if cache:

                default_ips = default_ips.options(FromCache("sql_cache_short",

                                                  "get_user_ips_default"))

            # populate from default user

            for ip in default_ips:

                try:

                    _set.add(ip.ip_addr)

                except ObjectDeletedError:

                    # since we use heavy caching sometimes it happens that we get

                    # deleted objects here, we just skip them

                    pass

        user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)

        if cache:

            user_ips = user_ips.options(FromCache("sql_cache_short",

                                                  "get_user_ips_%s" % user_id))

        for ip in user_ips:

            try:

                _set.add(ip.ip_addr)

            except ObjectDeletedError:

                # since we use heavy caching sometimes it happens that we get

                # deleted objects here, we just skip them

                pass

        return _set or set(['0.0.0.0/0', '::/0'])

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't want to check each time from db for new

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session

        all_perms = sa.query(Permission).all()

        config['available_permissions'] = [x.permission_name for x in all_perms]

    except Exception:

        log.error(traceback.format_exc())

    finally:

        meta.Session.remove()

#==============================================================================

# CHECK DECORATORS

#==============================================================================

class LoginRequired(object):

    """

    Must be logged in to execute this function else

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        user = cls.authuser

        loc = "%s:%s" % (cls.__class__.__name__, func.__name__)

        # check if our IP is allowed

        ip_access_valid = True

        if not user.ip_allowed:

            from kallithea.lib import helpers as h

            h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))),

                    category='warning')

            ip_access_valid = False

        # check if we used an APIKEY and it's a valid one

        # defined whitelist of controllers which API access will be enabled

        _api_key = request.GET.get('api_key', '')

        api_access_valid = allowed_api_access(loc, api_key=_api_key)

        # explicit controller is enabled or API is in our whitelist

        if self.api_access or api_access_valid:

            log.debug('Checking API KEY access for %s' % cls)

            if _api_key and _api_key in user.api_keys:

                api_access_valid = True

                log.debug('API KEY ****%s is VALID' % _api_key[-4:])

            else:

                api_access_valid = False

                if not _api_key:

                    log.debug("API KEY *NOT* present in request")

                else:

        log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))

        reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'

        if ip_access_valid and (user.is_authenticated or api_access_valid):

            log.info('user %s authenticating with:%s IS authenticated on func %s '

                     % (user, reason, loc)

            )

            return func(*fargs, **fkwargs)

        else:

                     'IP_ACCESS:%s API_ACCESS:%s'

                     % (user, reason, loc, ip_access_valid, api_access_valid)

            )

            p = url.current()

            log.debug('redirecting to login page with %s' % p)

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        log.debug('Checking if user is not anonymous @%s' % cls)

        anonymous = self.user.username == User.DEFAULT_USER

        if anonymous:

            p = url.current()

            import kallithea.lib.helpers as h

            h.flash(_('You need to be a registered user to '

                      'perform this action'),

                    category='warning')

            return redirect(url('login_home', came_from=p))

        else:

            return func(*fargs, **fkwargs)

class PermsDecorator(object):

    """Base class for controller decorators"""

    def __init__(self, *required_perms):

        self.required_perms = set(required_perms)

        self.user_perms = None

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

           self.__class__.__name__, self.required_perms, cls, self.user)

        if self.check_permissions():

            log.debug('Permission granted for %s %s' % (cls, self.user))

            return func(*fargs, **fkwargs)

        else:

            log.debug('Permission denied for %s %s' % (cls, self.user))

            anonymous = self.user.username == User.DEFAULT_USER

            if anonymous:

                p = url.current()

                import kallithea.lib.helpers as h

                h.flash(_('You need to be a signed in to '

                          'view this page'),

                        category='warning')

                return redirect(url('login_home', came_from=p))

            else:

                # redirect with forbidden ret code

                return abort(403)

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAllDecorator(PermsDecorator):

    """

    Checks for access permission for all given predicates. All of them

    have to be meet in order to fulfill the request

    """

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms.get('global')):

            return True

        return False

class HasPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates. In order to

    fulfill the request any of predicates must be meet

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.auth_modules.auth_internal

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kallithea authentication plugin for built in internal auth

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Created on Nov 17, 2012

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

from kallithea import EXTERN_TYPE_INTERNAL

from kallithea.lib import auth_modules

from kallithea.lib.compat import formatted_json, hybrid_property

from kallithea.model.db import User

log = logging.getLogger(__name__)

class KallitheaAuthPlugin(auth_modules.KallitheaAuthPluginBase):

    def __init__(self):

        pass

    @hybrid_property

    def name(self):

        return EXTERN_TYPE_INTERNAL

    def settings(self):

        return []

    def user_activation_state(self):

        def_user_perms = User.get_default_user().AuthUser.permissions['global']

        return 'hg.register.auto_activate' in def_user_perms

    def accepts(self, user, accepts_empty=True):

        """

        Custom accepts for this auth that doesn't accept empty users. We

        know that user exisits in database.

        """

        return super(KallitheaAuthPlugin, self).accepts(user,

                                                        accepts_empty=False)

    def auth(self, userobj, username, password, settings, **kwargs):

        if not userobj:

            log.debug('userobj was:%s skipping' % (userobj, ))

            return None

        if userobj.extern_type != self.name:

                     % (userobj, userobj.extern_type, self.name))

            return None

        user_attrs = {

            "username": userobj.username,

            "firstname": userobj.firstname,

            "lastname": userobj.lastname,

            "groups": [],

            "email": userobj.email,

            "admin": userobj.admin,

            "active": userobj.active,

            "active_from_extern": userobj.active,

            "extern_name": userobj.user_id,

            'extern_type': userobj.extern_type,

        }

        log.debug(formatted_json(user_attrs))

        if userobj.active:

            from kallithea.lib import auth

            password_match = auth.KallitheaCrypto.hash_check(password, userobj.password)

            if userobj.username == User.DEFAULT_USER and userobj.active:

                log.info('user %s authenticated correctly as anonymous user' %

                         username)

                return user_attrs

            elif userobj.username == username and password_match:

                log.info('user %s authenticated correctly' % user_attrs['username'])

                return user_attrs

            log.error("user %s had a bad password" % username)

            return None

        else:

            log.warning('user %s tried auth but is disabled' % username)

            return None

# Cache to store PAM authenticated users

_auth_cache = dict()

_pam_lock = threading.Lock()

class KallitheaAuthPlugin(auth_modules.KallitheaExternalAuthPlugin):

    # PAM authnetication can be slow. Repository operations involve a lot of

    # auth calls. Little caching helps speedup push/pull operations significantly

    AUTH_CACHE_TTL = 4

    def __init__(self):

        global _auth_cache

        ts = time.time()

        cleared_cache = dict(

            [(k, v) for (k, v) in _auth_cache.items() if

             (v + KallitheaAuthPlugin.AUTH_CACHE_TTL > ts)])

        _auth_cache = cleared_cache

    @hybrid_property

    def name(self):

        return "pam"

    def settings(self):

        settings = [

            {

                "name": "service",

                "validator": self.validators.UnicodeString(strip=True),

                "type": "string",

                "description": "PAM service name to use for authentication",

                "default": "login",

                "formname": "PAM service name"

            },

            {

                "name": "gecos",

                "validator": self.validators.UnicodeString(strip=True),

                "type": "string",

                "description": "Regex for extracting user name/email etc "

                               "from Unix userinfo",

                "default": "(?P<last_name>.+),\s*(?P<first_name>\w+)",

                "formname": "Gecos Regex"

            }

        ]

        return settings

    def use_fake_password(self):

        return True

    def auth(self, userobj, username, password, settings, **kwargs):

        if username not in _auth_cache:

            # Need lock here, as PAM authentication is not thread safe

            _pam_lock.acquire()

            try:

                auth_result = pam.authenticate(username, password,

                                               settings["service"])

                # cache result only if we properly authenticated

                if auth_result:

                    _auth_cache[username] = time.time()

            finally:

                _pam_lock.release()

            if not auth_result:

                log.error("PAM was unable to authenticate user: %s" % (username,))

                return None

        else:

            log.debug("Using cached auth for user: %s" % (username,))

        # old attrs fetched from Kallithea database

        admin = getattr(userobj, 'admin', False)

        active = getattr(userobj, 'active', True)

        email = getattr(userobj, 'email', '') or "%s@%s" % (username, socket.gethostname())

        firstname = getattr(userobj, 'firstname', '')

        lastname = getattr(userobj, 'lastname', '')

        extern_type = getattr(userobj, 'extern_type', '')

        user_attrs = {

            'username': username,

            'firstname': firstname,

            'lastname': lastname,

            'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],

            'email': email,

            'admin': admin,

            'active': active,

            "active_from_extern": None,

            'extern_name': username,

            'extern_type': extern_type,

        }

        try:

            user_data = pwd.getpwnam(username)

            regex = settings["gecos"]

            match = re.search(regex, user_data.pw_gecos)

            if match:

                user_attrs["firstname"] = match.group('first_name')

                user_attrs["lastname"] = match.group('last_name')

        except Exception:

            pass

        log.debug("pamuser: \n%s" % formatted_json(user_attrs))

        log.info('user %s authenticated correctly' % user_attrs['username'])

        return user_attrs

                     ('auth_internal_enabled', 'True', 'bool')]:

            if skip_existing and Setting.get_by_name(k) != None:

                log.debug('Skipping option %s' % k)

                continue

            setting = Setting(k, v, t)

            self.sa.add(setting)

    def create_default_options(self, skip_existing=False):

        """Creates default settings"""

        for k, v, t in [

            ('default_repo_enable_locking',  False, 'bool'),

            ('default_repo_enable_downloads', False, 'bool'),

            ('default_repo_enable_statistics', False, 'bool'),

            ('default_repo_private', False, 'bool'),

            ('default_repo_type', 'hg', 'unicode')]:

            if skip_existing and Setting.get_by_name(k) is not None:

                log.debug('Skipping option %s' % k)

                continue

            setting = Setting(k, v, t)

            self.sa.add(setting)

    def fixup_groups(self):

        def_usr = User.get_default_user()

        for g in RepoGroup.query().all():

            g.group_name = g.get_new_name(g.name)

            self.sa.add(g)

            # get default perm

            default = UserRepoGroupToPerm.query()\

                .filter(UserRepoGroupToPerm.group == g)\

                .filter(UserRepoGroupToPerm.user == def_usr)\

                .scalar()

            if default is None:

                log.debug('missing default permission for group %s adding' % g)

                perm_obj = RepoGroupModel()._create_default_perms(g)

                self.sa.add(perm_obj)

    def reset_permissions(self, username):

        """

        Resets permissions to default state, usefull when old systems had

        bad permissions, we must clean them up

        :param username:

        """

        default_user = User.get_by_username(username)

        if not default_user:

            return

        u2p = UserToPerm.query()\

            .filter(UserToPerm.user == default_user).all()

        fixed = False

        if len(u2p) != len(Permission.DEFAULT_USER_PERMISSIONS):

            for p in u2p:

                Session().delete(p)

            fixed = True

            self.populate_default_permissions()

        return fixed

    def update_repo_info(self):

        RepoModel.update_repoinfo()

    def config_prompt(self, test_repo_path='', retries=3):

        defaults = self.cli_args

        _path = defaults.get('repos_location')

        if retries == 3:

            log.info('Setting up repositories config')

        if _path is not None:

            path = _path

        elif not self.tests and not test_repo_path:

            path = raw_input(

                 'Enter a valid absolute path to store repositories. '

                 'All repositories in that path will be added automatically:'

            )

        else:

            path = test_repo_path

        path_ok = True

        # check proper dir

        if not os.path.isdir(path):

            path_ok = False

            log.error('Given path %s is not a valid directory' % (path,))

        elif not os.path.isabs(path):

            path_ok = False

            log.error('Given path %s is not an absolute path' % (path,))

        # check if path is at least readable.

        if not os.access(path, os.R_OK):

            path_ok = False

            log.error('Given path %s is not readable' % (path,))

        # check write access, warn user about non writeable paths

        elif not os.access(path, os.W_OK) and path_ok:

            if not ask_ok('Given path %s is not writeable, do you want to '

                          'continue with read only mode ? [y/n]' % (path,)):

                log.error('Canceled by user')

                sys.exit(-1)

        if retries == 0:

            sys.exit('max retries reached')

        if not path_ok:

            retries -= 1

            return self.config_prompt(test_repo_path, retries)

        real_path = os.path.normpath(os.path.realpath(path))

        if real_path != os.path.normpath(path):

            if not ask_ok(('Path looks like a symlink, Kallithea will store '

                           'given path as %s ? [y/n]') % (real_path,)):

                log.error('Canceled by user')

                sys.exit(-1)

        return real_path

    def create_settings(self, path):

        self.create_ui_settings(path)

        ui_config = [

            ('web', 'push_ssl', 'false'),

            ('web', 'allow_archive', 'gz zip bz2'),

            ('web', 'allow_push', '*'),

            ('web', 'baseurl', '/'),

            ('paths', '/', path),

            #('phases', 'publish', 'false')

        ]

        for section, key, value in ui_config:

            ui_conf = Ui()

            setattr(ui_conf, 'ui_section', section)

            setattr(ui_conf, 'ui_key', key)

            setattr(ui_conf, 'ui_value', value)

            self.sa.add(ui_conf)

        settings = [

            ('realm', 'Kallithea', 'unicode'),

            ('title', '', 'unicode'),

            ('ga_code', '', 'unicode'),

            ('show_public_icon', True, 'bool'),

            ('show_private_icon', True, 'bool'),

            ('stylify_metatags', False, 'bool'),

            ('dashboard_items', 100, 'int'),

            ('admin_grid_items', 25, 'int'),

            ('show_version', True, 'bool'),

            ('use_gravatar', True, 'bool'),

            ('gravatar_url', User.DEFAULT_GRAVATAR_URL, 'unicode'),

            ('clone_uri_tmpl', Repository.DEFAULT_CLONE_URI, 'unicode'),

            ('update_url', Setting.DEFAULT_UPDATE_URL, 'unicode'),

        ]

        for key, val, type_ in settings:

            sett = Setting(key, val, type_)

            self.sa.add(sett)

        self.create_auth_plugin_options()

        self.create_default_options()

        log.info('created ui config')

    def create_user(self, username, password, email='', admin=False):

        log.info('creating user %s' % username)

        UserModel().create_or_update(username, password, email,

                                     firstname='Kallithea', lastname='Admin',

                                     active=True, admin=admin,

                                     extern_type=EXTERN_TYPE_INTERNAL)

    def create_default_user(self):

        log.info('creating default user')

        # create default user for handling default permissions.

        user = UserModel().create_or_update(username=User.DEFAULT_USER,

                                            password=str(uuid.uuid1())[:20],

                                            email='anonymous@kallithea-scm.org',

                                            firstname='Anonymous',

                                            lastname='User')

        # based on configuration options activate/deactive this user which

        # controlls anonymous access

        if self.cli_args.get('public_access') is False:

            log.info('Public access disabled')

            user.active = False

            Session().add(user)

            Session().commit()

    def create_permissions(self):

        """

        Creates all permissions defined in the system

        """

        # module.(access|create|change|delete)_[name]

        # module.(none|read|write|admin)

        log.info('creating permissions')

        PermissionModel(self.sa).create_permissions()

        return by_id_match.groups()[0]

def get_repo_by_id(repo_name):

    """

    Extracts repo_name by id from special urls. Example url is _11/repo_name

    :param repo_name:

    :return: repo_name if matched else None

    """

    try:

        _repo_id = _extract_id_from_repo_name(repo_name)

        if _repo_id:

            from kallithea.model.db import Repository

            return Repository.get(_repo_id).repo_name

    except Exception:

        log.debug('Failed to extract repo_name from URL %s' % (

                  traceback.format_exc()))

        return

def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):

    """

    Action logger for various actions made by users

    :param user: user that made this action, can be a unique username string or

        object containing user_id attribute

    :param action: action to log, should be on of predefined unique actions for

        easy translations

    :param repo: string name of repository or object containing repo_id,

        that action was made on

    :param ipaddr: optional ip address from what the action was made

    :param sa: optional sqlalchemy session

    """

    if not sa:

        sa = meta.Session()

    # if we don't get explicit IP address try to get one from registered user

    # in tmpl context var

    if not ipaddr:

        ipaddr = getattr(get_current_authuser(), 'ip_addr', '')

    try:

        if getattr(user, 'user_id', None):

            user_obj = User.get(user.user_id)

        elif isinstance(user, basestring):

            user_obj = User.get_by_username(user)

        else:

            raise Exception('You have to provide a user object or a username')

        if getattr(repo, 'repo_id', None):

            repo_obj = Repository.get(repo.repo_id)

            repo_name = repo_obj.repo_name

        elif isinstance(repo, basestring):

            repo_name = repo.lstrip('/')

            repo_obj = Repository.get_by_repo_name(repo_name)

        else:

            repo_obj = None

            repo_name = ''

        user_log = UserLog()

        user_log.user_id = user_obj.user_id

        user_log.username = user_obj.username

        user_log.action = safe_unicode(action)

        user_log.repository = repo_obj

        user_log.repository_name = repo_name

        user_log.action_date = datetime.datetime.now()

        user_log.user_ip = ipaddr

        sa.add(user_log)

        log.info('Logging action:%s on %s by user:%s ip:%s' %

                 (action, safe_unicode(repo), user_obj, ipaddr))

        if commit:

            sa.commit()

    except Exception:

        log.error(traceback.format_exc())

        raise

def get_filesystem_repos(path, recursive=False, skip_removed_repos=True):

    """

    Scans given path for repos and return (name,(type,path)) tuple

    :param path: path to scan for repositories

    :param recursive: recursive search and return names with subdirs in front

    """

    # remove ending slash for better results

    path = path.rstrip(os.sep)

    log.debug('now scanning in %s location recursive:%s...' % (path, recursive))

    def _get_repos(p):

        if not os.access(p, os.R_OK) or not os.access(p, os.X_OK):

            return

        if not os.access(p, os.W_OK):

        for dirpath in os.listdir(p):

            if os.path.isfile(os.path.join(p, dirpath)):

                continue

            cur_path = os.path.join(p, dirpath)

            # skip removed repos

            if skip_removed_repos and REMOVED_REPO_PAT.match(dirpath):

                continue

            #skip .<somethin> dirs

            if dirpath.startswith('.'):

                continue

            try:

                scm_info = get_scm(cur_path)

                yield scm_info[1].split(path, 1)[-1].lstrip(os.sep), scm_info

            except VCSError:

                if not recursive:

                    continue

                #check if this dir containts other repos for recursive scan

                rec_path = os.path.join(p, dirpath)

                if os.path.isdir(rec_path):

                    for inner_scm in _get_repos(rec_path):

                        yield inner_scm

    return _get_repos(path)

def is_valid_repo(repo_name, base_path, scm=None):

    """

    Returns True if given path is a valid repository False otherwise.

    If scm param is given also compare if given scm is the same as expected

    from scm parameter

    :param repo_name:

    :param base_path:

    :param scm:

    :return True: if given path is a valid repository

    """

    full_path = os.path.join(safe_str(base_path), safe_str(repo_name))

    try:

        scm_ = get_scm(full_path)

        if scm:

            return scm_[0] == scm

        return True

    except VCSError:

        return False

def is_valid_repo_group(repo_group_name, base_path, skip_path_check=False):

    """

    Returns True if given path is a repository group False otherwise

    :param repo_name:

    :param base_path:

    """

    full_path = os.path.join(safe_str(base_path), safe_str(repo_group_name))

    # check if it's not a repo

    if is_valid_repo(repo_group_name, base_path):

        return False

    try:

        # we need to check bare git repos at higher level

        # since we might match branches/hooks/info/objects or possible

        # other things inside bare git repo

        get_scm(os.path.dirname(full_path))

        return False

    except VCSError:

        pass

    # check if it's a valid path

    if skip_path_check or os.path.isdir(full_path):

        return True

    return False

def ask_ok(prompt, retries=4, complaint='Yes or no please!'):

    while True:

        ok = raw_input(prompt)

        if ok in ('y', 'ye', 'yes'):

            return True

        if ok in ('n', 'no', 'nop', 'nope'):

            return False

        retries = retries - 1

        if retries < 0:

            raise IOError

        print complaint

#propagated from mercurial documentation

ui_sections = ['alias', 'auth',

                'decode/encode', 'defaults',

                'diff', 'email',