.. -*- coding: utf-8 -*- Project pyramid-cubicweb ======================== :creation date: 2014/08/28 Toward integration of Cubicweb behind Pyramid The documentation is on rtd: http://pyramid-cubicweb.readthedocs.org/en/latest/index.html Version 0.8.0 ------------- :publication date: 2017/01/03 :expected date: n/a Ticket #17028455 depends on cubicweb < 3.24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: task :state: validation pending project merged into cubicweb 3.24 Ticket #14159555 Python 3 compatibility ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: task :load: 1.000 :state: validation pending Prior to merging this project into cubicweb, we'll have to make it python3 compatible Version 0.7.0 ------------- :publication date: 2016/06/28 :expected date: n/a Ticket #13421901 When in cubicweb-ctl pyramid -D no tracebacks are shown in the terminal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :load: 0.250 :state: validation pending Comments :: On 2016/06/02 10:10 - alutz wrote : setting cubicweb.bwcompat.errorhandler = False solves the problem, and you get a pyramid based traceback with inspection (better ?) I have a patch for getting the traceback event when cubicweb.bwcompat.errorhandler = True (traceback in main_template). Version 0.6.1 ------------- :publication date: 2016/04/12 :expected date: n/a Ticket #12219860 responce header on AuthenticationError is missing headers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: validation pending especially a Content-Type Ticket #12219849 should return a 403 on authentication error ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: validation pending not a 200 Version 0.6.0 ------------- :publication date: 2016/03/24 :expected date: n/a Ticket #11689093 in cw-twisted we have a full traceback in the error view ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: validation pending we should have it also in pyramid-cw Ticket #11689082 pyramid-session-secret cw config option is deprecated ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: validation pending in favor of cubicweb.auth.authtkt.session.secret in pyramid.ini config file Comments :: On 2016/03/23 11:50 - ddouard wrote : not in favor of cubicweb.auth.authtkt.session.secret (which is a different secret), so one should add a dedicated config entry for this (eg. cubicweb.session.secret ) Ticket #11689118 redirect after /login is broken on proxied instances ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: validation pending redirects to / instead of / Ticket #11376233 login impossible in plain http ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: validation pending This is due to apparently. This is especially annoying when developing an application using http://localhost: where, obviously, https is not used. Also, I wonder if *forcing* this security setup is really a good idea. This choice should be left to application developer. Comments :: On 2016/03/07 13:22 - jcristau wrote : AFAIK this is already configurable, through the cubicweb.auth.authtkt.session.secure and cubicweb.auth.authtkt.persistent.secure parameters. > On 2016/03/07 14:52 - dlaxalde wrote : > Hmm, yes apparently. This would be worth documenting though... Version 0.5.0 ------------- :publication date: 2015/09/16 :expected date: n/a Ticket #5999625 Authentication cookies should be completely configurable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: enhancement :state: done Currently only a few things can be changed in the configuration file (cookie_name, timeouts...). Ticket #4731765 session and auth_tkt should be 'secure' enabled ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: done Comments :: On 2015/06/25 08:20 - jcristau wrote : also httponly... Version 0.4.1 ------------- :publication date: 2015/08/03 :expected date: n/a Ticket #5878592 cubicweb 3.20 compat ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved pyramid-cubicweb 0.4.0 introduce 3.21 compat, but at the cost of incompatibility with version < 3.21, because cw_cnx must be a ClientConnection on older cubicweb versions. Ticket #5739625 the error handler should be deactivable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved The default error handler, once set, cannot be overriden, which can be a problem. A configuration value should allow to deactivate it. Version 0.4.0 ------------- :publication date: 2015/07/23 :expected date: n/a Ticket #5731814 compatibility with cubicweb 3.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: task :load: 0.250 :state: resolved Ticket #5576182 pkg: add python-pyramid-multiauth dependency ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :load: 0.200 :state: resolved because of ``from pyramid_multiauth import MultiAuthenticationPolicy`` in auth.py Ticket #4545130 Use error views ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: enhancement :load: 1.000 :state: resolved On http errors, the views provided by CW should be used. Comments :: On 2015/06/25 08:17 - jcristau wrote : is there any reason bwcompat.py:CubicWebPyramidHandler can't call down to self.appli.error_handler in exception cases? Or do you want to copy the error view selection logic in CubicWebPyramidHandler directly? > On 2015/06/25 08:26 - dlaxalde wrote : > I'd say we could rather investigate on registering pyramid errors views, that > would, in the backwards compatible situation, delegate to respective cubicweb > error views. Version 0.3.1 ------------- :publication date: 2015/06/18 :expected date: n/a Ticket #4751862 initialization fails if anonymous access is not authorized in cw config ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :load: 0.500 :state: resolved :: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/cubicweb/cwctl.py", line 162, in run_arg status = cmdmeth(appid) File "/usr/share/cubicweb/cubes/pyramid/ccplugin.py", line 270, in pyramid_instance pyramid_config = make_cubicweb_application(cwconfig) File "/home/denis/src/cw/pyramid_cubicweb/pyramid_cubicweb/__init__.py", line 30, in make_cubicweb_application config.include('pyramid_cubicweb.core') File "/var/lib/pyramid/venv/lib/python2.7/site-packages/pyramid/config/__init__.py", line 755, in include c(configurator) File "/home/denis/src/cw/pyramid_cubicweb/pyramid_cubicweb/core.py", line 220, in includeme 'CWUser', login=login).one().eid File "/usr/lib/python2.7/dist-packages/cubicweb/rset.py", line 452, in one raise NoResultError("No row was found for one()") NoResultError: No row was found for one() Ticket #4751889 wsgicors dependency for Debian package ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :load: 1.000 :state: resolved The Debian package is not usable because of the wsgicors dependency which is not available in any Debian release. Either the dependency should be removed or a debian package for wsicors should be provided in Logilab's repository. I'll have a look at the latter solution. Comments :: On 2014/12/15 13:09 - dlaxalde wrote : First attempt here: http://hg.logilab.org/users/dlaxalde/debian/python-wsgicors/ On 2014/12/16 07:07 - dlaxalde wrote : From e522a405a706 the dependency is going into `pyramid_cubicweb`. Version 0.3.0 ------------- Performance improvements :publication date: 2015/05/11 :expected date: n/a Ticket #5310434 allow usage of debug mode -D without pyramid debugtoolbar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :load: 0.100 :state: resolved Since there's no package available (at least in debian) for this, it should be optional IMO. At least the user will get the "standard" cubicweb debug mode with log message displayed in the console. Ticket #5230746 authplugin still useful? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :load: 0.250 :state: resolved It seems to me that the authplugin.py file is now useless and should be removed Comments :: On 2015/04/10 07:25 - cdevienne wrote : You are right, it is not used anymore. I did not realize that. Ticket #4891437 Avoid unnecessary session loading ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved Mainly, setting session.data in _repo_connect forces a session load. It should be a lazy access. Ticket #4939219 headers are not copied on exceptions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved If publish() raises an exception (say, Redirect), the headers are not copied to the response. Ticket #5298654 Set pyramid flash as the (redirect_)message api backend ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: enhancement :state: resolved Pyramid provides a session-based flash message system (http://pyramid.readthedocs.org/en/latest/narr/sessions.html#flash). Cubicweb provides a similar system on the web request, with set_message & co. Both should transparently interact, so that using any of the API gives the same result. Ticket #4870347 Speed-up repo_connect ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved The main bottleneck is repo.build_user, which could be cached. Ticket #5307426 Tests should be able to change the pyramid settings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved includeme is not enough because it is called after the setting have been applied. Ticket #5343870 'uncommitable' connexion get commited, w error... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved In some cases, a connexion is uncommitable although there is no exception detectable at the request level, but pyramid_cubicweb still attempt to commit it. I do not have a reproducible case, but I know I had the problem several times. When it happens, the original problem is shadowed by the error on the commit attempt. Ticket #4985962 Use multiple authentication policies ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved We need to be able to compose an authentication stack from different cubes. It will also allow to better handler the 'rememberme' feature. Version 0.2.1 ------------- :publication date: 2015/01/23 :expected date: n/a Ticket #4849874 cors parameters unusable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved allow-headers and allow-methods are not usable:: Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/waitress/channel.py", line 337, in service task.service() File "/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 173, in service self.execute() File "/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 392, in execute app_iter = self.channel.server.application(env, start_response) File "/usr/local/lib/python2.7/dist-packages/wsgicors.py", line 89, in __call__ start_response(status, resp) File "/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 376, in start_response 'Header value %r is not a string in %r' % (v, (k, v)) AssertionError: Header value ['Content-Type'] is not a string in ('Access-Control-Allow-Headers', ['Content-Type']) and:: Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/waitress/channel.py", line 337, in service task.service() File "/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 173, in service self.execute() File "/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 392, in execute app_iter = self.channel.server.application(env, start_response) File "/usr/local/lib/python2.7/dist-packages/wsgicors.py", line 89, in __call__ start_response(status, resp) File "/usr/local/lib/python2.7/dist-packages/waitress/task.py", line 376, in start_response 'Header value %r is not a string in %r' % (v, (k, v)) AssertionError: Header value ['GET', 'PUT', 'DELETE', 'POST'] is not a string in ('Access-Control-Allow-Methods', ['GET', 'PUT', 'DELETE', 'POST']) Version 0.2.0 ------------- :publication date: 2015/01/23 :expected date: n/a Ticket #4811298 Allow to pass pyramid settings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved Currently there are no way to provide alternate session factory or auth policy. Here is what my upcoming patch does: If a 'pyramid.ini' file is found in the application home directory, its 'main' section is passed as the 'settings' parameter to the pyramid configurator constructor. Additionnally, the following cubicweb-specific configuration values can be set: cubicweb.defaults = yes*|no Enable the inclusion of pyramid_cubicweb.defaults. cubicweb.bwcompat = yes*|no Enable the backward compatibility layer cubicweb.includes = Same as 'pyramid.includes', but the includes are done after the registry cubicweb.* entries are initialised. Ticket #4849314 Cannot start if cubicweb.includes is not defined ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved Ticket #4783343 cors 'origin' parameters not correctly passed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved :: Traceback (most recent call last): File "/home/cdevienne/.virtualenvs/unlish-dev/local/lib/python2.7/site-packages/cubicweb/cwctl.py", line 162, in run_arg status = cmdmeth(appid) File "/home/cdevienne/.virtualenvs/unlish-dev/share/cubicweb/cubes/pyramid/ccplugin.py", line 278, in pyramid_instance app = wsgi_application_from_cwconfig(cwconfig) File "/home/cdevienne/ws/cubicweb/pyramid_cubicweb/pyramid_cubicweb/__init__.py", line 45, in wsgi_application_from_cwconfig credentials='true') File "/home/cdevienne/.virtualenvs/unlish-dev/local/lib/python2.7/site-packages/wsgicors.py", line 21, in __init__ self.match=filter(lambda x: x != "*", map(lambda x: x.strip(), self.pol_origin.split(" "))) AttributeError: 'list' object has no attribute 'split' instance unlish-instance not None: 'list' object has no attribute 'split' Ticket #4849313 Documentation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved Add a proper documentation Version 0.1.3 ------------- :publication date: 2014/12/08 :expected date: n/a Ticket #4731764 Authentication on IE fails ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved The reason is that the auth_tkt cookie has an invalid 'expires' field (it is equal to the 'max-age' field). Version 0.1.2 ------------- :publication date: 2014/11/15 :expected date: n/a Ticket #4566482 Workflow transition are not saved ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved When changing an entity state, the confirmation view is displayed, but when clicking "validate", the new state is not applied. Version 0.1.1 ------------- :publication date: 2014/11/08 :expected date: n/a Ticket #4549891 last_login_time is not updated ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved When user logs in, their last_login_time is not updated. Version 0.1.0 ------------- :publication date: 2014/10/23 :expected date: n/a Ticket #4291181 Allow cubes to be included by pyramid config ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: bug :state: resolved If a cube has a 'includeme' attribute, it should be included by the pyramid configuration. Ticket #4291173 First step ~~~~~~~~~~~~~~~~~~~~~~~~~~ :type: task :state: resolved The goal is to be able to run a cubicweb instance on top of a pyramid application. - The cw code will transparently rely on the pyramid authentication and session api - The cubicweb standard handler will be bypassed as much as possible without loosing bw compatibility for existing cubes - One bw incompatibility : all code related to webauthretriever will be inactive. Pyramid ports of those will be needed. What won't be done : - Controllers/views selection by pyramid directly - replacement of the cw url resolvers