modification date of each file and add it to be reindexed if a newer file is

available. The indexing daemon checks for any removed files and removes them

from index.

If you want to rebuild index from scratch, you can use the `-f` flag as above,

or in the admin panel you can check `build from scratch` flag.

Setting up LDAP support

-----------------------

RhodeCode starting from version 1.1 supports ldap authentication. In order

    easy_install python-ldap

    pip install python-ldap

.. note::

   python-ldap requires some certain libs on your system, so before installing 

   it check that you have at least `openldap`, and `sasl` libraries.

LDAP settings are located in admin->ldap section,

Here's a typical ldap setup::

 Connection settings

 Enable LDAP          = checked

 Host                 = host.example.org

 Port                 = 389

 Account              = <account>

 Password             = <password>

 Certificate Checks   = DEMAND

 Search settings

 Base DN              = CN=users,DC=host,DC=example,DC=org

 LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))

 LDAP Search Scope    = SUBTREE

 Attribute mappings

 Login Attribute      = uid

 First Name Attribute = firstName

 Last Name Attribute  = lastName

 E-mail Attribute     = mail

    Only required if the LDAP server does not allow anonymous browsing of

    records.  This should be a special account for record browsing.  This

    will require `LDAP Password`_ below.

.. _LDAP Password:

Password : optional

    Only required if the LDAP server does not allow anonymous browsing of

    records.

.. _Enable LDAPS:

.. _Certificate Checks:

Certificate Checks : optional

    How SSL certificates verification is handled - this is only useful when

    `Enable LDAPS`_ is enabled.  Only DEMAND or HARD offer full SSL security while

    the other options are susceptible to man-in-the-middle attacks.  SSL

    certificates can be installed to /etc/openldap/cacerts so that the

    DEMAND or HARD options can be used with self-signed certificates or

    certificates that do not have traceable certificates of authority.

    NEVER

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import formencode

import traceback

from formencode import htmlfill

from pylons import request, response, session, tmpl_context as c, url

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib.base import BaseController, render

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator

from rhodecode.model.forms import LdapSettingsForm

log = logging.getLogger(__name__)

class LdapSettingsController(BaseController):

    search_scope_choices = [('BASE', _('BASE'),),

                            ('ONELEVEL', _('ONELEVEL'),),

                            ('SUBTREE', _('SUBTREE'),),

                            ]

    search_scope_default = 'SUBTREE'

                        ]

    tls_kind_default = 'PLAIN'

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        c.search_scope_choices = self.search_scope_choices

        c.tls_reqcert_choices = self.tls_reqcert_choices

        c.tls_kind_choices = self.tls_kind_choices

        super(LdapSettingsController, self).__before__()

    def index(self):

        c.search_scope_cur = defaults.get('ldap_search_scope')

        c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert')

        c.tls_kind_cur = defaults.get('ldap_tls_kind')

        return htmlfill.render(

                    render('admin/ldap/ldap.html'),

                    defaults=defaults,

                    encoding="UTF-8",

                    force_defaults=True,)

    def ldap_settings(self):

        """POST ldap create and store ldap settings"""

        _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],

                                 [x[0] for x in self.search_scope_choices],

                                 [x[0] for x in self.tls_kind_choices])()

        try:

            form_result = _form.to_python(dict(request.POST))

            try:

                for k, v in form_result.items():

                    if k.startswith('ldap_'):

                        setting.app_settings_value = v

                        self.sa.add(setting)

                self.sa.commit()

                h.flash(_('Ldap settings updated successfully'),

                    category='success')

            except (DatabaseError,):

                raise

        except LdapImportError:

            h.flash(_('Unable to activate ldap. The "python-ldap" library '

                      'is missing.'), category='warning')

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/ldap/ldap.html'),

                defaults=errors.value,

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of ldap settings'),

                    category='error')

        return redirect(url('ldap_home'))

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \

    HasPermissionAnyDecorator, NotAnonymous

from rhodecode.lib.base import BaseController, render

from rhodecode.lib.celerylib import tasks, run_task

from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \

    set_rhodecode_config, repo_name_slug

from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \

    ApplicationUiSettingsForm

from rhodecode.model.scm import ScmModel

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class SettingsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('setting', 'settings', controller='admin/settings',

    #         path_prefix='/admin', name_prefix='admin_')

    @LoginRequired()

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        super(SettingsController, self).__before__()

    @HasPermissionAllDecorator('hg.admin')

    def index(self, format='html'):

        """GET /admin/settings: All items in the collection"""

        # url('admin_settings')

        defaults.update(self.get_hg_ui_settings())

        return htmlfill.render(

            render('admin/settings/settings.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    @HasPermissionAllDecorator('hg.admin')

    def create(self):

        """POST /admin/settings: Create a new item"""

        # url('admin_settings')

        if setting_id == 'whoosh':

            repo_location = self.get_hg_ui_settings()['paths_root_path']

            full_index = request.POST.get('full_index', False)

            run_task(tasks.whoosh_index, repo_location, full_index)

            h.flash(_('Whoosh reindex task scheduled'), category='success')

        if setting_id == 'global':

            application_form = ApplicationSettingsForm()()

            try:

                form_result = application_form.to_python(dict(request.POST))

                try:

                    hgsettings1.app_settings_value = \

                        form_result['rhodecode_title']

                    hgsettings2.app_settings_value = \

                        form_result['rhodecode_realm']

                    hgsettings3.app_settings_value = \

                        form_result['rhodecode_ga_code']

                    self.sa.add(hgsettings1)

                    self.sa.add(hgsettings2)

                    self.sa.add(hgsettings3)

                    self.sa.commit()

                    set_rhodecode_config(config)

                    h.flash(_('Updated application settings'),

                            category='success')

                except Exception:

if __platform__ in PLATFORM_WIN:

    from hashlib import sha256

if __platform__ in PLATFORM_OTHERS:

    import bcrypt

from rhodecode.lib import str2bool

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """This is a simple class for generating password from

        different sets of characters

        usage:

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

    """

    return authenticate(username, password)

def authenticate(username, password):

    """Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and not user.ldap_dn:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password,

        else:

            log.warning('user %s is disabled', username)

    else:

        log.debug('Regular authentication failed')

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:

            log.debug('this user already exists as non ldap')

            return False

        #======================================================================

        # FALLBACK TO LDAP AUTH IF ENABLE

        #======================================================================

        if str2bool(ldap_settings.get('ldap_active')):

            log.debug("Authenticating user using ldap")

            kwargs = {

                  'server': ldap_settings.get('ldap_host', ''),

                  'base_dn': ldap_settings.get('ldap_base_dn', ''),

                  'port': ldap_settings.get('ldap_port'),

                  'bind_dn': ldap_settings.get('ldap_dn_user'),

                  'bind_pass': ldap_settings.get('ldap_dn_pass'),

                  'tls_kind': ldap_settings.get('ldap_tls_kind'),

                  'ldap_filter': ldap_settings.get('ldap_filter'),

                  'search_scope': ldap_settings.get('ldap_search_scope'),

                  'attr_login': ldap_settings.get('ldap_attr_login'),

                  'ldap_version': 3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

                                                                password)

                log.debug('Got ldap DN response %s', user_dn)

                user_attrs = {

                    }

                if user_model.create_ldap(username, password, user_dn,

                                          user_attrs):

                    log.info('created new ldap user %s', username)

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

log = logging.getLogger(__name__)

try:

    import ldap

except ImportError:

    pass

class AuthLdap(object):

    def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',

                 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',

                 search_scope='SUBTREE',

                 attr_login='uid'):

        self.ldap_version = ldap_version

        ldap_server_type = 'ldap'

        self.TLS_KIND = tls_kind

        if self.TLS_KIND == 'LDAPS':

            port = port or 689

            ldap_server_type = ldap_server_type + 's'

        self.LDAP_BIND_DN = bind_dn

        self.LDAP_BIND_PASS = bind_pass

        self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,

                                               self.LDAP_SERVER_ADDRESS,

                                               self.LDAP_SERVER_PORT)

        self.BASE_DN = base_dn

        self.LDAP_FILTER = ldap_filter

        self.SEARCH_SCOPE = ldap.__dict__['SCOPE_' + search_scope]

        self.attr_login = attr_login

    def authenticate_ldap(self, username, password):

        """Authenticate a user via LDAP and return his/her LDAP properties.

        Raises AuthenticationError if the credentials are rejected, or

        EnvironmentError if the LDAP server can't be reached.

        :param username: username

        :param password: password

        """

        from rhodecode.lib.helpers import chop_at

            server = ldap.initialize(self.LDAP_SERVER)

            if self.ldap_version == 2:

                server.protocol = ldap.VERSION2

            else:

                server.protocol = ldap.VERSION3

            if self.TLS_KIND == 'START_TLS':

                server.start_tls_s()

            if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

                server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)

            log.debug("Authenticating %r filt %s at %s", self.BASE_DN,

                      filt, self.LDAP_SERVER)

            lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,

                                           filt)

            if not lobjects:

                raise ldap.NO_SUCH_OBJECT()

            for (dn, _attrs) in lobjects:

                try:

                    server.simple_bind_s(dn, password)

                    break

                except ldap.INVALID_CREDENTIALS, e:

                    log.debug("LDAP rejected password for user '%s' (%s): %s",

                              uid, username, dn)

            else:

                log.debug("No matching LDAP objects for authentication "

                          "of '%s' (%s)", uid, username)

                raise LdapPasswordError()

        except ldap.NO_SUCH_OBJECT, e:

            log.debug("LDAP says no such user '%s' (%s)", uid, username)

            raise LdapUsernameError()

        except ldap.SERVER_DOWN, e:

        return (dn, attrs)

from UserDict import DictMixin

from mercurial import ui, config, hg

from mercurial.error import RepoError

from webhelpers.text import collapse, remove_formatting, strip_tags

from vcs.backends.base import BaseChangeset

from vcs.utils.lazy import LazyProperty

from rhodecode.model import meta

from rhodecode.model.caching_query import FromCache

from rhodecode.model.repo import RepoModel

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

def recursive_replace(str, replace=' '):

    """Recursive replace of given sign to just one instance

    :param str: given string

    :param replace: char to find and replace multiple instances

                          ui_.ui_key, ui_.ui_value)

                baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)

        meta.Session.remove()

    return baseui

def set_rhodecode_config(config):

    """Updates pylons config with new settings from database

    :param config:

    """

    for k, v in hgsettings.items():

        config[k] = v

def invalidate_cache(cache_key, *args):

    """Puts cache invalidation task into db for

    further global cache invalidation

    """

    from rhodecode.model.scm import ScmModel

    app_settings_value = Column("app_settings_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __init__(self, k='', v=''):

        self.app_settings_name = k

        self.app_settings_value = v

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.app_settings_name, self.app_settings_value)

    @classmethod

    def get_app_settings(cls, cache=False):

        ret = Session.query(cls)

        if cache:

            ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))

        if not ret:

            raise Exception('Could not get application settings !')

        settings = {}

        for each in ret:

            settings['rhodecode_' + each.app_settings_name] = \

                each.app_settings_value

        return settings

    @classmethod

    def get_ldap_settings(cls, cache=False):

        ret = Session.query(cls)\

                .filter(cls.app_settings_name.startswith('ldap_'))\

                .all()

        fd = {}

        for row in ret:

        return fd

class RhodeCodeUi(Base):

    __tablename__ = 'rhodecode_ui'

    __table_args__ = {'useexisting':True}

    ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    ui_section = Column("ui_section", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_key = Column("ui_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_value = Column("ui_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)

from rhodecode.tests import *

class TestLdapSettingsController(TestController):

    def test_index(self):

        # Test response...

from rhodecode.lib.auth import get_crypt_password, check_password

from rhodecode.tests import *

class TestAdminSettingsController(TestController):

    def test_index(self):

        response = self.app.get(url('admin_settings'))

        # Test response...

    def test_index_as_xml(self):

        response = self.app.get(url('formatted_admin_settings', format='xml'))

    def test_create(self):

        response = self.app.post(url('admin_settings'))

        old_title = 'RhodeCode'

        old_realm = 'RhodeCode authentication'

        new_ga_code = 'ga-test-123456789'

        response = self.app.post(url('admin_setting', setting_id='global'),

                                     params=dict(

                                                 _method='put',

                                                 rhodecode_title=old_title,

                                                 rhodecode_realm=old_realm,

                                                 rhodecode_ga_code=new_ga_code

                                                 ))

        assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'

        response = response.follow()

        assert """_gaq.push(['_setAccount', '%s']);""" % new_ga_code in response.body

    def test_ga_code_inactive(self):

        self.log_user()

        old_title = 'RhodeCode'

        old_realm = 'RhodeCode authentication'

        new_ga_code = ''

        response = self.app.post(url('admin_setting', setting_id='global'),

                                     params=dict(

                                                 _method='put',

                                                 rhodecode_title=old_title,

                                                 rhodecode_realm=old_realm,

                                                 rhodecode_ga_code=new_ga_code

                                                 ))

        assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'

        response = response.follow()

        assert """_gaq.push(['_setAccount', '%s']);""" % new_ga_code not in response.body

    def test_title_change(self):

        self.log_user()

        old_title = 'RhodeCode'

        new_title = old_title + '_changed'

        old_realm = 'RhodeCode authentication'

        response = self.app.post(url('admin_setting', setting_id='global'),

                                     params=dict(

                                                 _method='put',

                                                 rhodecode_title=new_title,

                                                 rhodecode_realm=old_realm,

                                                 rhodecode_ga_code=''

                                                 ))

        assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'

        response = response.follow()

        assert """<h1><a href="/">%s</a></h1>""" % new_title in response.body

    def test_my_account(self):

        self.log_user()

        response = self.app.get(url('admin_settings_my_account'))

        print response

        assert 'value="test_admin' in response.body

    def test_my_account_update(self):