"SQLAlchemy==0.7.4",

    "Mako==0.5.0",

    "pygments>=1.4",

    "whoosh>=2.3.0,<2.4",

    "celery>=2.2.5,<2.3",

    "babel",

    "python-dateutil>=1.5.0,<2.0.0",

    "dulwich>=0.8.0,<0.9.0",

    "webob==1.0.8",

    "markdown==2.1.1",

    "docutils==0.8.1",

]

if __py_version__ < (2, 6):

    requirements.append("simplejson")

    requirements.append("pysqlite")

if __platform__ in PLATFORM_WIN:

    requirements.append("mercurial>=2.1,<2.2")

else:

    requirements.append("py-bcrypt")

    requirements.append("mercurial>=2.1,<2.2")

try:

    from rhodecode.lib import get_current_revision

    _rev = get_current_revision()

except ImportError:

    # this is needed when doing some setup.py operations

    _rev = False

if len(VERSION) > 3 and _rev:

    __version__ += ' [rev:%s]' % _rev[0]

def get_version():

    """Returns shorter version (digit parts only) as string."""

    return '.'.join((str(each) for each in VERSION[:3]))

BACKENDS = {

    'hg': 'Mercurial repository',

    'git': 'Git repository',

}

CELERY_ON = False

# link to config for pylons

    return RhodeCodeCrypto.hash_string(password)

def check_password(password, hashed):

    return RhodeCodeCrypto.hash_check(password, hashed)

def generate_api_key(str_, salt=None):

    """

    Generates API KEY from given string

    :param str_:

    :param salt:

    """

    if salt is None:

        salt = _RandomNameSequence().next()

    return hashlib.sha1(str_ + salt).hexdigest()

def authfunc(environ, username, password):

    """

    Dummy authentication wrapper function used in Mercurial and Git for

    access control.

    :param environ: needed only for using in Basic auth

    """

    return authenticate(username, password)

def authenticate(username, password):

    """

    Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = User.get_by_username(username)

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and not user.ldap_dn:

        if user.active:

            if user.username == 'default' and user.active:

                         username)

                return True

            elif user.username == username and check_password(password,

                                                              user.password):

                log.info('user %s authenticated correctly' % username)

                return True

        else:

    else:

        log.debug('Regular authentication failed')

        user_obj = User.get_by_username(username, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:

            log.debug('this user already exists as non ldap')

            return False

        ldap_settings = RhodeCodeSetting.get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IF ENABLE

        #======================================================================

        if str2bool(ldap_settings.get('ldap_active')):

            log.debug("Authenticating user using ldap")

            kwargs = {

                  'server': ldap_settings.get('ldap_host', ''),

                  'base_dn': ldap_settings.get('ldap_base_dn', ''),

                  'port': ldap_settings.get('ldap_port'),

                  'bind_dn': ldap_settings.get('ldap_dn_user'),

                  'bind_pass': ldap_settings.get('ldap_dn_pass'),

                  'tls_kind': ldap_settings.get('ldap_tls_kind'),

                  'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),

                  'ldap_filter': ldap_settings.get('ldap_filter'),

                  'search_scope': ldap_settings.get('ldap_search_scope'),

                  'attr_login': ldap_settings.get('ldap_attr_login'),

                  'ldap_version': 3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

                                                                password)

                log.debug('Got ldap DN response %s' % user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

                                                           .get(k), [''])[0]

                user_attrs = {

                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

                 'email': get_ldap_attr('ldap_attr_email'),

                }

                # don't store LDAP password since we don't need it. Override

                # with some random generated password

                _password = PasswordGenerator().gen_password(length=8)

                # create this user on the fly if it doesn't exist in rhodecode

    permission given in db. We don't want to check each time from db for new

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session

        all_perms = sa.query(Permission).all()

    except Exception:

        pass

    finally:

        meta.Session.remove()

    config['available_permissions'] = [x.permission_name for x in all_perms]

#==============================================================================

# CHECK DECORATORS

#==============================================================================

class LoginRequired(object):

    """

    Must be logged in to execute this function else

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        user = cls.rhodecode_user

        api_access_ok = False

        if self.api_access:

            log.debug('Checking API KEY access for %s' % cls)

            if user.api_key == request.GET.get('api_key'):

                api_access_ok = True

            else:

                log.debug("API KEY token not valid")

        if user.is_authenticated or api_access_ok:

            return func(*fargs, **fkwargs)

        else:

            p = url.current()

            log.debug('redirecting to login page with %s' % p)

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.rhodecode_user

        log.debug('Checking if user is not anonymous @%s' % cls)

        anonymous = self.user.username == 'default'

        if anonymous:

            p = url.current()

            import rhodecode.lib.helpers as h

            h.flash(_('You need to be a registered user to '

                      'perform this action'),

                    category='warning')

            return redirect(url('login_home', came_from=p))

        else:

            return func(*fargs, **fkwargs)

class PermsDecorator(object):

    """Base class for controller decorators"""

    def __init__(self, *required_perms):

        available_perms = config['available_permissions']

        for perm in required_perms:

            if perm not in available_perms:

                raise Exception("'%s' permission is not defined" % perm)

        self.required_perms = set(required_perms)

        self.user_perms = None

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.rhodecode_user

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

           self.__class__.__name__, self.required_perms, cls,

               self.user)

        if self.check_permissions():

            log.debug('Permission granted for %s %s' % (cls, self.user))

            return func(*fargs, **fkwargs)

        else:

            anonymous = self.user.username == 'default'

            if anonymous:

                p = url.current()

                import rhodecode.lib.helpers as h

                h.flash(_('You need to be a signed in to '

                          'view this page'),

                        category='warning')

                return redirect(url('login_home', came_from=p))

            else:

                # redirect with forbidden ret code

                return abort(403)

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAllDecorator(PermsDecorator):

    """

    Checks for access permission for all given predicates. All of them

    have to be meet in order to fulfill the request

    """

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms.get('global')):

            return True

        return False

class HasPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates. In order to

    fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAllDecorator(PermsDecorator):

    """

    Checks for access permission for all given predicates for specific

    repository. All of them have to be meet in order to fulfill the request

    Checks for access permission for any of given predicates for specific

    repository. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        group_name = get_repos_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

#==============================================================================

# CHECK FUNCTIONS

#==============================================================================

class PermsFunction(object):

    """Base function for other check functions"""

    def __init__(self, *perms):

        available_perms = config['available_permissions']

        for perm in perms:

            if perm not in available_perms:

                raise Exception("'%s' permission in not defined" % perm)

        self.required_perms = set(perms)

        self.user_perms = None

        self.granted_for = ''

        self.repo_name = None

    def __call__(self, check_Location=''):

        user = request.user

        if not user:

            return False

        self.user_perms = user.permissions

        self.granted_for = user

        log.debug('checking %s %s %s', self.__class__.__name__,

                  self.required_perms, user)

        if self.check_permissions():

            log.debug('Permission granted %s @ %s', self.granted_for,

                      check_Location or 'unspecified location')

            return True

        else:

                        check_Location or 'unspecified location')

            return False

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAll(PermsFunction):

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms.get('global')):

            return True

        return False

class HasPermissionAny(PermsFunction):

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAll(PermsFunction):

    def __call__(self, repo_name=None, check_Location=''):

        self.repo_name = repo_name

        return super(HasRepoPermissionAll, self).__call__(check_Location)

    def check_permissions(self):

        if not self.repo_name:

            self.repo_name = get_repo_slug(request)

        try:

            self.user_perms = set(

                [self.user_perms['repositories'][self.repo_name]]

            )

        except KeyError:

            return False

        self.granted_for = self.repo_name

        if self.required_perms.issubset(self.user_perms):

            return True

        return False

class HasRepoPermissionAny(PermsFunction):

    def __call__(self, repo_name=None, check_Location=''):

        self.repo_name = repo_name

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('rhodecode.' + self.__class__.__name__)

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        c.rhodecode_version = __version__

        c.rhodecode_instanceid = config.get('instance_id')

        c.rhodecode_name = config.get('rhodecode_title')

        c.use_gravatar = str2bool(config.get('use_gravatar'))

        c.ga_code = config.get('rhodecode_ga_code')

        c.repo_name = get_repo_slug(request)

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)

        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            cookie_store = session.get('rhodecode_user') or {}

            user_id = cookie_store.get('user_id', None)

            username = get_container_username(environ, config)

            auth_user = AuthUser(user_id, api_key, username)

            request.user = auth_user

            self.rhodecode_user = c.rhodecode_user = auth_user

            if not self.rhodecode_user.is_authenticated and \

                       self.rhodecode_user.user_id is not None:

                self.rhodecode_user\

                    .set_authenticated(cookie_store.get('is_authenticated'))

            session['rhodecode_user'] = self.rhodecode_user.get_cookie_store()

            session.save()

            return WSGIController.__call__(self, environ, start_response)

        finally:

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.rhodecode_repo: instance of scm repository

    c.rhodecode_db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:

            c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)

            c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

            if c.rhodecode_repo is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                redirect(url('home'))

            c.repository_followers = self.scm_model.get_followers(c.repo_name)

            c.repository_forks = self.scm_model.get_forks(c.repo_name)

"""

This module provides some useful tools for ``vcs`` like annotate/diff html

output. It also includes some internal helpers.

"""

import sys

import time

import datetime

def makedate():

    lt = time.localtime()

    if lt[8] == 1 and time.daylight:

        tz = time.altzone

    else:

        tz = time.timezone

    return time.mktime(lt), tz

def date_fromtimestamp(unixts, tzoffset=0):

    """

    Makes a local datetime object out of unix timestamp

    :param unixts:

    :param tzoffset:

    """

    return datetime.datetime.fromtimestamp(float(unixts))

def safe_unicode(str_, from_encoding=None):

    """

    safe unicode function. Does few trick to turn str_ into unicode

    In case of UnicodeDecode error we try to return it with encoding detected

    by chardet library if it fails fallback to unicode with errors replaced

    :param str_: string to decode

    :rtype: unicode

    :returns: unicode object

    """

    if isinstance(str_, unicode):

        return str_

    if not from_encoding:

        import rhodecode

        from_encoding = DEFAULT_ENCODING

    try:

        return unicode(str_)

    except UnicodeDecodeError:

        pass

    try:

        return unicode(str_, from_encoding)

    except UnicodeDecodeError:

        pass

    try:

        import chardet

        encoding = chardet.detect(str_)['encoding']

        if encoding is None:

            raise Exception()

        return str_.decode(encoding)

    except (ImportError, UnicodeDecodeError, Exception):

        return unicode(str_, from_encoding, 'replace')

def safe_str(unicode_, to_encoding=None):

    """

    safe str function. Does few trick to turn unicode_ into string

    In case of UnicodeEncodeError we try to return it with encoding detected

    by chardet library if it fails fallback to string with errors replaced

    :param unicode_: unicode to encode

    :rtype: str

    :returns: str object

    """

    if isinstance(unicode_, str):

        return unicode_

    if not to_encoding:

        import rhodecode

        to_encoding = DEFAULT_ENCODING

    try:

        return unicode_.encode(to_encoding)

    except UnicodeEncodeError:

        pass

    try:

        import chardet

        encoding = chardet.detect(unicode_)['encoding']

        print encoding

        if encoding is None:

            raise UnicodeEncodeError()

        return unicode_.encode(encoding)

    except (ImportError, UnicodeEncodeError):

        return unicode_.encode(to_encoding, 'replace')

    return safe_str

def author_email(author):

    """

    returns email address of given author.

    If any of <,> sign are found, it fallbacks to regex findall()

    and returns first found result or empty string

    Regex taken from http://www.regular-expressions.info/email.html

    """

    import re

    r = author.find('>')

    l = author.find('<')

    if l == -1 or r == -1:

        # fallback to regex match of email out of a string

        email_re = re.compile(r"""[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!"""

                              r"""#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z"""

                              r"""0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]"""

                              r"""*[a-z0-9])?""", re.IGNORECASE)

        m = re.findall(email_re, author)

        return m[0] if m else ''

    return author[l + 1:r].strip()

def author_name(author):

    """

    get name of author, or else username.

    It'll try to find an email in the author string and just cut it off

                    get_crypt_password(value['new_password'])

            except UnicodeEncodeError:

                e_dict = {'new_password': _('Invalid characters in password')}

                raise formencode.Invalid('', value, state, error_dict=e_dict)

        return value

class ValidPasswordsMatch(formencode.validators.FancyValidator):

    def validate_python(self, value, state):

        pass_val = value.get('password') or value.get('new_password')

        if pass_val != value['password_confirmation']:

            e_dict = {'password_confirmation':

                   _('Passwords do not match')}

            raise formencode.Invalid('', value, state, error_dict=e_dict)

class ValidAuth(formencode.validators.FancyValidator):

    messages = {

        'invalid_password':_('invalid password'),

        'invalid_login':_('invalid user name'),

        'disabled_account':_('Your account is disabled')

    }

    # error mapping

    e_dict = {'username': messages['invalid_login'],

              'password': messages['invalid_password']}

    e_dict_disable = {'username': messages['disabled_account']}

    def validate_python(self, value, state):

        password = value['password']

        username = value['username']

        user = User.get_by_username(username)

        if authenticate(username, password):

            return value

        else:

            if user and user.active is False:

                log.warning('user %s is disabled' % username)

                raise formencode.Invalid(

                    self.message('disabled_account',

                    state=State_obj),

                    value, state,

                    error_dict=self.e_dict_disable

                )

            else:

                raise formencode.Invalid(

                    self.message('invalid_password',

                    state=State_obj), value, state,

                    error_dict=self.e_dict

                )

class ValidRepoUser(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        try:

            User.query().filter(User.active == True)\

                .filter(User.username == value).one()

        except Exception:

            raise formencode.Invalid(_('This username is not valid'),

                                     value, state)

        return value

def ValidRepoName(edit, old_data):

    class _ValidRepoName(formencode.validators.FancyValidator):

        def to_python(self, value, state):

            repo_name = value.get('repo_name')

            slug = repo_name_slug(repo_name)

            if slug in [ADMIN_PREFIX, '']:

                e_dict = {'repo_name': _('This repository name is disallowed')}

                raise formencode.Invalid('', value, state, error_dict=e_dict)

            if value.get('repo_group'):

                gr = RepoGroup.get(value.get('repo_group'))

                group_path = gr.full_path

                # value needs to be aware of group name in order to check

                # db key This is an actual just the name to store in the

                # database

                repo_name_full = group_path + RepoGroup.url_sep() + repo_name

            else:

                group_path = ''

                repo_name_full = repo_name

            value['repo_name_full'] = repo_name_full

            rename = old_data.get('repo_name') != repo_name_full

            create = not edit

            if  rename or create:

                if group_path != '':