def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('update_user', id=ID),

        #           method='put')

        # url('user', id=ID)

        user_model = UserModel()

        c.user = user_model.get(id)

        c.perm_user = AuthUser(user_id=id)

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            user_model.update(id, form_result)

            usr = form_result['username']

            action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session.commit()

        except formencode.Invalid, errors:

            e = errors.error_dict or {}

            perm = Permission.get_by_key('hg.create.repository')

            return htmlfill.render(

                render('admin/users/user_edit.html'),

                errors=e,

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('users'))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('delete_user', id=ID),

        #           method='delete')

        # url('user', id=ID)

        user_model = UserModel()

        try:

            user_model.delete(id)

            Session.commit()

            h.flash(_('successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException), e:

            Session.commit()

        else:

            perm = Permission.get_by_key('hg.create.repository')

            user_model.revoke_perm(id, perm)

            perm = Permission.get_by_key('hg.create.none')

            user_model.grant_perm(id, perm)

            h.flash(_("Revoked 'repository create' permission to user"),

                    category='success')

            Session.commit()

        return redirect(url('edit_user', id=id))

    def add_email(self, id):

        """POST /user_emails:Add an existing item"""

        # url('user_emails', id=ID, method='put')

        #TODO: validation and form !!!

        email = request.POST.get('new_email')

        user_model = UserModel()

        try:

            user_model.add_extra_email(id, email)

            Session.commit()

            h.flash(_("Added email %s to user" % email), category='success')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('edit_user', id=id))

    def delete_email(self, id):

        """DELETE /user_emails_delete/id: Delete an existing item"""

        # url('user_emails_delete', id=ID, method='delete')

        user_model = UserModel()

        user_model.delete_extra_email(id, request.POST.get('del_email'))

        Session.commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('edit_user', id=id))

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import random

import logging

import traceback

import hashlib

from tempfile import _RandomNameSequence

from decorator import decorator

from pylons import config, url, request

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS

from rhodecode.model.meta import Session

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import Permission, RhodeCodeSetting, User

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """

    This is a simple class for generating password from different sets of

    characters

    usage::

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

    """

    ALPHABETS_NUM = r'''1234567890'''

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, length, type_=None):

        if type_ is None:

            type_ = self.ALPHABETS_FULL

        self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])

        return self.passwd

class RhodeCodeCrypto(object):

    @classmethod

    def hash_string(cls, str_):

        """

        Cryptographic function used for password hashing based on pybcrypt

        or pycrypto in windows

        :param password: password to hash

        """

        if __platform__ in PLATFORM_WIN:

            return sha256(str_).hexdigest()

        elif __platform__ in PLATFORM_OTHERS:

            return bcrypt.hashpw(str_, bcrypt.gensalt(10))

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

    @classmethod

    def hash_check(cls, password, hashed):

        """

        Checks matching password with it's hashed value, runs different

        implementation based on platform it runs on

        :param password: password

        :param hashed: password in hashed form

        """

        if __platform__ in PLATFORM_WIN:

            return sha256(password).hexdigest() == hashed

        elif __platform__ in PLATFORM_OTHERS:

            return bcrypt.hashpw(password, hashed) == hashed

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

def get_crypt_password(password):

    return RhodeCodeCrypto.hash_string(password)

def check_password(password, hashed):

    return RhodeCodeCrypto.hash_check(password, hashed)

def generate_api_key(str_, salt=None):

    """

    Generates API KEY from given string

    :param str_:

    :param salt:

    """

    if salt is None:

        salt = _RandomNameSequence().next()

                     tls_kind_choices):

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        #pre_validators = [LdapLibValidator]

        ldap_active = v.StringBoolean(if_missing=False)

        ldap_host = v.UnicodeString(strip=True,)

        ldap_port = v.Number(strip=True,)

        ldap_tls_kind = v.OneOf(tls_kind_choices)

        ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)

        ldap_dn_user = v.UnicodeString(strip=True,)

        ldap_dn_pass = v.UnicodeString(strip=True,)

        ldap_base_dn = v.UnicodeString(strip=True,)

        ldap_filter = v.UnicodeString(strip=True,)

        ldap_search_scope = v.OneOf(search_scope_choices)

        ldap_attr_login = All(

            v.AttrLoginValidator(),

            v.UnicodeString(strip=True,)

        )

        ldap_attr_firstname = v.UnicodeString(strip=True,)

        ldap_attr_lastname = v.UnicodeString(strip=True,)

        ldap_attr_email = v.UnicodeString(strip=True,)

    return _LdapSettingsForm

    :created_on: Apr 9, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

from pylons import url

from pylons.i18n.translation import _

from rhodecode.lib.utils2 import safe_unicode, generate_api_key

from rhodecode.lib.caching_query import FromCache

from rhodecode.model import BaseModel

from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \

    UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \

    Notification, RepoGroup, UserRepoGroupToPerm, UsersGroupRepoGroupToPerm, \

    UserEmailMap

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

log = logging.getLogger(__name__)

PERM_WEIGHTS = {

    'repository.none': 0,

    'repository.read': 1,

    'repository.write': 3,

    'repository.admin': 4,

    'group.none': 0,

    'group.read': 1,

    'group.write': 3,

    'group.admin': 4,

}

class UserModel(BaseModel):

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def revoke_perm(self, user, perm):

        """

        Revoke users global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        obj = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .filter(UserToPerm.permission == perm)\

                .scalar()

        if obj:

            self.sa.delete(obj)

    def add_extra_email(self, user, email):

        """

        Adds email address to UserEmailMap

        :param user:

        :param email:

        """

        user = self._get_user(user)

        obj = UserEmailMap()

        obj.user = user

        self.sa.add(obj)

        return obj

    def delete_extra_email(self, user, email_id):

        """

        Removes email address from UserEmailMap

        :param user:

        :param email_id:

        """

        user = self._get_user(user)

        obj = UserEmailMap.query().get(email_id)

        if obj:

            self.sa.delete(obj)

"""

Set of generic validators

"""

import os

import re

import formencode

import logging

from pylons.i18n.translation import _

from webhelpers.pylonslib.secure_form import authentication_token

from formencode.validators import (

    UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set

)

from rhodecode.lib.utils import repo_name_slug

from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User

from rhodecode.lib.exceptions import LdapImportError

from rhodecode.config.routing import ADMIN_PREFIX

# silence warnings and pylint

UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set

log = logging.getLogger(__name__)

class StateObj(object):

    """

    this is needed to translate the messages using _() in validators

    """

    _ = staticmethod(_)

def M(self, key, state=None, **kwargs):

    """

    returns string from self.message based on given key,

    passed kw params are used to substitute %(named)s params inside

    translated strings

    :param msg:

    :param state:

    """

        messages = {

            'password_mismatch': _(u'Passwords do not match'),

        }

        def validate_python(self, value, state):

            pass_val = value.get('password') or value.get('new_password')

            if pass_val != value['password_confirmation']:

                msg = M(self, 'password_mismatch', state)

                raise formencode.Invalid(msg, value, state,

                     error_dict=dict(password_confirmation=msg)

                )

    return _validator

def ValidAuth():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_password': _(u'invalid password'),

            'invalid_username': _(u'invalid user name'),

            'disabled_account': _(u'Your account is disabled')

        }

        def validate_python(self, value, state):

            password = value['password']

            username = value['username']

            if not authenticate(username, password):

                user = User.get_by_username(username)

                if user and user.active is False:

                    log.warning('user %s is disabled' % username)

                    msg = M(self, 'disabled_account', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=msg)

                    )

                else:

                    log.warning('user %s failed to authenticate' % username)

                    msg = M(self, 'invalid_username', state)

                    msg2 = M(self, 'invalid_password', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=msg, password=msg2)

                    )

    return _validator

def ValidAuthToken():

    class _validator(formencode.validators.FancyValidator):

        messages = {