# Or using helpers:

        #    h.form(url('admin_setting', setting_id=ID),

        #           method='put')

        # url('admin_setting', setting_id=ID)

        if setting_id == 'mapping':

            rm_obsolete = request.POST.get('destroy', False)

            initial = ScmModel().repo_scan()

            log.debug('invalidating all repositories')

            for repo_name in initial.keys():

                invalidate_cache('get_repo_cached_%s' % repo_name)

            added, removed = repo2db_mapper(initial, rm_obsolete)

        if 'CONTENT_LENGTH' not in environ:

            log.debug("No Content-Length")

            return jsonrpc_error(message="No Content-Length in request")

        else:

            length = environ['CONTENT_LENGTH'] or 0

            length = int(environ['CONTENT_LENGTH'])

        if length == 0:

            log.debug("Content-Length is 0")

            return jsonrpc_error(message="Content-Length is 0")

        raw_body = environ['wsgi.input'].read(length)

        # check AUTH based on API KEY

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

        except KeyError, e:

            return jsonrpc_error(message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

        response = dict(id=self._req_id, result=raw_response,

                        error=self._error)

        try:

            return json.dumps(response)

        except TypeError, e:

            return json.dumps(

                dict(

                    self._req_id,

                    result=None,

                    error="Error encoding response"

                )

            )

    def _find_method(self):

        """

        Return method named by `self._req_method` in controller if able

        """

        if self._req_method.startswith('_'):

            raise AttributeError("Method not allowed")

        try:

            func = getattr(self, self._req_method, None)

        except UnicodeEncodeError:

        pass

    def document(self):

        resp = request.environ.get('pylons.original_response')

        c.rhodecode_name = config.get('rhodecode_title')

        e = request.environ

        c.serv_p = r'%(protocol)s://%(host)s/' \

                                    % {'protocol': e.get('wsgi.url_scheme'),

                                       'host': e.get('HTTP_HOST'), }

                                                self.rhodecode_user.user_id)

                    Session.commit()

                    return 'ok'

                except:

                    raise HTTPBadRequest()

        raise HTTPBadRequest()

    @LoginRequired()

    def public_journal(self):

        # Return a rendered template

        p = int(request.params.get('page', 1))

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password,

                                                              user.password):

                return True

        else:

    else:

        log.debug('Regular authentication failed')

        user_obj = User.get_by_username(username, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

                                                                password)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

                                                           .get(k), [''])[0]

                user_attrs = {

                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

                 'email': get_ldap_attr('ldap_attr_email'),

                }

                if user_model.create_ldap(username, password, user_dn,

                                          user_attrs):

                Session.commit()

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

            'lastname': None,

            'email': None,

        }

        user = UserModel().create_for_container_auth(username, user_attrs)

        if not user:

            return None

    if not user.active:

        return None

    user.update_lastlogin()

    Session.commit()

        username = environ.get('HTTP_X_FORWARDED_USER')

    if username:

        # Removing realm and domain from username

        username = username.partition('@')[0]

        username = username.rpartition('\\')[2]

    return username

class  AuthUser(object):

    """

        user_model = UserModel()

        self.anonymous_user = User.get_by_username('default', cache=True)

        is_user_loaded = False

        # try go get user by api key

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

        # lookup by userid

        elif (self.user_id is not None and

              self.user_id != self.anonymous_user.user_id):

            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

        # lookup by username

        elif self.username and \

            str2bool(config.get('container_auth_enabled', False)):

            dbuser = login_container_auth(self.username)

            if dbuser is not None:

                for k, v in dbuser.get_dict().items():

                    setattr(self, k, v)

                self.set_authenticated()

                is_user_loaded = True

                self.username = None

                self.is_authenticated = False

        if not self.username:

            self.username = 'None'

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        user = cls.rhodecode_user

        api_access_ok = False

        if self.api_access:

            if user.api_key == request.GET.get('api_key'):

                api_access_ok = True

            else:

                log.debug("API KEY token not valid")

        if user.is_authenticated or api_access_ok:

            return func(*fargs, **fkwargs)

        else:

            p = url.current()

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.rhodecode_user

        anonymous = self.user.username == 'default'

        if anonymous:

            p = url.current()

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

           self.__class__.__name__, self.required_perms, cls,

               self.user)

        if self.check_permissions():

            return func(*fargs, **fkwargs)

        else:

            anonymous = self.user.username == 'default'

            if anonymous:

                p = url.current()

                import rhodecode.lib.helpers as h

                    server.simple_bind_s(dn, password)

                    attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,

                                                '(objectClass=*)')[0][1]

                    break

                except ldap.INVALID_CREDENTIALS:

            else:

                log.debug("No matching LDAP objects for authentication "

                          "of '%s' (%s)", uid, username)

                raise LdapPasswordError()

        except ldap.NO_SUCH_OBJECT:

            raise LdapUsernameError()

        except ldap.SERVER_DOWN:

            raise LdapConnectionError("LDAP can't access "

                                      "authentication server")

        return (dn, attrs)

def run_task(task, *args, **kwargs):

    if CELERY_ON:

        try:

            t = task.apply_async(args=args, kwargs=kwargs)

            return t

        except socket.error, e:

            if isinstance(e, IOError) and e.errno == 111:

                log.debug('Unable to connect to celeryd. Sync execution')

            else:

                log.error(traceback.format_exc())

        except KeyError, e:

                log.debug('Unable to connect to celeryd. Sync execution')

        except Exception, e:

            log.error(traceback.format_exc())

    return ResultWrapper(task(*args, **kwargs))

def __get_lockkey(func, *fargs, **fkwargs):

    params = list(fargs)

    params.extend(['%s-%s' % ar for ar in fkwargs.items()])

def locked_task(func):

    def __wrapper(func, *fargs, **fkwargs):

        lockkey = __get_lockkey(func, *fargs, **fkwargs)

        lockkey_path = config['here']

        try:

            l = DaemonLock(file_=jn(lockkey_path, lockkey))

            ret = func(*fargs, **fkwargs)

            l.release()

            return ret

        except LockHeld:

    log = get_logger(get_commits_stats)

    DBS = get_session()

    lockkey = __get_lockkey('get_commits_stats', repo_name, ts_min_y,

                            ts_max_y)

    lockkey_path = config['here']

    try:

        lock = l = DaemonLock(file_=jn(lockkey_path, lockkey))

        akc = lambda k: person(k).replace('"', "")

        co_day_auth_aggr = {}

        commits_by_day_aggregate = {}

        repo = Repository.get_by_repo_name(repo_name)

        if repo is None:

        if cur_stats:

            commits_by_day_aggregate = OrderedDict(json.loads(

                                        cur_stats.commit_activity_combined))

            co_day_auth_aggr = json.loads(cur_stats.commit_activity)

        lmktime = mktime

        last_rev = last_rev + 1 if last_rev >= 0 else 0

        log.debug('Getting revisions from %s to %s' % (

             last_rev, last_rev + parse_limit)

        )

            }

        stats = cur_stats if cur_stats else Statistics()

        stats.commit_activity = json.dumps(co_day_auth_aggr)

        stats.commit_activity_combined = json.dumps(overview_data)

        leftovers = len(repo.revisions[last_rev:])

        if last_rev == 0 or leftovers < parse_limit:

            log.debug('getting code trending stats')

            stats.languages = json.dumps(__get_codes_stats(repo_name))

        try:

            body = EmailNotificationModel().get_email_tmpl(reg_type,

                                                **{'user':user.short_contact,

                                                   'reset_url':link})

            log.debug('sending email')

            run_task(send_email, user_email,

                     _("password reset link"), body)

        else:

            log.debug("password reset email %s not found" % user_email)

    except:

        log.error(traceback.format_exc())

        return False

                             auth.PasswordGenerator.ALPHABETS_BIG_SMALL)

            if user:

                user.password = auth.get_crypt_password(new_passwd)

                user.api_key = auth.generate_api_key(user.username)

                DBS.add(user)

                DBS.commit()

            if new_passwd is None:

                raise Exception('unable to generate new password')

        except:

            log.error(traceback.format_exc())

            DBS.rollback()

        run_task(send_email, user_email,

                 'Your new password',

                 'Your new RhodeCode password:%s' % (new_passwd))

    except:

        log.error('Failed to update user password')

        log.error(traceback.format_exc())

    return True

            sys.exit()

        if destroy:

            meta.Base.metadata.drop_all()

        checkfirst = not override

        meta.Base.metadata.create_all(checkfirst=checkfirst)

    def set_db_version(self):

        ver = DbMigrateVersion()

        ver.version = __dbversion__

        ver.repository_id = 'rhodecode_db_migrations'

        ver.repository_path = 'versions'

        self.sa.add(ver)

    def upgrade(self):

        """

        Upgrades given database schema to given revision following

        all needed steps, to perform the upgrade

            path = test_repo_path

        path_ok = True

        # check proper dir

        if not os.path.isdir(path):

            path_ok = False

        # check write access

        if not os.access(path, os.W_OK) and path_ok:

            path_ok = False

        if retries == 0:

            sys.exit('max retries reached')

        if path_ok is False:

            retries -= 1

            return self.config_prompt(test_repo_path, retries)

        self.create_ldap_options()

        log.info('created ui config')

    def create_user(self, username, password, email='', admin=False):

        UserModel().create_or_update(username, password, email,

                                     name='RhodeCode', lastname='Admin',

                                     active=True, admin=admin)

    def create_default_user(self):

        log.info('creating default user')

    try:

        kw['engine'] = engine

        return f(*a, **kw)

    finally:

        if isinstance(engine, Engine):

            engine.dispose()

class Memoize:

    """Memoize(fn) - an instance which acts like fn but memoizes its arguments

       Will only work on functions with non-mutable arguments

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session.add(self)

        Session.commit()

    @classmethod

    def create(cls, form_data):

        from rhodecode.lib.auth import get_crypt_password

        try:

    def __get_instance(self):

        repo_full_path = self.repo_full_path

        try:

            alias = get_scm(repo_full_path)[0]

            backend = get_backend(alias)

        except VCSError:

            log.error(traceback.format_exc())

            log.error('Perhaps this repository is in db and not in '

                      'filesystem run rescan repositories with '

                      '"destroy old data " option from admin panel')

        try:

            session = Session.object_session(self)

            self.last_login = datetime.datetime.now()

            session.add(self)

            session.commit()

        except (DatabaseError,):

            session.rollback()

class UserLog(Base):

    __tablename__ = 'user_logs'

        user_log.repository_name = repo_name

        user_log.action_date = datetime.datetime.now()

        user_log.user_ip = ipaddr

        sa.add(user_log)

        if commit:

            sa.commit()

    except:

        log.error(traceback.format_exc())

        raise

    baseui._tcfg = config.config()

    if read_from == 'file':

        if not os.path.isfile(path):

            log.warning('Unable to read config file %s' % path)

            return False

        cfg = config.config()

        cfg.read(path)

        for section in ui_sections:

            for k, v in cfg.items(section):

                baseui.setconfig(section, k, v)

    elif read_from == 'db':

        sa = meta.Session

        ret = sa.query(RhodeCodeUi)\

            .options(FromCache("sql_cache_short",

        raise Exception('Missing administrative account !')

    added = []

    for name, repo in initial_repo_list.items():

        group = map_groups(name.split(Repository.url_sep()))

        if not rm.get_by_repo_name(name, cache=False):

            added.append(name)

            form_data = {

                         'repo_name': name,

                         'repo_name_full': name,

                         'repo_type': repo.alias,

                         'description': repo.description \

    """

    from rhodecode.lib.db_manage import DbManage

    from rhodecode.tests import HG_REPO, TESTS_TMP_PATH

    # PART ONE create db

    dbconf = config['sqlalchemy.db1.url']

    # create test dir if it doesn't exist

    if not os.path.isdir(repos_test_path):

        log.debug('Creating testdir %s' % repos_test_path)

        os.makedirs(repos_test_path)

    Initializes db session, bind the engine with the metadata,

    Call this before using any of the tables or classes in the model,

    preferably once in application start

    :param engine: engine to bind to

    """

    meta.Base.metadata.bind = engine

class BaseModel(object):

    """

    Base Model for all RhodeCode models, it adds sql alchemy session

        return q.scalar()

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session.add(self)

    def __json__(self):

        return dict(

            email=self.email,

            full_name=self.full_name,

            full_name_or_username=self.full_name_or_username,

        return _c(rn)

    def __get_instance(self):

        repo_full_path = self.repo_full_path

        try:

            alias = get_scm(repo_full_path)[0]

            backend = get_backend(alias)

        except VCSError:

            log.error(traceback.format_exc())

            log.error('Perhaps this repository is in db and not in '

                      'filesystem run rescan repositories with '

                      '"destroy old data " option from admin panel')

        user = User.get_by_username(username)

        if authenticate(username, password):

            return value

        else:

            if user and user.active is False:

                raise formencode.Invalid(

                    self.message('disabled_account',

                    state=State_obj),

                    value, state,

                    error_dict=self.e_dict_disable

                )

            else:

                raise formencode.Invalid(

                    self.message('invalid_password',

                    state=State_obj), value, state,

                    error_dict=self.e_dict

                )

        """

        renames repository on filesystem

        :param old: old name

        :param new: new name

        """

        old_path = os.path.join(self.repos_path, old)

        new_path = os.path.join(self.repos_path, new)

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already existing dir %s' \

            		     % new_path)

        repository is no longer valid for rhodecode, can be undeleted later on

        by reverting the renames on this repository

        :param repo: repo object

        """

        rm_path = os.path.join(self.repos_path, repo.repo_name)

        # disable hg/git

        alias = repo.repo_type

        shutil.move(os.path.join(rm_path, '.%s' % alias),

                    os.path.join(rm_path, 'rm__.%s' % alias))

        # disable repo

        shutil.move(rm_path, os.path.join(self.repos_path, 'rm__%s__%s' \

        :param repo_name:

        :param parent_id:

        """

        create_path = os.path.join(self.repos_path, group_name)

        if os.path.isdir(create_path):

            raise Exception('That directory already exists !')

        os.makedirs(create_path)

        """

        if old == new:

            log.debug('skipping group rename')

            return

        old_path = os.path.join(self.repos_path, old)

        new_path = os.path.join(self.repos_path, new)

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already '

                            'existing dir %s' % new_path)

        shutil.move(old_path, new_path)

        :param admin:

        :param ldap_dn:

        """

        from rhodecode.lib.auth import get_crypt_password

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            new_user = User()

        else: