# this function will be executed after each repository is created

def _crrepohook(*args, **kwargs):

    """

    Post create repository HOOK

    kwargs available:

     :param repo_name:

     :param repo_type:

     :param description:

     :param private:

     :param created_on:

     :param enable_downloads:

     :param repo_id:

     :param user_id:

     :param enable_statistics:

     :param clone_uri:

     :param fork_id:

     :param group_id:

     :param created_by:

    """

    return 0

CREATE_REPO_HOOK = _crrepohook

#==============================================================================

# POST CREATE USER HOOK

#==============================================================================

# this function will be executed after each user is created

def _cruserhook(*args, **kwargs):

    """

    Post create user HOOK

    kwargs available:

      :param username:

      :param full_name_or_username:

      :param full_contact:

      :param user_id:

      :param name:

      :param firstname:

      :param short_contact:

      :param admin:

      :param lastname:

      :param ip_addresses:

      :param ldap_dn:

      :param email:

      :param api_key:

      :param last_login:

      :param full_name:

      :param active:

      :param password:

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

import formencode

from pylons import response

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

import rhodecode

from rhodecode.lib.exceptions import DefaultUserException, \

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \

    AuthUser

from rhodecode.lib.base import BaseController, render

from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm

from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

from rhodecode.lib.utils import action_logger

from rhodecode.lib.compat import json

from rhodecode.lib.utils2 import datetime_to_time, str2bool

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('user', 'users')

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

        return render('admin/users/users.html')

    def create(self):

        """POST /users: Create a new item"""

        # url('users')

        user_model = UserModel()

        user_form = UserForm()()

        try:

            form_result = user_form.to_python(dict(request.POST))

            user_model.create(form_result)

            usr = form_result['username']

            action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('Created user %s') % usr,

                    category='success')

            Session().commit()

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('update_user', id=ID),

        #           method='put')

        # url('user', id=ID)

        user_model = UserModel()

        c.user = user_model.get(id)

        c.ldap_dn = c.user.ldap_dn

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        _form = UserForm(edit=True, old_data={'user_id': id,

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import formencode

import datetime

import urlparse

from formencode import htmlfill

from webob.exc import HTTPFound

from pylons.i18n.translation import _

from pylons.controllers.util import abort, redirect

from pylons import request, response, session, tmpl_context as c, url

import rhodecode.lib.helpers as h

from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator

from rhodecode.lib.base import BaseController, render

from rhodecode.model.db import User

from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

log = logging.getLogger(__name__)

class LoginController(BaseController):

    def __before__(self):

        super(LoginController, self).__before__()

    def index(self):

        # redirect if already logged in

        c.came_from = request.GET.get('came_from')

        not_default = self.rhodecode_user.username != 'default'

        ip_allowed = self.rhodecode_user.ip_allowed

        if self.rhodecode_user.is_authenticated and not_default and ip_allowed:

            return redirect(url('home'))

        if request.POST:

            # import Login Form validator class

                if c.came_from:

                    parsed = urlparse.urlparse(c.came_from)

                    server_parsed = urlparse.urlparse(url.current())

                    if parsed.scheme and parsed.scheme not in allowed_schemes:

                        log.error(

                            'Suspicious URL scheme detected %s for url %s' %

                            (parsed.scheme, parsed))

                        c.came_from = url('home')

                    elif server_parsed.netloc != parsed.netloc:

                        log.error('Suspicious NETLOC detected %s for url %s'

                                  'server url is: %s' %

                                  (parsed.netloc, parsed, server_parsed))

                        c.came_from = url('home')

                    raise HTTPFound(location=c.came_from, headers=headers)

                else:

                    raise HTTPFound(location=url('home'), headers=headers)

            except formencode.Invalid, errors:

                return htmlfill.render(

                    render('/login.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8")

        return render('/login.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

                               'hg.register.manual_activate')

    def register(self):

        c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\

            .AuthUser.permissions['global']

        if request.POST:

            register_form = RegisterForm()()

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                UserModel().create_registration(form_result)

                h.flash(_('You have successfully registered into RhodeCode'),

                            category='success')

                Session().commit()

                return redirect(url('login_home'))

            except formencode.Invalid, errors:

                return htmlfill.render(

                    render('/register.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8")

        return render('/register.html')

    def password_reset(self):

        if request.POST:

            password_reset_form = PasswordResetForm()()

            try:

                form_result = password_reset_form.to_python(dict(request.POST))

                UserModel().reset_password_link(form_result)

                h.flash(_('Your password reset link was sent'),

                            category='success')

                return redirect(url('login_home'))

            except formencode.Invalid, errors:

                return htmlfill.render(

                    render('/password_reset.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8")

        return render('/password_reset.html')

    def password_reset_confirmation(self):

"""The base Controller API

Provides the BaseController class for subclassing.

"""

import logging

import time

import traceback

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden

from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION

from pylons import config, tmpl_context as c, request, session, url

from pylons.controllers import WSGIController

from pylons.controllers.util import redirect

from pylons.templating import render_mako as render

from rhodecode import __version__, BACKENDS

from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\

    safe_str, safe_int

from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\

    HasPermissionAnyMiddleware, CookieStoreWrapper

from rhodecode.lib.utils import get_repo_slug

from rhodecode.model import meta

from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting

from rhodecode.model.notification import NotificationModel

from rhodecode.model.scm import ScmModel

from rhodecode.model.meta import Session

log = logging.getLogger(__name__)

def _filter_proxy(ip):

    """

    HEADERS can have multiple ips inside the left-most being the original

    client, and each successive proxy that passed the request adding the IP

    address where it received the request from.

    :param ip:

    """

    if ',' in ip:

        _ips = ip.split(',')

        _first_ip = _ips[0].strip()

        log.debug('Got multiple IPs %s, using %s' % (','.join(_ips), _first_ip))

        return _first_ip

    return ip

        ## INI stored

        self.cut_off_limit = int(config.get('cut_off_limit'))

        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.repo_name = get_repo_slug(request)  # can be empty

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            request.user = auth_user

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user.set_authenticated(

                    cookie_store.get('is_authenticated')

                )

            log.info('IP: %s User: %s accessed %s' % (

               self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.rhodecode_repo: instance of scm repository

    c.rhodecode_db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

class NonRelativePathError(Exception):

    pass

class HTTPLockedRC(HTTPClientError):

    """

    Special Exception For locked Repos in RhodeCode, the return code can

    be overwritten by _code keyword argument passed into constructors

    """

    code = 423

    title = explanation = 'Repository Locked'

    def __init__(self, reponame, username, *args, **kwargs):

        from rhodecode import CONFIG

        from rhodecode.lib.utils2 import safe_int

        _code = CONFIG.get('lock_ret_code')

        self.code = safe_int(_code, self.code)

        self.title = self.explanation = ('Repository `%s` locked by '

                                         'user `%s`' % (reponame, username))

        super(HTTPLockedRC, self).__init__(*args, **kwargs)

class IMCCommitError(Exception):

    pass

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import sys

import time

import binascii

import traceback

from inspect import isfunction

from rhodecode.lib.vcs.utils.hgcompat import nullrev, revrange

from rhodecode.lib import helpers as h

from rhodecode.lib.utils import action_logger

from rhodecode.lib.vcs.backends.base import EmptyChangeset

from rhodecode.lib.compat import json

from rhodecode.lib.utils2 import safe_str, _extract_extras

from rhodecode.model.db import Repository, User

def _get_scm_size(alias, root_path):

    if not alias.startswith('.'):

        alias += '.'

    size_scm, size_root = 0, 0

    for path, dirs, files in os.walk(safe_str(root_path)):

        if path.find(alias) != -1:

            for f in files:

                try:

                    size_scm += os.path.getsize(os.path.join(path, f))

                except OSError:

                    pass

        else:

            for f in files:

                try:

                    size_root += os.path.getsize(os.path.join(path, f))

                except OSError:

                    pass

     'private',

     'created_on',

     'enable_downloads',

     'repo_id',

     'user_id',

     'enable_statistics',

     'clone_uri',

     'fork_id',

     'group_id',

     'repo_name'

    """

    from rhodecode import EXTENSIONS

    callback = getattr(EXTENSIONS, 'CREATE_REPO_HOOK', None)

    if isfunction(callback):

        kw = {}

        kw.update(repository_dict)

        kw.update({'created_by': created_by})

        kw.update(kwargs)

        return callback(**kw)

    return 0

def log_create_user(user_dict, created_by, **kwargs):

    """

    Post create user Hook. This is a dummy function for admins to re-use

    if needed. It's taken from rhodecode-extensions module and executed

    if present

    :param user_dict: dict dump of user object

    available keys for user_dict:

     'username',

     'full_name_or_username',

     'full_contact',

     'user_id',

     'name',

     'firstname',

     'short_contact',

     'admin',

     'lastname',

     'ip_addresses',

     'ldap_dn',

     'email',

     'api_key',

     'last_login',

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

import itertools

import collections

from pylons import url

from pylons.i18n.translation import _

from sqlalchemy.exc import DatabaseError

from sqlalchemy.orm import joinedload

from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user

from rhodecode.lib.caching_query import FromCache

from rhodecode.model import BaseModel

    UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \

    UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from rhodecode.model.meta import Session

log = logging.getLogger(__name__)

PERM_WEIGHTS = Permission.PERM_WEIGHTS

class UserModel(BaseModel):

    cls = User

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return self._get_user(user)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User).filter(User.username == username)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def get_by_email(self, email, cache=False, case_insensitive=False):

        return User.get_by_email(email, case_insensitive, cache)

    def get_by_api_key(self, api_key, cache=False):

        return User.get_by_api_key(api_key, cache)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import get_crypt_password

        try:

            new_user = User()

            for k, v in form_data.items():

                if k == 'password':

                    v = get_crypt_password(v)

                if k == 'firstname':

                    k = 'name'

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            self.sa.add(new_user)

            log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except Exception:

            log.error(traceback.format_exc())

            raise

    def create_or_update(self, username, password, email, firstname='',

                         lastname='', active=True, admin=False, ldap_dn=None,

                         cur_user=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for %s account in RhodeCode database' % username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s' % username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s' % username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            # set password only if creating an user or password is changed

            if not edit or user.password != password:

                new_user.password = get_crypt_password(password) if password else None

                new_user.api_key = generate_api_key(username)

            new_user.email = email

            new_user.active = active

            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None

            new_user.name = firstname

            new_user.lastname = lastname

            self.sa.add(new_user)

            if not edit:

                log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_for_container_auth(self, username, attrs, cur_user=None):

        """

        Creates the given user if it's not already in the database

        :param username:

        :param attrs:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one

            generate_email = lambda usr: '%s@container_auth.account' % usr

            try:

                new_user = User()

                new_user.username = username

                new_user.password = None

                new_user.api_key = generate_api_key(username)

                self.sa.add(new_user)

                log_create_user(new_user.get_dict(), cur_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('User %s already exists. Skipping creation of account'

                  ' for container auth.', username)

        return None

    def create_ldap(self, username, password, user_dn, attrs, cur_user=None):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        :param user_dn:

        :param attrs:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_rhodecode_user(), 'username', None)

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for such ldap account in RhodeCode database')

        if self.get_by_username(username, case_insensitive=True) is None:

            try:

                new_user = User()

                username = username.lower()

                # add ldap account always lowercase

                new_user.username = username

                new_user.api_key = generate_api_key(username)

                new_user.ldap_dn = safe_unicode(user_dn)

                self.sa.add(new_user)

                log_create_user(new_user.get_dict(), cur_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('this %s user exists skipping creation of ldap account',

                  username)

        return None

    def create_registration(self, form_data):

        from rhodecode.model.notification import NotificationModel