# The template needs the email address outside of the form.

        c.email = request.params.get('email')

        if not request.POST:

            return htmlfill.render(

                render('/password_reset_confirmation.html'),

                defaults=dict(request.params),

                encoding='UTF-8')

        form = PasswordResetConfirmationForm()()

        try:

            form_result = form.to_python(dict(request.POST))

        except formencode.Invalid as errors:

            return htmlfill.render(

                render('/password_reset_confirmation.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding='UTF-8')

        if not UserModel().verify_reset_password_token(

            form_result['email'],

            form_result['timestamp'],

            form_result['token'],

        ):

            return htmlfill.render(

                render('/password_reset_confirmation.html'),

                defaults=form_result,

                errors={'token': _('Invalid password reset token')},

                prefix_error=False,

                encoding='UTF-8')

        UserModel().reset_password(form_result['email'], form_result['password'])

        h.flash(_('Successfully updated password'), category='success')

        raise HTTPFound(location=url('login_home'))

    def logout(self):

        session.delete()

        log.info('Logging out and deleting session for user')

        raise HTTPFound(location=url('home'))

    def authentication_token(self):

        """Return the CSRF protection token for the session - just like it

        could have been screen scraped from a page with a form.

        Only intended for testing but might also be useful for other kinds

        of automation.

        """

                # Note: the client doesn't get the helpful error message

                raise webob.exc.HTTPBadRequest('Unable to detect pull/push action for %r! Are you using a nonstandard command or client?' % parsed_request.repo_name)

            #======================================================================

            # CHECK PERMISSIONS

            #======================================================================

            ip_addr = self._get_ip_addr(environ)

            user, response_app = self._authorize(environ, parsed_request.action, parsed_request.repo_name, ip_addr)

            if response_app is not None:

                return response_app(environ, start_response)

            #======================================================================

            # REQUEST HANDLING

            #======================================================================

            set_hook_environment(user.username, ip_addr,

                parsed_request.repo_name, self.scm_alias, parsed_request.action)

            try:

                log.info('%s action on %s repo "%s" by "%s" from %s',

                         parsed_request.action, self.scm_alias, parsed_request.repo_name, safe_str(user.username), ip_addr)

                app = self._make_app(parsed_request)

                return app(environ, start_response)

            except Exception:

                log.error(traceback.format_exc())

                raise webob.exc.HTTPInternalServerError()

        except webob.exc.HTTPException as e:

            return e(environ, start_response)

        finally:

            log_ = logging.getLogger('kallithea.' + self.__class__.__name__)

            log_.debug('Request time: %.3fs', time.time() - start)

            meta.Session.remove()

class BaseController(TGController):

    def _before(self, *args, **kwargs):

        """

        _before is called before controller methods and after __call__

        """

        if request.needs_csrf_check:

            # CSRF protection: Whenever a request has ambient authority (whether

            # through a session cookie or its origin IP address), it must include

            # the correct token, unless the HTTP method is GET or HEAD (and thus

            # guaranteed to be side effect free. In practice, the only situation

            # where we allow side effects without ambient authority is when the

            # authority comes from an API key; and that is handled above.

            from kallithea.lib import helpers as h

                log.error('CSRF check failed')

                raise webob.exc.HTTPForbidden()

        c.kallithea_version = __version__

        rc_config = Setting.get_app_settings()

        # Visual options

        c.visual = AttributeDict({})

        ## DB stored

        c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))

        c.visual.show_private_icon = str2bool(rc_config.get('show_private_icon'))

        c.visual.stylify_metalabels = str2bool(rc_config.get('stylify_metalabels'))

        c.visual.page_size = safe_int(rc_config.get('dashboard_items', 100))

        c.visual.admin_grid_items = safe_int(rc_config.get('admin_grid_items', 100))

        c.visual.repository_fields = str2bool(rc_config.get('repository_fields'))

        c.visual.show_version = str2bool(rc_config.get('show_version'))

        c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))

        c.visual.gravatar_url = rc_config.get('gravatar_url')

        c.ga_code = rc_config.get('ga_code')

        # TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code

        if c.ga_code and '<' not in c.ga_code:

            c.ga_code = '''<script type="text/javascript">

                var _gaq = _gaq || [];

                _gaq.push(['_setAccount', '%s']);

                _gaq.push(['_trackPageview']);

                (function() {

                    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

                    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

                    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

                    })();

            </script>''' % c.ga_code

        c.site_name = rc_config.get('title')

        c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl') or Repository.DEFAULT_CLONE_URI

        c.clone_ssh_tmpl = rc_config.get('clone_ssh_tmpl') or Repository.DEFAULT_CLONE_SSH

        ## INI stored

        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.ssh_enabled = str2bool(config.get('ssh_enabled', False))

        c.instance_id = config.get('instance_id')

        c.issues_url = config.get('bugtracker', url('issues_url'))

        # END CONFIG VARS

        c.repo_name = get_repo_slug(request)  # can be empty

        # Authenticate by session cookie

        # In ancient login sessions, 'authuser' may not be a dict.

        # In that case, the user will have to log in again.

        # v0.3 and earlier included an 'is_authenticated' key; if present,

        # this must be True.

        if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True):

            return AuthUser.from_cookie(session_authuser, ip_addr=ip_addr)

        # Authenticate by auth_container plugin (if enabled)

        if any(

            plugin.is_container_auth

            for plugin in auth_modules.get_auth_plugins()

        ):

            try:

                user_info = auth_modules.authenticate('', '', request.environ)

            except UserCreationError as e:

                from kallithea.lib import helpers as h

                h.flash(e, 'error', logf=log.error)

            else:

                if user_info is not None:

                    username = user_info['username']

                    user = User.get_by_username(username, case_insensitive=True)

                    return log_in_user(user, remember=False, is_external_auth=True, ip_addr=ip_addr)

        # User is default user (if active) or anonymous

        default_user = User.get_default_user(cache=True)

        authuser = AuthUser.make(dbuser=default_user, ip_addr=ip_addr)

        if authuser is None: # fall back to anonymous

            authuser = AuthUser(dbuser=default_user) # TODO: somehow use .make?

        return authuser

    @staticmethod

    def _basic_security_checks():

        """Perform basic security/sanity checks before processing the request."""

        # Only allow the following HTTP request methods.

        if request.method not in ['GET', 'HEAD', 'POST']:

            raise webob.exc.HTTPMethodNotAllowed()

        # Also verify the _method override - no longer allowed.

        if request.params.get('_method') is None:

            pass # no override, no problem

        else:

            raise webob.exc.HTTPMethodNotAllowed()

        # Make sure CSRF token never appears in the URL. If so, invalidate it.

        from kallithea.lib import helpers as h

            log.error('CSRF key leak detected')

            session.save()

            h.flash(_('CSRF token leak has been detected - all form tokens have been expired'),

                    category='error')

        # WebOb already ignores request payload parameters for anything other

        # than POST/PUT, but double-check since other Kallithea code relies on

        # this assumption.

        if request.method not in ['POST', 'PUT'] and request.POST:

            log.error('%r request with payload parameters; WebOb should have stopped this', request.method)

            raise webob.exc.HTTPBadRequest()

    def __call__(self, environ, context):

        try:

            ip_addr = _get_ip_addr(environ)

            self._basic_security_checks()

            api_key = request.GET.get('api_key')

            try:

                # Request.authorization may raise ValueError on invalid input

                type, params = request.authorization

            except (ValueError, TypeError):

                pass

            else:

                if type.lower() == 'bearer':

                    api_key = params # bearer token is an api key too

            if api_key is None:

                authuser = self._determine_auth_user(

                    session.get('authuser'),

                    ip_addr=ip_addr,

                )

                needs_csrf_check = request.method not in ['GET', 'HEAD']

            else:

                dbuser = User.get_by_api_key(api_key)

                if dbuser is None:

                    log.info('No db user found for authentication with API key ****%s from %s',

                             api_key[-4:], ip_addr)

                authuser = AuthUser.make(dbuser=dbuser, is_external_auth=True, ip_addr=ip_addr)

                needs_csrf_check = False # API key provides CSRF protection

            if authuser is None:

                log.info('No valid user found')

                raise webob.exc.HTTPForbidden()

            # set globals for auth user

            request.authuser = authuser

            request.ip_addr = ip_addr

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Helper functions

Consists of functions to typically be used within templates, but also

available to Controllers. This module is available to both as 'h'.

"""

import hashlib

import json

import StringIO

import logging

import re

import urlparse

import textwrap

from beaker.cache import cache_region

from pygments.formatters.html import HtmlFormatter

from pygments import highlight as code_highlight

from tg.i18n import ugettext as _

from webhelpers.html import literal, HTML, escape

from webhelpers.html.tags import checkbox, end_form, hidden, link_to, \

    select, submit, text, password, textarea, radio, form as insecure_form

from webhelpers.number import format_byte_size

from webhelpers.pylonslib import Flash as _Flash

from webhelpers.text import chop_at, truncate, wrap_paragraphs

from webhelpers.html.tags import _set_input_attrs, _set_id_attr, \

    convert_boolean_attrs, NotGiven, _make_safe_id_component

from kallithea.config.routing import url

from kallithea.lib.annotate import annotate_highlight

from kallithea.lib.pygmentsutils import get_custom_lexer

from kallithea.lib.utils2 import str2bool, safe_unicode, safe_str, \

    time_to_datetime, AttributeDict, safe_int, MENTIONS_REGEX

from kallithea.lib.markup_renderer import url_re

from kallithea.lib.vcs.exceptions import ChangesetDoesNotExistError

from kallithea.lib.vcs.backends.base import BaseChangeset, EmptyChangeset

log = logging.getLogger(__name__)

def canonical_url(*args, **kargs):

    '''Like url(x, qualified=True), but returns url that not only is qualified

    but also canonical, as configured in canonical_url'''

    from kallithea import CONFIG

    try:

        parts = CONFIG.get('canonical_url', '').split('://', 1)

        kargs['host'] = parts[1]

        kargs['protocol'] = parts[0]

    except IndexError:

        kargs['qualified'] = True

    return url(*args, **kargs)

def canonical_hostname():

    '''Return canonical hostname of system'''

    from kallithea import CONFIG

    try:

        parts = CONFIG.get('canonical_url', '').split('://', 1)

        return parts[1].split('/', 1)[0]

    except IndexError:

        parts = url('home', qualified=True).split('://', 1)

        return parts[1].split('/', 1)[0]

def html_escape(s):

    """Return string with all html escaped.

    This is also safe for javascript in html but not necessarily correct.

    """

    return (s

        .replace('&', '&')

        .replace(">", ">")

        .replace("<", "&lt;")

    return ChangesetStatusModel().get_status(repo, revision)

def changeset_status_lbl(changeset_status):

    from kallithea.model.db import ChangesetStatus

    return ChangesetStatus.get_status_lbl(changeset_status)

def get_permission_name(key):

    from kallithea.model.db import Permission

    return dict(Permission.PERMS).get(key)

def journal_filter_help():

    return _(textwrap.dedent('''

        Example filter terms:

            repository:vcs

            username:developer

            action:*push*

            ip:127.0.0.1

            date:20120101

            date:[20120101100000 TO 20120102]

        Generate wildcards using '*' character:

            "repository:vcs*" - search everything starting with 'vcs'

            "repository:*vcs*" - search for repository containing 'vcs'

        Optional AND / OR operators in queries

            "repository:vcs OR repository:test"

            "username:test AND repository:test*"

    '''))

def not_mapped_error(repo_name):

    flash(_('%s repository is not mapped to db perhaps'

            ' it was created or renamed from the filesystem'

            ' please run the application again'

            ' in order to rescan repositories') % repo_name, category='error')

def ip_range(ip_addr):

    from kallithea.model.db import UserIpMap

    s, e = UserIpMap._get_ip_range(ip_addr)

    return '%s - %s' % (s, e)

def form(url, method="post", **attrs):

    """Like webhelpers.html.tags.form but automatically using secure_form with

    if method.lower() == 'get':

        return insecure_form(url, method=method, **attrs)

    # webhelpers will turn everything but GET into POST

    return secure_form(url, method=method, **attrs)

        The HMAC key consists of the following values (known only to the

        server and authorized users):

        * per-application secret (the `app_instance_uuid` setting), without

          which an attacker cannot counterfeit tokens

        * hashed user password, invalidating the token upon password change

        The HMAC message consists of the following values (potentially known

        to an attacker):

        * session ID (the anti-CSRF token), requiring an attacker to have

          access to the browser session in which the token was created

        * numeric user ID, limiting the token to a specific user (yet allowing

          users to be renamed)

        * user email address

        * time of token issue (a Unix timestamp, to enable token expiration)

        The key and message values are separated by NUL characters, which are

        guaranteed not to occur in any of the values.

        """

        app_secret = config.get('app_instance_uuid')

        return hmac.HMAC(

            key=u'\0'.join([app_secret, user.password]).encode('utf-8'),

            msg=u'\0'.join([session_id, str(user.user_id), user.email, str(timestamp)]).encode('utf-8'),

            digestmod=hashlib.sha1,

        ).hexdigest()

    def send_reset_password_email(self, data):

        """

        Sends email with a password reset token and link to the password

        reset confirmation page with all information (including the token)

        pre-filled. Also returns URL of that page, only without the token,

        allowing users to copy-paste or manually enter the token from the

        email.

        """

        from kallithea.lib.celerylib import tasks

        from kallithea.model.notification import EmailNotificationModel

        import kallithea.lib.helpers as h

        user_email = data['email']

        user = User.get_by_email(user_email)

        timestamp = int(time.time())

        if user is not None:

            if self.can_change_password(user):

                log.debug('password reset user %s found', user)

                token = self.get_reset_password_token(user,

                                                      timestamp,

                # URL must be fully qualified; but since the token is locked to

                # the current browser session, we must provide a URL with the

                # current scheme and hostname, rather than the canonical_url.

                link = h.url('reset_password_confirmation', qualified=True,

                             email=user_email,

                             timestamp=timestamp,

                             token=token)

            else:

                log.debug('password reset user %s found but was managed', user)

                token = link = None

            reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET

            body = EmailNotificationModel().get_email_tmpl(

                reg_type, 'txt',

                user=user.short_contact,

                reset_token=token,

                reset_url=link)

            html_body = EmailNotificationModel().get_email_tmpl(

                reg_type, 'html',

                user=user.short_contact,

                reset_token=token,

                reset_url=link)

            log.debug('sending email')

            tasks.send_email([user_email], _("Password reset link"), body, html_body)

            log.info('send new password mail to %s', user_email)

        else:

            log.debug("password reset email %s not found", user_email)

        return h.url('reset_password_confirmation',

                     email=user_email,

                     timestamp=timestamp)

    def verify_reset_password_token(self, email, timestamp, token):

        from kallithea.lib.celerylib import tasks

        from kallithea.lib import auth

        import kallithea.lib.helpers as h

        user = User.get_by_email(email)

        if user is None:

            log.debug("user with email %s not found", email)

            return False

        token_age = int(time.time()) - int(timestamp)

        if token_age < 0:

            log.debug('timestamp is from the future')

            return False

        if token_age > UserModel.password_reset_token_lifetime:

            log.debug('password reset token expired')

            return False

        expected_token = self.get_reset_password_token(user,

                                                       timestamp,

        log.debug('computed password reset token: %s', expected_token)

        log.debug('received password reset token: %s', token)

        return expected_token == token

    def reset_password(self, user_email, new_passwd):

        from kallithea.lib.celerylib import tasks

        from kallithea.lib import auth

        user = User.get_by_email(user_email)

        if user is not None:

            if not self.can_change_password(user):

                raise Exception('trying to change password for external user')

            user.password = auth.get_crypt_password(new_passwd)

            Session().commit()

            log.info('change password for %s', user_email)

        if new_passwd is None:

            raise Exception('unable to set new password')

        tasks.send_email([user_email],

                 _('Password reset notification'),

                 _('The password to your account %s has been changed using password reset form.') % (user.username,))

        log.info('send password reset mail to %s', user_email)

        return True

    def has_perm(self, user, perm):

        perm = Permission.guess_instance(perm)

        user = User.guess_instance(user)

        return UserToPerm.query().filter(UserToPerm.user == user) \

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = User.guess_instance(user)

        perm = Permission.guess_instance(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query() \

            .filter(UserToPerm.user == user) \

            .filter(UserToPerm.permission == perm) \

            .scalar()

        if _perm:

            return

        new = UserToPerm()

    }

    return _qs.join('&');

};

/**

 * Load HTML into DOM using Ajax

 *

 * @param $target: load html async and place it (or an error message) here

 * @param success: success callback function

 * @param args: query parameters to pass to url

 */

function asynchtml(url, $target, success, args){

    if(args===undefined){

        args=null;

    }

    $target.html(_TM['Loading ...']).css('opacity','0.3');

    return $.ajax({url: url, data: args, headers: {'X-PARTIAL-XHR': '1'}, cache: false, dataType: 'html'})

        .done(function(html) {

                $target.html(html);

                $target.css('opacity','1.0');

                //execute the given original callback

                if (success !== undefined && success) {

                    success();

                }

            })

        .fail(function(jqXHR, textStatus, errorThrown) {

                if (textStatus == "abort")

                    return;

                $target.html('<span class="bg-danger">ERROR: {0}</span>'.format(textStatus));

                $target.css('opacity','1.0');

            })

        ;

};

var ajaxGET = function(url, success, failure) {

    if(failure === undefined) {

        failure = function(jqXHR, textStatus, errorThrown) {

                if (textStatus != "abort")

                    alert("Ajax GET error: " + textStatus);

            };

    }

    return $.ajax({url: url, headers: {'X-PARTIAL-XHR': '1'}, cache: false})

        .done(success)

        .fail(failure);

};

var ajaxPOST = function(url, postData, success, failure) {

    var postData = _toQueryString(postData);

    if(failure === undefined) {

        failure = function(jqXHR, textStatus, errorThrown) {

                if (textStatus != "abort")

                    alert("Error posting to server: " + textStatus);

            };

    }

    return $.ajax({url: url, data: postData, type: 'POST', headers: {'X-PARTIAL-XHR': '1'}, cache: false})

        .done(success)

        .fail(failure);

};

/**

 * activate .show_more links

 * the .show_more must have an id that is the the id of an element to hide prefixed with _

 * the parentnode will be displayed

 */

var show_more_event = function(){

    $('.show_more').click(function(e){

        var el = e.currentTarget;

        $('#' + el.id.substring(1)).hide();

        $(el.parentNode).show();

    });

};

var _onSuccessFollow = function(target){

    var $target = $(target);

    var $f_cnt = $('#current_followers_count');

    if ($target.hasClass('follow')) {

        $target.removeClass('follow').addClass('following');

        $target.prop('title', _TM['Stop following this repository']);

        if ($f_cnt.html()) {

            var cnt = Number($f_cnt.html())+1;

            $f_cnt.html(cnt);

        }

    } else {

        $target.removeClass('following').addClass('follow');

        $target.prop('title', _TM['Start following this repository']);

        if ($f_cnt.html()) {

            var cnt = Number($f_cnt.html())-1;

            $f_cnt.html(cnt);

        }

    }

}

var toggleFollowingRepo = function(target, follows_repository_id){

    var args = 'follows_repository_id=' + follows_repository_id;

    $.post(TOGGLE_FOLLOW_URL, args, function(data){

            _onSuccessFollow(target);

        });

    return false;

};

var showRepoSize = function(target, repo_name){

    if(!$("#" + target).hasClass('loaded')){

        $("#" + target).html(_TM['Loading ...']);

        var url = pyroutes.url('repo_size', {"repo_name":repo_name});

        $.post(url, args, function(data) {

            $("#" + target).html(data);

            $("#" + target).addClass('loaded');

        });

    }

    return false;

};

/**

 * load tooltips dynamically based on data attributes, used for .lazy-cs changeset links

 */

var get_changeset_tooltip = function() {

    var $target = $(this);

    var tooltip = $target.data('tooltip');

    if (!tooltip) {

        var raw_id = $target.data('raw_id');

        var repo_name = $target.data('repo_name');

        var url = pyroutes.url('changeset_info', {"repo_name": repo_name, "revision": raw_id});

        $.ajax(url, {

            async: false,

            success: function(data) {

                tooltip = data["message"];

            }

        });

        $target.data('tooltip', tooltip);

    }

    return tooltip;

};

/**

 * activate tooltips and popups

 */

var tooltip_activate = function(){

    function placement(p, e){

        if(e.getBoundingClientRect().top > 2*$(window).height()/3){

            return 'top';

        }else{

            return 'bottom';

        }

    }

    $(document).ready(function(){

        $('[data-toggle="tooltip"]').tooltip({

            container: 'body',

                            var selected = e.currentTarget;

                            var node = selected.options[selected.selectedIndex];

                            var detected_mode = CodeMirror.findModeByMIME(node.value);

                            setCodeMirrorMode(myCodeMirror, detected_mode);

                            var proposed_ext = CodeMirror.findExtensionByMode(detected_mode);

                            var file_data = CodeMirror.getFilenameAndExt($filename_input.val());

                            var filename = file_data['filename'] || 'filename1';

                            $filename_input.val(filename + '.' + proposed_ext);

                        });

                        // on type the new filename set mode

                        $filename_input.keyup(function(e){

                            var file_data = CodeMirror.getFilenameAndExt(this.value);

                            if(file_data['ext'] != null){

                                var detected_mode = CodeMirror.findModeByExtension(file_data['ext']) || CodeMirror.findModeByMIME('text/plain');

                                if (detected_mode){

                                    setCodeMirrorMode(myCodeMirror, detected_mode);

                                    $mimetype_select.val(detected_mode.mime);

                                }

                            }

                        });

                        // set mode on page load

                        var detected_mode = CodeMirror.findModeByExtension(${h.js(file.extension)});

                        if (detected_mode){

                            setCodeMirrorMode(myCodeMirror, detected_mode);

                            $mimetype_select.val(detected_mode.mime);

                        }

                    });

                </script>

            %endfor

            <div>

            ${h.submit('update',_('Update Gist'),class_="btn btn-success")}

            <a class="btn btn-default" href="${h.url('gist', gist_id=c.gist.gist_access_id)}">${_('Cancel')}</a>

            </div>

          ${h.end_form()}

          <script>

              $('#update').on('click', function(e){

                  e.preventDefault();

                  // check for newer version.

                  $.ajax({

                    url: ${h.js(h.url('edit_gist_check_revision', gist_id=c.gist.gist_access_id))},

                    dataType: 'json',

                    type: 'POST',

                    success: function(data) {

                      if(data.success == false){

                          $('#edit_error').show();

                      }

                      else{

                        $('#eform').submit();

                      }

                    }

                  });

              });

          </script>

        </div>

    </div>

</div>

</%def>

        <link rel="stylesheet" type="text/css" href="${h.url('/css/style.css', ver=c.kallithea_version)}" media="screen"/>

        <%block name="css_extra"/>

        ## JAVASCRIPT ##

        <script type="text/javascript">

            ## JS translations map

            var TRANSLATION_MAP = {

                'Cancel': ${h.jshtml(_("Cancel"))},

                'Retry': ${h.jshtml(_("Retry"))},

                'Submitting ...': ${h.jshtml(_("Submitting ..."))},

                'Unable to post': ${h.jshtml(_("Unable to post"))},

                'Add Another Comment': ${h.jshtml(_("Add Another Comment"))},

                'Stop following this repository': ${h.jshtml(_('Stop following this repository'))},

                'Start following this repository': ${h.jshtml(_('Start following this repository'))},

                'Group': ${h.jshtml(_('Group'))},

                'Loading ...': ${h.jshtml(_('Loading ...'))},

                'loading ...': ${h.jshtml(_('loading ...'))},

                'Search truncated': ${h.jshtml(_('Search truncated'))},

                'No matching files': ${h.jshtml(_('No matching files'))},

                'Open New Pull Request from {0}': ${h.jshtml(_('Open New Pull Request from {0}'))},

                'Open New Pull Request for {0} → {1}': ${h.js(_('Open New Pull Request for {0} → {1}'))},

                'Show Selected Changesets {0} → {1}': ${h.js(_('Show Selected Changesets {0} → {1}'))},

                'Selection Link': ${h.jshtml(_('Selection Link'))},

                'Collapse Diff': ${h.jshtml(_('Collapse Diff'))},

                'Expand Diff': ${h.jshtml(_('Expand Diff'))},

                'No revisions': ${h.jshtml(_('No revisions'))},

                'Type name of user or member to grant permission': ${h.jshtml(_('Type name of user or member to grant permission'))},

                'Failed to revoke permission': ${h.jshtml(_('Failed to revoke permission'))},

                'Confirm to revoke permission for {0}: {1} ?': ${h.jshtml(_('Confirm to revoke permission for {0}: {1} ?'))},

                'Enabled': ${h.jshtml(_('Enabled'))},

                'Disabled': ${h.jshtml(_('Disabled'))},

                'Select changeset': ${h.jshtml(_('Select changeset'))},

                'Specify changeset': ${h.jshtml(_('Specify changeset'))},

                'MSG_SORTASC': ${h.jshtml(_('Click to sort ascending'))},

                'MSG_SORTDESC': ${h.jshtml(_('Click to sort descending'))},

                'MSG_EMPTY': ${h.jshtml(_('No records found.'))},

                'MSG_ERROR': ${h.jshtml(_('Data error.'))},

                'MSG_LOADING': ${h.jshtml(_('Loading...'))}

            };

            var _TM = TRANSLATION_MAP;

            var TOGGLE_FOLLOW_URL  = ${h.js(h.url('toggle_following'))};

            var REPO_NAME = "";

            %if hasattr(c, 'repo_name'):

                var REPO_NAME = ${h.js(c.repo_name)};

            %endif

        </script>

        <script type="text/javascript" src="${h.url('/js/jquery.min.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/jquery.dataTables.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/dataTables.bootstrap.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/bootstrap.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/select2.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/jquery.caret.min.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/jquery.atwho.min.js', ver=c.kallithea_version)}"></script>

        <script type="text/javascript" src="${h.url('/js/base.js', ver=c.kallithea_version)}"></script>

        ## EXTRA FOR JS

        <%block name="js_extra"/>

        <script type="text/javascript">

            $(document).ready(function(){

              tooltip_activate();

              show_more_event();

              // routes registration

              pyroutes.register('home', ${h.js(h.url('home'))}, []);

              pyroutes.register('new_gist', ${h.js(h.url('new_gist'))}, []);

              pyroutes.register('gists', ${h.js(h.url('gists'))}, []);

              pyroutes.register('new_repo', ${h.js(h.url('new_repo'))}, []);

              pyroutes.register('summary_home', ${h.js(h.url('summary_home', repo_name='%(repo_name)s'))}, ['repo_name']);

              pyroutes.register('changelog_home', ${h.js(h.url('changelog_home', repo_name='%(repo_name)s'))}, ['repo_name']);