def get_by_name_or_create(cls, key, val='', type='unicode'):

        res = cls.get_by_name(key)

        if not res:

            res = cls(key, val, type)

        return res

    @classmethod

    def create_or_update(cls, key, val=Optional(''), type=Optional('unicode')):

        """

        Creates or updates Kallithea setting. If updates are triggered, it will only

        update parameters that are explicitly set. Optional instance will be skipped.

        :param key:

        :param val:

        :param type:

        :return:

        """

        res = cls.get_by_name(key)

        if not res:

            val = Optional.extract(val)

            type = Optional.extract(type)

            res = cls(key, val, type)

        else:

            res.app_settings_name = key

            if not isinstance(val, Optional):

                # update if set

                res.app_settings_value = val

            if not isinstance(type, Optional):

                # update if set

                res.app_settings_type = type

        return res

    @classmethod

    def get_app_settings(cls, cache=False):

        ret = cls.query()

        if cache:

            ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))

        if not ret:

            raise Exception('Could not get application settings !')

        settings = {}

        for each in ret:

            settings[each.app_settings_name] = \

                each.app_settings_value

        return settings

    @classmethod

    def get_auth_plugins(cls, cache=False):

        auth_plugins = cls.get_by_name("auth_plugins").app_settings_value

        return auth_plugins

    @classmethod

    def get_auth_settings(cls, cache=False):

        ret = cls.query()\

                .filter(cls.app_settings_name.startswith('auth_')).all()

        fd = {}

        for row in ret:

            fd[row.app_settings_name] = row.app_settings_value

        return fd

    @classmethod

    def get_default_repo_settings(cls, cache=False, strip_prefix=False):

        ret = cls.query()\

                .filter(cls.app_settings_name.startswith('default_')).all()

        fd = {}

        for row in ret:

            key = row.app_settings_name

            if strip_prefix:

                key = remove_prefix(key, prefix='default_')

            fd.update({key: row.app_settings_value})

        return fd

    @classmethod

    def get_server_info(cls):

        import pkg_resources

        import platform

        import kallithea

        from kallithea.lib.utils import check_git_version

        mods = [(p.project_name, p.version) for p in pkg_resources.working_set]

        info = {

            'modules': sorted(mods, key=lambda k: k[0].lower()),

            'py_version': platform.python_version(),

            'platform': safe_unicode(platform.platform()),

            'kallithea_version': kallithea.__version__,

            'git_version': safe_unicode(check_git_version()),

            'git_path': kallithea.CONFIG.get('git_path')

        }

        return info

class Ui(Base, BaseModel):

    __tablename__ = DB_PREFIX + 'ui'

    __table_args__ = (

        UniqueConstraint('ui_key'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8', 'sqlite_autoincrement': True}

    )

    HOOK_UPDATE = 'changegroup.update'

    HOOK_REPO_SIZE = 'changegroup.repo_size'

    HOOK_PUSH = 'changegroup.push_logger'

    HOOK_PRE_PUSH = 'prechangegroup.pre_push'

    HOOK_PULL = 'outgoing.pull_logger'

    HOOK_PRE_PULL = 'preoutgoing.pre_pull'

    ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    ui_section = Column("ui_section", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    ui_key = Column("ui_key", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    ui_value = Column("ui_value", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)

    # def __init__(self, section='', key='', value=''):

    #     self.ui_section = section

    #     self.ui_key = key

    #     self.ui_value = value

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.ui_key == key).scalar()

    @classmethod

    def get_builtin_hooks(cls):

        q = cls.query()

        q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,

                                     cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,

                                     cls.HOOK_PULL, cls.HOOK_PRE_PULL]))

        return q.all()

    @classmethod

    def get_custom_hooks(cls):

        q = cls.query()

        q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,

                                      cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,

                                      cls.HOOK_PULL, cls.HOOK_PRE_PULL]))

        q = q.filter(cls.ui_section == 'hooks')

        return q.all()

    @classmethod

    def get_repos_location(cls):

        return cls.get_by_key('/').ui_value

    @classmethod

    def create_or_update_hook(cls, key, val):

        new_ui = cls.get_by_key(key) or cls()

        new_ui.ui_section = 'hooks'

        new_ui.ui_active = True

        new_ui.ui_key = key

        new_ui.ui_value = val

        Session().add(new_ui)

    def __repr__(self):

        return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,

                                    self.ui_key, self.ui_value)

class User(Base, BaseModel):

    __tablename__ = 'users'

    __table_args__ = (

        UniqueConstraint('username'), UniqueConstraint('email'),

        Index('u_username_idx', 'username'),

        Index('u_email_idx', 'email'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8', 'sqlite_autoincrement': True}

    )

    DEFAULT_USER = 'default'

    DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'

    user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    username = Column("username", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    password = Column("password", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    active = Column("active", Boolean(), nullable=True, unique=None, default=True)

    admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)

    name = Column("firstname", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    lastname = Column("lastname", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    _email = Column("email", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)

    extern_type = Column("extern_type", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    extern_name = Column("extern_name", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    api_key = Column("api_key", String(255, convert_unicode=False), nullable=True, unique=None, default=None)

    inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)

    created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    _user_data = Column("user_data", LargeBinary(), nullable=True)  # JSON data

    user_log = relationship('UserLog')

    user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')

    repositories = relationship('Repository')

    user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')

    followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')

    repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')

    repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')

    group_member = relationship('UserGroupMember', cascade='all')

    notifications = relationship('UserNotification', cascade='all')

    # notifications assigned to this user

    user_created_notifications = relationship('Notification', cascade='all')

    # comments created by this user

    user_comments = relationship('ChangesetComment', cascade='all')

    #extra emails for this user

    user_emails = relationship('UserEmailMap', cascade='all')

    #extra api keys

    user_api_keys = relationship('UserApiKeys', cascade='all')

    @hybrid_property

    def email(self):

        return self._email

    @email.setter

    def email(self, val):

        self._email = val.lower() if val else None

    @property

    def firstname(self):

        # alias for future

        return self.name

    @property

    def emails(self):

        other = UserEmailMap.query().filter(UserEmailMap.user==self).all()

        return [self.email] + [x.email for x in other]

    @property

    def api_keys(self):

        other = UserApiKeys.query().filter(UserApiKeys.user==self).all()

        return [self.api_key] + [x.api_key for x in other]

    @property

    def ip_addresses(self):

        ret = UserIpMap.query().filter(UserIpMap.user == self).all()

        return [x.ip_addr for x in ret]

    @property

    def username_and_name(self):

        return '%s (%s %s)' % (self.username, self.firstname, self.lastname)

    @property

    def full_name(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def full_name_or_username(self):

        return ('%s %s' % (self.firstname, self.lastname)

                if (self.firstname and self.lastname) else self.username)

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.firstname, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    @property

    def AuthUser(self):

        """

        Returns instance of AuthUser for this user

        """

        from kallithea.lib.auth import AuthUser

        return AuthUser(user_id=self.user_id, api_key=self.api_key,

                        username=self.username)

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

        try:

            return json.loads(self._user_data)

        except TypeError:

            return {}

    @user_data.setter

    def user_data(self, val):

        try:

            self._user_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.user_id, self.username)

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.username.ilike(username))

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_user_%s" % _hash_key(username)

                          )

            )

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False, fallback=True):

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        res = q.scalar()

        if fallback and not res:

            #fallback to additional keys

            _res = UserApiKeys.query()\

                .filter(UserApiKeys.api_key == api_key)\

                .filter(or_(UserApiKeys.expires == -1,

                            UserApiKeys.expires >= time.time()))\

                .first()

            if _res:

                res = _res.user

        return res

    @classmethod

    def get_by_email(cls, email, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.email.ilike(email))

        else:

            q = cls.query().filter(cls.email == email)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_email_key_%s" % email))

        ret = q.scalar()

        if ret is None:

            q = UserEmailMap.query()

            # try fetching in alternate email map

            if case_insensitive:

                q = q.filter(UserEmailMap.email.ilike(email))

            else:

                q = q.filter(UserEmailMap.email == email)

            q = q.options(joinedload(UserEmailMap.user))

            if cache:

                q = q.options(FromCache("sql_cache_short",

                                        "get_email_map_key_%s" % email))

            ret = getattr(q.scalar(), 'user', None)

        return ret

    @classmethod

    def get_from_cs_author(cls, author):

        """

        Tries to get User objects out of commit author string

        :param author:

        """

        from kallithea.lib.helpers import email, author_name

        # Valid email in the attribute passed, see if they're in the system

        _email = email(author)

        if _email:

            user = cls.get_by_email(_email, case_insensitive=True)

            if user:

                return user

        # Maybe we can match by username?

        _author = author_name(author)

        user = cls.get_by_username(_author, case_insensitive=True)

        if user:

            return user

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session().add(self)

        log.debug('updated user %s lastlogin' % self.username)

    @classmethod

    def get_first_admin(cls):

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def get_by_email(self, email, cache=False, case_insensitive=False):

        return User.get_by_email(email, case_insensitive, cache)

    def get_by_api_key(self, api_key, cache=False):

        return User.get_by_api_key(api_key, cache)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.hooks import log_create_user, check_allowed_create_user

        _fd = form_data

        user_data = {

            'username': _fd['username'], 'password': _fd['password'],

            'email': _fd['email'], 'firstname': _fd['firstname'], 'lastname': _fd['lastname'],

            'active': _fd['active'], 'admin': False

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        from kallithea.lib.auth import get_crypt_password

        new_user = User()

        for k, v in form_data.items():

            if k == 'password':

                v = get_crypt_password(v)

            if k == 'firstname':

                k = 'name'

            setattr(new_user, k, v)

        new_user.api_key = generate_api_key(form_data['username'])

        self.sa.add(new_user)

        log_create_user(new_user.get_dict(), cur_user)

        return new_user

    def create_or_update(self, username, password, email, firstname='',

                         lastname='', active=True, admin=False,

                         extern_type=None, extern_name=None, cur_user=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param extern_name:

        :param extern_type:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.auth import get_crypt_password, check_password

        from kallithea.lib.hooks import log_create_user, check_allowed_create_user

        user_data = {

            'username': username, 'password': password,

            'email': email, 'firstname': firstname, 'lastname': lastname,

            'active': active, 'admin': admin

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in Kallithea database' % username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s' % username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s' % username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.email = email

            new_user.active = active

            new_user.extern_name = safe_unicode(extern_name) if extern_name else None

            new_user.extern_type = safe_unicode(extern_type) if extern_type else None

            new_user.name = firstname

            new_user.lastname = lastname

            if not edit:

                new_user.api_key = generate_api_key(username)

            # set password only if creating an user or password is changed

            password_change = new_user.password and not check_password(password,

                                                            new_user.password)

            if not edit or password_change:

                reason = 'new password' if edit else 'new user'

                log.debug('Updating password reason=>%s' % (reason,))

                new_user.password = get_crypt_password(password) if password else None

            self.sa.add(new_user)

            if not edit:

                log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_registration(self, form_data):

        from kallithea.model.notification import NotificationModel

        import kallithea.lib.helpers as h

        form_data['admin'] = False

        form_data['extern_name'] = EXTERN_TYPE_INTERNAL

        form_data['extern_type'] = EXTERN_TYPE_INTERNAL

        new_user = self.create(form_data)

        self.sa.add(new_user)

        self.sa.flush()

        # notification to admins

        subject = _('New user registration')

        body = ('New user registration\n'

                '---------------------\n'

                '- Username: %s\n'

                '- Full Name: %s\n'

                '- Email: %s\n')

        body = body % (new_user.username, new_user.full_name, new_user.email)

        edit_url = h.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {'registered_user_url': edit_url, 'new_username': new_user.username}

        NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=Notification.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=[]):

        from kallithea.lib.auth import get_crypt_password

        user = self.get(user_id, cache=False)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                            _("You can't Edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

        self.sa.add(user)

    def update_user(self, user, **kwargs):

        from kallithea.lib.auth import get_crypt_password

        user = self._get_user(user)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                _("You can't Edit this user since it's"

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        self.sa.add(user)

        return user

    def delete(self, user, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = self._get_user(user)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                _(u"You can't remove this user since it's"

                  " crucial for entire application")

            )

        if user.repositories:

            repos = [x.repo_name for x in user.repositories]

            raise UserOwnsReposException(

                % (user.username, len(repos), ', '.join(repos))

            )

        self.sa.delete(user)

        from kallithea.lib.hooks import log_delete_user

        log_delete_user(user.get_dict(), cur_user)

    def reset_password_link(self, data):

        from kallithea.lib.celerylib import tasks, run_task

        from kallithea.model.notification import EmailNotificationModel

        import kallithea.lib.helpers as h

        user_email = data['email']

        user = User.get_by_email(user_email)

        if user:

            log.debug('password reset user found %s' % user)

            link = h.canonical_url('reset_password_confirmation', key=user.api_key)

            reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET

            body = EmailNotificationModel().get_email_tmpl(reg_type,

                                                           'txt',

                                                           user=user.short_contact,

                                                           reset_url=link)

            html_body = EmailNotificationModel().get_email_tmpl(reg_type,

                                                           'html',

                                                           user=user.short_contact,

                                                           reset_url=link)

            log.debug('sending email')

            run_task(tasks.send_email, [user_email],

                     _("Password reset link"), body, html_body)

            log.info('send new password mail to %s' % user_email)

        else:

            log.debug("password reset email %s not found" % user_email)

        return True

    def reset_password(self, data):

        from kallithea.lib.celerylib import tasks, run_task

        from kallithea.lib import auth

        user_email = data['email']

        user = User.get_by_email(user_email)

        new_passwd = auth.PasswordGenerator().gen_password(8,

                        auth.PasswordGenerator.ALPHABETS_BIG_SMALL)

        if user:

            user.password = auth.get_crypt_password(new_passwd)

            Session().add(user)

            Session().commit()

            log.info('change password for %s' % user_email)

        if new_passwd is None:

            raise Exception('unable to generate new password')

        run_task(tasks.send_email, [user_email],

                 _('Your new password'),

                 _('Your new Kallithea password:%s') % (new_passwd,))

        log.info('send new password mail to %s' % user_email)

        return True

    def fill_data(self, auth_user, user_id=None, api_key=None, username=None):

        """

        Fetches auth_user by user_id,or api_key if present.

        Fills auth_user attributes with those taken from database.

        Additionally sets is_authenitated if lookup fails

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        :param username: username to fetch by

        """

        if user_id is None and api_key is None and username is None:

            raise Exception('You need to pass user_id, api_key or username')

        dbuser = None

        if user_id:

            dbuser = self.get(user_id)

        elif api_key:

            dbuser = self.get_by_api_key(api_key)

        elif username:

            dbuser = self.get_by_username(username)

        if dbuser is not None and dbuser.active:

            log.debug('filling %s data' % dbuser)

            for k, v in dbuser.get_dict().iteritems():

                if k not in ['api_keys', 'permissions']:

                    setattr(auth_user, k, v)

            return True

        return False

    def has_perm(self, user, perm):

        perm = self._get_perm(perm)

        user = self._get_user(user)

        return UserToPerm.query().filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query()\

            .filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserToPerm()

        new.user = user

        new.permission = perm

        self.sa.add(new)

        return new

    def revoke_perm(self, user, perm):

        """

        Revoke users global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        obj = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .filter(UserToPerm.permission == perm)\

                .scalar()

        if obj:

            self.sa.delete(obj)

    def add_extra_email(self, user, email):

        """

        Adds email address to UserEmailMap

        :param user:

        :param email:

        """

        from kallithea.model import forms

        form = forms.UserExtraEmailForm()()

        data = form.to_python(dict(email=email))

        user = self._get_user(user)

        obj = UserEmailMap()

        obj.user = user

        obj.email = data['email']

        self.sa.add(obj)

        return obj

    def delete_extra_email(self, user, email_id):

        """

        Removes email address from UserEmailMap

        :param user:

        :param email_id:

        """

        user = self._get_user(user)

        obj = UserEmailMap.query().get(email_id)

        if obj:

            self.sa.delete(obj)

    def add_extra_ip(self, user, ip):

        """

        Adds ip address to UserIpMap

        :param user:

        :param ip:

        """

        from kallithea.model import forms

        form = forms.UserExtraIpForm()()

        data = form.to_python(dict(ip=ip))

        user = self._get_user(user)

        obj = UserIpMap()

        obj.user = user

        obj.ip_addr = data['ip']

        self.sa.add(obj)

        return obj

    def delete_extra_ip(self, user, ip_id):

        """

        Removes ip address from UserIpMap

        :param user:

        :param ip_id:

        """

        user = self._get_user(user)

        obj = UserIpMap.query().get(ip_id)

        if obj:

            self.sa.delete(obj)