raise NotImplementedError("Not implemented in base class")

    @hybrid_property

    def is_container_auth(self):

        """

        Returns bool if this module uses container auth.

        This property will trigger an automatic call to authenticate on

        a visit to the website or during a push/pull.

        :returns: bool

        """

        return False

    def accepts(self, user, accepts_empty=True):

        """

        Checks if this authentication module should accept a request for

        the current user.

        :param user: user object fetched using plugin's get_user() method.

        :param accepts_empty: if True accepts don't allow the user to be empty

        :returns: boolean

        """

        plugin_name = self.name

        if not user and not accepts_empty:

            log.debug('User is empty not allowed to authenticate')

            return False

        if user and user.extern_type and user.extern_type != plugin_name:

            log.debug('User %s should authenticate using %s this is %s, skipping',

                      user, user.extern_type, plugin_name)

            return False

        return True

    def get_user(self, username=None, **kwargs):

        """

        Helper method for user fetching in plugins, by default it's using

        simple fetch by username, but this method can be customized in plugins

        eg. container auth plugin to fetch user by environ params

        :param username: username if given to fetch from database

        :param kwargs: extra arguments needed for user fetching.

        """

        user = None

        log.debug('Trying to fetch user `%s` from Kallithea database',

                  username)

        if username:

                log.debug('Fallback to fetch user in case insensitive mode')

                user = User.get_by_username(username, case_insensitive=True)

        else:

            log.debug('provided username:`%s` is empty skipping...', username)

        return user

    def settings(self):

        """

        Return a list of the form:

        [

            {

                "name": "OPTION_NAME",

                "type": "[bool|password|string|int|select]",

                ["values": ["opt1", "opt2", ...]]

                "validator": "expr"

                "description": "A short description of the option" [,

                "default": Default Value],

                ["formname": "Friendly Name for Forms"]

            } [, ...]

        ]

        This is used to interrogate the authentication plugin as to what

        settings it expects to be present and configured.

        'type' is a shorthand notation for what kind of value this option is.

        This is primarily used by the auth web form to control how the option

        is configured.

                bool : checkbox

                password : password input box

                string : input box

                select : single select dropdown

        'validator' is an lazy instantiated form field validator object, ala

        formencode. You need to *call* this object to init the validators.

        All calls to Kallithea validators should be used through self.validators

        which is a lazy loading proxy of formencode module.

        """

        raise NotImplementedError("Not implemented in base class")

    def plugin_settings(self):

        """

        This method is called by the authentication framework, not the .settings()

        method. This method adds a few default settings (e.g., "enabled"), so that

        plugin authors don't have to maintain a bunch of boilerplate.

        OVERRIDING THIS METHOD WILL CAUSE YOUR PLUGIN TO FAIL.

        """

    return plugin

def authenticate(username, password, environ=None):

    """

    Authentication function used for access control,

    It tries to authenticate based on enabled authentication modules.

    :param username: username can be empty for container auth

    :param password: password can be empty for container auth

    :param environ: environ headers passed for container auth

    :returns: None if auth failed, user_data dict if auth is correct

    """

    auth_plugins = Setting.get_auth_plugins()

    log.debug('Authentication against %s plugins', auth_plugins)

    for module in auth_plugins:

        try:

            plugin = loadplugin(module)

        except (ImportError, AttributeError, TypeError) as e:

            raise ImportError('Failed to load authentication module %s : %s'

                              % (module, str(e)))

        log.debug('Trying authentication using ** %s **', module)

        # load plugin settings from Kallithea database

        plugin_name = plugin.name

        plugin_settings = {}

        for v in plugin.plugin_settings():

            conf_key = "auth_%s_%s" % (plugin_name, v["name"])

            setting = Setting.get_by_name(conf_key)

            plugin_settings[v["name"]] = setting.app_settings_value if setting else None

        log.debug('Plugin settings \n%s', formatted_json(plugin_settings))

        if not str2bool(plugin_settings["enabled"]):

            log.info("Authentication plugin %s is disabled, skipping for %s",

                     module, username)

            continue

        # use plugin's method of user extraction.

        user = plugin.get_user(username, environ=environ,

                               settings=plugin_settings)

        log.debug('Plugin %s extracted user is `%s`', module, user)

        if not plugin.accepts(user):

            log.debug('Plugin %s does not accept user `%s` for authentication',

                      module, user)

            continue

        else:

            log.debug('Plugin %s accepted user `%s` for authentication',

                      module, user)

        log.info('Authenticating user using %s plugin', plugin.__module__)

        # _authenticate is a wrapper for .auth() method of plugin.

        # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin

        # it also maps users to Database and maps the attributes returned

        # from .auth() to Kallithea database. If this function returns data

        # then auth is correct.

        user_data = plugin._authenticate(user, username, password,

                                           plugin_settings,

                                           environ=environ or {})

        log.debug('PLUGIN USER DATA: %s', user_data)

        if user_data is not None:

            log.debug('Plugin returned proper authentication data')

            return user_data

        # we failed to Auth because .auth() method didn't return the user

        if username:

            log.warning("User `%s` failed to authenticate against %s",

                        username, plugin.__module__)

    return None

def get_managed_fields(user):

    """return list of fields that are managed by the user's auth source, usually some of

    'username', 'firstname', 'lastname', 'email', 'active', 'password'

    """

    auth_plugins = Setting.get_auth_plugins()

    for module in auth_plugins:

        log.debug('testing %s (%s) with auth plugin %s', user, user.extern_type, module)

        plugin = loadplugin(module)

        if plugin.name == user.extern_type:

            return plugin.get_managed_fields()

    log.error('no auth plugin %s found for %s', user.extern_type, user)

    return [] # TODO: Fail badly instead of allowing everything to be edited?