for module in c.enabled_plugins:

            plugin = auth_modules.loadplugin(module)

            plugin_name = plugin.name

            c.plugin_shortnames[module] = plugin_name

            c.plugin_settings[module] = plugin.plugin_settings()

            for v in c.plugin_settings[module]:

                fullname = ("auth_" + plugin_name + "_" + v["name"])

                if "default" in v:

                    c.defaults[fullname] = v["default"]

                # Current values will be the default on the form, if there are any

                setting = Setting.get_by_name(fullname)

                    c.defaults[fullname] = setting.app_settings_value

        # we want to show , separated list of enabled plugins

        c.defaults['auth_plugins'] = ','.join(c.enabled_plugins)

        if defaults:

            c.defaults.update(defaults)

        log.debug(formatted_json(defaults))

        return formencode.htmlfill.render(

            render('admin/auth/auth_settings.html'),

            defaults=c.defaults,

            errors=errors,

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(self.authuser.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        return redirect(url('my_account_api_keys'))

    def my_account_api_keys_delete(self):

        api_key = request.POST.get('del_api_key')

        user_id = self.authuser.user_id

        if request.POST.get('del_api_key_builtin'):

            user = User.get(user_id)

                user.api_key = generate_api_key()

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, self.authuser.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('my_account_api_keys'))

        c.user = self.authuser

        no = Notification.get(notification_id)

        owner = any(un.user.user_id == c.authuser.user_id

                    for un in no.notifications_to_users)

        repo_admin = h.HasRepoPermissionAny('repository.admin')

        if no and (h.HasPermissionAny('hg.admin')() or repo_admin or owner):

            unotification = NotificationModel()\

                            .get_user_notification(c.user.user_id, no)

            # if this association to user is not valid, we don't want to show

            # this message

                if not unotification.read:

                    unotification.mark_as_read()

                    Session().commit()

                c.notification = no

                return render('admin/notifications/show_notification.html')

        return abort(403)

    def edit(self, notification_id, format='html'):

        """GET /_admin/notifications/id/edit: Form to edit an existing item"""

        # url('edit_notification', notification_id=ID)

                    raise HTTPInternalServerError(task.traceback)

        repo = Repository.get_by_repo_name(repo_name)

        if repo and repo.repo_state == Repository.STATE_CREATED:

            if repo.clone_uri:

                h.flash(_('Created repository %s from %s')

                        % (repo.repo_name, repo.clone_uri_hidden), category='success')

            else:

                repo_url = h.link_to(repo.repo_name,

                                     h.url('summary_home',

                                           repo_name=repo.repo_name))

                fork = repo.fork

                    fork_name = fork.repo_name

                    h.flash(h.literal(_('Forked repository %s as %s')

                            % (fork_name, repo_url)), category='success')

                else:

                    h.flash(h.literal(_('Created repository %s') % repo_url),

                            category='success')

            return {'result': True}

        return {'result': False}

    @HasRepoPermissionAllDecorator('repository.admin')

    def update(self, repo_name):

        """

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

                user.api_key = generate_api_key()

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        ret = []

        if isinstance(userid, Optional):

            user = None

        else:

            user = get_user_or_error(userid)

        # show all locks

        for r in Repository.getAll():

            userid, time_ = r.locked

            if time_:

                _api_data = r.get_api_data()

                # if we use userfilter just show the locks for this user

                    if safe_int(userid) == user.user_id:

                        ret.append(_api_data)

                else:

                    ret.append(_api_data)

        return ret

    @HasPermissionAllDecorator('hg.admin')

    def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """

        Shows IP address as seen from Kallithea server, together with all

        defined IP addresses for given user. If userid is not passed data is

                      'user_commented_revision:%s' % revision,

                      c.db_repo, self.ip_addr, self.sa)

        Session().commit()

        if not request.environ.get('HTTP_X_PARTIAL_XHR'):

            return redirect(h.url('changeset_home', repo_name=repo_name,

                                  revision=revision))

        #only ajax below

        data = {

           'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),

        }

            data.update(comment.get_dict())

            data.update({'rendered_text':

                         render('changeset/changeset_comment_block.html')})

        return data

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def preview_comment(self):

        if not request.environ.get('HTTP_X_PARTIAL_XHR'):

                action_logger(self.authuser,

                              'user_closed_pull_request:%s' % pull_request_id,

                              c.db_repo, self.ip_addr, self.sa)

        Session().commit()

        if not request.environ.get('HTTP_X_PARTIAL_XHR'):

            return redirect(pull_request.url())

        data = {

           'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),

        }

            c.comment = comment

            data.update(comment.get_dict())

            data.update({'rendered_text':

                         render('changeset/changeset_comment_block.html')})

        return data

    @LoginRequired()

    @NotAnonymous()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    @jsonify

        Gets instance of given cls using some simple lookup mechanism.

        :param cls: class to fetch

        :param instance: int or Instance

        :param callback: callback to call if all lookups failed

        """

        if isinstance(instance, cls):

            return instance

        elif isinstance(instance, (int, long)) or safe_str(instance).isdigit():

            return cls.get(instance)

        else:

                if callback is None:

                    raise Exception(

                        'given object must be int, long or Instance of %s '

                        'got %s, no callback provided' % (cls, type(instance))

                    )

                else:

                    return callback(instance)

    def _get_user(self, user):

        """

        Helper method to get user by ID, or username fallback

        new_api_key.expires = time.time() + (lifetime * 60) if lifetime != -1 else -1

        Session().add(new_api_key)

        return new_api_key

    def delete(self, api_key, user=None):

        """

        Deletes given api_key, if user is set it also filters the object for

        deletion by given user.

        """

        api_key = UserApiKeys.query().filter(UserApiKeys.api_key == api_key)

            user = self._get_user(user)

            api_key = api_key.filter(UserApiKeys.user_id == user.user_id)

        api_key = api_key.scalar()

        Session().delete(api_key)

    def get_api_keys(self, user, show_expired=True):

        user = self._get_user(user)

        user_api_keys = UserApiKeys.query()\

            .filter(UserApiKeys.user_id == user.user_id)

        if not show_expired:

            user_api_keys = user_api_keys\

            log.warning('Missing text for comment, skipping...')

            return None

        repo = self._get_repo(repo)

        user = self._get_user(user)

        comment = ChangesetComment()

        comment.repo = repo

        comment.author = user

        comment.text = text

        comment.f_path = f_path

        comment.line_no = line_no

            comment.revision = revision

            pull_request = self.__get_pull_request(pull_request)

            comment.pull_request = pull_request

        else:

            raise Exception('Please specify revision or pull_request_id')

        Session().add(comment)

        Session().flush()

        if send_email:

            (subj, body, recipients, notification_type,

             email_kwargs) = self._get_notification_data(

                                repo, comment, user,

    def get(cls, id_):

        if id_:

            return cls.query().get(id_)

    @classmethod

    def get_or_404(cls, id_):

        try:

            id_ = int(id_)

        except (TypeError, ValueError):

            raise HTTPNotFound

        res = cls.query().get(id_)

            raise HTTPNotFound

        return res

    @classmethod

    def getAll(cls):

        # deprecated and left for backward compatibility

        return cls.get_all()

    @classmethod

    def get_all(cls):

        return cls.query().all()

            self.__class__.__name__,

            self.app_settings_name, self.app_settings_value, self.app_settings_type

        )

    @classmethod

    def get_by_name(cls, key):

        return cls.query()\

            .filter(cls.app_settings_name == key).scalar()

    @classmethod

    def get_by_name_or_create(cls, key, val='', type='unicode'):

        res = cls.get_by_name(key)

            res = cls(key, val, type)

        return res

    @classmethod

    def create_or_update(cls, key, val=Optional(''), type=Optional('unicode')):

        """

        Creates or updates Kallithea setting. If updates are triggered, it will only

        update parameters that are explicitly set. Optional instance will be skipped.

        :param key:

        :param val:

        :param type:

        :return:

        """

        res = cls.get_by_name(key)

            val = Optional.extract(val)

            type = Optional.extract(type)

            res = cls(key, val, type)

        else:

            res.app_settings_name = key

            if not isinstance(val, Optional):

                # update if set

                res.app_settings_value = val

            if not isinstance(type, Optional):

                # update if set

                res.app_settings_type = type

        return res

    @classmethod

    def get_app_settings(cls, cache=False):

        ret = cls.query()

        if cache:

            ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))

            raise Exception('Could not get application settings !')

        settings = {}

        for each in ret:

            settings[each.app_settings_name] = \

                each.app_settings_value

        return settings

    @classmethod

    def get_auth_plugins(cls, cache=False):

        auth_plugins = cls.get_by_name("auth_plugins").app_settings_value

        return auth_plugins

    @classmethod

    def get_from_cs_author(cls, author):

        """

        Tries to get User objects out of commit author string

        :param author:

        """

        from kallithea.lib.helpers import email, author_name

        # Valid email in the attribute passed, see if they're in the system

        _email = email(author)

        if _email:

            user = cls.get_by_email(_email, case_insensitive=True)

                return user

        # Maybe we can match by username?

        _author = author_name(author)

        user = cls.get_by_username(_author, case_insensitive=True)

            return user

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session().add(self)

        log.debug('updated user %s lastlogin' % self.username)

    @classmethod

    def get_first_admin(cls):

        user = User.query().filter(User.admin == True).first()

        if user is None:

    gist_type = Column(Unicode(128), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    modified_at = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    owner = relationship('User')

    def __repr__(self):

        return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)

    @classmethod

    def get_or_404(cls, id_):

        res = cls.query().filter(cls.gist_access_id == id_).scalar()

            raise HTTPNotFound

        return res

    @classmethod

    def get_by_access_id(cls, gist_access_id):

        return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()

    def gist_url(self):

        import kallithea

        alias_url = kallithea.CONFIG.get('gist_alias_url')

        if alias_url:

            return alias_url.replace('{gistid}', self.gist_access_id)

class NotificationModel(BaseModel):

    cls = Notification

    def __get_notification(self, notification):

        if isinstance(notification, Notification):

            return notification

        elif isinstance(notification, (int, long)):

            return Notification.get(notification)

        else:

                raise Exception('notification must be int, long or Instance'

                                ' of Notification got %s' % type(notification))

    def create(self, created_by, subject, body, recipients=None,

               type_=Notification.TYPE_MESSAGE, with_email=True,

               email_kwargs={}):

        """

        Creates notification of given type

        :param created_by: int, str or User instance. User who created this

            notification

        """

        from kallithea.lib.celerylib import tasks, run_task

        if recipients and not getattr(recipients, '__iter__', False):

            raise Exception('recipients must be a list or iterable')

        created_by_obj = self._get_user(created_by)

        recipients_objs = []

        if recipients:

            for u in recipients:

                obj = self._get_user(u)

                    recipients_objs.append(obj)

                else:

                    # TODO: inform user that requested operation couldn't be completed

                    log.error('cannot email unknown user %r', u)

            recipients_objs = set(recipients_objs)

            log.debug('sending notifications %s to %s' % (

                type_, recipients_objs)

            )

        elif recipients is None:

            # empty recipients means to all admins

            recipients_objs = User.query().filter(User.admin == True).all()

            log.debug('sending notifications %s to admins: %s' % (

        """

        Delete given repository, forks parameter defines what do do with

        attached forks. Throws AttachedForksError if deleted repo has attached

        forks

        :param repo:

        :param forks: str 'delete' or 'detach'

        :param fs_remove: remove(archive) repo from filesystem

        """

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        repo = self._get_repo(repo)

            if forks == 'detach':

                for r in repo.forks:

                    r.fork = None

                    self.sa.add(r)

            elif forks == 'delete':

                for r in repo.forks:

                    self.delete(r, forks='delete')

            elif [f for f in repo.forks]:

                raise AttachedForksError()

            old_repo_dict = repo.get_dict()

            try:

        :param repo: Instance of Repository, repository_id, or repository name

        :param user: Instance of User, user_id or username

        """

        user = self._get_user(user)

        repo = self._get_repo(repo)

        obj = self.sa.query(UserRepoToPerm) \

            .filter(UserRepoToPerm.repository == repo) \

            .filter(UserRepoToPerm.user == user) \

            .scalar()

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repo, user))

    def grant_user_group_permission(self, repo, group_name, perm):

        """

        Grant permission for user group on given repository, or update

        existing one if found

        :param repo: Instance of Repository, repository_id, or repository name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        :param perm: Instance of Permission, or permission_name

        :param repo: Instance of Repository, repository_id, or repository name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        """

        repo = self._get_repo(repo)

        group_name = self._get_user_group(group_name)

        obj = self.sa.query(UserGroupRepoToPerm) \

            .filter(UserGroupRepoToPerm.repository == repo) \

            .filter(UserGroupRepoToPerm.users_group == group_name) \

            .scalar()

            self.sa.delete(obj)

            log.debug('Revoked perm to %s on %s' % (repo, group_name))

    def delete_stats(self, repo_name):

        """

        removes stats for given repo

        :param repo_name:

        """

        repo = self._get_repo(repo_name)

        try:

            obj = self.sa.query(Statistics) \

                .filter(Statistics.repository == repo).scalar()

                self.sa.delete(obj)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _create_filesystem_repo(self, repo_name, repo_type, repo_group,

                                clone_uri=None, repo_store_location=None):

        """

        Makes repository on filesystem. Operation is group aware, meaning that it will create

        a repository within a group, and alter the paths accordingly to the group location.

        :param repo_name:

        :param repo_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        """

        repo_group = self._get_repo_group(repo_group)

        user = self._get_user(user)

        obj = self.sa.query(UserRepoGroupToPerm)\

            .filter(UserRepoGroupToPerm.user == user)\

            .filter(UserRepoGroupToPerm.group == repo_group)\

            .scalar()

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repo_group, user))

    def grant_user_group_permission(self, repo_group, group_name, perm):

        """

        Grant permission for user group on given repository group, or update

        existing one if found

        :param repo_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        :param repo_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        """

        repo_group = self._get_repo_group(repo_group)

        group_name = self._get_user_group(group_name)

        obj = self.sa.query(UserGroupRepoGroupToPerm)\

            .filter(UserGroupRepoGroupToPerm.group == repo_group)\

            .filter(UserGroupRepoGroupToPerm.users_group == group_name)\

            .scalar()

            self.sa.delete(obj)

            log.debug('Revoked perm to %s on %s' % (repo_group, group_name))

    """

    Generic Scm Model

    """

    def __get_repo(self, instance):

        cls = Repository

        if isinstance(instance, cls):

            return instance

        elif isinstance(instance, int) or safe_str(instance).isdigit():

            return cls.get(instance)

        elif isinstance(instance, basestring):

            return cls.get_by_repo_name(instance)

            raise Exception('given object must be int, basestr or Instance'

                            ' of %s got %s' % (type(cls), type(instance)))

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        q = self.sa.query(Ui).filter(Ui.ui_key == '/').one()

        return q.ui_value

            all_groups = RepoGroup.query()\

                .filter(RepoGroup.group_parent_id == None).all()

        return [x for x in RepoGroupList(all_groups)]

    def mark_for_invalidation(self, repo_name, delete=False):

        """

        Mark caches of this repo invalid in the database.

        :param repo_name: the repo for which caches should be marked invalid

        """

        CacheInvalidation.set_invalidate(repo_name, delete=delete)

        repo = Repository.get_by_repo_name(repo_name)

            repo.update_changeset_cache()

    def toggle_following_repo(self, follow_repo_id, user_id):

        f = self.sa.query(UserFollowing)\

            .filter(UserFollowing.follows_repo_id == follow_repo_id)\

            .filter(UserFollowing.user_id == user_id).scalar()

        if f is not None:

            try:

                self.sa.delete(f)

                action_logger(UserTemp(user_id),

        """

        Generates select option with tags branches and bookmarks (for hg only)

        grouped by type

        :param repo:

        """

        hist_l = []

        choices = []

        repo = self.__get_repo(repo)

        hist_l.append(['rev:tip', _('latest tip')])

        choices.append('rev:tip')

            return choices, hist_l

        repo = repo.scm_instance

        branches_group = ([(u'branch:%s' % k, k) for k, v in

                           repo.branches.iteritems()], _("Branches"))

        hist_l.append(branches_group)

        choices.extend([x[0] for x in branches_group[0]])

        if repo.alias == 'hg':

            bookmarks_group = ([(u'book:%s' % k, k) for k, v in

                                repo.bookmarks.iteritems()], _("Bookmarks"))

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        self.sa.add(user)

        return user

    def delete(self, user, cur_user=None):

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = self._get_user(user)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                _("You can't remove this user since it is"

                  " crucial for the entire application"))

        if user.repositories:

            repos = [x.repo_name for x in user.repositories]

            raise UserOwnsReposException(

                _('User "%s" still owns %s repositories and cannot be '

                  'removed. Switch owners or remove those repositories: %s')

        self.sa.delete(user)

        from kallithea.lib.hooks import log_delete_user

        log_delete_user(user.get_dict(), cur_user)

    def reset_password_link(self, data):

        from kallithea.lib.celerylib import tasks, run_task

        from kallithea.model.notification import EmailNotificationModel

        import kallithea.lib.helpers as h

        user_email = data['email']

        user = User.get_by_email(user_email)

            log.debug('password reset user found %s' % user)

            link = h.canonical_url('reset_password_confirmation',

                                   key=user.api_key)

            reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET

            body = EmailNotificationModel().get_email_tmpl(

                reg_type, 'txt',

                user=user.short_contact,

                reset_url=link)

            html_body = EmailNotificationModel().get_email_tmpl(

                reg_type, 'html',

                user=user.short_contact,

                reset_url=link)

        else:

            log.debug("password reset email %s not found" % user_email)

        return True

    def reset_password(self, data):

        from kallithea.lib.celerylib import tasks, run_task

        from kallithea.lib import auth

        user_email = data['email']

        user = User.get_by_email(user_email)

        new_passwd = auth.PasswordGenerator().gen_password(

            8, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)

            user.password = auth.get_crypt_password(new_passwd)

            Session().add(user)

            Session().commit()

            log.info('change password for %s' % user_email)

        if new_passwd is None:

            raise Exception('unable to generate new password')

        run_task(tasks.send_email, [user_email],

                 _('Your new password'),

                 _('Your new Kallithea password:%s') % (new_passwd,))

        log.info('send new password mail to %s' % user_email)

        self.sa.add(obj)

        return obj

    def delete_extra_email(self, user, email_id):

        """

        Removes email address from UserEmailMap