.. -*- coding: utf-8 -*-

Project pyramid-cubicweb
========================
:creation date: 2014/08/28

Toward integration of Cubicweb behind Pyramid

The documentation is on rtd:
http://pyramid-cubicweb.readthedocs.org/en/latest/index.html

Version 0.8.0
-------------
:publication date: 2017/01/03
:expected date: n/a

Ticket #17028455 depends on cubicweb < 3.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: task
:state: validation pending

project merged into cubicweb 3.24

Ticket #14159555 Python 3 compatibility
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: task
:load: 1.000
:state: validation pending

Prior to merging this project into cubicweb, we'll have to make it python3
compatible

Version 0.7.0
-------------
:publication date: 2016/06/28
:expected date: n/a

Ticket #13421901 When in cubicweb-ctl pyramid -D no tracebacks are shown in the terminal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:load: 0.250
:state: validation pending

Comments ::

  On 2016/06/02 10:10 - alutz wrote :
  setting cubicweb.bwcompat.errorhandler = False solves the problem, and you get a
  pyramid based traceback with inspection (better ?)
  
  I have a patch for getting the traceback event when
  cubicweb.bwcompat.errorhandler = True (traceback in main_template).

Version 0.6.1
-------------
:publication date: 2016/04/12
:expected date: n/a

Ticket #12219860 responce header on AuthenticationError is missing headers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: validation pending

especially a Content-Type

Ticket #12219849 should return a 403 on authentication error
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: validation pending

not a 200

Version 0.6.0
-------------
:publication date: 2016/03/24
:expected date: n/a

Ticket #11689093 in cw-twisted we have a full traceback in the error view
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: validation pending

we should have it also in pyramid-cw

Ticket #11689082 pyramid-session-secret cw config option is deprecated
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: validation pending

in favor of cubicweb.auth.authtkt.session.secret in pyramid.ini config file

Comments ::

  On 2016/03/23 11:50 - ddouard wrote :
  not in favor of cubicweb.auth.authtkt.session.secret (which is a different
  secret), so one should add a dedicated config entry for this (eg.
  cubicweb.session.secret )

Ticket #11689118 redirect after /login is broken on proxied instances
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: validation pending

redirects to / instead of /<url_prefix>

Ticket #11376233 login impossible in plain http
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: validation pending

This is due to <https://www.cubicweb.org/revision/6000518> apparently. This is
especially annoying when developing an application using http://localhost:<port>
where, obviously, https is not used.

Also, I wonder if *forcing* this security setup is really a good idea. This
choice should be left to application developer.

Comments ::

  On 2016/03/07 13:22 - jcristau wrote :
  AFAIK this is already configurable, through the
  cubicweb.auth.authtkt.session.secure and cubicweb.auth.authtkt.persistent.secure
  parameters.
  > On 2016/03/07 14:52 - dlaxalde wrote :
  > Hmm, yes apparently. This would be worth documenting though...

Version 0.5.0
-------------
:publication date: 2015/09/16
:expected date: n/a

Ticket #5999625 Authentication cookies should be completely configurable
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: enhancement
:state: done

Currently only a few things can be changed in the configuration file
(cookie_name, timeouts...).

Ticket #4731765 session and auth_tkt should be 'secure' enabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: done

Comments ::

  On 2015/06/25 08:20 - jcristau wrote :
  also httponly...

Version 0.4.1
-------------
:publication date: 2015/08/03
:expected date: n/a

Ticket #5878592 cubicweb 3.20 compat
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

pyramid-cubicweb 0.4.0 introduce 3.21 compat, but at the cost of incompatibility
with version < 3.21, because cw_cnx must be a ClientConnection on older cubicweb
versions.

Ticket #5739625 the error handler should be deactivable
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

The default error handler, once set, cannot be overriden, which can be a
problem.

A configuration value should allow to deactivate it.

Version 0.4.0
-------------
:publication date: 2015/07/23
:expected date: n/a

Ticket #5731814 compatibility with cubicweb 3.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: task
:load: 0.250
:state: resolved

Ticket #5576182 pkg: add python-pyramid-multiauth dependency
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:load: 0.200
:state: resolved

because of ``from pyramid_multiauth import MultiAuthenticationPolicy`` in
auth.py

Ticket #4545130 Use error views
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: enhancement
:load: 1.000
:state: resolved

On http errors, the views provided by CW should be used.

Comments ::

  On 2015/06/25 08:17 - jcristau wrote :
  is there any reason bwcompat.py:CubicWebPyramidHandler can't call down to
  self.appli.error_handler in exception cases? Or do you want to copy the error
  view selection logic in CubicWebPyramidHandler directly?
  > On 2015/06/25 08:26 - dlaxalde wrote :
  > I'd say we could rather investigate on registering pyramid errors views, that
  > would, in the backwards compatible situation, delegate to respective cubicweb
  > error views.

Version 0.3.1
-------------
:publication date: 2015/06/18
:expected date: n/a

Ticket #4751862 initialization fails if anonymous access is not authorized in cw config
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:load: 0.500
:state: resolved

::

Traceback (most recent call last): File
"/usr/lib/python2.7/dist-packages/cubicweb/cwctl.py", line 162, in run_arg
status = cmdmeth(appid) File "/usr/share/cubicweb/cubes/pyramid/ccplugin.py",
line 270, in pyramid_instance pyramid_config =
make_cubicweb_application(cwconfig) File
"/home/denis/src/cw/pyramid_cubicweb/pyramid_cubicweb/__init__.py", line 30, in
make_cubicweb_application config.include('pyramid_cubicweb.core') File
"/var/lib/pyramid/venv/lib/python2.7/site-packages/pyramid/config/__init__.py",
line 755, in include c(configurator) File
"/home/denis/src/cw/pyramid_cubicweb/pyramid_cubicweb/core.py", line 220, in
includeme 'CWUser', login=login).one().eid File
"/usr/lib/python2.7/dist-packages/cubicweb/rset.py", line 452, in one raise
NoResultError("No row was found for one()") NoResultError: No row was found for
one()

Ticket #4751889 wsgicors dependency for Debian package
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:load: 1.000
:state: resolved

The Debian package is not usable because of the wsgicors dependency which is not
available in any Debian release.

Either the dependency should be removed or a debian package for wsicors should
be provided in Logilab's repository. I'll have a look at the latter solution.

Comments ::

  On 2014/12/15 13:09 - dlaxalde wrote :
  First attempt here: http://hg.logilab.org/users/dlaxalde/debian/python-wsgicors/
  On 2014/12/16 07:07 - dlaxalde wrote :
  From e522a405a706 the dependency is going into `pyramid_cubicweb`.

Version 0.3.0
-------------

Performance improvements
:publication date: 2015/05/11
:expected date: n/a

Ticket #5310434 allow usage of debug mode -D without pyramid debugtoolbar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:load: 0.100
:state: resolved

Since there's no package available (at least in debian) for this, it should be
optional IMO. At least the user will get the "standard" cubicweb debug mode with
log message displayed in the console.

Ticket #5230746 authplugin still useful?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:load: 0.250
:state: resolved

It seems to me that the authplugin.py file is now useless and should be removed

Comments ::

  On 2015/04/10 07:25 - cdevienne wrote :
  You are right, it is not used anymore. I did not realize that.

Ticket #4891437 Avoid unnecessary session loading
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

Mainly, setting session.data in _repo_connect forces a session load. It should
be a lazy access.

Ticket #4939219 headers are not copied on exceptions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

If publish() raises an exception (say, Redirect), the headers are not copied to
the response.

Ticket #5298654 Set pyramid flash as the (redirect_)message api backend
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: enhancement
:state: resolved

Pyramid provides a session-based flash message system
(http://pyramid.readthedocs.org/en/latest/narr/sessions.html#flash).

Cubicweb provides a similar system on the web request, with set_message & co.

Both should transparently interact, so that using any of the API gives the same
result.

Ticket #4870347 Speed-up repo_connect
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

The main bottleneck is repo.build_user, which could be cached.

Ticket #5307426 Tests should be able to change the pyramid settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

includeme is not enough because it is called after the setting have been
applied.

Ticket #5343870 'uncommitable' connexion get commited, w error...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

In some cases, a connexion is uncommitable although there is no exception
detectable at the request level, but pyramid_cubicweb still attempt to commit
it.

I do not have a reproducible case, but I know I had the problem several times.
When it happens, the original problem is shadowed by the error on the commit
attempt.

Ticket #4985962 Use multiple authentication policies
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

We need to be able to compose an authentication stack from different cubes. It
will also allow to better handler the 'rememberme' feature.

Version 0.2.1
-------------
:publication date: 2015/01/23
:expected date: n/a

Ticket #4849874 cors parameters unusable
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

allow-headers and allow-methods are not usable::

Traceback (most recent call last): File
"/usr/local/lib/python2.7/dist-packages/waitress/channel.py", line 337, in
service task.service() File
"/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 173, in service
self.execute() File "/usr/local/lib/python2.7/dist-packages/waitress/task.py",
line 392, in execute app_iter = self.channel.server.application(env,
start_response) File "/usr/local/lib/python2.7/dist-packages/wsgicors.py", line
89, in __call__ start_response(status, resp) File
"/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 376, in
start_response 'Header value %r is not a string in %r' % (v, (k, v))
AssertionError: Header value ['Content-Type'] is not a string in
('Access-Control-Allow-Headers', ['Content-Type'])

and::

Traceback (most recent call last): File
"/usr/local/lib/python2.7/dist-packages/waitress/channel.py", line 337, in
service task.service() File
"/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 173, in service
self.execute() File "/usr/local/lib/python2.7/dist-packages/waitress/task.py",
line 392, in execute app_iter = self.channel.server.application(env,
start_response) File "/usr/local/lib/python2.7/dist-packages/wsgicors.py", line
89, in __call__ start_response(status, resp) File
"/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 376, in
start_response 'Header value %r is not a string in %r' % (v, (k, v))
AssertionError: Header value ['GET', 'PUT', 'DELETE', 'POST'] is not a string in
('Access-Control-Allow-Methods', ['GET', 'PUT', 'DELETE', 'POST'])

Version 0.2.0
-------------
:publication date: 2015/01/23
:expected date: n/a

Ticket #4811298 Allow to pass pyramid settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

Currently there are no way to provide alternate session factory or auth policy.

Here is what my upcoming patch does:

If a 'pyramid.ini' file is found in the application home directory, its 'main'
section is passed as the 'settings' parameter to the pyramid configurator
constructor.

Additionnally, the following cubicweb-specific configuration values can be set:

cubicweb.defaults = yes*|no Enable the inclusion of pyramid_cubicweb.defaults.

cubicweb.bwcompat = yes*|no Enable the backward compatibility layer

cubicweb.includes = <list of dotted paths> Same as 'pyramid.includes', but the
includes are done after the registry cubicweb.* entries are initialised.

Ticket #4849314 Cannot start if cubicweb.includes is not defined
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

Ticket #4783343 cors 'origin' parameters not correctly passed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

::

Traceback (most recent call last): File
"/home/cdevienne/.virtualenvs/unlish-dev/local/lib/python2.7/site-packages/cubicweb/cwctl.py",
line 162, in run_arg status = cmdmeth(appid) File
"/home/cdevienne/.virtualenvs/unlish-dev/share/cubicweb/cubes/pyramid/ccplugin.py",
line 278, in pyramid_instance app = wsgi_application_from_cwconfig(cwconfig)
File
"/home/cdevienne/ws/cubicweb/pyramid_cubicweb/pyramid_cubicweb/__init__.py",
line 45, in wsgi_application_from_cwconfig credentials='true') File
"/home/cdevienne/.virtualenvs/unlish-dev/local/lib/python2.7/site-packages/wsgicors.py",
line 21, in __init__ self.match=filter(lambda x: x != "*", map(lambda x:
x.strip(), self.pol_origin.split(" "))) AttributeError: 'list' object has no
attribute 'split' instance unlish-instance not None: 'list' object has no
attribute 'split'

Ticket #4849313 Documentation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

Add a proper documentation

Version 0.1.3
-------------
:publication date: 2014/12/08
:expected date: n/a

Ticket #4731764 Authentication on IE fails
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

The reason is that the auth_tkt cookie has an invalid 'expires' field (it is
equal to the 'max-age' field).

Version 0.1.2
-------------
:publication date: 2014/11/15
:expected date: n/a

Ticket #4566482 Workflow transition are not saved
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

When changing an entity state, the confirmation view is displayed, but when
clicking "validate", the new state is not applied.

Version 0.1.1
-------------
:publication date: 2014/11/08
:expected date: n/a

Ticket #4549891 last_login_time is not updated
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

When user logs in, their last_login_time is not updated.

Version 0.1.0
-------------
:publication date: 2014/10/23
:expected date: n/a

Ticket #4291181 Allow cubes to be included by pyramid config
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: bug
:state: resolved

If a cube has a 'includeme' attribute, it should be included by the pyramid
configuration.

Ticket #4291173 First step
~~~~~~~~~~~~~~~~~~~~~~~~~~
:type: task
:state: resolved

The goal is to be able to run a cubicweb instance on top of a pyramid
application.

- The cw code will transparently rely on the pyramid authentication and session
api - The cubicweb standard handler will be bypassed as much as possible without
loosing bw compatibility for existing cubes - One bw incompatibility : all code
related to webauthretriever will be inactive. Pyramid ports of those will be
needed.

What won't be done : - Controllers/views selection by pyramid directly -
replacement of the cw url resolvers