List of contributors to Kallithea project:

    Mads Kiilerich <madski@unity3d.com> 2012-2016

    Takumi IINO <trot.thunder@gmail.com> 2012-2016

    Unity Technologies 2012-2016

    Andrew Shadura <andrew@shadura.me> 2012 2014-2016

    Dominik Ruf <dominikruf@gmail.com> 2012 2014-2016

    Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> 2014-2016

    Étienne Gilli <etienne.gilli@gmail.com> 2015-2016

    Jan Heylen <heyleke@gmail.com> 2015-2016

    Robert Martinez <ntttq@inboxen.org> 2015-2016

    Robert Rauch <mail@robertrauch.de> 2015-2016

    Søren Løvborg <sorenl@unity3d.com> 2015-2016

    Angel Ezquerra <angel.ezquerra@gmail.com> 2016

    Asterios Dimitriou <steve@pci.gr> 2016

    Konstantin Veretennicov <kveretennicov@gmail.com> 2016

    Oscar Curero <oscar@naiandei.net> 2016

    Robert James Dennington <tinytimrob@googlemail.com> 2016

    YFdyh000 <yfdyh000@gmail.com> 2016

    Aras Pranckevičius <aras@unity3d.com> 2012-2013 2015

    Sean Farley <sean.michael.farley@gmail.com> 2013-2015

    Christian Oyarzun <oyarzun@gmail.com> 2014-2015

    Joseph Rivera <rivera.d.joseph@gmail.com> 2014-2015

    Michal Čihař <michal@cihar.com> 2014-2015

    Anatoly Bubenkov <bubenkoff@gmail.com> 2015

    Andrew Bartlett <abartlet@catalyst.net.nz> 2015

    Balázs Úr <urbalazs@gmail.com> 2015

    Ben Finney <ben@benfinney.id.au> 2015

    Branko Majic <branko@majic.rs> 2015

    Daniel Hobley <danielh@unity3d.com> 2015

    David Avigni <david.avigni@ankapi.com> 2015

    Denis Blanchette <dblanchette@coveo.com> 2015

    duanhongyi <duanhongyi@doopai.com> 2015

    EriCSN Chang <ericsning@gmail.com> 2015

    Grzegorz Krason <grzegorz.krason@gmail.com> 2015

    Jiří Suchan <yed@vanyli.net> 2015

    Kazunari Kobayashi <kobanari@nifty.com> 2015

    Kevin Bullock <kbullock@ringworld.org> 2015

    kobanari <kobanari@nifty.com> 2015

    Marc Abramowitz <marc@marc-abramowitz.com> 2015

    Marc Villetard <marc.villetard@gmail.com> 2015

    Matthias Zilk <matthias.zilk@gmail.com> 2015

    Michael Pohl <michael@mipapo.de> 2015

    Michael V. DePalatis <mike@depalatis.net> 2015

    Morten Skaaning <mortens@unity3d.com> 2015

    Nick High <nick@silverchip.org> 2015

    Niemand Jedermann <predatorix@web.de> 2015

    Peter Vitt <petervitt@web.de> 2015

    Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> 2015

    Sam Jaques <sam.jaques@me.com> 2015

    Tuux <tuxa@galaxie.eu.org> 2015

    Viktar Palstsiuk <vipals@gmail.com> 2015

    Ante Ilic <ante@unity3d.com> 2014

    Bradley M. Kuhn <bkuhn@sfconservancy.org> 2014

    Calinou <calinou@opmbx.org> 2014

    Daniel Anderson <daniel@dattrix.com> 2014

    Henrik Stuart <hg@hstuart.dk> 2014

    Ingo von Borstel <kallithea@planetmaker.de> 2014

    Jelmer Vernooij <jelmer@samba.org> 2014

    Jim Hague <jim.hague@acm.org> 2014

    Matt Fellows <kallithea@matt-fellows.me.uk> 2014

    Max Roman <max@choloclos.se> 2014

    Na'Tosha Bard <natosha@unity3d.com> 2014

    Rasmus Selsmark <rasmuss@unity3d.com> 2014

    Tim Freund <tim@freunds.net> 2014

    Travis Burtrum <android@moparisthebest.com> 2014

        return paste.httpexceptions.HTTPUnauthorized(headers=head)

    def authenticate(self, environ):

        authorization = paste.httpheaders.AUTHORIZATION(environ)

        if not authorization:

            return self.build_authentication()

        (authmeth, auth) = authorization.split(' ', 1)

        if 'basic' != authmeth.lower():

            return self.build_authentication()

        auth = auth.strip().decode('base64')

        _parts = auth.split(':', 1)

        if len(_parts) == 2:

            username, password = _parts

            if self.authfunc(username, password, environ) is not None:

                return username

        return self.build_authentication()

    __call__ = authenticate

class BaseVCSController(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        # authenticate this VCS request using the authentication modules

        self.authenticate = BasicAuth('', auth_modules.authenticate,

                                      config.get('auth_ret_code'))

        self.ip_addr = '0.0.0.0'

    def _handle_request(self, environ, start_response):

        raise NotImplementedError()

    def _get_by_id(self, repo_name):

        """

        Gets a special pattern _<ID> from clone url and tries to replace it

        with a repository_name for support of _<ID> permanent URLs

        :param repo_name:

        """

        data = repo_name.split('/')

        if len(data) >= 2:

            from kallithea.lib.utils import get_repo_by_id

            by_id_match = get_repo_by_id(repo_name)

            if by_id_match:

        return '/'.join(data)

    def _invalidate_cache(self, repo_name):

        """

        Sets cache for this repository for invalidation on next access

        :param repo_name: full repo name, also a cache key

        """

        ScmModel().mark_for_invalidation(repo_name)

    def _check_permission(self, action, user, repo_name, ip_addr=None):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: `User` instance

        :param repo_name: repository name

        """

        # check IP

        ip_allowed = AuthUser.check_ip_allowed(user, ip_addr)

        if ip_allowed:

            log.info('Access for IP:%s allowed', ip_addr)

        else:

            return False

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

    def _get_ip_addr(self, environ):

        return _get_ip_addr(environ)

    def _check_ssl(self, environ):

        """

from kallithea.lib.utils2 import safe_str, safe_unicode, fix_PATH, get_server_url, \

    _set_extras

from kallithea.lib.base import BaseVCSController, WSGIResultCloseCallback

from kallithea.lib.utils import make_ui, is_valid_repo, ui_sections

from kallithea.lib.vcs.utils.hgcompat import RepoError, hgweb_mod

from kallithea.lib.exceptions import HTTPLockedRC

from kallithea.lib import auth_modules

log = logging.getLogger(__name__)

def is_mercurial(environ):

    """

    Returns True if request's target is mercurial server - header

    ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.

    """

    http_accept = environ.get('HTTP_ACCEPT')

    path_info = environ['PATH_INFO']

    if http_accept and http_accept.startswith('application/mercurial'):

        ishg_path = True

    else:

        ishg_path = False

    log.debug('pathinfo: %s detected as Mercurial %s',

        path_info, ishg_path

    )

    return ishg_path

class SimpleHg(BaseVCSController):

    def _handle_request(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        if not self._check_ssl(environ):

            return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)

        ip_addr = self._get_ip_addr(environ)

        username = None

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        #======================================================================

        # EXTRACT REPOSITORY NAME FROM ENV

        #======================================================================

        try:

            str_repo_name = environ['REPO_NAME'] = self.__get_repository(environ)

            repo_name = safe_unicode(str_repo_name)

            assert safe_str(repo_name) == str_repo_name, (str_repo_name, repo_name)

            log.debug('Extracted repo name is %s', repo_name)

        except Exception as e:

            log.error('error extracting repo_name: %r', e)

            return HTTPInternalServerError()(environ, start_response)

        # quick check if that dir exists...

        if not is_valid_repo(repo_name, self.basepath, 'hg'):

            return HTTPNotFound()(environ, start_response)

        #======================================================================

        # GET ACTION PULL or PUSH

        #======================================================================

        action = self.__get_action(environ)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = User.get_default_user(cache=True)

            username = anonymous_user.username

            if anonymous_user.active:

                # ONLY check permissions if the user is activated

                anonymous_perm = self._check_permission(action, anonymous_user,

                                                        repo_name, ip_addr)

            else:

                anonymous_perm = False

            if not anonymous_user.active or not anonymous_perm:

                if not anonymous_user.active:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                if not anonymous_perm:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                username = None

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # try to auth based on environ, container auth methods

                log.debug('Running PRE-AUTH for container based authentication')

                pre_auth = auth_modules.authenticate('', '', environ)

                if pre_auth is not None and pre_auth.get('username'):

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%block name="title">

    ${_('About')}

</%block>

<%def name="breadcrumbs()">

    ${c.site_name}

</%def>

<%block name="header_menu">

    ${self.menu('about')}

</%block>

<%def name="main()">

<div class="box">

  <!-- box / title -->

  <div class="title">

    <h5>${_('About')} Kallithea</h5>

  </div>

  <p><a href="https://kallithea-scm.org/">Kallithea</a> is a project of the

  <a href="http://sfconservancy.org/">Software Freedom Conservancy, Inc.</a>

  and is released under the terms of the

  <a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License,

  v 3.0 (GPLv3)</a>.</p>

  <p>Kallithea is copyrighted by various authors, including but not

  necessarily limited to the following:

  <ul style="margin: 0 0 0 50px;">

  <li>Copyright &copy; 2012&ndash;2016, Mads Kiilerich</li>

  <li>Copyright &copy; 2012&ndash;2016, Takumi IINO</li>

  <li>Copyright &copy; 2012&ndash;2016, Unity Technologies</li>

  <li>Copyright &copy; 2012, 2014&ndash;2016, Andrew Shadura</li>

  <li>Copyright &copy; 2012, 2014&ndash;2016, Dominik Ruf</li>

  <li>Copyright &copy; 2014&ndash;2016, Thomas De Schampheleire</li>

  <li>Copyright &copy; 2015&ndash;2016, Étienne Gilli</li>

  <li>Copyright &copy; 2015&ndash;2016, Jan Heylen</li>

  <li>Copyright &copy; 2015&ndash;2016, Robert Martinez</li>

  <li>Copyright &copy; 2015&ndash;2016, Robert Rauch</li>

  <li>Copyright &copy; 2015&ndash;2016, Søren Løvborg</li>

  <li>Copyright &copy; 2016, Angel Ezquerra</li>

  <li>Copyright &copy; 2016, Asterios Dimitriou</li>

  <li>Copyright &copy; 2016, Konstantin Veretennicov</li>

  <li>Copyright &copy; 2016, Oscar Curero</li>

  <li>Copyright &copy; 2016, Robert James Dennington</li>

  <li>Copyright &copy; 2016, YFdyh000</li>

  <li>Copyright &copy; 2012&ndash;2013, 2015, Aras Pranckevičius</li>

  <li>Copyright &copy; 2014&ndash;2015, Christian Oyarzun</li>

  <li>Copyright &copy; 2014&ndash;2015, Joseph Rivera</li>

  <li>Copyright &copy; 2014&ndash;2015, Michal Čihař</li>

  <li>Copyright &copy; 2014&ndash;2015, Sean Farley</li>

  <li>Copyright &copy; 2015, Anatoly Bubenkov</li>

  <li>Copyright &copy; 2015, Andrew Bartlett</li>

  <li>Copyright &copy; 2015, Balázs Úr</li>

  <li>Copyright &copy; 2015, Ben Finney</li>

  <li>Copyright &copy; 2015, Branko Majic</li>

  <li>Copyright &copy; 2015, Daniel Hobley</li>

  <li>Copyright &copy; 2015, David Avigni</li>

  <li>Copyright &copy; 2015, Denis Blanchette</li>

  <li>Copyright &copy; 2015, duanhongyi</li>

  <li>Copyright &copy; 2015, EriCSN Chang</li>

  <li>Copyright &copy; 2015, Grzegorz Krason</li>

  <li>Copyright &copy; 2015, Jiří Suchan</li>

  <li>Copyright &copy; 2015, Kazunari Kobayashi</li>

  <li>Copyright &copy; 2015, Kevin Bullock</li>

  <li>Copyright &copy; 2015, kobanari</li>

  <li>Copyright &copy; 2015, Marc Abramowitz</li>

  <li>Copyright &copy; 2015, Marc Villetard</li>

  <li>Copyright &copy; 2015, Matthias Zilk</li>

  <li>Copyright &copy; 2015, Michael Pohl</li>

  <li>Copyright &copy; 2015, Michael V. DePalatis</li>

  <li>Copyright &copy; 2015, Morten Skaaning</li>

  <li>Copyright &copy; 2015, Nick High</li>

  <li>Copyright &copy; 2015, Niemand Jedermann</li>

  <li>Copyright &copy; 2015, Peter Vitt</li>

  <li>Copyright &copy; 2015, Ronny Pfannschmidt</li>

  <li>Copyright &copy; 2015, Sam Jaques</li>

  <li>Copyright &copy; 2015, Tuux</li>

  <li>Copyright &copy; 2015, Viktar Palstsiuk</li>

  <li>Copyright &copy; 2014, Ante Ilic</li>

  <li>Copyright &copy; 2014, Bradley M. Kuhn</li>

  <li>Copyright &copy; 2014, Calinou</li>

  <li>Copyright &copy; 2014, Daniel Anderson</li>

  <li>Copyright &copy; 2014, Henrik Stuart</li>

  <li>Copyright &copy; 2014, Ingo von Borstel</li>

  <li>Copyright &copy; 2014, Jelmer Vernooij</li>

  <li>Copyright &copy; 2014, Jim Hague</li>

  <li>Copyright &copy; 2014, Matt Fellows</li>

  <li>Copyright &copy; 2014, Max Roman</li>

  <li>Copyright &copy; 2014, Na'Tosha Bard</li>

  <li>Copyright &copy; 2014, Rasmus Selsmark</li>

  <li>Copyright &copy; 2014, Tim Freund</li>

  <li>Copyright &copy; 2014, Travis Burtrum</li>

# -*- coding: utf-8 -*-

import os

import mock

import urllib

from kallithea.lib import vcs

from kallithea.lib.utils2 import safe_str, safe_unicode

from kallithea.model.db import Repository, RepoGroup, UserRepoToPerm, User, \

    Permission, Ui

from kallithea.model.user import UserModel

from kallithea.tests import *

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.repo import RepoModel

from kallithea.model.meta import Session

from kallithea.tests.fixture import Fixture, error_function

fixture = Fixture()

def _get_permission_for_user(user, repo):

    perm = UserRepoToPerm.query() \

                .filter(UserRepoToPerm.repository ==

                        Repository.get_by_repo_name(repo)) \

                .filter(UserRepoToPerm.user == User.get_by_username(user)) \

                .all()

    return perm

class _BaseTestCase(TestController):

    """

    Write all tests here

    """

    REPO = None

    REPO_TYPE = None

    NEW_REPO = None

    OTHER_TYPE_REPO = None

    OTHER_TYPE = None

    def test_index(self):

        self.log_user()

        response = self.app.get(url('repos'))

    def test_create(self):

        self.log_user()

        repo_name = self.NEW_REPO

        description = u'description for newly created repo'

        response = self.app.post(url('repos'),

                        fixture._get_repo_create_params(repo_private=False,

                                                repo_name=repo_name,

                                                repo_type=self.REPO_TYPE,

                                                repo_description=description,

                                                _authentication_token=self.authentication_token()))

        ## run the check page that triggers the flash message

        user_model.grant_perm(User.DEFAULT_USER, 'hg.fork.none')

        # disable on regular user

        user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.repository')

        user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.create.none')

        user_model.revoke_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.repository')

        user_model.grant_perm(TEST_USER_REGULAR_LOGIN, 'hg.fork.none')

        Session().commit()

        user = User.get(usr['user_id'])

        repo_name = self.NEW_REPO + u'no_perms'

        description = 'description for newly created repo'

        response = self.app.post(url('repos'),

                        fixture._get_repo_create_params(repo_private=False,

                                                repo_name=repo_name,

                                                repo_type=self.REPO_TYPE,

                                                repo_description=description,

                                                _authentication_token=self.authentication_token()))

        response.mustcontain('<span class="error-message">Invalid value</span>')

        RepoModel().delete(repo_name)

        Session().commit()

    @mock.patch.object(RepoModel, '_create_filesystem_repo', error_function)

    def test_create_repo_when_filesystem_op_fails(self):

        self.log_user()

        repo_name = self.NEW_REPO

        description = 'description for newly created repo'

        response = self.app.post(url('repos'),

                        fixture._get_repo_create_params(repo_private=False,

                                                repo_name=repo_name,

                                                repo_type=self.REPO_TYPE,

                                                repo_description=description,

                                                _authentication_token=self.authentication_token()))

        self.checkSessionFlash(response,

                               'Error creating repository %s' % repo_name)

        # repo must not be in db

        repo = Repository.get_by_repo_name(repo_name)

        assert repo == None

        # repo must not be in filesystem !

        assert not os.path.isdir(os.path.join(Ui.get_by_key('paths', '/').ui_value, repo_name))

class TestAdminReposControllerGIT(_BaseTestCase):

    REPO = GIT_REPO

    REPO_TYPE = 'git'

    NEW_REPO = NEW_GIT_REPO

    OTHER_TYPE_REPO = HG_REPO

    OTHER_TYPE = 'hg'

class TestAdminReposControllerHG(_BaseTestCase):

    REPO = HG_REPO

    REPO_TYPE = 'hg'

    NEW_REPO = NEW_HG_REPO

    OTHER_TYPE_REPO = GIT_REPO

    OTHER_TYPE = 'git'