Because these two plugins implement the refresh of the authentication
token (unlike the facebook plugin), we can use a longer cache here.
With the previous value of 1 day, when not using the site for more than
1 day, token would expire from cache and user have to authenticate again.
Because the scenario of "access is revoked from authorization server"
is handled by refreshing the access token, we can use a longer duration
here, so that user do not have to login again after not using for two
days.

After server restarts, mariadb uses an error 1927 which is mariadb
specific, with no corresponding constant in CR module when server
restart. This is the case at least with mariadb 10.3.38.

This fix the following problem:
 - start zope and use mariadb connection
 - restart mariadb
 - use mariadb connection again, see an error:
    Error Type: OperationalError
    Error Value: (1927, 'Connection was killed')

This change to treat 1927 as an error for which we can reconnect and
retry the query. Some other connectors do it, for example sqlalchemy in
https://github.com/sqlalchemy/sqlalchemy/issues/5493

This prevents tracebacks during shutdown:

  Unhandled exception in thread started by <bound method Thread.__bootstrap of <Thread(Thread-1, stopped daemon 139820471113472)>>
  Traceback (most recent call last):
    File "soft/lib/python2.7/threading.py", line 774, in __bootstrap
      self.__bootstrap_inner()
    File "soft/lib/python2.7/threading.py", line 814, in __bootstrap_inner
      (self.name, _format_exc()))
    File "soft/lib/python2.7/traceback.py", line 242, in format_exc
      return ''.join(format_exception(etype, value, tb, limit))
    File "soft/lib/python2.7/traceback.py", line 141, in format_exception
      list = list + format_tb(tb, limit)
    File "soft/lib/python2.7/traceback.py", line 76, in format_tb
      return format_list(extract_tb(tb, limit))
    File "soft/lib/python2.7/traceback.py", line 100, in extract_tb
      linecache.checkcache(filename)
  TypeError: 'NoneType' object is not callable

Also rename the method because this is not longer *Z*server.

This waitress close() API is not public part of API, so we still ignore
the case where the server thread does not stop after 5 seconds. This
happens if some HTTP connections are still open at the end of test.

There is no zmi_icon on Zope2.

   This is expected that constraints can call getConstraintType() if they are filtered:

    return context.checkConsistency(fixit=1, filter={'constraint_type': 'post_upgrade'},)
  Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency
    error_list.extend(obj.fixConsistency(filter=filter, **kw))
  Module Products.ERP5Type.Base, line 2714, in fixConsistency
    return self.checkConsistency(fixit=True, filter=filter, **kw)
  Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency
    error_list.extend(obj.fixConsistency(filter=filter, **kw))
  Module Products.ERP5Type.Base, line 2714, in fixConsistency
    return self.checkConsistency(fixit=True, filter=filter, **kw)
  Module Products.ERP5Type.Core.Folder, line 1462, in checkConsistency
    **kw
  Module Products.ERP5Type.Base, line 2686, in checkConsistency
    for constraint_instance in self._filteredConstraintList(filter):
  Module Products.ERP5Type.Base, line 2739, in _filteredConstraintList
    constraints = [x for x in constraints if x.__of__(self).getConstraintType() in \
AttributeError: 'RequestContainer' object has no attribute 'getConstraintType'

   There is a missing "r" on the link, acording to apache documentation:

    Additionally you have to create symbolic links named hash-value.rN. And you should always make sure this directory contains the appropriate symbolic links.

    See: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html

This reverts commit 89aa2a6b.
The assumption that FOR UPDATE was unnecessary is wrong: when SQLDict
reserves similar activities, it will race against these primo-reservations.
So this change actually opens the possibility for duplicate activity
reservation.
Revert this change until (hopefully) a better fix is implemented.

In case of network problems, the http requests made to google during
login may take too long and cause global unavailability of the ERP5
instance.

Today we saw in long request logs:

    2023-05-29 07:10:35,662 - Thread 140596157511424: Started on 1685336511.6; Running for 524.1 secs; Same.

oauth2client does not expose an API to set a timeout, but it allows
passing a custom http instance where we can set a timeout.

On Zope2 this method does not exist and this caused a test failure

======================================================================
FAIL: test_method_protection (testSecurity.TestSecurity)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "parts/erp5/Products/ERP5/tests/testSecurity.py", line 110, in test_method_protection
    self.fail(message)
AssertionError:
The following 1 methods have a docstring but have no security assertions.
	parts/erp5/product/ERP5Type/patches/BTreeFolder2.py:111 manage_delAllObjects

To write a pid file so that logrotate can send us signals. This is
still needed for neo storage for now.

See nexedi/slapos!1395

Loading ZConfig will initialize storage and generally might do things
that will cause messages to be emitted.
One actual problem is with neo storage, which configure root logger
when it's not already configured [1], this was causing all logged
messages to be logged in the console when using neo storage.

1: https://lab.nexedi.com/nexedi/neoppod/blob/fd87e153/neo/lib/logger.py#L63-64

It is easy to see contents ordered by id by default in ERP5Site.

Protect data from human error. There are unbelievable mistakes. ERP5
is a place to store important data that must not be deleted easily.

Errors in getObject (typically, unauthorized) were hidden by another
error in finally block, because popRequest can only be called if
pushRequest was executed before.

The roles were missing

Thanks to Vincent Pelletier for his help on this bug fix.

also set hide_rows_on_no_search_criterion to force displaying the list
even without search, this is a report, we we always want to see records.

This is done on the process running test (by
ERP5TypeTestCaseRequestConnection) and when using timerserver loop (by
TimerServer which calls publish_module), but this was never set in
processing_node.

Before 3b874e49 (ERP5Type/tests: review requests in tests, 2023-04-19)
getRequest could find a request anyway, because the test pached
getRequest to find a request from the app, but after this change
executing activities in an instance running with runUnitTest without
test specified failed with:

    Module importlib, line 37, in import_module
      __import__(name)
    Module Products.ERP5Type.dynamic.component_package, line 412, in load_module
      return self.__load_module(fullname)
    Module Products.ERP5Type.dynamic.component_package, line 379, in __load_module
      erp5.component.ref_manager.add_module(module)
    Module Products.ERP5Type.dynamic.dynamic_module, line 75, in add_module
      self.add_request(get_request())
    Module Products.ERP5Type.dynamic.dynamic_module, line 53, in add_request
      self.setdefault(last_sync, (WeakSet(), set()))[0].add(request_obj)
    Module _weakrefset, line 86, in add
      self.data.add(ref(item, self._remove))
  TypeError: cannot create weak reference to 'NoneType' object

( maybe we remove processing_node and use only timerserver, these two
methods are more or less equivalent for simple cases and timerserver is
closer to what a "real" zope does )

unittest executes the cleanups after `tearDown`, after the ZODB
connection is closed, so accessing database objects cause errors.

According to python unittest documentation, it is safe to call
`doCleanups` ourselves when we need the cleanup to be executed earlier,
this is a typical case where we want the cleanup to be called before
closing the database connections.

ID is not something we like to show to users, modification date and
validation state can be better - this assumes that most of the
relation are made to nodes, which typically have a validation state
and not a simulation state.

The general idea of this patch is that now that we are using
zope.globalrequest, we no longer need to patch get_request, we can
simply call zope.globalrequest.setRequest with the request from the
test and restore the "real" request afterwards.

To achieve this, we reuse Testing.ZopeTestCase.connections.registry,
which already has the logic of cleaning up resources in the right place
and use a "Request" resource that calls setRequest(test_request) and
setRequest(real_request) when closed, so that:
 - test runs with an independant request
 - this test request is closed at the end
 - the real request is restored at the end

This also fixes a bug with self.publish when runnning
ERP5TypeLiveTestCase from portal_components of a running instance,
after a call to self.publish the current request was lost.

The testing for this revealed that ERP5TypeLiveTestCase.publish way
of dealing with zope.security interaction was not always correct: when
running a live test inside runUnitTest (like we do here in
testDynamicClassGeneration), there is no security interaction. This
was reviewed to use the high level API instead of changing directly the
internal storage.

This can be useful when making a report on movements and when we list
properties of the movements that depend on the side but are not
directly exposed on MovementHistoryListBrain. One use case was
`Movement_getSpecificReference`, which shows `source_reference` when
the brain is for the source and `destination_reference` otherwise.

With this new approach, instead of guessing we record the "is_source"
information at indexing time, when we know this for sure.

This also simplifies `MovementHistoryListBrain.date` and
`MovementHistoryListBrain.mirror_date` which no longer need to guess
the side and fix a problem that because this guessing was done using
`movement.getSourceUid()` - which cause security errors when users can
not access the source of the movement.

When editing a state permission mapping the roles were not sorted,
because WorkflowState_getPermissionMatrixContext uses a set. Sort
before setting the attribute, to prevent useless diffs in ZODB history
and business template.

default activate() behavior is to not queue the activity if another
activity with the same path/method_id already exist. We don't want this
here.

We don't even use the new updateLocalRolesOnSecurityGroups instead,
because roles are supposed to be applied by an interaction workflow.