if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_user_%s" % _hash_key(username)

                          )

            )

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False, fallback=True):

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        res = q.scalar()

        if fallback and not res:

            #fallback to additional keys

            _res = UserApiKeys.query()\

                .filter(UserApiKeys.api_key == api_key)\

                .filter(or_(UserApiKeys.expires == -1,

                            UserApiKeys.expires >= time.time()))\

                .first()

            if _res:

                res = _res.user

        return res

    @classmethod

    def get_by_email(cls, email, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.email.ilike(email))

        else:

            q = cls.query().filter(cls.email == email)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_email_key_%s" % email))

        ret = q.scalar()

        if ret is None:

            q = UserEmailMap.query()

            # try fetching in alternate email map

            if case_insensitive:

                q = q.filter(UserEmailMap.email.ilike(email))

            else:

                q = q.filter(UserEmailMap.email == email)

            q = q.options(joinedload(UserEmailMap.user))

            if cache:

                q = q.options(FromCache("sql_cache_short",

                                        "get_email_map_key_%s" % email))

            ret = getattr(q.scalar(), 'user', None)

        return ret

    @classmethod

    def get_from_cs_author(cls, author):

        """

        Tries to get User objects out of commit author string

        :param author:

        """

        from kallithea.lib.helpers import email, author_name

        # Valid email in the attribute passed, see if they're in the system

        _email = email(author)

        if _email:

            user = cls.get_by_email(_email, case_insensitive=True)

            if user:

                return user

        # Maybe we can match by username?

        _author = author_name(author)

        user = cls.get_by_username(_author, case_insensitive=True)

        if user:

            return user

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session().add(self)

        log.debug('updated user %s lastlogin' % self.username)

    @classmethod

    def get_first_admin(cls):

        user = User.query().filter(User.admin == True).first()

        if user is None:

            raise Exception('Missing administrative account!')

        return user

    @classmethod

    def get_default_user(cls, cache=False):

        user = User.get_by_username(User.DEFAULT_USER, cache=cache)

        if user is None:

            raise Exception('Missing default account!')

        return user

        """

        Common function for generating user related data for API

        """

        user = self

        data = dict(

            user_id=user.user_id,

            username=user.username,

            firstname=user.name,

            lastname=user.lastname,

            email=user.email,

            emails=user.emails,

            active=user.active,

            admin=user.admin,

        )

        return data

    def __json__(self):

        data = dict(

            full_name=self.full_name,

            full_name_or_username=self.full_name_or_username,

            short_contact=self.short_contact,

            full_contact=self.full_contact

        )

        data.update(self.get_api_data())

        return data

class UserApiKeys(Base, BaseModel):

    __tablename__ = 'user_api_keys'

    __table_args__ = (

        Index('uak_api_key_idx', 'api_key'),

        Index('uak_api_key_expires_idx', 'api_key', 'expires'),

        UniqueConstraint('api_key'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8', 'sqlite_autoincrement': True}

    )

    __mapper_args__ = {}

    user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)

    api_key = Column("api_key", String(255, convert_unicode=False), nullable=False, unique=True)

    description = Column('description', UnicodeText(1024))

    expires = Column('expires', Float(53), nullable=False)

    created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    user = relationship('User', lazy='joined')

    @property

    def expired(self):

        if self.expires == -1:

            return False

        return time.time() > self.expires

class UserEmailMap(Base, BaseModel):

    __tablename__ = 'user_email_map'

    __table_args__ = (

        Index('uem_email_idx', 'email'),

        UniqueConstraint('email'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8', 'sqlite_autoincrement': True}

    )

    __mapper_args__ = {}

    email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)

    _email = Column("email", String(255, convert_unicode=False), nullable=True, unique=False, default=None)

    user = relationship('User', lazy='joined')

    @validates('_email')

    def validate_email(self, key, email):

        # check if this email is not main one

        main_email = Session().query(User).filter(User.email == email).scalar()

        if main_email is not None:

            raise AttributeError('email %s is present is user table' % email)

        return email

    @hybrid_property

    def email(self):

        return self._email

    @email.setter

    def email(self, val):

        self._email = val.lower() if val else None

class UserIpMap(Base, BaseModel):

    __tablename__ = 'user_ip_map'

    __table_args__ = (

        UniqueConstraint('user_id', 'ip_addr'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8', 'sqlite_autoincrement': True}

    )

    __mapper_args__ = {}

    ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)

    ip_addr = Column("ip_addr", String(255, convert_unicode=False), nullable=True, unique=False, default=None)

    active = Column("active", Boolean(), nullable=True, unique=None, default=True)

    user = relationship('User', lazy='joined')

    @classmethod

    def _get_ip_range(cls, ip_addr):

        from kallithea.lib import ipaddr

        net = ipaddr.IPNetwork(address=ip_addr)

        return [str(net.network), str(net.broadcast)]

    def __json__(self):

        return dict(

          ip_addr=self.ip_addr,

            Session().commit()

    def test_index(self):

        self.log_user()

        response = self.app.get(url('users'))

        # Test response...

    def test_create(self):

        self.log_user()

        username = 'newtestuser'

        password = 'test12'

        password_confirmation = password

        name = 'name'

        lastname = 'lastname'

        email = 'mail@mail.com'

        response = self.app.post(url('users'),

            {'username': username,

             'password': password,

             'password_confirmation': password_confirmation,

             'firstname': name,

             'active': True,

             'lastname': lastname,

             'extern_name': 'internal',

             'extern_type': 'internal',

             'email': email})

        self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''')

        self.checkSessionFlash(response, '''/edit">%s</a>''' % (username))

        new_user = Session().query(User).\

            filter(User.username == username).one()

        self.assertEqual(new_user.username, username)

        self.assertEqual(check_password(password, new_user.password), True)

        self.assertEqual(new_user.name, name)

        self.assertEqual(new_user.lastname, lastname)

        self.assertEqual(new_user.email, email)

        response.follow()

        response = response.follow()

        response.mustcontain("""newtestuser""")

    def test_create_err(self):

        self.log_user()

        username = 'new_user'

        password = ''

        name = 'name'

        lastname = 'lastname'

        email = 'errmail.com'

        response = self.app.post(url('users'), {'username': username,

                                               'password': password,

                                               'name': name,

                                               'active': False,

                                               'lastname': lastname,

                                               'email': email})

        msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

        msg = h.html_escape(msg % {'username': 'new_user'})

        response.mustcontain("""<span class="error-message">%s</span>""" % msg)

        response.mustcontain("""<span class="error-message">Please enter a value</span>""")

        response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")

        def get_user():

            Session().query(User).filter(User.username == username).one()

        self.assertRaises(NoResultFound, get_user), 'found user in database'

    def test_new(self):

        self.log_user()

        response = self.app.get(url('new_user'))

    @parameterized.expand(

        [('firstname', {'firstname': 'new_username'}),

         ('lastname', {'lastname': 'new_username'}),

         ('admin', {'admin': True}),

         ('admin', {'admin': False}),

         ('extern_type', {'extern_type': 'ldap'}),

         ('extern_type', {'extern_type': None}),

         ('extern_name', {'extern_name': 'test'}),

         ('extern_name', {'extern_name': None}),

         ('active', {'active': False}),

         ('active', {'active': True}),

         ('email', {'email': 'some@email.com'}),

        # ('new_password', {'new_password': 'foobar123',

        #                   'password_confirmation': 'foobar123'})

        ])

    def test_update(self, name, attrs):

        self.log_user()

        usr = fixture.create_user(self.test_user_1, password='qweqwe',

                                  email='testme@example.com',

                                  extern_type='internal',

                                  extern_name=self.test_user_1,

                                  skip_if_exists=True)

        Session().commit()

        params.update({'password_confirmation': ''})

        params.update({'new_password': ''})

        params.update(attrs)

        if name == 'email':

            params['emails'] = [attrs['email']]

        if name == 'extern_type':

            #cannot update this via form, expected value is original one

            params['extern_type'] = "internal"

        if name == 'extern_name':

            #cannot update this via form, expected value is original one

            params['extern_name'] = self.test_user_1

            # special case since this user is not

                                          # logged in yet his data is not filled

                                          # so we use creation data

        response = self.app.put(url('user', id=usr.user_id), params)

        self.checkSessionFlash(response, 'User updated successfully')

        updated_user = User.get_by_username(self.test_user_1)

        updated_params.update({'password_confirmation': ''})

        updated_params.update({'new_password': ''})

        self.assertEqual(params, updated_params)

    def test_delete(self):

        self.log_user()

        username = 'newtestuserdeleteme'

        fixture.create_user(name=username)

        new_user = Session().query(User)\

            .filter(User.username == username).one()

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_delete_repo_err(self):

        self.log_user()

        username = 'repoerr'

        reponame = 'repoerr_fail'

        fixture.create_user(name=username)

        fixture.create_repo(name=reponame, cur_user=username)

        new_user = Session().query(User)\

            .filter(User.username == username).one()

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'User "%s" still '

                               'owns 1 repositories and cannot be removed. '

                               'Switch owners or remove those repositories: '

                               '%s' % (username, reponame))

        response = self.app.delete(url('repo', repo_name=reponame))

        self.checkSessionFlash(response, 'Deleted repository %s' % reponame)

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_delete_repo_group_err(self):

        self.log_user()

        username = 'repogrouperr'

        groupname = 'repogroup_fail'

        fixture.create_user(name=username)

        fixture.create_repo_group(name=groupname, cur_user=username)

        new_user = Session().query(User)\

            .filter(User.username == username).one()

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'User "%s" still '

                               'owns 1 repository groups and cannot be removed. '

                               'Switch owners or remove those repository groups: '

                               '%s' % (username, groupname))

        # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner

        # rg = RepoGroup.get_by_group_name(group_name=groupname)

        # response = self.app.get(url('repos_groups', id=rg.group_id))

        response = self.app.delete(url('delete_repo_group', group_name=groupname))

        self.checkSessionFlash(response, 'Removed repository group %s' % groupname)

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_delete_user_group_err(self):

        self.log_user()

        username = 'usergrouperr'

        groupname = 'usergroup_fail'

        fixture.create_user(name=username)

        ug = fixture.create_user_group(name=groupname, cur_user=username)

        new_user = Session().query(User)\

            .filter(User.username == username).one()

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'User "%s" still '

                               'owns 1 user groups and cannot be removed. '

                               'Switch owners or remove those user groups: '

                               '%s' % (username, groupname))

        # TODO: why do this fail?

        #response = self.app.delete(url('delete_users_group', id=groupname))

        #self.checkSessionFlash(response, 'Removed user group %s' % groupname)

        fixture.destroy_user_group(ug.users_group_id)

        response = self.app.delete(url('user', id=new_user.user_id))

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_show(self):

        response = self.app.get(url('user', id=1))

    def test_edit(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

class TestMyAccountController(TestController):

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_my_account(self):

        self.log_user()

        response = self.app.get(url('my_account'))

        response.mustcontain('value="test_admin')

    def test_my_account_my_repos(self):

        self.log_user()

        response = self.app.get(url('my_account_repos'))

        cnt = Repository.query().filter(Repository.user ==

                           User.get_by_username(TEST_USER_ADMIN_LOGIN)).count()

        response.mustcontain('"totalRecords": %s' % cnt)

    def test_my_account_my_watched(self):

        self.log_user()

        response = self.app.get(url('my_account_watched'))

        cnt = UserFollowing.query().filter(UserFollowing.user ==

                            User.get_by_username(TEST_USER_ADMIN_LOGIN)).count()

        response.mustcontain('"totalRecords": %s' % cnt)

    def test_my_account_my_emails(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

    def test_my_account_my_emails_add_existing_email(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        response = self.app.post(url('my_account_emails'),

                                 {'new_email': TEST_USER_REGULAR_EMAIL})

        self.checkSessionFlash(response, 'This e-mail address is already taken')

    def test_my_account_my_emails_add_mising_email_in_form(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        response = self.app.post(url('my_account_emails'),)

        self.checkSessionFlash(response, 'Please enter an email address')

    def test_my_account_my_emails_add_remove(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        response = self.app.post(url('my_account_emails'),

                                 {'new_email': 'foo@barz.com'})

        response = self.app.get(url('my_account_emails'))

        from kallithea.model.db import UserEmailMap

        email_id = UserEmailMap.query()\

            .filter(UserEmailMap.user == User.get_by_username(TEST_USER_ADMIN_LOGIN))\

            .filter(UserEmailMap.email == 'foo@barz.com').one().email_id

        response.mustcontain('foo@barz.com')

        response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id)

        response = self.app.post(url('my_account_emails'),

                                 {'del_email_id': email_id, '_method': 'delete'})

        self.checkSessionFlash(response, 'Removed email from user')

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

    @parameterized.expand(

        [('firstname', {'firstname': 'new_username'}),

         ('lastname', {'lastname': 'new_username'}),

         ('admin', {'admin': True}),

         ('admin', {'admin': False}),

         ('extern_type', {'extern_type': 'ldap'}),

         ('extern_type', {'extern_type': None}),

         #('extern_name', {'extern_name': 'test'}),

         #('extern_name', {'extern_name': None}),

         ('active', {'active': False}),

         ('active', {'active': True}),

         ('email', {'email': 'some@email.com'}),

        # ('new_password', {'new_password': 'foobar123',

        #                   'password_confirmation': 'foobar123'})

        ])

    def test_my_account_update(self, name, attrs):

        usr = fixture.create_user(self.test_user_1, password='qweqwe',

                                  email='testme@example.com',

                                  extern_type='internal',

                                  extern_name=self.test_user_1,

                                  skip_if_exists=True)

        user_id = usr.user_id

        self.log_user(username=self.test_user_1, password='qweqwe')

        params.update({'password_confirmation': ''})

        params.update({'new_password': ''})

        params.update({'extern_type': 'internal'})

        params.update({'extern_name': self.test_user_1})

        params.update(attrs)

        response = self.app.post(url('my_account'), params)

        self.checkSessionFlash(response,

                               'Your account was updated successfully')

        updated_user = User.get_by_username(self.test_user_1)

        updated_params.update({'password_confirmation': ''})

        updated_params.update({'new_password': ''})

        params['last_login'] = updated_params['last_login']

        if name == 'email':

            params['emails'] = [attrs['email']]

        if name == 'extern_type':

            #cannot update this via form, expected value is original one

            params['extern_type'] = "internal"

        if name == 'extern_name':

            #cannot update this via form, expected value is original one

            params['extern_name'] = str(user_id)

        if name == 'active':

            #my account cannot deactivate account

            params['active'] = True

        if name == 'admin':

            #my account cannot make you an admin !

            params['admin'] = False

        self.assertEqual(params, updated_params)

    def test_my_account_update_err_email_exists(self):

        self.log_user()

        new_email = 'test_regular@mail.com'  # already exisitn email

        response = self.app.post(url('my_account'),

                                params=dict(

                                    username='test_admin',

                                    new_password='test12',

                                    password_confirmation='test122',

                                    firstname='NewName',

                                    lastname='NewLastname',

                                    email=new_email,)

                                )

        response.mustcontain('This e-mail address is already taken')

    def test_my_account_update_err(self):

        self.log_user('test_regular2', 'test12')

        new_email = 'newmail.pl'

        response = self.app.post(url('my_account'),

                                 params=dict(

                                            username='test_admin',

                                            new_password='test12',

                                            password_confirmation='test122',

                                            firstname='NewName',

                                            lastname='NewLastname',

                                            email=new_email,))

        response.mustcontain('An email address must contain a single @')

        from kallithea.model import validators

        msg = validators.ValidUsername(edit=False, old_data={})\

                ._messages['username_exists']

        msg = h.html_escape(msg % {'username': 'test_admin'})

        response.mustcontain(u"%s" % msg)

    def test_my_account_api_keys(self):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(user.api_key)

        response.mustcontain('expires: never')

    @parameterized.expand([

        ('forever', -1),

        ('5mins', 60*5),

        ('30days', 60*60*24*30),

    ])

    def test_my_account_add_api_keys(self, desc, lifetime):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': desc, 'lifetime': lifetime})

        self.checkSessionFlash(response, 'Api key successfully created')

        try:

            response = response.follow()

            user = User.get(usr['user_id'])

            for api_key in user.api_keys:

                response.mustcontain(api_key)

        finally:

            for api_key in UserApiKeys.query().all():

                Session().delete(api_key)

                Session().commit()

    def test_my_account_remove_api_key(self):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': 'desc', 'lifetime': -1})

        self.checkSessionFlash(response, 'Api key successfully created')

        response = response.follow()

        #now delete our key

        keys = UserApiKeys.query().all()

        self.assertEqual(1, len(keys))