# check if our IP is allowed

        ip_access_valid = True

        if not user.ip_allowed:

            from kallithea.lib import helpers as h

            h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))),

                    category='warning')

            ip_access_valid = False

        # check if we used an APIKEY and it's a valid one

        # defined whitelist of controllers which API access will be enabled

        _api_key = request.GET.get('api_key', '')

        api_access_valid = allowed_api_access(loc, api_key=_api_key)

        # explicit controller is enabled or API is in our whitelist

        if self.api_access or api_access_valid:

            log.debug('Checking API KEY access for %s' % cls)

            if _api_key and _api_key in user.api_keys:

                api_access_valid = True

                log.debug('API KEY ****%s is VALID' % _api_key[-4:])

            else:

                api_access_valid = False

                if not _api_key:

                    log.debug("API KEY *NOT* present in request")

                else:

        log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))

        reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'

        if ip_access_valid and (user.is_authenticated or api_access_valid):

            log.info('user %s authenticating with:%s IS authenticated on func %s '

                     % (user, reason, loc)

            )

            return func(*fargs, **fkwargs)

        else:

                     'IP_ACCESS:%s API_ACCESS:%s'

                     % (user, reason, loc, ip_access_valid, api_access_valid)

            )

            p = url.current()

            log.debug('redirecting to login page with %s' % p)

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        log.debug('Checking if user is not anonymous @%s' % cls)

        anonymous = self.user.username == User.DEFAULT_USER

    @hybrid_property

    def name(self):

        return EXTERN_TYPE_INTERNAL

    def settings(self):

        return []

    def user_activation_state(self):

        def_user_perms = User.get_default_user().AuthUser.permissions['global']

        return 'hg.register.auto_activate' in def_user_perms

    def accepts(self, user, accepts_empty=True):

        """

        Custom accepts for this auth that doesn't accept empty users. We

        know that user exisits in database.

        """

        return super(KallitheaAuthPlugin, self).accepts(user,

                                                        accepts_empty=False)

    def auth(self, userobj, username, password, settings, **kwargs):

        if not userobj:

            log.debug('userobj was:%s skipping' % (userobj, ))

            return None

        if userobj.extern_type != self.name:

                     % (userobj, userobj.extern_type, self.name))

            return None

        user_attrs = {

            "username": userobj.username,

            "firstname": userobj.firstname,

            "lastname": userobj.lastname,

            "groups": [],

            "email": userobj.email,

            "admin": userobj.admin,

            "active": userobj.active,

            "active_from_extern": userobj.active,

            "extern_name": userobj.user_id,

            'extern_type': userobj.extern_type,

        }

        log.debug(formatted_json(user_attrs))

        if userobj.active:

            from kallithea.lib import auth

            password_match = auth.KallitheaCrypto.hash_check(password, userobj.password)

            if userobj.username == User.DEFAULT_USER and userobj.active:

                log.info('user %s authenticated correctly as anonymous user' %

                         username)

                return user_attrs

        lastname = getattr(userobj, 'lastname', '')

        extern_type = getattr(userobj, 'extern_type', '')

        user_attrs = {

            'username': username,

            'firstname': firstname,

            'lastname': lastname,

            'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],

            'email': email,

            'admin': admin,

            'active': active,

            "active_from_extern": None,

            'extern_name': username,

            'extern_type': extern_type,

        }

        try:

            user_data = pwd.getpwnam(username)

            regex = settings["gecos"]

            match = re.search(regex, user_data.pw_gecos)

            if match:

                user_attrs["firstname"] = match.group('first_name')

                user_attrs["lastname"] = match.group('last_name')

        except Exception:

            pass

        log.debug("pamuser: \n%s" % formatted_json(user_attrs))

        log.info('user %s authenticated correctly' % user_attrs['username'])

        return user_attrs

            path = raw_input(

                 'Enter a valid absolute path to store repositories. '

                 'All repositories in that path will be added automatically:'

            )

        else:

            path = test_repo_path

        path_ok = True

        # check proper dir

        if not os.path.isdir(path):

            path_ok = False

            log.error('Given path %s is not a valid directory' % (path,))

        elif not os.path.isabs(path):

            path_ok = False

            log.error('Given path %s is not an absolute path' % (path,))

        # check if path is at least readable.

        if not os.access(path, os.R_OK):

            path_ok = False

            log.error('Given path %s is not readable' % (path,))

        # check write access, warn user about non writeable paths

        elif not os.access(path, os.W_OK) and path_ok:

            if not ask_ok('Given path %s is not writeable, do you want to '

                          'continue with read only mode ? [y/n]' % (path,)):

                log.error('Canceled by user')

                sys.exit(-1)

        if retries == 0:

            sys.exit('max retries reached')

        if not path_ok:

            retries -= 1

            return self.config_prompt(test_repo_path, retries)

        real_path = os.path.normpath(os.path.realpath(path))

        if real_path != os.path.normpath(path):

            if not ask_ok(('Path looks like a symlink, Kallithea will store '

                           'given path as %s ? [y/n]') % (real_path,)):

                log.error('Canceled by user')

                sys.exit(-1)

        return real_path

    def create_settings(self, path):

        self.create_ui_settings(path)

        log.info('Logging action:%s on %s by user:%s ip:%s' %

                 (action, safe_unicode(repo), user_obj, ipaddr))

        if commit:

            sa.commit()

    except Exception:

        log.error(traceback.format_exc())

        raise

def get_filesystem_repos(path, recursive=False, skip_removed_repos=True):

    """

    Scans given path for repos and return (name,(type,path)) tuple

    :param path: path to scan for repositories

    :param recursive: recursive search and return names with subdirs in front

    """

    # remove ending slash for better results

    path = path.rstrip(os.sep)

    log.debug('now scanning in %s location recursive:%s...' % (path, recursive))

    def _get_repos(p):

        if not os.access(p, os.R_OK) or not os.access(p, os.X_OK):

            return

        if not os.access(p, os.W_OK):

        for dirpath in os.listdir(p):

            if os.path.isfile(os.path.join(p, dirpath)):

                continue

            cur_path = os.path.join(p, dirpath)

            # skip removed repos

            if skip_removed_repos and REMOVED_REPO_PAT.match(dirpath):

                continue

            #skip .<somethin> dirs

            if dirpath.startswith('.'):

                continue

            try:

                scm_info = get_scm(cur_path)

                yield scm_info[1].split(path, 1)[-1].lstrip(os.sep), scm_info

            except VCSError:

                if not recursive:

                    continue

                #check if this dir containts other repos for recursive scan

                rec_path = os.path.join(p, dirpath)

                if os.path.isdir(rec_path):

                    for inner_scm in _get_repos(rec_path):

                        yield inner_scm