This should evolve to become a browser-side OAuth2 client.

So every new instance is able to use self-contained oauh2 authentication.
In turn, this triggers atomated migration of a few portal types, which
cause the coding style tests to fail. So commit these as well.

Replace CookieCrumbler's cookie with OAuth2 tokens:
- add the notion of authenticated sessions: period from a login action to
  either a logout or the expiration of tokens
- avoids session fixation (knowing one token does not grant near-permanent
  access to the session)
- reduces the per-request cost of authentication (removes the need to
  compute user's groups, and the need to cache these groups for a fixed
  period).

Also, to reliably open login_form, log out.

This is a simplified version that works well enough for python 2.
For Zope 4 and python 3 we are considering reusing publish.

Pylint, at least our current version (still 1.4.4 as some more recent
versions are apparently much slower), may choke on some imports on the
first validation since Zope was started, only to later succeed. Hypothesis
is that it fails to analyse some imported modules, leaving empty shells
behind in some cache, making a second test avoid the error.
Here is one such error:
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 86, in cache_generator
    for result in generator:
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 327, in wrapped
    for res in _func(node, context, **kwargs):
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 351, in wrapper
    for node in func(*args, **kwargs):
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/inference.py", line 190, in infer_callfunc
    for callee in self.func.infer(context):
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 86, in cache_generator
    for result in generator:
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 327, in wrapped
    for res in _func(node, context, **kwargs):
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 351, in wrapper
    for node in func(*args, **kwargs):
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/inference.py", line 247, in infer_getattr
    for obj in owner.igetattr(self.attrname, context):
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/bases.py", line 187, in igetattr
    context.push((self._proxied, name))
  File "eggs/astroid-1.3.8-py2.7.egg/astroid/raw_building.py", line 360, in _set_proxied
    return _CONST_PROXY[const.value.__class__]
KeyError: <type 'CompiledFFI'>

The last navigation step is intended to pull an anonymous-accessible
document. ERP5Site is too magic a document to have a representative
behaviour.

These are useless, git complain about them and they cause unnecessary diffs when having editor configured to automatically remove spaces at end of lines, so let's do a big commit to remove them all at once

See merge request nexedi/erp5!1672

done with:

    find product/ bt5 -name '*.py' | xargs -n 1 sed -i 's/ *$//'

fixup!  * Fix escaping chars in FormGroup title  * Use lxml to produce XML view  * Update XMLToForm to follow escaping changes

some elements were double escaped.

See merge request nexedi/erp5!1621