:param name:

      :param firstname:

      :param short_contact:

      :param admin:

      :param lastname:

      :param ip_addresses:

      :param ldap_dn:

      :param email:

      :param api_key:

      :param last_login:

      :param full_name:

      :param active:

      :param password:

      :param emails:

      :param created_by:

    """

    return 0

CREATE_USER_HOOK = _cruserhook

#==============================================================================

# POST DELETE REPOSITORY HOOK

#==============================================================================

# this function will be executed after each repository deletion

def _dlrepohook(*args, **kwargs):

    """

    Post delete repository HOOK

    kwargs available:

     :param repo_name:

     :param repo_type:

     :param description:

     :param private:

     :param created_on:

     :param enable_downloads:

     :param repo_id:

     :param owner_id:

     :param enable_statistics:

     :param clone_uri:

     :param fork_id:

     :param group_id:

     :param deleted_by:

     :param deleted_on:

    """

    return 0

DELETE_REPO_HOOK = _dlrepohook

#==============================================================================

# POST DELETE USER HOOK

#==============================================================================

# this function will be executed after each user is deleted

def _dluserhook(*args, **kwargs):

    """

    Post delete user HOOK

    kwargs available:

      :param username:

      :param full_name_or_username:

      :param full_contact:

      :param user_id:

      :param name:

      :param firstname:

      :param short_contact:

      :param admin:

      :param lastname:

      :param ip_addresses:

      :param ldap_dn:

      :param email:

      :param api_key:

      :param last_login:

      :param full_name:

      :param active:

      :param password:

      :param emails:

      :param deleted_by:

    """

    return 0

DELETE_USER_HOOK = _dluserhook

#==============================================================================

# POST PUSH HOOK

#==============================================================================

# this function will be executed after each push it's executed after the

# build-in hook that Kallithea uses for logging pushes

def _pushhook(*args, **kwargs):

    """

    Post push hook

    kwargs available:

      :param config: path to .ini config used

      :param scm: type of VS 'git' or 'hg'

      :param username: name of user who pushed

      :param ip: ip of who pushed

      :param action: push

      :param repository: repository name

      :param pushed_revs: list of pushed revisions

    """

    return 0

PUSH_HOOK = _pushhook

#==============================================================================

# POST PULL HOOK

#==============================================================================

# this function will be executed after each push it's executed after the

# build-in hook that Kallithea uses for logging pulls

def _pullhook(*args, **kwargs):

    """

    Post pull hook

    kwargs available::

      :param config: path to .ini config used

      :param scm: type of VS 'git' or 'hg'

      :param username: name of user who pulled

      :param ip: ip of who pulled

      :param action: pull

      :param repository: repository name

    """

    return 0

PULL_HOOK = _pullhook

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.base

~~~~~~~~~~~~~~~~~~

The base Controller API

Provides the BaseController class for subclassing. And usage in different

controllers

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Oct 06, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import datetime

import decorator

import logging

import time

import traceback

import warnings

import webob.exc

import paste.httpexceptions

import paste.auth.basic

import paste.httpheaders

from webhelpers.pylonslib import secure_form

from tg import config, tmpl_context as c, request, response, session, render_template

from tg import TGController

from tg.i18n import ugettext as _

from kallithea import __version__, BACKENDS

from kallithea.config.routing import url

from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict, \

from kallithea.lib import auth_modules

from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware

from kallithea.lib.compat import json

from kallithea.lib.utils import get_repo_slug, is_valid_repo

from kallithea.lib.exceptions import UserCreationError

from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError

from kallithea.model import meta

from kallithea.model.db import PullRequest, Repository, User, Setting

from kallithea.model.scm import ScmModel

log = logging.getLogger(__name__)

def render(template_path):

    return render_template({'url': url}, 'mako', template_path)

def _filter_proxy(ip):

    """

    HEADERS can have multiple ips inside the left-most being the original

    client, and each successive proxy that passed the request adding the IP

    address where it received the request from.

    :param ip:

    """

    if ',' in ip:

        _ips = ip.split(',')

        _first_ip = _ips[0].strip()

        log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)

        return _first_ip

    return ip

def _get_ip_addr(environ):

    proxy_key = 'HTTP_X_REAL_IP'

    proxy_key2 = 'HTTP_X_FORWARDED_FOR'

    def_key = 'REMOTE_ADDR'

    ip = environ.get(proxy_key)

    if ip:

        return _filter_proxy(ip)

    ip = environ.get(proxy_key2)

    if ip:

        return _filter_proxy(ip)

    ip = environ.get(def_key, '0.0.0.0')

    return _filter_proxy(ip)

def _get_access_path(environ):

    """Return PATH_INFO from environ ... using tg.original_request if available."""

    org_req = environ.get('tg.original_request')

    if org_req is not None:

        environ = org_req.environ

    return environ.get('PATH_INFO')

def log_in_user(user, remember, is_external_auth, ip_addr):

    """

    Log a `User` in and update session and cookies. If `remember` is True,

    the session cookie is set to expire in a year; otherwise, it expires at

    the end of the browser session.

    Returns populated `AuthUser` object.

    """

    # It should not be possible to explicitly log in as the default user.

    assert not user.is_default_user, user

    auth_user = AuthUser.make(dbuser=user, is_external_auth=is_external_auth, ip_addr=ip_addr)

    if auth_user is None:

        return None

    user.update_lastlogin()

    meta.Session().commit()

    # Start new session to prevent session fixation attacks.

    session.invalidate()

    session['authuser'] = cookie = auth_user.to_cookie()

    # If they want to be remembered, update the cookie.

    # NOTE: Assumes that beaker defaults to browser session cookie.

    if remember:

        t = datetime.datetime.now() + datetime.timedelta(days=365)

        session._set_cookie_expires(t)

    session.save()

    log.info('user %s is now authenticated and stored in '

             'session, session attrs %s', user.username, cookie)

    # dumps session attrs back to cookie

    session._update_cookie_out()

    return auth_user

        # If not authenticated by the container, running basic auth

        if not username:

            self.authenticate.realm = safe_str(self.config['realm'])

            result = self.authenticate(environ)

            if isinstance(result, str):

                paste.httpheaders.AUTH_TYPE.update(environ, 'basic')

                paste.httpheaders.REMOTE_USER.update(environ, result)

                username = result

            else:

                return None, result.wsgi_application

        #==============================================================

        # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

        #==============================================================

        try:

            user = User.get_by_username_or_email(username)

        except Exception:

            log.error(traceback.format_exc())

            return None, webob.exc.HTTPInternalServerError()

        authuser = AuthUser.make(dbuser=user, ip_addr=ip_addr)

        if authuser is None:

            return None, webob.exc.HTTPForbidden()

        if not self._check_permission(action, authuser, repo_name):

            return None, webob.exc.HTTPForbidden()

        return user, None

    def _handle_request(self, environ, start_response):

        raise NotImplementedError()

    def _check_permission(self, action, authuser, repo_name):

        """

        Checks permissions using action (push/pull) user and repository

        name

        :param action: 'push' or 'pull' action

        :param user: `User` instance

        :param repo_name: repository name

        """

        if action == 'push':

            if not HasPermissionAnyMiddleware('repository.write',

                                              'repository.admin')(authuser,

                                                                  repo_name):

                return False

        else:

            #any other action need at least read permission

            if not HasPermissionAnyMiddleware('repository.read',

                                              'repository.write',

                                              'repository.admin')(authuser,

                                                                  repo_name):

                return False

        return True

    def _get_ip_addr(self, environ):

        return _get_ip_addr(environ)

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            # try parsing a request for this VCS - if it fails, call the wrapped app

            parsed_request = self.parse_request(environ)

            if parsed_request is None:

                return self.application(environ, start_response)

            # skip passing error to error controller

            environ['pylons.status_code_redirect'] = True

            # quick check if repo exists...

            if not is_valid_repo(parsed_request.repo_name, self.basepath, self.scm_alias):

                raise webob.exc.HTTPNotFound()

            if parsed_request.action is None:

                # Note: the client doesn't get the helpful error message

                raise webob.exc.HTTPBadRequest('Unable to detect pull/push action for %r! Are you using a nonstandard command or client?' % parsed_request.repo_name)

            #======================================================================

            # CHECK PERMISSIONS

            #======================================================================

            ip_addr = self._get_ip_addr(environ)

            user, response_app = self._authorize(environ, parsed_request.action, parsed_request.repo_name, ip_addr)

            if response_app is not None:

                return response_app(environ, start_response)

            # extras are injected into Mercurial UI object and later available

            # in hooks executed by Kallithea

            from kallithea import CONFIG

            extras = {

                'ip': ip_addr,

                'username': user.username,

                'action': parsed_request.action,

                'repository': parsed_request.repo_name,

                'scm': self.scm_alias,

                'config': CONFIG['__file__'],

            }

            #======================================================================

            # REQUEST HANDLING

            #======================================================================

            log.debug('HOOKS extras is %s', extras)

            _set_extras(extras)

            try:

                log.info('%s action on %s repo "%s" by "%s" from %s',

                         parsed_request.action, self.scm_alias, parsed_request.repo_name, safe_str(user.username), ip_addr)

                app = self._make_app(parsed_request)

                return app(environ, start_response)

            except Exception:

                log.error(traceback.format_exc())

                raise webob.exc.HTTPInternalServerError()

        except webob.exc.HTTPException as e:

            return e(environ, start_response)

        finally:

            log_ = logging.getLogger('kallithea.' + self.__class__.__name__)

            log_.debug('Request time: %.3fs', time.time() - start)

            meta.Session.remove()

class BaseController(TGController):

    def _before(self, *args, **kwargs):

        """

        _before is called before controller methods and after __call__

        """

        if request.needs_csrf_check:

            # CSRF protection: Whenever a request has ambient authority (whether

            # through a session cookie or its origin IP address), it must include

            # the correct token, unless the HTTP method is GET or HEAD (and thus

            # guaranteed to be side effect free. In practice, the only situation

            # where we allow side effects without ambient authority is when the

            # authority comes from an API key; and that is handled above.

            token = request.POST.get(secure_form.token_key)

            if not token or token != secure_form.authentication_token():

                log.error('CSRF check failed')

                raise webob.exc.HTTPForbidden()

        c.kallithea_version = __version__

        rc_config = Setting.get_app_settings()

        # Visual options

        c.visual = AttributeDict({})

        ## DB stored

        c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))

        c.visual.show_private_icon = str2bool(rc_config.get('show_private_icon'))

        c.visual.stylify_metalabels = str2bool(rc_config.get('stylify_metalabels'))

        c.visual.page_size = safe_int(rc_config.get('dashboard_items', 100))

        c.visual.admin_grid_items = safe_int(rc_config.get('admin_grid_items', 100))

        c.visual.repository_fields = str2bool(rc_config.get('repository_fields'))

        c.visual.show_version = str2bool(rc_config.get('show_version'))

        c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))

        c.visual.gravatar_url = rc_config.get('gravatar_url')

        c.ga_code = rc_config.get('ga_code')

        # TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code

        if c.ga_code and '<' not in c.ga_code:

            c.ga_code = '''<script type="text/javascript">

                var _gaq = _gaq || [];

                _gaq.push(['_setAccount', '%s']);

                _gaq.push(['_trackPageview']);

                (function() {

                    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

                    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

                    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

                    })();

            </script>''' % c.ga_code

        c.site_name = rc_config.get('title')

        c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')

        ## INI stored

        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.instance_id = config.get('instance_id')

        c.issues_url = config.get('bugtracker', url('issues_url'))

        # END CONFIG VARS

        c.repo_name = get_repo_slug(request)  # can be empty

        c.backends = BACKENDS.keys()

        self.cut_off_limit = safe_int(config.get('cut_off_limit'))

        c.my_pr_count = PullRequest.query(reviewer_id=request.authuser.user_id, include_closed=False).count()

        self.scm_model = ScmModel()

    @staticmethod

    def _determine_auth_user(session_authuser, ip_addr):

    args.update(override)

    args['user'] = urllib.quote(safe_str(args['user']))

    for k, v in args.items():

        uri_tmpl = uri_tmpl.replace('{%s}' % k, v)

    # remove leading @ sign if it's present. Case of empty user

    url_obj = urlobject.URLObject(uri_tmpl)

    url = url_obj.with_netloc(url_obj.netloc.lstrip('@'))

    return safe_unicode(url)

def get_changeset_safe(repo, rev):

    """

    Safe version of get_changeset if this changeset doesn't exists for a

    repo it returns a Dummy one instead

    :param repo:

    :param rev:

    """

    from kallithea.lib.vcs.backends.base import BaseRepository

    from kallithea.lib.vcs.exceptions import RepositoryError

    from kallithea.lib.vcs.backends.base import EmptyChangeset

    if not isinstance(repo, BaseRepository):

        raise Exception('You must pass an Repository '

                        'object as first argument got %s', type(repo))

    try:

        cs = repo.get_changeset(rev)

    except (RepositoryError, LookupError):

        cs = EmptyChangeset(requested_revision=rev)

    return cs

def datetime_to_time(dt):

    if dt:

        return time.mktime(dt.timetuple())

def time_to_datetime(tm):

    if tm:

        if isinstance(tm, basestring):

            try:

                tm = float(tm)

            except ValueError:

                return

        return datetime.datetime.fromtimestamp(tm)

# Must match regexp in kallithea/public/js/base.js MentionsAutoComplete()

# Check char before @ - it must not look like we are in an email addresses.

# Matching is greedy so we don't have to look beyond the end.

MENTIONS_REGEX = re.compile(r'(?:^|(?<=[^a-zA-Z0-9]))@([a-zA-Z0-9][-_.a-zA-Z0-9]*[a-zA-Z0-9])')

def extract_mentioned_usernames(text):

    r"""

    Returns list of (possible) usernames @mentioned in given text.

    >>> extract_mentioned_usernames('@1-2.a_X,@1234 not@not @ddd@not @n @ee @ff @gg, @gg;@hh @n\n@zz,')

    ['1-2.a_X', '1234', 'ddd', 'ee', 'ff', 'gg', 'gg', 'hh', 'zz']

    """

    return MENTIONS_REGEX.findall(text)

def extract_mentioned_users(text):

    """ Returns set of actual database Users @mentioned in given text. """

    from kallithea.model.db import User

    result = set()

    for name in extract_mentioned_usernames(text):

        user = User.get_by_username(name, case_insensitive=True)

        if user is not None and not user.is_default_user:

            result.add(user)

    return result

class AttributeDict(dict):

    def __getattr__(self, attr):

        return self.get(attr, None)

    __setattr__ = dict.__setitem__

    __delattr__ = dict.__delitem__

def obfuscate_url_pw(engine):

    from sqlalchemy.engine import url as sa_url

    from sqlalchemy.exc import ArgumentError

    try:

        _url = sa_url.make_url(engine or '')

    except ArgumentError:

        return engine

    if _url.password:

        _url.password = 'XXXXX'

    return str(_url)

def _extract_extras():

    """

    Extracts the Kallithea extras data from os.environ, and wraps it into named

    AttributeDict object

    """

    try:

        extras = json.loads(os.environ['KALLITHEA_EXTRAS'])

    except KeyError:

        raise Exception("Environment variable KALLITHEA_EXTRAS not found")

    try:

        for k in ['username', 'repository', 'scm', 'action', 'ip']:

            extras[k]

    except KeyError:

        raise Exception('Missing key %s in KALLITHEA_EXTRAS %s' % (k, extras))

    return AttributeDict(extras)

def _set_extras(extras):

    os.environ['KALLITHEA_EXTRAS'] = json.dumps(extras)

def get_current_authuser():

    """

    Gets kallithea user from threadlocal tmpl_context variable if it's

    defined, else returns None.

    """

    from tg import tmpl_context

    if hasattr(tmpl_context, 'authuser'):

        return tmpl_context.authuser

    return None

class OptionalAttr(object):

    """

    Special Optional Option that defines other attribute. Example::

        def test(apiuser, userid=Optional(OAttr('apiuser')):

            user = Optional.extract(userid)

            # calls

    """

    def __init__(self, attr_name):

        self.attr_name = attr_name

    def __repr__(self):

        return '<OptionalAttr:%s>' % self.attr_name

    def __call__(self):

        return self

# alias

OAttr = OptionalAttr

class Optional(object):

    """

    Defines an optional parameter::

        param = param.getval() if isinstance(param, Optional) else param

        param = param() if isinstance(param, Optional) else param

    is equivalent of::

        param = Optional.extract(param)

    """

    def __init__(self, type_):

        self.type_ = type_

    def __repr__(self):

        return '<Optional:%s>' % self.type_.__repr__()

    def __call__(self):

        return self.getval()

    def getval(self):

        """

        returns value from this Optional instance

        """

        if isinstance(self.type_, OAttr):

            # use params name

            return self.type_.attr_name

        return self.type_

    @classmethod

    def extract(cls, val):

        """

        Extracts value from Optional() instance

        :param val:

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.scm

~~~~~~~~~~~~~~~~~~~

Scm model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 9, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import sys

import posixpath

import re

import time

import traceback

import logging

import cStringIO

import pkg_resources

from sqlalchemy import func

from tg.i18n import ugettext as _

import kallithea

from kallithea.lib.vcs import get_backend

from kallithea.lib.vcs.exceptions import RepositoryError

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.lib.vcs.nodes import FileNode

from kallithea.lib.vcs.backends.base import EmptyChangeset

from kallithea import BACKENDS

from kallithea.lib import helpers as h

from kallithea.lib.auth import HasRepoPermissionLevel, HasRepoGroupPermissionLevel, \

    HasUserGroupPermissionLevel, HasPermissionAny, HasPermissionAny

from kallithea.lib.utils import get_filesystem_repos, make_ui, \

    action_logger

from kallithea.model.db import Repository, Session, Ui, CacheInvalidation, \

    UserFollowing, UserLog, User, RepoGroup, PullRequest

from kallithea.lib.hooks import process_pushed_raw_ids

from kallithea.lib.exceptions import NonRelativePathError, IMCCommitError

log = logging.getLogger(__name__)

class UserTemp(object):

    def __init__(self, user_id):

        self.user_id = user_id

    def __repr__(self):

        return "<%s('id:%s')>" % (self.__class__.__name__, self.user_id)

class RepoTemp(object):

    def __init__(self, repo_id):

        self.repo_id = repo_id

    def __repr__(self):

        return "<%s('id:%s')>" % (self.__class__.__name__, self.repo_id)

class _PermCheckIterator(object):

    def __init__(self, obj_list, obj_attr, perm_set, perm_checker, extra_kwargs=None):

        """

        Creates iterator from given list of objects, additionally

        checking permission for them from perm_set var

        :param obj_list: list of db objects

        :param obj_attr: attribute of object to pass into perm_checker

        :param perm_set: list of permissions to check

        :param perm_checker: callable to check permissions against

        """

        self.obj_list = obj_list

        self.obj_attr = obj_attr

        self.perm_set = perm_set

        self.perm_checker = perm_checker

        self.extra_kwargs = extra_kwargs or {}

    def __len__(self):

        return len(self.obj_list)

    def __repr__(self):

        return '<%s (%s)>' % (self.__class__.__name__, self.__len__())

    def __iter__(self):

        for db_obj in self.obj_list:

            # check permission at this level

            name = getattr(db_obj, self.obj_attr, None)

            if not self.perm_checker(*self.perm_set)(

                    name, self.__class__.__name__, **self.extra_kwargs):

                continue

            yield db_obj

class RepoList(_PermCheckIterator):

    def __init__(self, db_repo_list, perm_level, extra_kwargs=None):

        super(RepoList, self).__init__(obj_list=db_repo_list,

                    obj_attr='repo_name', perm_set=[perm_level],

                    perm_checker=HasRepoPermissionLevel,

                    extra_kwargs=extra_kwargs)

class RepoGroupList(_PermCheckIterator):

    def __init__(self, db_repo_group_list, perm_level, extra_kwargs=None):

        super(RepoGroupList, self).__init__(obj_list=db_repo_group_list,

                    obj_attr='group_name', perm_set=[perm_level],

                    perm_checker=HasRepoGroupPermissionLevel,

                    extra_kwargs=extra_kwargs)

class UserGroupList(_PermCheckIterator):

    def __init__(self, db_user_group_list, perm_level, extra_kwargs=None):

        super(UserGroupList, self).__init__(obj_list=db_user_group_list,

                    obj_attr='users_group_name', perm_set=[perm_level],

                    perm_checker=HasUserGroupPermissionLevel,

                    extra_kwargs=extra_kwargs)

class ScmModel(object):

    """

    Generic Scm Model

    """

    def __get_repo(self, instance):

        cls = Repository

            action_logger(UserTemp(user_id),

                          'started_following_repo',

                          RepoTemp(follow_repo_id))

        except Exception:

            log.error(traceback.format_exc())

            raise

    def toggle_following_user(self, follow_user_id, user_id):

        f = UserFollowing.query() \

            .filter(UserFollowing.follows_user_id == follow_user_id) \

            .filter(UserFollowing.user_id == user_id).scalar()

        if f is not None:

            try:

                Session().delete(f)

                return

            except Exception:

                log.error(traceback.format_exc())

                raise

        try:

            f = UserFollowing()

            f.user_id = user_id

            f.follows_user_id = follow_user_id

            Session().add(f)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def is_following_repo(self, repo_name, user_id, cache=False):

        r = Repository.query() \

            .filter(Repository.repo_name == repo_name).scalar()

        f = UserFollowing.query() \

            .filter(UserFollowing.follows_repository == r) \

            .filter(UserFollowing.user_id == user_id).scalar()

        return f is not None

    def is_following_user(self, username, user_id, cache=False):

        u = User.get_by_username(username)