[js] get rid of `partial` function (closes #1972794)

[css] change `h3` and `h4` styles(closes #893244)

querier: Improve error message when ERQLExpression fails on some entity (closes #2267081) When an RQL variable is indeed "constant" (we know it's eid) ERQL expression are not inserted but checked prior query execution. If the session have no read access to the entity an `Unauthorized` exception is raised. This changeset add a meaningfull message to this exception:: No read acces on "X" with eid 42.

[js] fix error in loadRemote docstring

[doc] add missing section titles

[doc] fix bad indentation

[server/ldaputils] do not allow ldap.server_down to crash on us

Add missing with_statement import for python2.5 compat

[devtools] make xvfb-run not wait 3s each time (closes #2265710) Ask Xvfb to tell us when it's ready instead of unconditionally waiting 3 seconds. Sync from http://anonscm.debian.org/gitweb/?p=pkg-xorg/xserver/xorg-server.git;a=blob_plain;f=debian/local/xvfb-run;hb=HEAD

[view] breadcrumbs layout broken with long elements (closes #1347486)

[static-file] return Unauthorized on blocked directory listing This is more appropriate than 404 NOT FOUND

[login redirect] only add postlogin_path argument when meaningful

static-file: properly set/use cache header for static file (closes #2255013) This changesets enables the standard http cache mechanism where the static controller may reply "304 Not modified" based on `last-modified` in HTTP response and `if-modified-since` in HTTP query. The last modified time is computed using the file-system information. The pre-existing logic using an `Expires` header to prevent client from sending request stay in place. The new logic just prevents sending the file again if not necessary.

[repository] move task manager instantiation outside repository. Repository callers are in charge of providing a task manager. The task manager is optional when the repository is not a server. This part is not really expected to work well yet. But we aim to remove all task management responsibilities from the Repository object.

[repository] split repo initialization from starting looping task (closes #2204047) This separation highlights that two distinct operations are done. This is a step towards a full distinction between repo, server and looping tasks

[repo looping task] move looping task logic in a dedicated object (progress #2204047)

[manage / default index views] discard login/logout templates

devtools-request: transmit the headers keyword argument to the request class Otherwise the headers kwargs end up in the form. This is very useful for testing publish logic related to http header (as cache).

[security] use a stronger encryption algorythm for password, keeping bw compat Administrator should ask their users to reenter new password so they benefit from the new encryption. Also, new encryption is cross-platform compatible, eg you may now move an instance from windows to linux painlessly

[cache] factorize _validate_cache() logic implemented in wsgi and twisted handlers

[fake-request] support `http_method()`

[Web-Request] Use rich header (closes #2204164) Unify header management. All web request use the Headers class now (imported from twisted). Code dedicated to header management have been merged into the base WebRequest class.

http-header: support __contains__ in Headers You can now use:: >>> 'expires" in headers True

[web] Move request handling logic into cubicweb application. (closes #2200684) We improve http status handling in the process: ``application.publish`` have been renamed to ``application.handle`` to better reflect it's roles. The request object gain a status_out attribute to convey the HTTP status of the response. WSGI and etwist code have been updated. Exception gain status attribute

[login] split authentication logic from post authentication logic (closes #2200755) * The Session manager is now only in charge of providing a valid session. * LoginControllers are now used in all case but wrong credential. * The LoginControllers are in charge of redirecting the user to the page wanted to see in the first place, expected to see. * The login form is now always submitted to the login controller with an extra argument pointing to the url we should redirect too after successful authentication. The ``"log out first logic"`` logic on login controller is removed because: 1. Other web actor do not do that. 2. Removed code do not need to be reimplemented. 3. We can only get it to work again in a single case: use do a GET request on http://www.my-cw-stuff.io/login 4. I do not see it's purpose.

[LoginForm] refactor to ease other implementation An Abstract BaseLoginForm is created. It is intended to be used by cubes who want to implement new login form. It gather common login form elements in particular the form action. This will ease redefinition of this form action in later commit.

[request] gather all base_url logic in a single place (closes #2200756) * Handle ``https base-url`` in the core code: ``./req.py`` and ``web/request.py`` * Remove custom ``base_url`` handling if web request

[http] drop use-request-subdomain feature (closes #2251986) This feature do not have any user nowaday and lays in the path to WSGI.