length = int(environ['CONTENT_LENGTH'])

            log.debug('Content-Length: %s', length)

        if length == 0:

            return jsonrpc_error(retid=self._req_id,

                                 message="Content-Length is 0")

        raw_body = environ['wsgi.input'].read(length)

        try:

            json_body = json.loads(raw_body)

        except ValueError as e:

            # catch JSON errors Here

            return jsonrpc_error(retid=self._req_id,

                                 message="JSON parse error ERR:%s RAW:%r"

                                 % (e, raw_body))

        # check AUTH based on API key

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

            if not isinstance(self._request_params, dict):

                self._request_params = {}

            log.debug(

                'method: %s, params: %s', self._req_method,

                                            self._request_params

            )

        except KeyError as e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

                                     message='Invalid API key')

            auth_u = AuthUser(dbuser=u)

            if not AuthUser.check_ip_allowed(auth_u, ip_addr):

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr,))

            else:

                log.info('Access for IP:%s allowed', ip_addr)

        except Exception as e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Invalid API key')

        self._error = None

        try:

            self._func = self._find_method()

        except AttributeError as e:

            return jsonrpc_error(retid=self._req_id,

                                 message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        defaults = map(type, argspec[3] or [])

        default_empty = types.NotImplementedType

        # kw arguments required by this method

        func_kwargs = dict(itertools.izip_longest(reversed(arglist), reversed(defaults),

                                                  fillvalue=default_empty))

        # this is little trick to inject logged in user for

        # perms decorators to work they expect the controller class to have

        # authuser attribute set

        self.authuser = request.user = auth_u

        # This attribute will need to be first param of a method that uses

        # api_key, which is translated to instance of user at that name

        USER_SESSION_ATTR = 'apiuser'

        # get our arglist and check if we provided them as args

        for arg, default in func_kwargs.iteritems():

            if arg == USER_SESSION_ATTR:

                # USER_SESSION_ATTR is something translated from API key and

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if default == default_empty and arg not in self._request_params:

                return jsonrpc_error(

                    retid=self._req_id,

                    message=(

                        'Missing non optional `%s` arg in JSON DATA' % arg

                    )

                )

        self._rpc_args = {}

        self._rpc_args.update(self._request_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        self._rpc_args['start_response'] = start_response

        status = []

        headers = []

        exc_info = []

        def change_content(new_status, new_headers, new_exc_info=None):

            status.append(new_status)

            headers.extend(new_headers)

            exc_info.append(new_exc_info)

        output = WSGIController.__call__(self, environ, change_content)

        output = list(output) # expand iterator - just to ensure exact timing

        replace_header(headers, 'Content-Type', 'application/json')

        start_response(status[0], headers, exc_info[0])

        log.info('IP: %s Request to %s time: %.3fs' % (

            self._get_ip_addr(environ),

            safe_unicode(_get_access_path(environ)), time.time() - start)

        )

        return output

    def _dispatch_call(self):

        """

        Implement dispatch interface specified by WSGIController

        """

        raw_response = ''

        try:

            raw_response = self._inspect_call(self._func)

            if isinstance(raw_response, HTTPError):

                self._error = str(raw_response)

        except JSONRPCError as e:

            self._error = safe_str(e)

        except Exception as e:

            log.error('Encountered unhandled exception: %s',

                      traceback.format_exc(),)

            json_exc = JSONRPCError('Internal server error')

            self._error = safe_str(json_exc)

        if self._error is not None:

            raw_response = None

        response = dict(id=self._req_id, result=raw_response, error=self._error)

        try:

            return json.dumps(response)

        except TypeError as e:

            log.error('API FAILED. Error encoding response: %s', e)

            return json.dumps(

                dict(

                    id=self._req_id,

                    result=None,

                    error="Error encoding response"

                )

            )

    def _find_method(self):

        """

        Return method named by `self._req_method` in controller if able

        """

        log.debug('Trying to find JSON-RPC method: %s', self._req_method)

        if self._req_method.startswith('_'):

            raise AttributeError("Method not allowed")

        try:

            func = getattr(self, self._req_method, None)

        except UnicodeEncodeError:

            raise AttributeError("Problem decoding unicode in requested "

                                 "method name.")

        if isinstance(func, types.MethodType):

            return func

        else:

            raise AttributeError("No such method: %s" % (self._req_method,))

        # Expected and arguably more correct result:

        #expected = 'failed to create repository `%s`' % repo_name

        #self._compare_error(id_, expected, given=response.body)

        fixture.destroy_repo_group(repo_group_name)

    def test_api_create_repo_unknown_owner(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=owner,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        expected = 'user `%s` does not exist' % owner

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_repo_dont_specify_owner(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo != None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        assert repo != None

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin_specify_owner(self):

        repo_name = u'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

                                  owner=owner)

        response = api_call(self, params)

        expected = 'Only Kallithea admin can specify `owner` param'

        self._compare_error(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_exists(self):

        repo_name = self.REPO

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        expected = "repo `%s` already exist" % repo_name

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'create', crash)

    def test_api_create_repo_exception_occurred(self):

        repo_name = u'api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        expected = 'failed to create repository `%s`' % repo_name

        self._compare_error(id_, expected, given=response.body)

    @parametrize('changing_attr,updates', [

        ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),

        ('description', {'description': u'new description'}),

        ('clone_uri', {'clone_uri': 'http://example.com/repo'}),

        ('clone_uri', {'clone_uri': None}),

        ('landing_rev', {'landing_rev': 'branch:master'}),

        ('enable_statistics', {'enable_statistics': True}),

        ('enable_locking', {'enable_locking': True}),

        ('enable_downloads', {'enable_downloads': True}),

        ('name', {'name': u'new_repo_name'}),

        ('repo_group', {'group': u'test_group_for_update'}),

    ])

    def test_api_update_repo(self, changing_attr, updates):

        repo_name = u'api_update_me'

        repo = fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        if changing_attr == 'repo_group':

            fixture.create_repo_group(updates['group'])

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        if changing_attr == 'name':

            repo_name = updates['name']

        if changing_attr == 'repo_group':

            repo_name = u'/'.join([updates['group'], repo_name])

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            if changing_attr == 'repo_group':

                fixture.destroy_repo_group(updates['group'])

    @parametrize('changing_attr,updates', [

        ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),

        ('description', {'description': u'new description'}),

        ('clone_uri', {'clone_uri': 'http://example.com/repo'}),

        ('clone_uri', {'clone_uri': None}),

        ('landing_rev', {'landing_rev': 'branch:master'}),

        ('enable_statistics', {'enable_statistics': True}),

        ('enable_locking', {'enable_locking': True}),

        ('enable_downloads', {'enable_downloads': True}),

        ('name', {'name': u'new_repo_name'}),

        ('repo_group', {'group': u'test_group_for_update'}),

    ])

    def test_api_update_group_repo(self, changing_attr, updates):

        group_name = u'lololo'

        fixture.create_repo_group(group_name)

        repo_name = u'%s/api_update_me' % group_name

        repo = fixture.create_repo(repo_name, repo_group=group_name, repo_type=self.REPO_TYPE)

        if changing_attr == 'repo_group':

            fixture.create_repo_group(updates['group'])

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        if changing_attr == 'name':

            repo_name = u'%s/%s' % (group_name, updates['name'])

        if changing_attr == 'repo_group':

            repo_name = u'/'.join([updates['group'], repo_name.rsplit('/', 1)[-1]])

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            if changing_attr == 'repo_group':

                fixture.destroy_repo_group(updates['group'])

        fixture.destroy_repo_group(group_name)

    def test_api_update_repo_repo_group_does_not_exist(self):

        repo_name = u'admin_owned'

        fixture.create_repo(repo_name)

        updates = {'group': 'test_group_for_update'}

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'repository group `%s` does not exist' % updates['group']

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_update_repo_regular_user_not_allowed(self):

        repo_name = u'admin_owned'

        fixture.create_repo(repo_name)

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'repository `%s` does not exist' % repo_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    @mock.patch.object(RepoModel, 'update', crash)

    def test_api_update_repo_exception_occurred(self):

        repo_name = u'api_update_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, owner=TEST_USER_ADMIN_LOGIN,)

        response = api_call(self, params)

        try:

            expected = 'failed to update repo `%s`' % repo_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_update_repo_regular_user_change_repo_name(self):

        repo_name = u'admin_owned'

        new_repo_name = u'new_repo_name'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        RepoModel().grant_user_permission(repo=repo_name,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.admin')

        UserModel().revoke_perm('default', 'hg.create.repository')

        UserModel().grant_perm('default', 'hg.create.none')

        updates = {'name': new_repo_name}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'no permission to create (or move) repositories'

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            fixture.destroy_repo(new_repo_name)

    def test_api_update_repo_regular_user_change_repo_name_allowed(self):

        repo_name = u'admin_owned'

        new_repo_name = u'new_repo_name'

        repo = fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        RepoModel().grant_user_permission(repo=repo_name,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.admin')

        UserModel().revoke_perm('default', 'hg.create.none')

        UserModel().grant_perm('default', 'hg.create.repository')

        updates = {'name': new_repo_name}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, new_repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            fixture.destroy_repo(new_repo_name)

    def test_api_update_repo_regular_user_change_owner(self):

        repo_name = u'admin_owned'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        RepoModel().grant_user_permission(repo=repo_name,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.admin')

        updates = {'owner': TEST_USER_ADMIN_LOGIN}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'Only Kallithea admin can specify `owner` param'

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo(self):

        repo_name = u'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        id_, params = _build_data(self.apikey, 'delete_repo',

                                  repoid=repo_name, )

        response = api_call(self, params)

        ret = {

            'msg': 'Deleted repository `%s`' % repo_name,

            'success': True

        }

        try:

            expected = ret

            self._compare_ok(id_, expected, given=response.body)

            fixture.destroy_user_group(gr_name)

    @mock.patch.object(UserGroupModel, 'update', crash)

    def test_api_update_user_group_exception_occurred(self):

        gr_name = u'test_group'

        fixture.create_user_group(gr_name)

        try:

            id_, params = _build_data(self.apikey, 'update_user_group',

                                      usergroupid=gr_name)

            response = api_call(self, params)

            expected = 'failed to update user group `%s`' % gr_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    def test_api_add_user_to_user_group(self):

        gr_name = u'test_group'

        fixture.create_user_group(gr_name)

        try:

            id_, params = _build_data(self.apikey, 'add_user_to_user_group',

                                      usergroupid=gr_name,

                                      userid=TEST_USER_ADMIN_LOGIN)

            response = api_call(self, params)

            expected = {

            'msg': 'added member `%s` to user group `%s`' % (

                    TEST_USER_ADMIN_LOGIN, gr_name),

            'success': True

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    def test_api_add_user_to_user_group_that_doesnt_exist(self):

        id_, params = _build_data(self.apikey, 'add_user_to_user_group',

                                  usergroupid='false-group',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        expected = 'user group `%s` does not exist' % 'false-group'

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(UserGroupModel, 'add_user_to_group', crash)

    def test_api_add_user_to_user_group_exception_occurred(self):

        gr_name = u'test_group'

        fixture.create_user_group(gr_name)

        try:

            id_, params = _build_data(self.apikey, 'add_user_to_user_group',

                                      usergroupid=gr_name,

                                      userid=TEST_USER_ADMIN_LOGIN)

            response = api_call(self, params)

            expected = 'failed to add member to user group `%s`' % gr_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    def test_api_remove_user_from_user_group(self):

        gr_name = u'test_group_3'

        gr = fixture.create_user_group(gr_name)

        UserGroupModel().add_user_to_group(gr, user=TEST_USER_ADMIN_LOGIN)

        Session().commit()

        try:

            id_, params = _build_data(self.apikey, 'remove_user_from_user_group',

                                      usergroupid=gr_name,

                                      userid=TEST_USER_ADMIN_LOGIN)

            response = api_call(self, params)

            expected = {

                'msg': 'removed member `%s` from user group `%s`' % (

                    TEST_USER_ADMIN_LOGIN, gr_name

                ),

                'success': True}

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    @mock.patch.object(UserGroupModel, 'remove_user_from_group', crash)

    def test_api_remove_user_from_user_group_exception_occurred(self):

        gr_name = u'test_group_3'

        gr = fixture.create_user_group(gr_name)

        UserGroupModel().add_user_to_group(gr, user=TEST_USER_ADMIN_LOGIN)

        Session().commit()

        try:

            id_, params = _build_data(self.apikey, 'remove_user_from_user_group',

                                      usergroupid=gr_name,

                                      userid=TEST_USER_ADMIN_LOGIN)

            response = api_call(self, params)

            expected = 'failed to remove member from user group `%s`' % gr_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    def test_api_delete_user_group(self):

        gr_name = u'test_group'

        ugroup = fixture.create_user_group(gr_name)

        gr_id = ugroup.users_group_id

        try:

            id_, params = _build_data(self.apikey, 'delete_user_group',

            response = api_call(self, params)

            expected = {

                'user_group': None,

                'msg': 'deleted user group ID:%s %s' % (gr_id, gr_name)

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            if UserGroupModel().get_by_name(gr_name):

                fixture.destroy_user_group(gr_name)

    def test_api_delete_user_group_that_is_assigned(self):

        gr_name = u'test_group'

        ugroup = fixture.create_user_group(gr_name)

        gr_id = ugroup.users_group_id

        ugr_to_perm = RepoModel().grant_user_group_permission(self.REPO, gr_name, 'repository.write')

        msg = 'User Group assigned to %s' % ugr_to_perm.repository.repo_name

        try:

            id_, params = _build_data(self.apikey, 'delete_user_group',

            response = api_call(self, params)

            expected = msg

            self._compare_error(id_, expected, given=response.body)

        finally:

            if UserGroupModel().get_by_name(gr_name):

                fixture.destroy_user_group(gr_name)

    def test_api_delete_user_group_exception_occurred(self):

        gr_name = u'test_group'

        ugroup = fixture.create_user_group(gr_name)

        gr_id = ugroup.users_group_id

        id_, params = _build_data(self.apikey, 'delete_user_group',

        try:

            with mock.patch.object(UserGroupModel, 'delete', crash):

                response = api_call(self, params)

                expected = 'failed to delete user group ID:%s %s' % (gr_id, gr_name)

                self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_user_group(gr_name)

    @parametrize('name,perm', [

        ('none', 'repository.none'),

        ('read', 'repository.read'),

        ('write', 'repository.write'),

        ('admin', 'repository.admin'),

    ])

    def test_api_grant_user_permission(self, name, perm):

        id_, params = _build_data(self.apikey,

                                  'grant_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  perm=perm)

        response = api_call(self, params)

        ret = {

            'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (

                perm, TEST_USER_ADMIN_LOGIN, self.REPO

            ),

            'success': True

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_grant_user_permission_wrong_permission(self):

        perm = 'haha.no.permission'

        id_, params = _build_data(self.apikey,

                                  'grant_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  perm=perm)

        response = api_call(self, params)

        expected = 'permission `%s` does not exist' % perm

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'grant_user_permission', crash)

    def test_api_grant_user_permission_exception_when_adding(self):

        perm = 'repository.read'

        id_, params = _build_data(self.apikey,

                                  'grant_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN,

                                  perm=perm)

        response = api_call(self, params)

        expected = 'failed to edit permission for user: `%s` in repo: `%s`' % (

            TEST_USER_ADMIN_LOGIN, self.REPO

        )

        self._compare_error(id_, expected, given=response.body)

    def test_api_revoke_user_permission(self):

        id_, params = _build_data(self.apikey,

                                  'revoke_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN, )

        response = api_call(self, params)

        expected = {

            'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (

                TEST_USER_ADMIN_LOGIN, self.REPO

            ),

            'success': True

        }

        self._compare_ok(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'revoke_user_permission', crash)

    def test_api_revoke_user_permission_exception_when_adding(self):

        id_, params = _build_data(self.apikey,

                                  'revoke_user_permission',

                                  repoid=self.REPO,

                                  userid=TEST_USER_ADMIN_LOGIN, )

        response = api_call(self, params)

        expected = 'failed to edit permission for user: `%s` in repo: `%s`' % (

            TEST_USER_ADMIN_LOGIN, self.REPO

        )

        self._compare_error(id_, expected, given=response.body)

    @parametrize('name,perm', [

        ('none', 'repository.none'),

        ('read', 'repository.read'),

        ('write', 'repository.write'),

        ('admin', 'repository.admin'),

    ])

    def test_api_grant_user_group_permission(self, name, perm):

        id_, params = _build_data(self.apikey,

                                  'grant_user_group_permission',