def authenticate(self, environ):

        authorization = paste.httpheaders.AUTHORIZATION(environ)

        if not authorization:

            return self.build_authentication(environ)

        (authmeth, auth) = authorization.split(' ', 1)

        if 'basic' != authmeth.lower():

            return self.build_authentication(environ)

        auth = auth.strip().decode('base64')

        _parts = auth.split(':', 1)

        if len(_parts) == 2:

            username, password = _parts

            if self.authfunc(username, password, environ) is not None:

                return username

        return self.build_authentication(environ)

    __call__ = authenticate

class BaseVCSController(object):

    """Base controller for handling Mercurial/Git protocol requests

    (coming from a VCS client, and not a browser).

    """

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        # authenticate this VCS request using the authentication modules

        self.authenticate = BasicAuth('', auth_modules.authenticate,

                                      config.get('auth_ret_code'))

    @classmethod

    def parse_request(cls, environ):

        """If request is parsed as a request for this VCS, return a namespace with the parsed request.

        If the request is unknown, return None.

        """

        raise NotImplementedError()

    def _authorize(self, environ, start_response, action, repo_name, ip_addr):

        """Authenticate and authorize user.

        Since we're dealing with a VCS client and not a browser, we only

        support HTTP basic authentication, either directly via raw header

        inspection, or by using container authentication to delegate the

        authentication to the web server.

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \

    HTTPNotAcceptable, HTTPBadRequest

from kallithea.model.db import Ui

from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \

    _set_extras

from kallithea.lib.base import BaseVCSController

from kallithea.lib.utils import make_ui, is_valid_repo

from kallithea.lib.middleware.pygrack import make_wsgi_app

log = logging.getLogger(__name__)

GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)$')

cmd_mapping = {

    'git-receive-pack': 'push',

    'git-upload-pack': 'pull',

}

class SimpleGit(BaseVCSController):

    @classmethod

    def parse_request(cls, environ):

        path_info = environ.get('PATH_INFO', '')

        m = GIT_PROTO_PAT.match(path_info)

        if m is None:

            return None

        class parsed_request(object):

            # See https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols#_the_smart_protocol

            repo_name = safe_unicode(m.group(1).rstrip('/'))

            cmd = m.group(2)

            query_string = environ['QUERY_STRING']

            if cmd == 'info/refs' and query_string.startswith('service='):

                service = query_string.split('=', 1)[1]

                action = cmd_mapping.get(service)

            else:

                service = None

                action = cmd_mapping.get(cmd)

        return parsed_request

    def _handle_request(self, parsed_request, environ, start_response):

        ip_addr = self._get_ip_addr(environ)

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        # quick check if repo exists...

            raise HTTPNotFound()

        if parsed_request.action is None:

            # Note: the client doesn't get the helpful error message

            raise HTTPBadRequest('Unable to detect pull/push action for %r! Are you using a nonstandard command or client?' % parsed_request.repo_name)

        #======================================================================

        # CHECK PERMISSIONS

        #======================================================================

        user, response_app = self._authorize(environ, start_response, parsed_request.action, parsed_request.repo_name, ip_addr)

        if response_app is not None:

            return response_app(environ, start_response)

        # extras are injected into Mercurial UI object and later available

        # in hooks executed by Kallithea

        from kallithea import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': user.username,

            'action': parsed_request.action,

            'repository': parsed_request.repo_name,

            'config': CONFIG['__file__'],

            'server_url': server_url,

        }

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        log.debug('HOOKS extras is %s', extras)

        baseui = make_ui()

        _set_extras(extras or {})

        try:

            self._handle_githooks(parsed_request.repo_name, parsed_request.action, baseui, environ)

            app = self.__make_app(parsed_request.repo_name)

            return app(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            raise HTTPInternalServerError()

    def __make_app(self, repo_name):

        """

        Return a pygrack wsgi application.

        """

        return make_wsgi_app(repo_name, safe_str(self.basepath)) # FIXME: safe_str???

    def _handle_githooks(self, repo_name, action, baseui, environ):

        """

        Handles pull action, push is handled by post-receive hook

        """

        from kallithea.lib.hooks import log_pull_action

        service = environ['QUERY_STRING'].split('=')

        if len(service) < 2:

            return

        from kallithea.model.db import Repository

        _repo = Repository.get_by_repo_name(repo_name)

    'clonebundles': 'pull',

    'debugwireargs': 'pull',

    'filedata': 'pull',

    'getbundle': 'pull',

    'getlfile': 'pull',

    'heads': 'pull',

    'hello': 'pull',

    'known': 'pull',

    'lheads': 'pull',

    'listkeys': 'pull',

    'lookup': 'pull',

    'manifestdata': 'pull',

    'narrow_widen': 'pull',

    'protocaps': 'pull',

    'statlfile': 'pull',

    'stream_out': 'pull',

    'pushkey': 'push',

    'putlfile': 'push',

    'unbundle': 'push',

    }

class SimpleHg(BaseVCSController):

    @classmethod

    def parse_request(cls, environ):

        http_accept = environ.get('HTTP_ACCEPT', '')

        if not http_accept.startswith('application/mercurial'):

            return None

        path_info = environ.get('PATH_INFO', '')

        if not path_info.startswith('/'): # it must!

            return None

        class parsed_request(object):

            repo_name = safe_unicode(path_info[1:].rstrip('/'))

            query_string = environ['QUERY_STRING']

            action = None

            for qry in query_string.split('&'):

                parts = qry.split('=', 1)

                if len(parts) == 2 and parts[0] == 'cmd':

                    cmd = parts[1]

                    if cmd == 'batch':

                        hgarg = get_header_hgarg(environ)

                        if not hgarg.startswith('cmds='):

                            action = 'push' # paranoid and safe

                            break

                        action = 'pull'

                        for cmd_arg in hgarg[5:].split(';'):

                            cmd, _args = urllib.unquote_plus(cmd_arg).split(' ', 1)

                            op = cmd_mapping.get(cmd, 'push')

                            if op != 'pull':

                                assert op == 'push'

                                action = 'push'

                                break

                    else:

                        action = cmd_mapping.get(cmd, 'push')

                    break # only process one cmd

        return parsed_request

    def _handle_request(self, parsed_request, environ, start_response):

        ip_addr = self._get_ip_addr(environ)

        # skip passing error to error controller

        environ['pylons.status_code_redirect'] = True

        # quick check if repo exists...

            raise HTTPNotFound()

        if parsed_request.action is None:

            # Note: the client doesn't get the helpful error message

            raise HTTPBadRequest('Unable to detect pull/push action for %r! Are you using a nonstandard command or client?' % parsed_request.repo_name)

        #======================================================================

        # CHECK PERMISSIONS

        #======================================================================

        user, response_app = self._authorize(environ, start_response, parsed_request.action, parsed_request.repo_name, ip_addr)

        if response_app is not None:

            return response_app(environ, start_response)

        # extras are injected into Mercurial UI object and later available

        # in hooks executed by Kallithea

        from kallithea import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': user.username,

            'action': parsed_request.action,

            'repository': parsed_request.repo_name,

            'config': CONFIG['__file__'],

            'server_url': server_url,

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        str_repo_name = safe_str(parsed_request.repo_name)

        repo_path = os.path.join(safe_str(self.basepath), str_repo_name)

        log.debug('Repository path is %s', repo_path)

        log.debug('HOOKS extras is %s', extras)

        baseui = make_ui(repo_path=repo_path)

        _set_extras(extras or {})

        try:

            environ['REPO_NAME'] = str_repo_name # used by hgweb_mod.hgweb

            app = self.__make_app(repo_path, baseui)

            return app(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            raise HTTPInternalServerError()

    def __make_app(self, repo_name, baseui):

        """

        Make an hgweb wsgi application using baseui.

        """

        return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)