0.1.2-1 for changeset 5eb4e27e9998
Sat, 15 Nov 2014 20:26:15 +0100 Update debian changelog
Christophe de Vienne <christophe@unlish.com> [Sat, 15 Nov 2014 20:26:15 +0100] rev 11525
Update debian changelog
Sat, 08 Nov 2014 23:07:20 +0100 Don't rollback if exception is HTTPSuccessful or HTTPRedirection
Christophe de Vienne <christophe@unlish.com> [Sat, 08 Nov 2014 23:07:20 +0100] rev 11524
Don't rollback if exception is HTTPSuccessful or HTTPRedirection In the request finishing, the 'cleanup' callback set by _cw_cnx automatically commit the transaction except is an exception is set on the request. Problem is, redirections and successul http return code can raise exceptions. This patch detects such exceptions and avoid rolling back the transaction. Closes #4566482
Thu, 06 Nov 2014 22:26:16 +0100 Set version to 0.1.2
Christophe de Vienne <christophe@unlish.com> [Thu, 06 Nov 2014 22:26:16 +0100] rev 11523
Set version to 0.1.2
Thu, 06 Nov 2014 22:08:57 +0100 Provides a full wsgi cubicweb application builder
Christophe de Vienne <christophe@unlish.com> [Thu, 06 Nov 2014 22:08:57 +0100] rev 11522
Provides a full wsgi cubicweb application builder
Sun, 02 Nov 2014 23:36:22 +0100 Added tag pyramid_cubicweb-version-0.1.1, pyramid_cubicweb-debian-0.1.1-1 for changeset 9f3b9e610c3d
Christophe de Vienne <christophe@unlish.com> [Sun, 02 Nov 2014 23:36:22 +0100] rev 11521
Added tag pyramid_cubicweb-version-0.1.1, pyramid_cubicweb-debian-0.1.1-1 for changeset 9f3b9e610c3d
Sun, 02 Nov 2014 23:31:34 +0100 Set version 0.1.1
Christophe de Vienne <christophe@unlish.com> [Sun, 02 Nov 2014 23:31:34 +0100] rev 11520
Set version 0.1.1
Sun, 02 Nov 2014 22:54:24 +0100 [auth] Make last_login_time updated.
Christophe de Vienne <christophe@unlish.com> [Sun, 02 Nov 2014 22:54:24 +0100] rev 11519
[auth] Make last_login_time updated. The update is done when the user logs in, then every time the authentication is reissued. Closes #4549891
Thu, 23 Oct 2014 16:29:44 +0200 Added tag pyramid_cubicweb-version-0.1.0, pyramid_cubicweb-debian-version-0.1.0-1 for changeset 3d60138100d6
Christophe de Vienne <christophe@unlish.com> [Thu, 23 Oct 2014 16:29:44 +0200] rev 11518
Added tag pyramid_cubicweb-version-0.1.0, pyramid_cubicweb-debian-version-0.1.0-1 for changeset 3d60138100d6
Thu, 23 Oct 2014 16:15:58 +0200 Add a description to the debian package
Christophe de Vienne <christophe@unlish.com> [Thu, 23 Oct 2014 16:15:58 +0200] rev 11517
Add a description to the debian package
Thu, 23 Oct 2014 15:41:43 +0200 Set version to 0.1.0
Christophe de Vienne <christophe@unlish.com> [Thu, 23 Oct 2014 15:41:43 +0200] rev 11516
Set version to 0.1.0
Mon, 06 Oct 2014 10:32:38 +0200 Initial debian packaging
Julien Cristau <julien.cristau@logilab.fr> [Mon, 06 Oct 2014 10:32:38 +0200] rev 11515
Initial debian packaging missing at least a long description and wsgicors dependency.
Wed, 22 Oct 2014 16:15:54 +0200 Move PyramidCWTest to pyramid_cubicweb.tests
Christophe de Vienne <christophe@unlish.com> [Wed, 22 Oct 2014 16:15:54 +0200] rev 11514
Move PyramidCWTest to pyramid_cubicweb.tests
Mon, 22 Sep 2014 12:15:31 +0200 Optimise repo_connect by skipping authenticate_user
Christophe de Vienne <christophe@unlish.com> [Mon, 22 Sep 2014 12:15:31 +0200] rev 11513
Optimise repo_connect by skipping authenticate_user The authentication being handled by pyramid itself, going through the authentication stack to recreate the temporary session at each request is very costly. On my desktop, for a mostly static front page, the total time for delivering the page drops from 100ms to 47ms.
Mon, 22 Sep 2014 09:40:43 +0200 Use lightweight sessions
Christophe de Vienne <christophe@unlish.com> [Mon, 22 Sep 2014 09:40:43 +0200] rev 11512
Use lightweight sessions Provides a lightweight version of repo.connect() that does not keep track of opened sessions. The speed gain on a mostly static front page is about 5% Warning ! This means that, for now, the "session_open" and "session_close" hooks are NOT called anymore.
Fri, 19 Sep 2014 19:17:50 +0200 Use 'wsgicors' for CORS handling.
Christophe de Vienne <christophe@unlish.com> [Fri, 19 Sep 2014 19:17:50 +0200] rev 11511
Use 'wsgicors' for CORS handling. The CW CORS handling (in web/cors.py) is only able to work on cubicweb requests. When a request is not handled by bwcompat, we need a proper solution. The `wsgicors` library provides what we need as a wsgi middleware.
Thu, 18 Sep 2014 17:18:09 +0200 Add requirements
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 17:18:09 +0200] rev 11510
Add requirements
Thu, 18 Sep 2014 16:51:55 +0200 Handle '__setauthcookie'
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 16:51:55 +0200] rev 11509
Handle '__setauthcookie' '__setauthcookie' is a form parameter added by the 'rememberme' cube. If present and equals to '1', the cookie max_age will be set to 7 days instead of being a session cookie. To make sure the auth cookie is renewed, the reissue_time is set to 1h.
Thu, 18 Sep 2014 15:07:02 +0200 Fix POST handling.
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 15:07:02 +0200] rev 11508
Fix POST handling. The issues where revealed by the unittests, which are ported from the cubicweb wsgi tests.
Thu, 18 Sep 2014 11:43:45 +0200 Use AuthTktAuthenticationPolicy
Christophe de Vienne <christophe@unlish.com> [Thu, 18 Sep 2014 11:43:45 +0200] rev 11507
Use AuthTktAuthenticationPolicy
Fri, 19 Sep 2014 14:26:55 +0200 DB-saved session data
Christophe de Vienne <christophe@unlish.com> [Fri, 19 Sep 2014 14:26:55 +0200] rev 11506
DB-saved session data Related to #4291173
Tue, 02 Sep 2014 20:50:33 +0200 Handle properly the '/https/*' urls
Christophe de Vienne <christophe@unlish.com> [Tue, 02 Sep 2014 20:50:33 +0200] rev 11505
Handle properly the '/https/*' urls CW uses a url prefix to detect https behing a reverse-proxy. A more proper way to do that is documented here in the waitress documentation (waitress is the default pyramid wsgi server): https://waitress.readthedocs.org/en/latest/#using-behind-a-reverse-proxy A later version should implement this, or use waitress in the 'pyramid' command. Related to #4291181
Tue, 02 Sep 2014 20:49:57 +0200 Correctly pass the multiple parameters to the cubicweb request
Christophe de Vienne <christophe@unlish.com> [Tue, 02 Sep 2014 20:49:57 +0200] rev 11504
Correctly pass the multiple parameters to the cubicweb request When naively converted to a dict, the webob MultiDict will not set the multiple parameters (a same name with several values) in a way CW can understand. MultiDict.mixed() however, does exactly what CW needs: list values for keys with multiple values, and single value for the others. Related to #4291181
Thu, 28 Aug 2014 15:42:51 +0200 Add a wsgi application factory suitable for wsgi servers.
Christophe de Vienne <christophe@unlish.com> [Thu, 28 Aug 2014 15:42:51 +0200] rev 11503
Add a wsgi application factory suitable for wsgi servers. This factory can generate a wsgi application for a cubicweb instance. It reads the instance name from the CW_INSTANCE environment variable, and activates the debugmode if CW_DEBUG is defined in environment. It is usable by uwsgi as the 'module' parameter : CW_INSTANCE=test uwsgi --plugins python,http --http 0.0.0.0:8080 --module pyramid_cubicweb:wsgi_application()
Wed, 27 Aug 2014 19:26:44 +0200 If any cube has a 'includeme' attribute, call config.include on it
Christophe de Vienne <christophe@unlish.com> [Wed, 27 Aug 2014 19:26:44 +0200] rev 11502
If any cube has a 'includeme' attribute, call config.include on it Related to #4291181
Thu, 21 Aug 2014 21:55:58 +0200 Add a make_cubicweb_application function
Christophe de Vienne <christophe@unlish.com> [Thu, 21 Aug 2014 21:55:58 +0200] rev 11501
Add a make_cubicweb_application function This function will be used by the 'pyramid' cubicweb-ctl command. Related to #4291173
Thu, 21 Aug 2014 22:26:42 +0200 Fix session closing for cubicweb 3.19
Christophe de Vienne <christophe@unlish.com> [Thu, 21 Aug 2014 22:26:42 +0200] rev 11500
Fix session closing for cubicweb 3.19 Related to #4291173
Thu, 21 Aug 2014 21:43:24 +0200 Convert cubicweb.NotFound to HTTPNotFound
Christophe de Vienne <christophe@unlish.com> [Thu, 21 Aug 2014 21:43:24 +0200] rev 11499
Convert cubicweb.NotFound to HTTPNotFound Related to #4291173
(0) -10000 -3000 -1000 -300 -100 -64 +64 +100 +300 +1000 tip