#ADMIN DEFAULTS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/defaults') as m:

        m.connect('defaults', 'defaults',

                  action="index")

        m.connect('defaults_update', 'defaults/{id}/update',

                  action="update", conditions=dict(method=["POST"]))

    #ADMIN AUTH SETTINGS

    rmap.connect('auth_settings', '%s/auth' % ADMIN_PREFIX,

                 controller='admin/auth_settings', action='auth_settings',

                 conditions=dict(method=["POST"]))

    rmap.connect('auth_home', '%s/auth' % ADMIN_PREFIX,

                 controller='admin/auth_settings')

    #ADMIN SETTINGS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/settings') as m:

        m.connect("admin_settings", "/settings",

                  action="settings_vcs", conditions=dict(method=["POST"]))

        m.connect("admin_settings", "/settings",

                  action="settings_vcs", conditions=dict(method=["GET"]))

        m.connect("admin_settings_mapping", "/settings/mapping",

                  action="settings_mapping", conditions=dict(method=["POST"]))

        m.connect("admin_settings_mapping", "/settings/mapping",

                  action="settings_mapping", conditions=dict(method=["GET"]))

        m.connect("admin_settings_global", "/settings/global",

                  action="settings_global", conditions=dict(method=["POST"]))

        m.connect("admin_settings_global", "/settings/global",

                  action="settings_global", conditions=dict(method=["GET"]))

        m.connect("admin_settings_visual", "/settings/visual",

                  action="settings_visual", conditions=dict(method=["POST"]))

        m.connect("admin_settings_visual", "/settings/visual",

                  action="settings_visual", conditions=dict(method=["GET"]))

        m.connect("admin_settings_email", "/settings/email",

                  action="settings_email", conditions=dict(method=["POST"]))

        m.connect("admin_settings_email", "/settings/email",

                  action="settings_email", conditions=dict(method=["GET"]))

        m.connect("admin_settings_hooks", "/settings/hooks",

                  action="settings_hooks", conditions=dict(method=["POST"]))

        m.connect("admin_settings_hooks_delete", "/settings/hooks/delete",

                  action="settings_hooks", conditions=dict(method=["POST"]))

        m.connect("admin_settings_hooks", "/settings/hooks",

                  action="settings_hooks", conditions=dict(method=["GET"]))

        m.connect("admin_settings_search", "/settings/search",

                  action="settings_search", conditions=dict(method=["POST"]))

        m.connect("admin_settings_search", "/settings/search",

                  action="settings_search", conditions=dict(method=["GET"]))

        m.connect("admin_settings_system", "/settings/system",

                  action="settings_system", conditions=dict(method=["POST"]))

        m.connect("admin_settings_system", "/settings/system",

                  action="settings_system", conditions=dict(method=["GET"]))

        m.connect("admin_settings_system_update", "/settings/system/updates",

                  action="settings_system_update", conditions=dict(method=["GET"]))

    #ADMIN MY ACCOUNT

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/my_account') as m:

        m.connect("my_account", "/my_account",

                  action="my_account", conditions=dict(method=["GET"]))

        m.connect("my_account", "/my_account",

                  action="my_account", conditions=dict(method=["POST"]))

        m.connect("my_account_password", "/my_account/password",

                  action="my_account_password", conditions=dict(method=["GET"]))

        m.connect("my_account_password", "/my_account/password",

                  action="my_account_password", conditions=dict(method=["POST"]))

        m.connect("my_account_repos", "/my_account/repos",

                  action="my_account_repos", conditions=dict(method=["GET"]))

        m.connect("my_account_watched", "/my_account/watched",

                  action="my_account_watched", conditions=dict(method=["GET"]))

        m.connect("my_account_perms", "/my_account/perms",

                  action="my_account_perms", conditions=dict(method=["GET"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails", conditions=dict(method=["GET"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails_add", conditions=dict(method=["POST"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails_delete", conditions=dict(method=["DELETE"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys", conditions=dict(method=["GET"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys_add", conditions=dict(method=["POST"]))

    #NOTIFICATION REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/notifications') as m:

        m.connect("notifications", "/notifications",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("notifications_mark_all_read", "/notifications/mark_all_read",

                  action="mark_all_read", conditions=dict(method=["GET"]))

        m.connect("formatted_notifications", "/notifications.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("notification_update", "/notifications/{notification_id}/update",

                  action="update", conditions=dict(method=["POST"]))

        m.connect("notification_delete", "/notifications/{notification_id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("notification", "/notifications/{notification_id}",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_notification", "/notifications/{notification_id}.{format}",

                  action="show", conditions=dict(method=["GET"]))

    #ADMIN GIST

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/gists') as m:

        m.connect("gists", "/gists",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("gists", "/gists",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_gist", "/gists/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("gist_delete", "/gists/{gist_id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("edit_gist", "/gists/{gist_id}/edit",

                  action="edit", conditions=dict(method=["GET", "POST"]))

        m.connect("edit_gist_check_revision", "/gists/{gist_id}/edit/check_revision",

                  action="check_revision", conditions=dict(method=["POST"]))

        m.connect("gist", "/gists/{gist_id}",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("gist_rev", "/gists/{gist_id}/{revision}",

                  revision="tip",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_gist", "/gists/{gist_id}/{revision}/{format}",

                  revision="tip",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_gist_file", "/gists/{gist_id}/{revision}/{format}/{f_path:.*}",

                  revision='tip',

                  action="show", conditions=dict(method=["GET"]))

    #ADMIN MAIN PAGES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/admin') as m:

        m.connect('admin_home', '', action='index')

        m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',

                  action='add_repo')

    #==========================================================================

    # API V2

    #==========================================================================

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='api/api') as m:

        m.connect('api', '/api')

    #USER JOURNAL

    rmap.connect('journal', '%s/journal' % ADMIN_PREFIX,

                 controller='journal', action='index')

    rmap.connect('journal_rss', '%s/journal/rss' % ADMIN_PREFIX,

                 controller='journal', action='journal_rss')

    rmap.connect('journal_atom', '%s/journal/atom' % ADMIN_PREFIX,

                 controller='journal', action='journal_atom')

    rmap.connect('public_journal', '%s/public_journal' % ADMIN_PREFIX,

                 controller='journal', action="public_journal")

    rmap.connect('public_journal_rss', '%s/public_journal/rss' % ADMIN_PREFIX,

                 controller='journal', action="public_journal_rss")

    rmap.connect('public_journal_rss_old', '%s/public_journal_rss' % ADMIN_PREFIX,

                 controller='journal', action="public_journal_rss")

    rmap.connect('public_journal_atom',

                 '%s/public_journal/atom' % ADMIN_PREFIX, controller='journal',

                 action="public_journal_atom")

    rmap.connect('public_journal_atom_old',

                 '%s/public_journal_atom' % ADMIN_PREFIX, controller='journal',

                 action="public_journal_atom")

    rmap.connect('toggle_following', '%s/toggle_following' % ADMIN_PREFIX,

                 controller='journal', action='toggle_following',

                 conditions=dict(method=["POST"]))

    #SEARCH

    rmap.connect('search', '%s/search' % ADMIN_PREFIX, controller='search',)

    rmap.connect('search_repo_admin', '%s/search/{repo_name:.*}' % ADMIN_PREFIX,

                 controller='search',

<div class="apikeys_wrap">

  <table class="noborder">

    <tr>

        <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${c.user.api_key}</div></td>

        <td>

            <span class="btn btn-mini btn-success disabled">${_('Built-in')}</span>

        </td>

        <td>${_('Expires')}: ${_('Never')}</td>

        <td>

                ${h.hidden('del_api_key',c.user.api_key)}

                ${h.hidden('del_api_key_builtin',1)}

                <button class="btn btn-mini btn-danger" type="submit"

                        onclick="return confirm('${_('Confirm to reset this API key: %s') % c.user.api_key}');">

                    ${_('Reset')}

                </button>

            ${h.end_form()}

        </td>

    </tr>

    %if c.user_api_keys:

        %for api_key in c.user_api_keys:

          <tr class="${'expired' if api_key.expired else ''}">

            <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${api_key.api_key}</div></td>

            <td>${api_key.description}</td>

            <td style="min-width: 80px">

                 %if api_key.expires == -1:

                  ${_('Expires')}: ${_('Never')}

                 %else:

                    %if api_key.expired:

                        ${_('Expired')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %else:

                        ${_('Expires')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %endif

                 %endif

            </td>

            <td>

                    ${h.hidden('del_api_key',api_key.api_key)}

                    <button class="btn btn-mini btn-danger" type="submit"

                            onclick="return confirm('${_('Confirm to remove this API key: %s') % api_key.api_key}');">

                        <i class="icon-minus-circled"></i>

                        ${_('Remove')}

                    </button>

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %else:

    <tr><td><div class="ip">${_('No additional API keys specified')}</div></td></tr>

    %endif

  </table>

</div>

<div>

    ${h.form(url('my_account_api_keys'), method='post')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

             <div class="field">

                <div class="label">

                    <label for="description">${_('New API key')}:</label>

                </div>

                <div class="input">

                    ${h.text('description', class_='medium', placeholder=_('Description'))}

                    ${h.select('lifetime', '', c.lifetime_options)}

                </div>

             </div>

            <div class="buttons">

              ${h.submit('save',_('Add'),class_="btn")}

              ${h.reset('reset',_('Reset'),class_="btn")}

            </div>

        </div>

    </div>

    ${h.end_form()}

</div>

<script>

    $(document).ready(function(){

        $("#lifetime").select2({

            'dropdownAutoWidth': true

        });

    });

</script>

        if name == 'email':

            params['emails'] = [attrs['email']]

        if name == 'extern_type':

            #cannot update this via form, expected value is original one

            params['extern_type'] = "internal"

        if name == 'extern_name':

            #cannot update this via form, expected value is original one

            params['extern_name'] = str(user_id)

        if name == 'active':

            #my account cannot deactivate account

            params['active'] = True

        if name == 'admin':

            #my account cannot make you an admin !

            params['admin'] = False

        params.pop('_authentication_token')

        assert params == updated_params

    def test_my_account_update_err_email_exists(self):

        self.log_user()

        new_email = TEST_USER_REGULAR_EMAIL  # already existing email

        response = self.app.post(url('my_account'),

                                params=dict(

                                    username=TEST_USER_ADMIN_LOGIN,

                                    new_password=TEST_USER_ADMIN_PASS,

                                    password_confirmation='test122',

                                    firstname=u'NewName',

                                    lastname=u'NewLastname',

                                    email=new_email,

                                    _authentication_token=self.authentication_token())

                                )

        response.mustcontain('This email address is already in use')

    def test_my_account_update_err(self):

        self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        new_email = 'newmail.pl'

        response = self.app.post(url('my_account'),

                                 params=dict(

                                            username=TEST_USER_ADMIN_LOGIN,

                                            new_password=TEST_USER_ADMIN_PASS,

                                            password_confirmation='test122',

                                            firstname=u'NewName',

                                            lastname=u'NewLastname',

                                            email=new_email,

                                            _authentication_token=self.authentication_token()))

        response.mustcontain('An email address must contain a single @')

        from kallithea.model import validators

        msg = validators.ValidUsername(edit=False, old_data={}) \

                ._messages['username_exists']

        msg = h.html_escape(msg % {'username': TEST_USER_ADMIN_LOGIN})

        response.mustcontain(msg)

    def test_my_account_api_keys(self):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(user.api_key)

        response.mustcontain('Expires: Never')

    @parametrize('desc,lifetime', [

        ('forever', -1),

        ('5mins', 60*5),

        ('30days', 60*60*24*30),

    ])

    def test_my_account_add_api_keys(self, desc, lifetime):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        try:

            response = response.follow()

            user = User.get(usr['user_id'])

            for api_key in user.api_keys:

                response.mustcontain(api_key)

        finally:

            for api_key in UserApiKeys.query().all():

                Session().delete(api_key)

                Session().commit()

    def test_my_account_remove_api_key(self):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        response = response.follow()

        #now delete our key

        keys = UserApiKeys.query().all()

        assert 1 == len(keys)

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().all()

        assert 0 == len(keys)

    def test_my_account_reset_main_api_key(self):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        api_key = user.api_key

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(api_key)

        response.mustcontain('Expires: Never')

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])