# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.admin.ldap_settings

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ldap controller for RhodeCode

    :created_on: Nov 26, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import formencode

import traceback

from formencode import htmlfill

from pylons import request, response, session, tmpl_context as c, url

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib.base import BaseController, render

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator

from rhodecode.lib.auth_ldap import LdapImportError

from rhodecode.model.settings import SettingsModel

from rhodecode.model.forms import LdapSettingsForm

from sqlalchemy.exc import DatabaseError

log = logging.getLogger(__name__)

class LdapSettingsController(BaseController):

    search_scope_choices = [('BASE', _('BASE'),),

                            ('ONELEVEL', _('ONELEVEL'),),

                            ('SUBTREE', _('SUBTREE'),),

                            ]

    search_scope_default = 'SUBTREE'

    tls_reqcert_choices = [('NEVER', _('NEVER'),),

                           ('ALLOW', _('ALLOW'),),

                           ('TRY', _('TRY'),),

                           ('DEMAND', _('DEMAND'),),

                           ('HARD', _('HARD'),),

                           ]

    tls_reqcert_default = 'DEMAND'

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        c.search_scope_choices = self.search_scope_choices

        c.tls_reqcert_choices = self.tls_reqcert_choices

        super(LdapSettingsController, self).__before__()

    def index(self):

        defaults = SettingsModel().get_ldap_settings()

        c.search_scope_cur = defaults.get('ldap_search_scope')

        c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert')

        return htmlfill.render(

                    render('admin/ldap/ldap.html'),

                    defaults=defaults,

                    encoding="UTF-8",

                    force_defaults=True,)

    def ldap_settings(self):

        """POST ldap create and store ldap settings"""

        settings_model = SettingsModel()

        _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],

        try:

            form_result = _form.to_python(dict(request.POST))

            try:

                for k, v in form_result.items():

                    if k.startswith('ldap_'):

                        setting = settings_model.get(k)

                        setting.app_settings_value = v

                        self.sa.add(setting)

                self.sa.commit()

                h.flash(_('Ldap settings updated successfully'),

                    category='success')

            except (DatabaseError,):

                raise

        except LdapImportError:

            h.flash(_('Unable to activate ldap. The "python-ldap" library '

                      'is missing.'), category='warning')

        except formencode.Invalid, errors:

            c.search_scope_cur = self.search_scope_default

            c.tls_reqcert_cur = self.search_scope_default

            return htmlfill.render(

                render('admin/ldap/ldap.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of ldap settings'),

                    category='error')

        return redirect(url('ldap_home'))

            return bcrypt.hashpw(str_, bcrypt.gensalt(10))

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

    @classmethod

    def hash_check(cls, password, hashed):

        """

        Checks matching password with it's hashed value, runs different

        implementation based on platform it runs on

        :param password: password

        :param hashed: password in hashed form

        """

        if __platform__ in PLATFORM_WIN:

            return sha256(password).hexdigest() == hashed

        elif __platform__ in PLATFORM_OTHERS:

            return bcrypt.hashpw(password, hashed) == hashed

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

def get_crypt_password(password):

    return RhodeCodeCrypto.hash_string(password)

def check_password(password, hashed):

    return RhodeCodeCrypto.hash_check(password, hashed)

def generate_api_key(username, salt=None):

    if salt is None:

        salt = _RandomNameSequence().next()

    return hashlib.sha1(username + salt).hexdigest()

def authfunc(environ, username, password):

    """Dummy authentication function used in Mercurial/Git/ and access control,

    :param environ: needed only for using in Basic auth

    """

    return authenticate(username, password)

def authenticate(username, password):

    """Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and not user.ldap_dn:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password,

                                                              user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.warning('user %s is disabled', username)

    else:

        log.debug('Regular authentication failed')

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:

            log.debug('this user already exists as non ldap')

            return False

        from rhodecode.model.settings import SettingsModel

        ldap_settings = SettingsModel().get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IF ENABLE

        #======================================================================

        if str2bool(ldap_settings.get('ldap_active')):

            log.debug("Authenticating user using ldap")

            kwargs = {

                  'server': ldap_settings.get('ldap_host', ''),

                  'base_dn': ldap_settings.get('ldap_base_dn', ''),

                  'port': ldap_settings.get('ldap_port'),

                  'bind_dn': ldap_settings.get('ldap_dn_user'),

                  'bind_pass': ldap_settings.get('ldap_dn_pass'),

                  'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),

                  'ldap_filter': ldap_settings.get('ldap_filter'),

                  'search_scope': ldap_settings.get('ldap_search_scope'),

                  'attr_login': ldap_settings.get('ldap_attr_login'),

                  'ldap_version': 3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

                                                                password)

                log.debug('Got ldap DN response %s', user_dn)

                user_attrs = {

                    }

                if user_model.create_ldap(username, password, user_dn,

                                          user_attrs):

                    log.info('created new ldap user %s', username)

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

class  AuthUser(object):

    """

    A simple object that handles all attributes of user in RhodeCode

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

    def __init__(self, user_id=None, api_key=None):

        self.user_id = user_id

        self.api_key = None

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = user_model.get_by_username('default', cache=True)

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            #try go get user by api key

            log.debug('Auth User lookup by API KEY %s', self._api_key)

            user_model.fill_data(self, api_key=self._api_key)

        else:

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            if self.user_id is not None \

                and self.user_id != self.anonymous_user.user_id:

                user_model.fill_data(self, user_id=self.user_id)

            else:

                if self.anonymous_user.active is True:

                    user_model.fill_data(self,

                                         user_id=self.anonymous_user.user_id)

                    #then we set this user is logged in

                    self.is_authenticated = True

                else:

                    self.is_authenticated = False

        log.debug('Auth User is now %s', self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,

                                              self.is_authenticated)

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

def set_available_permissions(config):

    """This function will propagate pylons globals with all available defined

    permission given in db. We don't want to check each time from db for new

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session()

        all_perms = sa.query(Permission).all()

    except:

        pass

    finally:

        meta.Session.remove()

#!/usr/bin/env python

# encoding: utf-8

# ldap authentication lib

# Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

#

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Created on Nov 17, 2010

@author: marcink

"""

from rhodecode.lib.exceptions import *

import logging

log = logging.getLogger(__name__)

try:

    import ldap

except ImportError:

    pass

class AuthLdap(object):

    def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',

                 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',

                 search_scope='SUBTREE',

                 attr_login='uid'):

        self.ldap_version = ldap_version

            port = port or 689

        self.TLS_REQCERT = ldap.__dict__['OPT_X_TLS_' + tls_reqcert]

        self.LDAP_SERVER_ADDRESS = server

        self.LDAP_SERVER_PORT = port

        #USE FOR READ ONLY BIND TO LDAP SERVER

        self.LDAP_BIND_DN = bind_dn

        self.LDAP_BIND_PASS = bind_pass

        self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,

                                               self.LDAP_SERVER_ADDRESS,

                                               self.LDAP_SERVER_PORT)

        self.BASE_DN = base_dn

        self.LDAP_FILTER = ldap_filter

        self.SEARCH_SCOPE = ldap.__dict__['SCOPE_' + search_scope]

        self.attr_login = attr_login

    def authenticate_ldap(self, username, password):

        """Authenticate a user via LDAP and return his/her LDAP properties.

        Raises AuthenticationError if the credentials are rejected, or

        EnvironmentError if the LDAP server can't be reached.

        :param username: username

        :param password: password

        """

        from rhodecode.lib.helpers import chop_at

        uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)

        if "," in username:

            raise LdapUsernameError("invalid character in username: ,")

        try:

            ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')

            ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)

            ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)

            ldap.set_option(ldap.OPT_TIMEOUT, 20)

            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)

            ldap.set_option(ldap.OPT_TIMELIMIT, 15)

                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)

            server = ldap.initialize(self.LDAP_SERVER)

            if self.ldap_version == 2:

                server.protocol = ldap.VERSION2

            else:

                server.protocol = ldap.VERSION3

            if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

                server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)

            filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, username)

            log.debug("Authenticating %r filt %s at %s", self.BASE_DN,

                      filt, self.LDAP_SERVER)

            lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,

                                           filt)

            if not lobjects:

                raise ldap.NO_SUCH_OBJECT()

                try:

                    server.simple_bind_s(dn, password)

                    break

                except ldap.INVALID_CREDENTIALS, e:

                    log.debug("LDAP rejected password for user '%s' (%s): %s",

                              uid, username, dn)

            else:

                log.debug("No matching LDAP objects for authentication "

                          "of '%s' (%s)", uid, username)

                raise LdapPasswordError()

        except ldap.NO_SUCH_OBJECT, e:

            log.debug("LDAP says no such user '%s' (%s)", uid, username)

            raise LdapUsernameError()

        except ldap.SERVER_DOWN, e:

            raise LdapConnectionError("LDAP can't access authentication server")

        return (dn, attrs)

    def admin_prompt(self, second=False):

        if not self.tests:

            import getpass

            def get_password():

                password = getpass.getpass('Specify admin password '

                                           '(min 6 chars):')

                confirm = getpass.getpass('Confirm password:')

                if password != confirm:

                    log.error('passwords mismatch')

                    return False

                if len(password) < 6:

                    log.error('password is to short use at least 6 characters')

                    return False

                return password

            username = raw_input('Specify admin username:')

            password = get_password()

            if not password:

                #second try

                password = get_password()

                if not password:

                    sys.exit()

            email = raw_input('Specify admin email:')

            self.create_user(username, password, email, True)

        else:

            log.info('creating admin and regular test users')

            self.create_user('test_admin', 'test12',

                             'test_admin@mail.com', True)

            self.create_user('test_regular', 'test12',

                             'test_regular@mail.com', False)

            self.create_user('test_regular2', 'test12',

                             'test_regular2@mail.com', False)

    def create_ui_settings(self):

        """Creates ui settings, fills out hooks

        and disables dotencode

        """

        #HOOKS

        hooks1_key = 'changegroup.update'

        hooks1_ = self.sa.query(RhodeCodeUi)\

            .filter(RhodeCodeUi.ui_key == hooks1_key).scalar()

        hooks1 = RhodeCodeUi() if hooks1_ is None else hooks1_

        hooks1.ui_section = 'hooks'

        hooks1.ui_key = hooks1_key

        hooks1.ui_value = 'hg update >&2'

        hooks1.ui_active = False

        hooks2_key = 'changegroup.repo_size'

        hooks2_ = self.sa.query(RhodeCodeUi)\

            .filter(RhodeCodeUi.ui_key == hooks2_key).scalar()

        hooks2 = RhodeCodeUi() if hooks2_ is None else hooks2_

        hooks2.ui_section = 'hooks'

        hooks2.ui_key = hooks2_key

        hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'

        hooks3 = RhodeCodeUi()

        hooks3.ui_section = 'hooks'

        hooks3.ui_key = 'pretxnchangegroup.push_logger'

        hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'

        hooks4 = RhodeCodeUi()

        hooks4.ui_section = 'hooks'

        hooks4.ui_key = 'preoutgoing.pull_logger'

        hooks4.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'

        #For mercurial 1.7 set backward comapatibility with format

        dotencode_disable = RhodeCodeUi()

        dotencode_disable.ui_section = 'format'

        dotencode_disable.ui_key = 'dotencode'

        dotencode_disable.ui_value = 'false'

        try:

            self.sa.add(hooks1)

            self.sa.add(hooks2)

            self.sa.add(hooks3)

            self.sa.add(hooks4)

            self.sa.add(dotencode_disable)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def create_ldap_options(self):

        """Creates ldap settings"""

        try:

            for k, v in [('ldap_active', 'false'), ('ldap_host', ''),

                        ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),

                        ('ldap_dn_pass', ''), ('ldap_base_dn', ''),

                        ('ldap_filter', ''), ('ldap_search_scope', ''),

                        ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),

                        ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:

                setting = RhodeCodeSettings(k, v)

                self.sa.add(setting)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def config_prompt(self, test_repo_path='', retries=3):

        if retries == 3:

            log.info('Setting up repositories config')

        if not self.tests and not test_repo_path:

            path = raw_input('Specify valid full path to your repositories'

                        ' you can change this later in application settings:')

        else:

            path = test_repo_path

        path_ok = True

        #check proper dir

        if not os.path.isdir(path):

            path_ok = False

            log.error('Entered path is not a valid directory: %s [%s/3]',

                      path, retries)

        #check write access

        if not os.access(path, os.W_OK):

            path_ok = False

            log.error('No write permission to given path: %s [%s/3]',

                      path, retries)

        if retries == 0:

            sys.exit()

        if path_ok is False:

            retries -= 1

            return self.config_prompt(test_repo_path, retries)

        return path

    def create_settings(self, path):

        self.create_ui_settings()

        #HG UI OPTIONS

        web1 = RhodeCodeUi()

        web1.ui_section = 'web'

        web1.ui_key = 'push_ssl'

        web1.ui_value = 'false'

        web2 = RhodeCodeUi()

        web2.ui_section = 'web'

        web2.ui_key = 'allow_archive'

        web2.ui_value = 'gz zip bz2'

        web3 = RhodeCodeUi()

        web3.ui_section = 'web'

        web3.ui_key = 'allow_push'

        web3.ui_value = '*'

        web4 = RhodeCodeUi()

        web4.ui_section = 'web'

        web4.ui_key = 'baseurl'

        web4.ui_value = '/'

        paths = RhodeCodeUi()

        paths.ui_section = 'paths'

        paths.ui_key = '/'

        paths.ui_value = path

        hgsettings1 = RhodeCodeSettings('realm', 'RhodeCode authentication')

        hgsettings2 = RhodeCodeSettings('title', 'RhodeCode')

        hgsettings3 = RhodeCodeSettings('ga_code', '')

        try:

            self.sa.add(web1)

            self.sa.add(web2)

            self.sa.add(web3)

            self.sa.add(web4)

            self.sa.add(paths)

            self.sa.add(hgsettings1)

            self.sa.add(hgsettings2)

            self.sa.add(hgsettings3)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

        self.create_ldap_options()

        email = All(Email(not_empty=True), UniqSystemEmail(old_data))

        chained_validators = [ValidPasswordsMatch, ValidPassword]

    return _RegisterForm

def PasswordResetForm():

    class _PasswordResetForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = All(ValidSystemEmail(), Email(not_empty=True))

    return _PasswordResetForm

def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

             repo_groups=[]):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                        ValidRepoName(edit, old_data))

        clone_uri = All(UnicodeString(strip=True, min=1, not_empty=False),

                        ValidCloneUri()())

        repo_group = OneOf(repo_groups, hideList=True)

        repo_type = OneOf(supported_backends)

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        enable_statistics = StringBoolean(if_missing=False)

        enable_downloads = StringBoolean(if_missing=False)

        if edit:

            #this is repo owner

            user = All(Int(not_empty=True), ValidRepoUser)

        chained_validators = [ValidPerms]

    return _RepoForm

def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        fork_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                        ValidRepoName(edit, old_data))

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        repo_type = All(ValidForkType(old_data), OneOf(supported_backends))

    return _RepoForkForm

def RepoSettingsForm(edit=False, old_data={}):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                        ValidRepoName(edit, old_data))

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        chained_validators = [ValidPerms, ValidSettings]

    return _RepoForm

def ApplicationSettingsForm():

    class _ApplicationSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_ga_code = UnicodeString(strip=True, min=1, not_empty=False)

    return _ApplicationSettingsForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        web_push_ssl = OneOf(['true', 'false'], if_missing='false')

        paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))

        hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)

        hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)

        hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)

        hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(perms_choices, register_choices, create_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default = StringBoolean(if_missing=False)

        anonymous = OneOf(['True', 'False'], if_missing=False)

        default_perm = OneOf(perms_choices)

        default_register = OneOf(register_choices)

        default_create = OneOf(create_choices)

    return _DefaultPermissionsForm

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        pre_validators = [LdapLibValidator]

        ldap_active = StringBoolean(if_missing=False)

        ldap_host = UnicodeString(strip=True,)

        ldap_port = Number(strip=True,)

        ldap_tls_reqcert = OneOf(tls_reqcert_choices)

        ldap_dn_user = UnicodeString(strip=True,)

        ldap_dn_pass = UnicodeString(strip=True,)

        ldap_base_dn = UnicodeString(strip=True,)

        ldap_filter = UnicodeString(strip=True,)

        ldap_search_scope = OneOf(search_scope_choices)

        ldap_attr_login = All(AttrLoginValidator, UnicodeString(strip=True,))

        ldap_attr_firstname = UnicodeString(strip=True,)

        ldap_attr_lastname = UnicodeString(strip=True,)

        ldap_attr_email = UnicodeString(strip=True,)

    return _LdapSettingsForm

# -*- coding: utf-8 -*-

"""

    rhodecode.model.settings

    ~~~~~~~~~~~~~~~~~~~~~~~~

    Settings model for RhodeCode

    :created on Nov 17, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

from rhodecode.model import BaseModel

from rhodecode.model.caching_query import FromCache

from rhodecode.model.db import  RhodeCodeSettings

log = logging.getLogger(__name__)

class SettingsModel(BaseModel):

    """

    Settings model

    """

    def get(self, settings_key, cache=False):

        r = self.sa.query(RhodeCodeSettings)\

            .filter(RhodeCodeSettings.app_settings_name == settings_key).scalar()

        if cache: