def show(self, id, format='html'):

        """GET /permissions/id: Show a specific item"""

        # url('permission', id=ID)

    def edit(self, id, format='html'):

        """GET /permissions/id/edit: Form to edit an existing item"""

        #url('edit_permission', id=ID)

        c.perms_choices = self.perms_choices

        c.register_choices = self.register_choices

        c.create_choices = self.create_choices

        if id == 'default':

            defaults = {'_method': 'put',

                        'anonymous': default_user.active}

            for p in default_user.user_perms:

                if p.permission.permission_name.startswith('repository.'):

                    defaults['default_perm'] = p.permission.permission_name

                if p.permission.permission_name.startswith('hg.register.'):

                    defaults['default_register'] = p.permission.permission_name

                if p.permission.permission_name.startswith('hg.create.'):

                    defaults['default_create'] = p.permission.permission_name

        c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)

        c.users_array = repo_model.get_users_js()

        c.users_groups_array = repo_model.get_users_groups_js()

    def __load_data(self, repo_name=None):

        """

        Load defaults settings for edit, and update

        :param repo_name:

        """

        self.__load_defaults()

        repo = scm_repo = db_repo.scm_instance

        if c.repo_info is None:

            h.flash(_('%s repository is not mapped to db perhaps'

                      ' it was created or renamed from the filesystem'

                      ' please run the application again'

                      ' in order to rescan repositories') % repo_name,

                      category='error')

            return redirect(url('repos'))

        c.in_public_journal = self.sa.query(UserFollowing)\

            .filter(UserFollowing.user_id == c.default_user_id)\

            .filter(UserFollowing.follows_repository == c.repo_info).scalar()

        if c.repo_info.stats:

            last_rev = c.repo_info.stats.stat_on_revision

        else:

            last_rev = 0

        c.stats_revision = last_rev

        c.repo_last_rev = repo.count() - 1 if repo.revisions else 0

    def repo_public_journal(self, repo_name):

        """

        Set's this repository to be visible in public journal,

        in other words assing default user to follow this repo

        :param repo_name:

        """

        cur_token = request.POST.get('auth_token')

        token = get_token()

        if cur_token == token:

            try:

                self.scm_model.toggle_following_repo(repo_id, user_id)

                h.flash(_('Updated repository visibility in public journal'),

                        category='success')

            except:

                h.flash(_('An error occurred during setting this'

                          ' repository in public journal'),

                        category='error')

        else:

            h.flash(_('Token mismatch'), category='error')

        return redirect(url('edit_repo', repo_name=repo_name))

        if self.rhodecode_user.is_authenticated \

                            and self.rhodecode_user.username != 'default':

            return redirect(url('home'))

        if request.POST:

            #import Login Form validator class

            login_form = LoginForm()

            try:

                c.form_result = login_form.to_python(dict(request.POST))

                #form checks for username/password, now we're authenticated

                username = c.form_result['username']

                auth_user = AuthUser(user.user_id)

                auth_user.set_authenticated()

                session['rhodecode_user'] = auth_user

                session.save()

                log.info('user %s is now authenticated and stored in session',

                         username)

                user.update_lastlogin()

                if c.came_from:

                    return redirect(c.came_from)

                else:

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8")

        return render('/login.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

                               'hg.register.manual_activate')

    def register(self):

        user_model = UserModel()

        c.auto_active = False

            if perm.permission.permission_name == 'hg.register.auto_activate':

                c.auto_active = True

                break

        if request.POST:

            register_form = RegisterForm()()

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                user_model.create_registration(form_result)

                h.flash(_('You have successfully registered into rhodecode'),

if __platform__ in PLATFORM_WIN:

    from hashlib import sha256

if __platform__ in PLATFORM_OTHERS:

    import bcrypt

from rhodecode.lib import str2bool, safe_unicode

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """This is a simple class for generating password from

        different sets of characters

        usage:

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

def authenticate(username, password):

    """Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and not user.ldap_dn:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password,

                                                              user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.warning('user %s is disabled', username)

    else:

        log.debug('Regular authentication failed')

        if user_obj is not None and not user_obj.ldap_dn:

            log.debug('this user already exists as non ldap')

            return False

        ldap_settings = RhodeCodeSettings.get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IF ENABLE

        #======================================================================

        if str2bool(ldap_settings.get('ldap_active')):

            log.debug("Authenticating user using ldap")

            kwargs = {

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            #try go get user by api key

            log.debug('Auth User lookup by API KEY %s', self._api_key)

            user_model.fill_data(self, api_key=self._api_key)

        else:

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            if self.user_id is not None \

                and self.user_id != self.anonymous_user.user_id:

                user_model.fill_data(self, user_id=self.user_id)

            else:

                if self.anonymous_user.active is True:

                    user_model.fill_data(self,

    """

    Base class for controllers responsible for loading all needed data

    for those controllers, loaded items are

    c.rhodecode_repo: instance of scm repository (taken from cache)

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:

            c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

            if c.rhodecode_repo is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                redirect(url('home'))

            c.repository_followers = \

                self.scm_model.get_followers(c.repo_name)

            c.repository_forks = self.scm_model.get_forks(c.repo_name)

        """

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        repo_name = repo_name.split('/')[0]

        return repo_name

    def __get_user(self, username):

    def __get_action(self, environ):

        """Maps git request commands into a pull or push command.

        :param environ:

        """

        service = environ['QUERY_STRING'].split('=')

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {'git-receive-pack': 'push',

                       'git-upload-pack': 'pull',

                       }

        """

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a clone,pull or push command.

        This should always return a valid command string

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

    :param ipaddr: optional ip address from what the action was made

    :param sa: optional sqlalchemy session

    """

    if not sa:

        sa = meta.Session()

    try:

        if hasattr(user, 'user_id'):

            user_obj = user

        elif isinstance(user, basestring):

        else:

            raise Exception('You have to provide user object or username')

        rm = RepoModel()

        if hasattr(repo, 'repo_id'):

            repo_obj = rm.get(repo.repo_id, cache=False)

            repo_name = repo_obj.repo_name

        elif  isinstance(repo, basestring):

            repo_name = repo.lstrip('/')

            repo_obj = rm.get_by_repo_name(repo_name, cache=False)

        else:

            raise Exception('You have to provide repository to action logger')

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        try:

            return "<%s('id:%s:%s')>" % (self.__class__.__name__,

                                             self.user_id, self.username)

        except:

            return self.__class__.__name__

    @classmethod

        if case_insensitive:

        else:

    @classmethod

    def get_by_api_key(cls, api_key):

        return Session.query(cls).filter(cls.api_key == api_key).one()

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session.add(self)

        Session.commit()

        log.debug('updated user %s lastlogin', self.username)

    @classmethod

    def create(cls, form_data):

        from rhodecode.lib.auth import get_crypt_password

    users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')

    stats = relationship('Statistics', cascade='all', uselist=False)

    followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')

    logs = relationship('UserLog', cascade='all')

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.repo_id, self.repo_name)

    @classmethod

        q = Session.query(cls).filter(cls.repo_name == repo_name)

        q = q.options(joinedload(Repository.fork))\

            .options(joinedload(Repository.user))\

            .options(joinedload(Repository.group))\

        return q.one()

    @classmethod

    def get_repo_forks(cls, repo_id):

        return Session.query(cls).filter(Repository.fork_id == repo_id)

def ValidUsername(edit, old_data):

    class _ValidUsername(formencode.validators.FancyValidator):

        def validate_python(self, value, state):

            if value in ['default', 'new_user']:

                raise formencode.Invalid(_('Invalid username'), value, state)

            #check if user is unique

            old_un = None

            if edit:

                old_un = UserModel().get(old_data.get('user_id')).username

            if old_un != value or not edit:

                    raise formencode.Invalid(_('This username already '

                                               'exists') , value, state)

            if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:

                raise formencode.Invalid(_('Username may only contain '

                                           'alphanumeric characters '

                                           'underscores, periods or dashes '

                                           'and must begin with alphanumeric '

                                           'character'), value, state)

    return _ValidUsername

            'invalid_login':_('invalid user name'),

            'disabled_account':_('Your account is disabled')

            }

    #error mapping

    e_dict = {'username':messages['invalid_login'],

              'password':messages['invalid_password']}

    e_dict_disable = {'username':messages['disabled_account']}

    def validate_python(self, value, state):

        password = value['password']

        username = value['username']

        if authenticate(username, password):

            return value

        else:

            if user and user.active is False:

                log.warning('user %s is disabled', username)

                raise formencode.Invalid(self.message('disabled_account',

                                         state=State_obj),

                                         value, state,

                                         error_dict=self.e_dict_disable)

            else:

                log.warning('user %s not authenticated', username)

                                     len(gr.members))

                                        for gr in users_groups])

        return users_groups_array

    def update(self, repo_name, form_data):

        try:

            cur_repo = self.get_by_repo_name(repo_name, cache=False)

            #update permissions

            for member, perm, member_type in form_data['perms_updates']:

                if member_type == 'user':

                    r2p = self.sa.query(RepoToPerm)\

                            .filter(RepoToPerm.repository == cur_repo)\

                            .one()

                    r2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.permission_name ==

                                                perm).scalar()

                    self.sa.add(r2p)

                else:

                    g2p = self.sa.query(UsersGroupRepoToPerm)\

                            .filter(UsersGroupRepoToPerm.users_group ==

                                    UsersGroup.get_by_group_name(member))\

                            .filter(UsersGroupRepoToPerm.repository ==

                                    cur_repo).one()

                    g2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.permission_name ==

                                                perm).scalar()

                    self.sa.add(g2p)

            #set new permissions

            for member, perm, member_type in form_data['perms_new']:

                if member_type == 'user':

                    r2p = RepoToPerm()

                    r2p.repository = cur_repo

                    r2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.

                                                permission_name == perm)\

                                                .scalar()

                    self.sa.add(r2p)

                else:

                    g2p = UsersGroupRepoToPerm()

                    g2p.repository = cur_repo

                    g2p.users_group = UsersGroup.get_by_group_name(member)

                    g2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.

                                                permission_name == perm)\

                                                .scalar()

                    self.sa.add(g2p)

            #update current repo

            for k, v in form_data.items():

                if k == 'user':

                elif k == 'repo_name':

                    cur_repo.repo_name = form_data['repo_name_full']

                elif k == 'repo_group':

                    cur_repo.group_id = v

                else:

                    setattr(cur_repo, k, v)

            self.sa.add(cur_repo)

            if repo_name != form_data['repo_name_full']:

                # rename repository

            if fork:

                parent_repo = self.sa.query(Repository)\

                        .filter(Repository.repo_name == org_full_name).one()

                new_repo.fork = parent_repo

            new_repo.user_id = cur_user.user_id

            self.sa.add(new_repo)

            #create default permission

            repo_to_perm = RepoToPerm()

            default = 'repository.read'

                if p.permission.permission_name.startswith('repository.'):

                    default = p.permission.permission_name

                    break

            default_perm = 'repository.none' if form_data['private'] else default

            repo_to_perm.permission_id = self.sa.query(Permission)\

                    .filter(Permission.permission_name == default_perm)\

                    .one().permission_id

            repo_to_perm.repository = new_repo

            self.sa.add(repo_to_perm)

            if not just_db:

                self.__create_repo(repo_name, form_data['repo_type'],

                                   form_data['repo_group'],

                                   form_data['clone_uri'])

            self.sa.commit()

            #now automatically start following this repository as owner

            from rhodecode.model.scm import ScmModel

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import time

import traceback

import logging

from sqlalchemy.exc import DatabaseError

from vcs import get_backend

from vcs.exceptions import RepositoryError

from vcs.utils.lazy import LazyProperty

from vcs.nodes import FileNode

from rhodecode import BACKENDS

from rhodecode.lib import helpers as h

from rhodecode.lib import safe_str

from rhodecode.lib.auth import HasRepoPermissionAny

from rhodecode.lib.utils import get_repos as get_filesystem_repos, make_ui, \

    action_logger, EmptyChangeset

from rhodecode.model import BaseModel

from rhodecode.model.db import Repository, RhodeCodeUi, CacheInvalidation, \

log = logging.getLogger(__name__)

class UserTemp(object):

    def __init__(self, user_id):

        self.user_id = user_id

    def __repr__(self):

        return "<%s('id:%s')>" % (self.__class__.__name__, self.user_id)

    def is_following_repo(self, repo_name, user_id, cache=False):

        r = self.sa.query(Repository)\

            .filter(Repository.repo_name == repo_name).scalar()

        f = self.sa.query(UserFollowing)\

            .filter(UserFollowing.follows_repository == r)\

            .filter(UserFollowing.user_id == user_id).scalar()

        return f is not None

    def is_following_user(self, username, user_id, cache=False):

        f = self.sa.query(UserFollowing)\

            .filter(UserFollowing.follows_user == u)\

            .filter(UserFollowing.user_id == user_id).scalar()

        return f is not None

    def get_followers(self, repo_id):

        if not isinstance(repo_id, int):

        return self.sa.query(UserFollowing)\

                .filter(UserFollowing.follows_repo_id == repo_id).count()

    def get_forks(self, repo_id):

        if not isinstance(repo_id, int):

        return self.sa.query(Repository)\

                .filter(Repository.fork_id == repo_id).count()

    def pull_changes(self, repo_name, username):

        clone_uri = dbrepo.clone_uri

        if not clone_uri:

            raise Exception("This repository doesn't have a clone uri")

        repo = dbrepo.scm_instance

        try:

            extras = {'ip': '',

                      'username': username,

                      'action': 'push_remote',

                      'repository': repo_name}

            #inject ui extra param to log this action via push logger

        # BAD KEY

        key = "bad"

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('reset_password')))

        # GOOD KEY

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('login_home')))

        self.checkSessionFlash(response,

                               ('Your password reset was successful, '

                                'new password has been sent to your email'))

        response = response.follow()

                        """["Rst"]}, "sh": {"count": 2, "desc": ["Bash"]}, """

                        """"makefile": {"count": 1, "desc": ["Makefile", """

                        """"Makefile"]}, "cfg": {"count": 1, "desc": ["Ini"]},"""

                        """ "css": {"count": 1, "desc": ["Css"]}, "bat": """

                        """{"count": 1, "desc": ["Batch"]}};"""

                        in response.body)

        # clone url...

        self.assertTrue("""<input type="text" id="clone_url" readonly="readonly" value="hg clone http://test_admin@localhost:80/%s" size="70"/>""" % HG_REPO in response.body)

    def _enable_stats(self):

        r.enable_statistics = True

        self.sa.add(r)

        self.sa.commit()

from rhodecode.tests import TESTS_TMP_PATH, NEW_HG_REPO, HG_REPO

from rhodecode.config.environment import load_environment

rel_path = dn(dn(dn(os.path.abspath(__file__))))

conf = appconfig('config:development.ini', relative_to=rel_path)

load_environment(conf.global_conf, conf.local_conf)

add_cache(conf)

USER = 'test_admin'

PASS = 'test12'

HOST = '127.0.0.1:5000'

print 'DEBUG:', DEBUG

log = logging.getLogger(__name__)

class Command(object):

    def __init__(self, cwd):

        self.cwd = cwd

    def execute(self, cmd, *args):

        """Runs command on the system with given ``args``.

        """

        if DEBUG:

            print command

        p = Popen(command, shell=True, stdout=PIPE, stderr=PIPE, cwd=self.cwd)

        stdout, stderr = p.communicate()

        if DEBUG:

            print stdout, stderr

        return stdout, stderr

def test_wrapp(func):

    def __wrapp(*args, **kwargs):

        try:

            res = func(*args, **kwargs)

        except Exception, e:

            print ('###############\n-'

                   '--%s failed %s--\n'

                   '###############\n' % (func.__name__, e))

            sys.exit()

        print '++OK++'

        return res

    return __wrapp

def get_session():

## Additionally those settings will be used by RhodeCode mailing system       ##

################################################################################

#email_to = admin@localhost

#error_email_from = paste_error@localhost

#app_email_from = rhodecode-noreply@localhost

#error_message =

#smtp_server = mail.server.com

#smtp_username = 

#smtp_password = 

#smtp_port = 

#smtp_use_tls = false

[server:main]

##nr of threads to spawn

threadpool_workers = 5