"locked_by": "<username>",

                "locked_date": "<float lock_time>",

              },

            }

    error:  null

fork_repo

^^^^^^^^^

Create a fork of the given repo. If using Celery, this will

return success message immediately and a fork will be created

asynchronously.

This command can only be executed using the api_key of a user with admin

rights, or with the global fork permission, by a regular user with create

repository permission and at least read access to the repository.

Regular users cannot specify owner parameter.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "fork_repo"

    args:     {

                "repoid" :          "<reponame or repo_id>",

                "fork_name":        "<forkname>",

                "owner":            "<username or user_id = Optional(=apiuser)>",

                "description":      "<description>",

                "copy_permissions": "<bool>",

                "private":          "<bool>",

                "landing_rev":      "<landing_rev>"

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg": "Created fork of `<reponame>` as `<forkname>`",

              "success": true

            }

    error:  null

delete_repo

^^^^^^^^^^^

Delete a repository.

This command can only be executed using the api_key of a user with admin rights,

or that of a regular user with admin access to the repository.

When ``forks`` param is set it is possible to detach or delete forks of the deleted repository.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "delete_repo"

    args:     {

                "repoid" : "<reponame or repo_id>",

                "forks"  : "`delete` or `detach` = Optional(None)"

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg": "Deleted repository `<reponame>`",

              "success": true

            }

    error:  null

grant_user_permission

^^^^^^^^^^^^^^^^^^^^^

Grant permission for a user on the given repository, or update the existing one if found.

This command can only be executed using the api_key of a user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "grant_user_permission"

    args:     {

                "repoid" : "<reponame or repo_id>"

                "userid" : "<username or user_id>"

                "perm" :       "(repository.(none|read|write|admin))",

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",

              "success": true

            }

    error:  null

revoke_user_permission

^^^^^^^^^^^^^^^^^^^^^^

Revoke permission for a user on the given repository.

This command can only be executed using the api_key of a user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method  : "revoke_user_permission"

    args:     {

                "repoid" : "<reponame or repo_id>"

                "userid" : "<username or user_id>"

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",

              "success": true

            }

    error:  null

grant_user_group_permission

^^^^^^^^^^^^^^^^^^^^^^^^^^^

Grant permission for a user group on the given repository, or update the

existing one if found.

This command can only be executed using the api_key of a user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method :  "grant_user_group_permission"

    args:     {

                "repoid" : "<reponame or repo_id>"

                "usersgroupid" : "<user group id or name>"

                "perm" : "(repository.(none|read|write|admin))",

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",

              "success": true

            }

    error:  null

revoke_user_group_permission

^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Revoke permission for a user group on the given repository.

This command can only be executed using the api_key of a user with admin rights.

INPUT::

    id : <id_for_response>

    api_key : "<api_key>"

    method  : "revoke_user_group_permission"

    args:     {

                "repoid" : "<reponame or repo_id>"

                "usersgroupid" : "<user group id or name>"

              }

OUTPUT::

    id : <id_given_in_input>

    result: {

              "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",

              "success": true

            }

    error:  null

API access for web views

------------------------

API access can also be turned on for each web view in Kallithea that is

decorated with the ``@LoginRequired`` decorator. Some views use

``@LoginRequired(api_access=True)`` and are always available. By default only

RSS/Atom feed views are enabled. Other views are

only available if they have been whitelisted. Edit the

``api_access_controllers_whitelist`` option in your .ini file and define views

that should have API access enabled.

For example, to enable API access to patch/diff, raw file and archive::

    api_access_controllers_whitelist =

        ChangesetController:changeset_patch,

        ChangesetController:changeset_raw,

        FilesController:raw,

        FilesController:archivefile

Exposing raw diffs is a good way to integrate with

third-party services like code review, or build farms that can download archives.

class BaseVCSController(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        # base path of repo locations

        self.basepath = self.config['base_path']

        # authenticate this VCS request using the authentication modules

        self.authenticate = BasicAuth('', auth_modules.authenticate,

                                      config.get('auth_ret_code'))

        self.ip_addr = '0.0.0.0'

    def _handle_request(self, environ, start_response):

        raise NotImplementedError()

    def _get_by_id(self, repo_name):

        """

        Gets a special pattern _<ID> from clone url and tries to replace it

        with a repository_name for support of _<ID> permanent URLs

        :param repo_name:

        """

        data = repo_name.split('/')

        if len(data) >= 2:

            from kallithea.lib.utils import get_repo_by_id

            by_id_match = get_repo_by_id(repo_name)

            if by_id_match:

                data[1] = safe_str(by_id_match)

        return '/'.join(data)

    def _invalidate_cache(self, repo_name):

        """

        Sets cache for this repository for invalidation on next access

        :param repo_name: full repo name, also a cache key

        """

        ScmModel().mark_for_invalidation(repo_name)

    def _check_permission(self, action, user, repo_name, ip_addr=None):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: push or pull action

        :param user: `User` instance

        :param repo_name: repository name

        """

        # check IP

        ip_allowed = AuthUser.check_ip_allowed(user, ip_addr)

        if ip_allowed:

            log.info('Access for IP:%s allowed', ip_addr)

        else:

            return False

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(user,

                                                                  repo_name):

                return False

        return True

    def _get_ip_addr(self, environ):

        return _get_ip_addr(environ)

    def _check_locking_state(self, environ, action, repo, user_id):

        """

        Checks locking on this repository, if locking is enabled and lock is

        present returns a tuple of make_lock, locked, locked_by.

        make_lock can have 3 states None (do nothing) True, make lock

        False release lock, This value is later propagated to hooks, which

        do the locking. Think about this as signals passed to hooks what to do.

        """

        locked = False  # defines that locked error should be thrown to user

        make_lock = None

        repo = Repository.get_by_repo_name(repo)

        user = User.get(user_id)

        # this is kind of hacky, but due to how mercurial handles client-server

        # server see all operation on changeset; bookmarks, phases and

        # obsolescence marker in different transaction, we don't want to check

        # locking on those

        obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]

        locked_by = repo.locked

        if repo and repo.enable_locking and not obsolete_call:

            if action == 'push':

                #check if it's already locked !, if it is compare users

                user_id, _date = repo.locked

                if user.user_id == user_id:

                    log.debug('Got push from user %s, now unlocking', user)

                    # unlock if we have push from user who locked

                    make_lock = False

                else:

                    # we're not the same user who locked, ban with 423 !

                    locked = True

            if action == 'pull':

                if repo.locked[0] and repo.locked[1]:

                    locked = True

                else:

                    log.debug('Setting lock on repo %s by %s', repo, user)

                    make_lock = True

        else:

            log.debug('Repository %s do not have locking enabled', repo)

        log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',

                  make_lock, locked, locked_by)

        return make_lock, locked, locked_by

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('kallithea.' + self.__class__.__name__)

            log.debug('Request time: %.3fs', time.time() - start)

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        """

        __before__ is called before controller methods and after __call__

        """

        c.kallithea_version = __version__

        rc_config = Setting.get_app_settings()

        # Visual options

        c.visual = AttributeDict({})

        ## DB stored

        c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))

        c.visual.show_private_icon = str2bool(rc_config.get('show_private_icon'))

        c.visual.stylify_metatags = str2bool(rc_config.get('stylify_metatags'))

        c.visual.page_size = safe_int(rc_config.get('dashboard_items', 100))

        c.visual.admin_grid_items = safe_int(rc_config.get('admin_grid_items', 100))

        c.visual.repository_fields = str2bool(rc_config.get('repository_fields'))

        c.visual.show_version = str2bool(rc_config.get('show_version'))

        c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))

        c.visual.gravatar_url = rc_config.get('gravatar_url')

        c.ga_code = rc_config.get('ga_code')

        # TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code

        if c.ga_code and '<' not in c.ga_code:

            c.ga_code = '''<script type="text/javascript">

                var _gaq = _gaq || [];

                _gaq.push(['_setAccount', '%s']);

                _gaq.push(['_trackPageview']);

                (function() {

                    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

                    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

                    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

                    })();

            </script>''' % c.ga_code

        c.site_name = rc_config.get('title')

        c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')

        ## INI stored

        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.instance_id = config.get('instance_id')

        c.issues_url = config.get('bugtracker', url('issues_url'))

        # END CONFIG VARS

        c.repo_name = get_repo_slug(request)  # can be empty

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel() \

                        .get_unread_cnt_for_user(c.authuser.user_id)

        self.cut_off_limit = safe_int(config.get('cut_off_limit'))

        c.my_pr_count = PullRequest.query(reviewer_id=c.authuser.user_id, include_closed=False).count()

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    @staticmethod

        """

        # Authenticate by API key

        if api_key is not None:

            au = AuthUser(dbuser=User.get_by_api_key(api_key),

                authenticating_api_key=api_key, is_external_auth=True)

            if au.is_anonymous:

                log.warning('API key ****%s is NOT valid', api_key[-4:])

                raise webob.exc.HTTPForbidden(_('Invalid API key'))

            return au

        # Authenticate by session cookie

        # In ancient login sessions, 'authuser' may not be a dict.

        # In that case, the user will have to log in again.

        # v0.3 and earlier included an 'is_authenticated' key; if present,

        # this must be True.

        if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True):

            try:

                return AuthUser.from_cookie(session_authuser)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw UserCreationError to signal issues with

                # user creation. Explanation should be provided in the

                # exception object.

                from kallithea.lib import helpers as h

                h.flash(e, 'error', logf=log.error)

        # Authenticate by auth_container plugin (if enabled)

        if any(

            auth_modules.importplugin(name).is_container_auth

            for name in Setting.get_auth_plugins()

        ):

            try:

                user_info = auth_modules.authenticate('', '', request.environ)

            except UserCreationError as e:

                from kallithea.lib import helpers as h

                h.flash(e, 'error', logf=log.error)

            else:

                if user_info is not None:

                    username = user_info['username']

                    user = User.get_by_username(username, case_insensitive=True)

                    return log_in_user(user, remember=False,

                                       is_external_auth=True)

        # User is anonymous

        return AuthUser()

    @staticmethod

    def _basic_security_checks():

        """Perform basic security/sanity checks before processing the request."""

        # Only allow the following HTTP request methods.

        if request.method not in ['GET', 'HEAD', 'POST']:

            raise webob.exc.HTTPMethodNotAllowed()

        # Also verify the _method override - no longer allowed.

        if request.params.get('_method') is None:

            pass # no override, no problem

        else:

            raise webob.exc.HTTPMethodNotAllowed()

        # Make sure CSRF token never appears in the URL. If so, invalidate it.

        if secure_form.token_key in request.GET:

            log.error('CSRF key leak detected')

            session.pop(secure_form.token_key, None)

            session.save()

            from kallithea.lib import helpers as h

            h.flash(_('CSRF token leak has been detected - all form tokens have been expired'),

                    category='error')

        # WebOb already ignores request payload parameters for anything other

        # than POST/PUT, but double-check since other Kallithea code relies on

        # this assumption.

        if request.method not in ['POST', 'PUT'] and request.POST:

            log.error('%r request with payload parameters; WebOb should have stopped this', request.method)

            raise webob.exc.HTTPBadRequest()

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            self._basic_security_checks()

            #set globals for auth user

            self.authuser = c.authuser = request.user = self._determine_auth_user(

                request.GET.get('api_key'),

                session.get('authuser'),

            )

            log.info('IP: %s User: %s accessed %s',

                self.ip_addr, self.authuser,

                safe_unicode(_get_access_path(environ)),

            )

            return WSGIController.__call__(self, environ, start_response)

        except webob.exc.HTTPException as e:

            return e(environ, start_response)

        finally:

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.db_repo_scm_instance: instance of scm repository

    c.db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    c.repository_following: weather the current user is following the current repo

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:  # extracted from routes

            _dbr = Repository.get_by_repo_name(c.repo_name)

            if not _dbr:

                return

            log.debug('Found repository in database %s with state `%s`',

                      safe_unicode(_dbr), safe_unicode(_dbr.repo_state))

            route = getattr(request.environ.get('routes.route'), 'name', '')

            # allow to delete repos that are somehow damages in filesystem

            if route in ['delete_repo']:

                return

            if _dbr.repo_state in [Repository.STATE_PENDING]:

                if route in ['repo_creating_home']:

                    return

                check_url = url('repo_creating_home', repo_name=c.repo_name)

                raise webob.exc.HTTPFound(location=check_url)

            dbr = c.db_repo = _dbr

            c.db_repo_scm_instance = c.db_repo.scm_instance

            if c.db_repo_scm_instance is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                from kallithea.lib import helpers as h

                h.flash(h.literal(_('Repository not found in the filesystem')),

                        category='error')

                raise paste.httpexceptions.HTTPNotFound()

            # some globals counter for menu

            c.repository_followers = self.scm_model.get_followers(dbr)

            c.repository_forks = self.scm_model.get_forks(dbr)

            c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)

            c.repository_following = self.scm_model.is_following_repo(

                                    c.repo_name, self.authuser.user_id)

    @staticmethod

    def _get_ref_rev(repo, ref_type, ref_name, returnempty=False):

        """

        Safe way to get changeset. If error occurs show error.

        """

        from kallithea.lib import helpers as h

        try:

            return repo.scm_instance.get_ref_revision(ref_type, ref_name)

        except EmptyRepositoryError as e:

            if returnempty:

                return repo.scm_instance.EMPTY_CHANGESET

            h.flash(h.literal(_('There are no changesets yet')),

                    category='error')

            raise webob.exc.HTTPNotFound()

        except ChangesetDoesNotExistError as e:

            h.flash(h.literal(_('Changeset for %s %s not found in %s') %

                              (ref_type, ref_name, repo.repo_name)),

                    category='error')

            raise webob.exc.HTTPNotFound()

        except RepositoryError as e:

            log.error(traceback.format_exc())

            h.flash(safe_str(e), category='error')

            raise webob.exc.HTTPBadRequest()

class WSGIResultCloseCallback(object):

    """Wrap a WSGI result and let close call close after calling the

    close method on the result.

    """

    def __init__(self, result, close):

        self._result = result

        self._close = close

    def __iter__(self):

        return iter(self._result)

    def close(self):

        if hasattr(self._result, 'close'):

            self._result.close()

        self._close()

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.utils2

~~~~~~~~~~~~~~~~~~~~

Some simple helper functions

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jan 5, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import re

import sys

import time

import uuid

import datetime

import urllib

import binascii

import webob

import urlobject

from pylons.i18n.translation import _, ungettext

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.lib.compat import json

def str2bool(_str):

    """

    returns True/False value from given string, it tries to translate the

    string into boolean

    :param _str: string value to translate into boolean

    :rtype: boolean

    :returns: boolean from given string

    """

    if _str is None:

        return False

    if _str in (True, False):

        return _str

    _str = str(_str).strip().lower()

    return _str in ('t', 'true', 'y', 'yes', 'on', '1')

def aslist(obj, sep=None, strip=True):

    """

    Returns given string separated by sep as list

    :param obj:

    :param sep:

    :param strip:

    """

    if isinstance(obj, (basestring)):

        lst = obj.split(sep)

        if strip:

            lst = [v.strip() for v in lst]

        return lst

    elif isinstance(obj, (list, tuple)):

        return obj

    elif obj is None:

        return []

    else:

        return [obj]

def convert_line_endings(line, mode):

    """

    Converts a given line  "line end" according to given mode

    Available modes are::

        0 - Unix

        1 - Mac

        2 - DOS

    :param line: given line to convert

    :param mode: mode to convert to

    :rtype: str

    :return: converted line according to mode

    """

    from string import replace

    if mode == 0:

            line = replace(line, '\r\n', '\n')

            line = replace(line, '\r', '\n')

    elif mode == 1:

            line = replace(line, '\r\n', '\r')

            line = replace(line, '\n', '\r')

    elif mode == 2:

            line = re.sub("\r(?!\n)|(?<!\r)\n", "\r\n", line)

    return line

def detect_mode(line, default):

    """

    Detects line break for given line, if line break couldn't be found

    given default value is returned

    :param line: str line

    :param default: default

    :rtype: int

    :return: value of line end on of 0 - Unix, 1 - Mac, 2 - DOS

    """

    if line.endswith('\r\n'):

        return 2

    elif line.endswith('\n'):

        return 0

    elif line.endswith('\r'):

        return 1

    else:

        return default

def generate_api_key():

    """

    Generates a random (presumably unique) API key.

    """

    return binascii.hexlify(os.urandom(20))

def safe_int(val, default=None):

    """

    Returns int() of val if val is not convertable to int use default

    instead

    :param val:

    :param default:

    """

    try:

        val = int(val)

    except (ValueError, TypeError):

        val = default

    return val

def safe_unicode(str_, from_encoding=None):

    """

    safe unicode function. Does few trick to turn str_ into unicode

    In case of UnicodeDecode error we try to return it with encoding detected

    by chardet library if it fails fallback to unicode with errors replaced

    :param str_: string to decode

    :rtype: unicode

    :returns: unicode object

    """

    if isinstance(str_, unicode):

        return str_

    if not from_encoding:

        import kallithea

        DEFAULT_ENCODINGS = aslist(kallithea.CONFIG.get('default_encoding',

                                                        'utf8'), sep=',')

        from_encoding = DEFAULT_ENCODINGS

    if not isinstance(from_encoding, (list, tuple)):

        from_encoding = [from_encoding]

    try:

        return unicode(str_)

    except UnicodeDecodeError:

        pass

    for enc in from_encoding:

        try:

            return unicode(str_, enc)

        except UnicodeDecodeError:

            pass

    try:

        import chardet

        encoding = chardet.detect(str_)['encoding']

        if encoding is None:

            raise Exception()

        return str_.decode(encoding)

    except (ImportError, UnicodeDecodeError, Exception):

        return unicode(str_, from_encoding[0], 'replace')

def safe_str(unicode_, to_encoding=None):

    """

    safe str function. Does few trick to turn unicode_ into string

    In case of UnicodeEncodeError we try to return it with encoding detected

    by chardet library if it fails fallback to string with errors replaced

    :param unicode_: unicode to encode

    :rtype: str

    :returns: str object

    """

    # if it's not basestr cast to str

    if not isinstance(unicode_, basestring):

        return str(unicode_)

    if isinstance(unicode_, str):

        return unicode_

    if not to_encoding:

        import kallithea

        DEFAULT_ENCODINGS = aslist(kallithea.CONFIG.get('default_encoding',

                                                        'utf8'), sep=',')

        to_encoding = DEFAULT_ENCODINGS

    if not isinstance(to_encoding, (list, tuple)):

        to_encoding = [to_encoding]

    for enc in to_encoding:

        try:

            return unicode_.encode(enc)

        except UnicodeEncodeError:

            pass

    try:

        import chardet

        encoding = chardet.detect(unicode_)['encoding']

        if encoding is None:

            raise UnicodeEncodeError()

        return unicode_.encode(encoding)

    except (ImportError, UnicodeEncodeError):

        return unicode_.encode(to_encoding[0], 'replace')