if c.rhodecode_user.is_authenticated \

                            and c.rhodecode_user.username != 'default':

            return redirect(url('home'))

        if request.POST:

            #import Login Form validator class

            login_form = LoginForm()

            try:

                c.form_result = login_form.to_python(dict(request.POST))

                username = c.form_result['username']

                auth_user = AuthUser()

                auth_user.username = user.username

                auth_user.is_authenticated = True

                auth_user.is_admin = user.admin

                auth_user.user_id = user.user_id

                auth_user.name = user.name

                auth_user.lastname = user.lastname

                session['rhodecode_user'] = auth_user

                session.save()

                log.info('user %s is now authenticated', username)

                user.update_lastlogin()

def get_crypt_password(password):

    """Cryptographic function used for password hashing based on sha1

    :param password: password to hash

    """

    return bcrypt.hashpw(password, bcrypt.gensalt(10))

def check_password(password, hashed):

    return bcrypt.hashpw(password, hashed) == hashed

def authfunc(environ, username, password):

    """

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    if user is not None and user.is_ldap is False:

        if user.active:

            if user.username == 'default' and user.active:

                return True

            elif user.username == username and check_password(password, user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

    else:

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and user_obj.is_ldap is False:

            log.debug('this user already exists as non ldap')

            return False

        from rhodecode.model.settings import SettingsModel

        ldap_settings = SettingsModel().get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IN ENABLE                

        #======================================================================

        if ldap_settings.get('ldap_active', False):

            kwargs = {

                  'server':ldap_settings.get('ldap_host', ''),

                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

                  'port':ldap_settings.get('ldap_port'),

                  'bind_dn':ldap_settings.get('ldap_dn_user'),

                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

                  'ldap_version':3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                res = aldap.authenticate_ldap(username, password)

                    log.info('created new ldap user')

                log.error(traceback.format_exc())

    return False

class  AuthUser(object):

    """

    A simple object that handles a mercurial username for authentication

    """

    def __init__(self):

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.user_id = None

        pass

    else:

        raise Exception('The given path %s should not be a repository got %s',

                        path, scm)

    for dirpath in os.listdir(path):

        try:

            yield dirpath, get_scm(os.path.join(path, dirpath))

        except VCSError:

            pass

def check_repo_fast(repo_name, base_path):

    if os.path.isdir(os.path.join(base_path, repo_name)):return False

    return True

def check_repo(repo_name, base_path, verify=True):

    repo_path = os.path.join(base_path, repo_name)

    try:

        if not check_repo_fast(repo_name, base_path):

            return False

        r = hg.repository(ui.ui(), repo_path)

        if verify:

allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present

filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed

if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.

ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already    

<name> = formencode.validators.<name of validator>

<name> must equal form name

list=[1,2,3,4,5]

for SELECT use formencode.All(OneOf(list), Int())

"""

from formencode import All

from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \

    Email, Bool, StringBoolean

from pylons.i18n.translation import _

from rhodecode.lib.exceptions import LdapImportError

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import User

from webhelpers.pylonslib.secure_form import authentication_token

log = logging.getLogger(__name__)

#this is needed to translate the messages using _() in validators

class State_obj(object):

    _ = staticmethod(_)

#===============================================================================

# VALIDATORS

#===============================================================================

class ValidAuthToken(formencode.validators.FancyValidator):

    messages = {'invalid_token':_('Token mismatch')}

            }

    #error mapping

    e_dict = {'username':messages['invalid_login'],

              'password':messages['invalid_password']}

    e_dict_disable = {'username':messages['disabled_account']}

    def validate_python(self, value, state):

        password = value['password']

        username = value['username']

        user = UserModel().get_by_username(username)

            return value

        else:

            if user and user.active is False:

                log.warning('user %s is disabled', username)

                raise formencode.Invalid(self.message('disabled_account',

                                         state=State_obj),

                                         value, state,

                                         error_dict=self.e_dict_disable)

            else:

                log.warning('user %s not authenticated', username)

                raise formencode.Invalid(self.message('invalid_password',

                                         state=State_obj), value, state,

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import logging

import traceback

class UserModel(BaseModel):

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_by_username(self, username, cache=False, case_insensitive=False):

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_ldap(self, username, password):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        """

        from rhodecode.lib.auth import get_crypt_password

            try:

                new_user = User()

                new_user.password = get_crypt_password(password)

                new_user.email = '%s@ldap.server' % username

                new_user.active = True

                new_user.is_ldap = True

                new_user.name = '%s@ldap' % username

                new_user.lastname = ''

                self.sa.add(new_user)

                self.sa.commit()

                return True

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        return False

    def create_registration(self, form_data):

        from rhodecode.lib.celerylib import tasks, run_task

        try:

            new_user = User()

            for k, v in form_data.items():

                if k != 'admin':

                    setattr(new_user, k, v)

            self.sa.add(new_user)

            self.sa.commit()