Cookie 'max_age' must be a integer, not a string. If not, the value is used verbatim for the 'expires' of the cookie, which is invalid. Closes #4731764.

Added tag pyramid_cubicweb-version-0.1.2, pyramid_cubicweb-debian-version-0.1.2-1 for changeset 5eb4e27e9998

Update debian changelog

Don't rollback if exception is HTTPSuccessful or HTTPRedirection In the request finishing, the 'cleanup' callback set by _cw_cnx automatically commit the transaction except is an exception is set on the request. Problem is, redirections and successul http return code can raise exceptions. This patch detects such exceptions and avoid rolling back the transaction. Closes #4566482

Set version to 0.1.2

Provides a full wsgi cubicweb application builder

Added tag pyramid_cubicweb-version-0.1.1, pyramid_cubicweb-debian-0.1.1-1 for changeset 9f3b9e610c3d

Set version 0.1.1

[auth] Make last_login_time updated. The update is done when the user logs in, then every time the authentication is reissued. Closes #4549891

Added tag pyramid_cubicweb-version-0.1.0, pyramid_cubicweb-debian-version-0.1.0-1 for changeset 3d60138100d6

Add a description to the debian package

Set version to 0.1.0

Initial debian packaging missing at least a long description and wsgicors dependency.

Move PyramidCWTest to pyramid_cubicweb.tests

Optimise repo_connect by skipping authenticate_user The authentication being handled by pyramid itself, going through the authentication stack to recreate the temporary session at each request is very costly. On my desktop, for a mostly static front page, the total time for delivering the page drops from 100ms to 47ms.

Use lightweight sessions Provides a lightweight version of repo.connect() that does not keep track of opened sessions. The speed gain on a mostly static front page is about 5% Warning ! This means that, for now, the "session_open" and "session_close" hooks are NOT called anymore.

Use 'wsgicors' for CORS handling. The CW CORS handling (in web/cors.py) is only able to work on cubicweb requests. When a request is not handled by bwcompat, we need a proper solution. The `wsgicors` library provides what we need as a wsgi middleware.

Add requirements

Handle '__setauthcookie' '__setauthcookie' is a form parameter added by the 'rememberme' cube. If present and equals to '1', the cookie max_age will be set to 7 days instead of being a session cookie. To make sure the auth cookie is renewed, the reissue_time is set to 1h.

Fix POST handling. The issues where revealed by the unittests, which are ported from the cubicweb wsgi tests.

Use AuthTktAuthenticationPolicy

DB-saved session data Related to #4291173

Handle properly the '/https/*' urls CW uses a url prefix to detect https behing a reverse-proxy. A more proper way to do that is documented here in the waitress documentation (waitress is the default pyramid wsgi server): https://waitress.readthedocs.org/en/latest/#using-behind-a-reverse-proxy A later version should implement this, or use waitress in the 'pyramid' command. Related to #4291181

Correctly pass the multiple parameters to the cubicweb request When naively converted to a dict, the webob MultiDict will not set the multiple parameters (a same name with several values) in a way CW can understand. MultiDict.mixed() however, does exactly what CW needs: list values for keys with multiple values, and single value for the others. Related to #4291181

Add a wsgi application factory suitable for wsgi servers. This factory can generate a wsgi application for a cubicweb instance. It reads the instance name from the CW_INSTANCE environment variable, and activates the debugmode if CW_DEBUG is defined in environment. It is usable by uwsgi as the 'module' parameter : CW_INSTANCE=test uwsgi --plugins python,http --http 0.0.0.0:8080 --module pyramid_cubicweb:wsgi_application()

If any cube has a 'includeme' attribute, call config.include on it Related to #4291181

Add a make_cubicweb_application function This function will be used by the 'pyramid' cubicweb-ctl command. Related to #4291173

Fix session closing for cubicweb 3.19 Related to #4291173

Convert cubicweb.NotFound to HTTPNotFound Related to #4291173

Use registry['cubicweb.registry'] instead of registry['cubicweb.appli'].vreg because the application may not be present. Related to #4291173

Use a predicate based view selection for handling /login This will allow easy addition of login handlers from the application or cubes Related to #4291173

Use a tween application instead of a catchall route. Using a catchall route has some drawbacks. Especially, we have no mean to have a route that would match only if no other one does AND no view matches either. Said differently, our default handler cannot be plugged on the route level nor the view level, because it is has to be activated only if nothing else works in the pyramid application. Using a tween application allow to handle requests that raises a HTTPNotFound error, while having the pyramid error handler still active between our tween app and the outside world. Related to #4291173

Document the view problem hypothesis. Related to #4291173

If the postlogin_path is 'login', redirect to '/' instead Related to #4291173

Put the login view in a separate module. Related to #4291173

Separate into 4 modules * init_instance: load the cubicweb repository from the `pyramid_cubicweb.instance` configuration key * defaults: provides cw-like defaults for the authentication and session management * core: make cubicweb use the authentication and session management of pyramid. It assumes the application provides the auth policies and session factory, and that the `cubicweb.*` registry entries are correctly initialised. This is this only required module or pyramid_cubicweb, the other ones are optional if the application provides its own versions of what they do. * bwcompat: provides a catchall route that delegate the request handling to an old-fashion cubicweb publisher (ie using url_resolver and controllers). Related to #4291173

Update the TODO list Related to #4291173

Provide instructions and a requirements list to quickly start the sample application. Related to #4291173

Use the pyramid session object as the cubiweb session.data (needs a patched cw 3.19) Related to #4291173

Add comments on parts we want to reconsider later Related to #4291173

Skip core_handle, add a context manager to handle cubicweb errors The context manager is also used to catch errors in render_view. It handles the 'external' errors raised by cubicweb code. The more internal errors, the one that should occur only in url resolving and cubicweb controllers, are handled directly in CubicWebPyramidHandler. ValidationError is handled by CubicWebPyramidHandler for now, but should probably be handled by cw_to_pyramid Related to #4291173

Documents dependencies on a ubuntu system Related to #4291173

Use short-lived cubicweb sessions to let pyramid actually handle the web sessions Related to #4291173

Isolate the default handler and extend its role The handler now does the job of CubicWebPublisher.main_handle_request() and calls CubicWebPublisher.core_handle(). Instead of using config.add_notfound_view, a catchall route is defined and the handler plugged to it. Related to #4291173

Add a basic sample application Related to #4291173

Integration pyramid and cubicweb authentication. We use pyramid sessions to store the cubicweb sessionid so we can reuse it when needed, or regenerate it if it was lost. The cubicweb sessionid is obtained from a login in the repo OR directly from the user identified by pyramid. Related to #4291173

[doc] Escape _ in README.md So that the Markdown is okay.

Initial implementation Set up a default route that passes requests to a cubicweb instance. The requests are wrapped in an adequate adapter so that cubicweb works with no change. Related to #4291173