No need to query the userinfo endpoint of the OIDC server when authenticating
as those information can also be found in the decoded access token.

Use more reliable access token expiration date.

Check groups claim is provided in decoded token before trying to read it.

Previously URL of type https://forge.example.org/user/project/sub-project/ were
not validated by the isGitRepoUrl function.

Closes T2331

No need to substract 1 from computed TTLs as it can lead to cache userinfo
with a 0 seconds TTL when access token is about to expire and thus send
multiple userinfo requests to the OIDC server on successive calls to the
Web API.

When a user is identified as staff, he/she should not be rate limited
when querying the Web API.

Related to T1927

Throttling requests is related to Django REST Framework and is only used in
the api part of swh-web. So move associated module from common submodule
to api one for consistency.

This backend for Django REST Framework enables to authenticate users through the
use of bearer tokens (provided by Keycloak) sent in HTTP request headers.

Closes T2249

Add Django plumbing in swh-web to use OpenID Connect authentication layer.

It enables to securely authenticate users stored in a remote identity
and access management server implementing OpenID Connect specifications.
For the swh-web case, the open source solution Keycloak will be used.

New Django views are also introduced in order for users to login/logout
from the main HTML interface.

A custom Django User model is also used for remote users in order to
store OpenID Connect related data and avoid to save users to Django
database (those sensitive information are already securely stored in
Keycloak so there is no need to duplicate them).

Closes T2245
Closes T2246
Closes T2295

Related to D2820

Closes T2294

swh.model.from_disk.Directory.from_disk signature and usage have changed
since rDMOD6da524cb2bd8b870eaa0be477837694617cfff1b.

Also add a new rule to enforce consistent spacing inside braces.

closes T2286

This will prevent bad surprises when users simply invoke pytest in the root folder
of swh-web as default profile makes tests execution slow and tests can fail depending
on the hypothesis version used.

It will enable to find an origin when users provide urls with or without
a trailing slash.

Closes T1852
Closes T2289

Closes T2141

Closes T2284

  - add external links parsing

  - fix parsing of multiple links in same paragraph

  - fix links to endpoints documentation since D2665

Extract the methods from the sphinxcontrib-httdomain directives instead of a
complicated parsing from some strings in the endpoint docstrings.

It enables to document nested objects for request and response data.

Some new api endpoints require to send JSON data in HTTP requests but it was currently
not handled by the apidoc module.

So handle corresponding httpdomain directives in our custom rst nodes visitor.

Also add support for documenting JSON array of non object type as httpdomain does
not offer any directive for that type.

In order to simplify the use of the apidoc module, create a dedicated view
to display HTML documentation for each decorated endpoint.

This fixes an issue when an endpoint only accepts POST requests.

The noargs parameter is still used but is no more mandatory to an endpoint
without URL arguments. It simply enables to avoid redirecting to the endpoint
doc view from the endpoints list view as response data can be immediately
displayed.

The `?` character was always missing.

The appended `?` character was after `?fulltext=`, which caused the URL
to not be parsed as expected.

Required by swh-storage >= v0.0.172.

Use a __getattr__ like storage proxies do.

This will also be required when the validation proxy of swh-storage is merged,
as this proxy uses __getattr__, so inspect.getmembers() does not return all
method names that can be called.