## Uncomment and replace with the address which should receive                ## 

## any error reports after application crash                                  ##

## Additionally those settings will be used by RhodeCode mailing system       ##

################################################################################

#email_to = admin@localhost

#error_email_from = paste_error@localhost

#app_email_from = rhodecode-noreply@localhost

#error_message =

#smtp_server = mail.server.com

#smtp_username = 

#smtp_password = 

#smtp_port = 

#smtp_use_tls = false

#smtp_use_ssl = true

[server:main]

##nr of threads to spawn

threadpool_workers = 5

##max request before thread respawn

threadpool_max_requests = 6

##option to use threads of process

use = egg:Paste#http

host = 0.0.0.0

port = 5000

[app:main]

use = egg:rhodecode

full_stack = true

static_files = true

lang=en

cache_dir = %(here)s/data

index_dir = %(here)s/data/index

app_instance_uuid = develop

cut_off_limit = 256000

force_https = false

commit_parse_limit = 25

use_gravatar = true

####################################

###        CELERY CONFIG        ####

####################################

use_celery = false

broker.host = localhost

broker.vhost = rabbitmqhost

[DEFAULT]

debug = true

################################################################################

## Uncomment and replace with the address which should receive                ## 

## any error reports after application crash                                  ##

## Additionally those settings will be used by RhodeCode mailing system       ##

################################################################################

#email_to = admin@localhost

#error_email_from = paste_error@localhost

#app_email_from = rhodecode-noreply@localhost

#error_message =

#smtp_server = mail.server.com

#smtp_username = 

#smtp_password = 

#smtp_port = 

#smtp_use_tls = false

#smtp_use_ssl = true

[server:main]

##nr of threads to spawn

threadpool_workers = 5

##max request before thread respawn

##option to use threads of process

use_threadpool = true

use = egg:Paste#http

host = 127.0.0.1

port = 8001

[app:main]

use = egg:rhodecode

full_stack = true

static_files = false

lang=en

cache_dir = %(here)s/data

index_dir = %(here)s/data/index

cut_off_limit = 256000

force_https = false

use_gravatar = true

####################################

###        CELERY CONFIG        ####

####################################

use_celery = false

broker.host = localhost

broker.vhost = rabbitmqhost

broker.port = 5672

broker.user = rabbitmq

broker.password = qweqwe

celery.imports = rhodecode.lib.celerylib.tasks

celery.result.backend = amqp

celery.result.dburi = amqp://

celery.result.serialier = json

#celery.send.task.error.emails = true

#celery.amqp.task.result.expires = 18000

celeryd.concurrency = 2

#celeryd.log.file = celeryd.log

celeryd.log.level = debug

celeryd.max.tasks.per.child = 1

#tasks will never be sent to the queue, but executed locally instead.

celery.always.eager = false

####################################

###         BEAKER CACHE        ####

####################################

beaker.cache.data_dir=%(here)s/data/cache/data

beaker.cache.lock_dir=%(here)s/data/cache/lock

beaker.cache.regions=super_short_term,short_term,long_term,sql_cache_short,sql_cache_med,sql_cache_long

beaker.cache.super_short_term.type=memory

beaker.cache.super_short_term.expire=10

beaker.cache.short_term.type=memory

beaker.cache.short_term.expire=60

beaker.cache.long_term.type=memory

beaker.cache.long_term.expire=36000

beaker.cache.sql_cache_short.type=memory

beaker.cache.sql_cache_short.expire=10

beaker.cache.sql_cache_med.type=memory

beaker.cache.sql_cache_med.expire=360

beaker.cache.sql_cache_long.type=file

beaker.cache.sql_cache_long.expire=3600

####################################

###       BEAKER SESSION        ####

####################################

## Type of storage used for the session, current types are 

## dbm, file, memcached, database, and memory. 

## The storage uses the Container API 

##that is also used by the cache system.

beaker.session.type = file

beaker.session.key = rhodecode

beaker.session.secret = g654dcno0-9873jhgfreyu

beaker.session.timeout = 36000

##auto save the session to not to use .save()

beaker.session.auto = False

##true exire at browser close

#beaker.session.cookie_expires = 3600

################################################################################

## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##

## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##

## execute malicious code after an exception is raised.                       ##

################################################################################

set debug = false

##################################

###       LOGVIEW CONFIG       ###

##################################

logview.sqlalchemy = #faa

logview.pylons.templating = #bfb

logview.pylons.util = #eee

#########################################################

### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG    ###

#########################################################

#sqlalchemy.db1.echo = False

#sqlalchemy.db1.pool_recycle = 3600

sqlalchemy.convert_unicode = true

################################

### LOGGING CONFIGURATION   ####

################################

[loggers]

keys = root, routes, rhodecode, sqlalchemy,beaker,templates

[handlers]

keys = console

[formatters]

keys = generic,color_formatter

#############

## LOGGERS ##

#############

[logger_root]

level = INFO

handlers = console

[logger_routes]

    Some simple helper functions

    :created_on: Jan 5, 2011

    :author: marcink

    :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>    

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

def str2bool(v):

    return v.lower() in ["yes", "true", "t", "1"] if v else None

    :created_on: Apr 4, 2010

    :copyright: (c) 2010 by marcink.

    :license: LICENSE_NAME, see LICENSE_FILE for more details.

"""

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import bcrypt

import random

import logging

import traceback

from decorator import decorator

from pylons import config, session, url, request

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \

    UserToPerm, UsersGroupToPerm, UsersGroupMember

log = logging.getLogger(__name__)

PERM_WEIGHTS = {'repository.none':0,

                'repository.read':1,

                'repository.write':3,

                'repository.admin':3}

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]

    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]

    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, len, type):

        self.passwd = ''.join([random.choice(type) for _ in xrange(len)])

        return self.passwd

def get_crypt_password(password):

    """Cryptographic function used for password hashing based on pybcrypt

    :param password: password to hash

    """

    return bcrypt.hashpw(password, bcrypt.gensalt(10))

def check_password(password, hashed):

    return bcrypt.hashpw(password, hashed) == hashed

def authfunc(environ, username, password):

    """Dummy authentication function used in Mercurial/Git/ and access control,

    :param environ: needed only for using in Basic auth

    """

    return authenticate(username, password)

def authenticate(username, password):

    """Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and not user.ldap_dn:

        return False

    if len(repo.revisions) > 1:

        run_task(get_commits_stats, repo_name, ts_min_y, ts_max_y)

    return True

@task(ignore_result=True)

def reset_user_password(user_email):

    try:

        log = reset_user_password.get_logger()

    except:

        log = logging.getLogger(__name__)

    from rhodecode.lib import auth

    from rhodecode.model.db import User

    try:

        try:

            sa = get_session()

            user = sa.query(User).filter(User.email == user_email).scalar()

            new_passwd = auth.PasswordGenerator().gen_password(8,

                             auth.PasswordGenerator.ALPHABETS_BIG_SMALL)

            if user:

                user.password = auth.get_crypt_password(new_passwd)

                sa.add(user)

                sa.commit()

                log.info('change password for %s', user_email)

            if new_passwd is None:

                raise Exception('unable to generate new password')

        except:

            log.error(traceback.format_exc())

            sa.rollback()

        run_task(send_email, user_email,

                 "Your new rhodecode password",

                 'Your new rhodecode password:%s' % (new_passwd))

        log.info('send new password mail to %s', user_email)

    except:

        log.error('Failed to update user password')

        log.error(traceback.format_exc())

    return True

@task(ignore_result=True)

def send_email(recipients, subject, body):

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import os

import sys

import uuid

import logging

from os.path import dirname as dn, join as jn

from rhodecode import __dbversion__

from rhodecode.model import meta

from rhodecode.lib.utils import ask_ok

from rhodecode.model import init_model

from rhodecode.model.db import User, Permission, RhodeCodeUi, RhodeCodeSettings, \

    UserToPerm, DbMigrateVersion

from sqlalchemy.engine import create_engine

log = logging.getLogger(__name__)

class DbManage(object):

    def __init__(self, log_sql, dbconf, root, tests=False):

        self.dbname = dbconf.split('/')[-1]

        self.tests = tests

        self.root = root

        self.dburi = dbconf

        self.log_sql = log_sql

        self.db_exists = False

        self.init_db()

    def init_db(self):

        engine = create_engine(self.dburi, echo=self.log_sql)

        init_model(engine)

        self.sa = meta.Session()

        try:

            self.sa.add(web1)

            self.sa.add(web2)

            self.sa.add(web3)

            self.sa.add(web4)

            self.sa.add(paths)

            self.sa.add(hgsettings1)

            self.sa.add(hgsettings2)

            self.sa.add(hgsettings3)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

        self.create_ldap_options()

        log.info('created ui config')

    def create_user(self, username, password, email='', admin=False):

        log.info('creating administrator user %s', username)

        new_user = User()

        new_user.username = username

        new_user.password = get_crypt_password(password)

        new_user.name = 'RhodeCode'

        new_user.lastname = 'Admin'

        new_user.email = email

        new_user.admin = admin

        new_user.active = True

        try:

            self.sa.add(new_user)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def create_default_user(self):

        log.info('creating default user')

        #create default user for handling default permissions.

        def_user = User()

        def_user.username = 'default'

        def_user.password = get_crypt_password(str(uuid.uuid1())[:8])

        def_user.name = 'Anonymous'

        def_user.lastname = 'User'

        def_user.email = 'anonymous@rhodecode.org'

        def_user.admin = False

        def_user.active = False

        try:

            self.sa.add(def_user)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def create_permissions(self):

        #module.(access|create|change|delete)_[name]

        #module.(read|write|owner)

        perms = [('repository.none', 'Repository no access'),

                 ('repository.read', 'Repository read access'),

                 ('repository.write', 'Repository write access'),

                 ('repository.admin', 'Repository admin access'),

                 ('hg.admin', 'Hg Administrator'),

                 ('hg.create.repository', 'Repository create'),

                 ('hg.create.none', 'Repository creation disabled'),

                 ('hg.register.none', 'Register disabled'),

                ]

        for p in perms:

            new_perm = Permission()

            new_perm.permission_name = p[0]

            new_perm.permission_longname = p[1]

            try:

                self.sa.add(new_perm)

                self.sa.commit()

            except:

                self.sa.rollback()

                raise

    def populate_default_permissions(self):

        log.info('creating default user permissions')

        default_user = self.sa.query(User)\

        .filter(User.username == 'default').scalar()

        reg_perm = UserToPerm()

        reg_perm.user = default_user

        reg_perm.permission = self.sa.query(Permission)\

        .filter(Permission.permission_name == 'hg.register.manual_activate')\

        .scalar()

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import logging

import traceback

from pylons.i18n.translation import _

from rhodecode.model import BaseModel

from rhodecode.model.caching_query import FromCache

from rhodecode.model.db import User

from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException

from sqlalchemy.exc import DatabaseError

log = logging.getLogger(__name__)

class UserModel(BaseModel):

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User)\

                .filter(User.username == username)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def create(self, form_data):

        try:

            new_user = User()

            for k, v in form_data.items():

                setattr(new_user, k, v)

            self.sa.add(new_user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_ldap(self, username, password, user_dn, attrs):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        :param user_dn:

        :param attrs:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for such ldap account in RhodeCode database')

        if self.get_by_username(username, case_insensitive=True) is None:

            try:

                new_user = User()

                new_user.username = username.lower() # add ldap account always lowercase

                new_user.password = get_crypt_password(password)

                new_user.email = attrs['email']

                new_user.active = True

                new_user.ldap_dn = user_dn

                new_user.name = attrs['name']

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                self.sa.commit()

                return True

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('this %s user exists skipping creation of ldap account',

                  username)

        return False

    def create_registration(self, form_data):

        from rhodecode.lib.celerylib import tasks, run_task

        try:

            new_user = User()

            for k, v in form_data.items():

                if k != 'admin':

                    setattr(new_user, k, v)

            self.sa.add(new_user)

            self.sa.commit()

            body = ('New user registration\n'

                    'username: %s\n'

                    'email: %s\n')

            body = body % (form_data['username'], form_data['email'])

            run_task(tasks.send_email, None,

                     _('[RhodeCode] New User registration'),

                     body)

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def update(self, user_id, form_data):

        try:

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                else:

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def update_my_account(self, user_id, form_data):

        try:

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                else:

                    if k not in ['admin', 'active']:

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def delete(self, user_id):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't remove this user since it's"

                                  " crucial for entire application"))

            if user.repositories:

                raise UserOwnsReposException(_('This user still owns %s '

                                               'repositories and cannot be '

                                               'removed. Switch owners or '

                                               'remove those repositories') \

                                               % user.repositories)

            self.sa.delete(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

}

#content div.box-left div.form div.fields div.field div.label,#content div.box-right div.form div.fields div.field div.label {

clear:both;

overflow:hidden;

left:0;

width:auto;

position:relative;

margin:0;

padding:0 0 8px;

}

#content div.box div.form div.fields div.field div.label-select {

padding:5px 0 0 5px;

}

#content div.box-left div.form div.fields div.field div.label-select,#content div.box-right div.form div.fields div.field div.label-select {

padding:0 0 8px;

}

#content div.box-left div.form div.fields div.field div.label-textarea,#content div.box-right div.form div.fields div.field div.label-textarea {

padding:0 0 8px !important;

}

color:#393939;

font-weight:700;

}

#content div.box div.form div.fields div.field div.input {

margin:0 0 0 200px;

}

#content div.box-left div.form div.fields div.field div.input,#content div.box-right div.form div.fields div.field div.input {

margin:0 0 0 0px;

}

#content div.box div.form div.fields div.field div.input input {

background:#FFF;

border-top:1px solid #b3b3b3;

border-left:1px solid #b3b3b3;

border-right:1px solid #eaeaea;

border-bottom:1px solid #eaeaea;

color:#000;

font-family:Lucida Grande, Verdana, Lucida Sans Regular, Lucida Sans Unicode, Arial, sans-serif;

font-size:11px;

margin:0;

padding:7px 7px 6px;

}

    ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name}

</%def>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))} 

    » 

    ${h.link_to(_('Users'),h.url('users'))} 

    »

    ${_('edit')} "${c.user.username}"

</%def>

<%def name="page_nav()">

	${self.menu('admin')}

</%def>

<%def name="main()">

<div class="box box-left">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}       

    </div>

    <!-- end box / title -->

    ${h.form(url('user', id=c.user.user_id),method='put')}

    <div class="form">

             <div class="field">

                <div class="gravatar_box">

              		<div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>

              		<p>

              		<strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/> 

              		${_('Using')} ${c.user.email}

              		</p>

            	</div>