(str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(request.authuser.user_id,

                                                     show_expired=show_expired)

        return render('admin/my_account/my_account.html')

    def my_account_api_keys_add(self):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(request.authuser.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        raise HTTPFound(location=url('my_account_api_keys'))

    def my_account_api_keys_delete(self):

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(request.authuser.user_id)

            user.api_key = generate_api_key()

            Session().commit()

            h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, request.authuser.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        raise HTTPFound(location=url('my_account_api_keys'))

    @IfSshEnabled

    def my_account_ssh_keys(self):

        c.active = 'ssh_keys'

        self.__load_data()

        c.user_ssh_keys = SshKeyModel().get_ssh_keys(request.authuser.user_id)

        return render('admin/my_account/my_account.html')

    @IfSshEnabled

    def my_account_ssh_keys_add(self):

        description = request.POST.get('description')

        public_key = request.POST.get('public_key')

        try:

            new_ssh_key = SshKeyModel().create(request.authuser.user_id,

                                               description, public_key)

            Session().commit()

            SshKeyModel().write_authorized_keys()

            h.flash(_("SSH key %s successfully added") % new_ssh_key.fingerprint, category='success')

        raise HTTPFound(location=url('my_account_ssh_keys'))

    @IfSshEnabled

    def my_account_ssh_keys_delete(self):

        fingerprint = request.POST.get('del_public_key_fingerprint')

        try:

            SshKeyModel().delete(fingerprint, request.authuser.user_id)

            Session().commit()

            SshKeyModel().write_authorized_keys()

            h.flash(_("SSH key successfully deleted"), category='success')

        raise HTTPFound(location=url('my_account_ssh_keys'))

            h.flash(_("Added IP address %s to user whitelist") % ip, category='success')

        except formencode.Invalid as error:

            msg = error.error_dict['ip']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred while adding IP address'),

                    category='error')

        if 'default_user' in request.POST:

            raise HTTPFound(location=url('admin_permissions_ips'))

        raise HTTPFound(location=url('edit_user_ips', id=id))

    def delete_ip(self, id):

        ip_id = request.POST.get('del_ip_id')

        user_model = UserModel()

        user_model.delete_extra_ip(id, ip_id)

        Session().commit()

        h.flash(_("Removed IP address from user whitelist"), category='success')

        if 'default_user' in request.POST:

            raise HTTPFound(location=url('admin_permissions_ips'))

        raise HTTPFound(location=url('edit_user_ips', id=id))

    @IfSshEnabled

    def edit_ssh_keys(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'ssh_keys'

        c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    @IfSshEnabled

    def ssh_keys_add(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        description = request.POST.get('description')

        public_key = request.POST.get('public_key')

        try:

            new_ssh_key = SshKeyModel().create(c.user.user_id,

                                               description, public_key)

            Session().commit()

            SshKeyModel().write_authorized_keys()

            h.flash(_("SSH key %s successfully added") % new_ssh_key.fingerprint, category='success')

        raise HTTPFound(location=url('edit_user_ssh_keys', id=c.user.user_id))

    @IfSshEnabled

    def ssh_keys_delete(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        fingerprint = request.POST.get('del_public_key_fingerprint')

        try:

            SshKeyModel().delete(fingerprint, c.user.user_id)

            Session().commit()

            SshKeyModel().write_authorized_keys()

            h.flash(_("SSH key successfully deleted"), category='success')

        raise HTTPFound(location=url('edit_user_ssh_keys', id=c.user.user_id))

            "deleted gist ID: <gist_id>",

            "gist": null

          }

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to delete gist ID:<gist_id>"

          }

        """

        gist = get_gist_or_error(gistid)

        if not HasPermissionAny('hg.admin')():

            if gist.owner_id != request.authuser.user_id:

                raise JSONRPCError('gist `%s` does not exist' % (gistid,))

        try:

            GistModel().delete(gist)

            Session().commit()

            return dict(

                msg='deleted gist ID:%s' % (gist.gist_access_id,),

                gist=None

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to delete gist ID:%s'

                               % (gist.gist_access_id,))

    # permission check inside

    def get_changesets(self, repoid, start=None, end=None, start_date=None,

                       end_date=None, branch_name=None, reverse=False, with_file_list=False, max_revisions=None):

        repo = get_repo_or_error(repoid)

        if not HasRepoPermissionLevel('read')(repo.repo_name):

            raise JSONRPCError('Access denied to repo %s' % repo.repo_name)

        format = "%Y-%m-%dT%H:%M:%S"

        try:

            return [e.__json__(with_file_list) for e in

                repo.scm_instance.get_changesets(start,

                                                 end,

                                                 datetime.strptime(start_date, format) if start_date else None,

                                                 datetime.strptime(end_date, format) if end_date else None,

                                                 branch_name,

                                                 reverse, max_revisions)]

        except EmptyRepositoryError as e:

    # permission check inside

    def get_changeset(self, repoid, raw_id, with_reviews=Optional(False)):

        repo = get_repo_or_error(repoid)

        if not HasRepoPermissionLevel('read')(repo.repo_name):

            raise JSONRPCError('Access denied to repo %s' % repo.repo_name)

        changeset = repo.get_changeset(raw_id)

        if isinstance(changeset, EmptyChangeset):

            raise JSONRPCError('Changeset %s does not exist' % raw_id)

        info = dict(changeset.as_dict())

        with_reviews = Optional.extract(with_reviews)

        if with_reviews:

            reviews = ChangesetStatusModel().get_statuses(

                                repo.repo_name, raw_id)

            info["reviews"] = reviews

        return info

    # permission check inside

    def get_pullrequest(self, pullrequest_id):

        """

        Get given pull request by id

        """

        pull_request = PullRequest.get(pullrequest_id)

        if pull_request is None:

            raise JSONRPCError('pull request `%s` does not exist' % (pullrequest_id,))

        if not HasRepoPermissionLevel('read')(pull_request.org_repo.repo_name):

            raise JSONRPCError('not allowed')

        return pull_request.get_api_data()

    # permission check inside

    def comment_pullrequest(self, pull_request_id, comment_msg=u'', status=None, close_pr=False):

        """

        Add comment, close and change status of pull request.

        """

        apiuser = get_user_or_error(request.authuser.user_id)

        pull_request = PullRequest.get(pull_request_id)

        if pull_request is None:

            raise JSONRPCError('pull request `%s` does not exist' % (pull_request_id,))

        if (not HasRepoPermissionLevel('read')(pull_request.org_repo.repo_name)):

            raise JSONRPCError('No permission to add comment. User needs at least reading permissions'

                               ' to the source repository.')

        owner = apiuser.user_id == pull_request.owner_id

        reviewer = apiuser.user_id in [reviewer.user_id for reviewer in pull_request.reviewers]

        if close_pr and not (apiuser.admin or owner):

            raise JSONRPCError('No permission to close pull request. User needs to be admin or owner.')

                self.base.attach_text(self.Html, 'text/html')

            for args in self.attachments:

                self._encode_attachment(**args)

        elif self.Body:

            self.base.body = self.Body

            self.base.content_encoding['Content-Type'] = ('text/plain', {})

        elif self.Html:

            self.base.body = self.Html

            self.base.content_encoding['Content-Type'] = ('text/html', {})

        return to_message(self.base, separator=self.separator)

    def all_parts(self):

        """

        Returns all the encoded parts.  Only useful for debugging

        or inspecting after calling to_message().

        """

        return self.base.parts

    def keys(self):

        return self.base.keys()

def to_message(mail, separator="; "):

    """

    Given a MailBase message, this will construct a MIMEPart

    that is canonicalized for use with the Python email API.

    """

    ctype, params = mail.content_encoding['Content-Type']

    if not ctype:

        if mail.parts:

            ctype = 'multipart/mixed'

        else:

            ctype = 'text/plain'

    else:

        if mail.parts:

            assert ctype.startswith(("multipart", "message")), \

                   "Content type should be multipart or message, not %r" % ctype

    # adjust the content type according to what it should be now

    mail.content_encoding['Content-Type'] = (ctype, params)

    try:

        out = MIMEPart(ctype, **params)

        raise EncodingError("Content-Type malformed, not allowed: %r; "

    for k in mail.keys():

        if k in ADDRESS_HEADERS_WHITELIST:

            out[k] = header_to_mime_encoding(

                                         mail[k],

                                         not_email=False,

                                         separator=separator

                                     )

        else:

            out[k] = header_to_mime_encoding(

                                         mail[k],

                                         not_email=True

                                    )

    out.extract_payload(mail)

    # go through the children

    for part in mail.parts:

        out.attach(to_message(part))

    return out

class MIMEPart(MIMEBase):

    """

    A reimplementation of nearly everything in email.mime to be more useful

    for actually attaching things.  Rather than one class for every type of

    thing you'd encode, there's just this one, and it figures out how to

    encode what you ask it.

    """

    def __init__(self, type, **params):

        self.maintype, self.subtype = type.split('/')

        MIMEBase.__init__(self, self.maintype, self.subtype, **params)

    def add_text(self, content):

        # this is text, so encode it in canonical form

        try:

            encoded = content.encode('ascii')

            charset = 'ascii'

        except UnicodeError:

            encoded = content.encode('utf-8')

            charset = 'utf-8'

        self.set_payload(encoded, charset=charset)

    def extract_payload(self, mail):

        if mail.body is None:

            return  # only None, '' is still ok

                    bt[safe_unicode(bn)] = ascii_str(mercurial.node.hex(node))

        return bt

    @LazyProperty

    def tags(self):

        """

        Gets tags for this repository

        """

        return self._get_tags()

    def _get_tags(self):

        if self._empty:

            return {}

        return OrderedDict(sorted(

            ((safe_unicode(n), ascii_str(mercurial.node.hex(h))) for n, h in self._repo.tags().items()),

            reverse=True,

            key=lambda x: x[0],  # sort by name

        ))

    def tag(self, name, user, revision=None, message=None, date=None,

            **kwargs):

        """

        Creates and returns a tag for the given ``revision``.

        :param name: name for new tag

        :param user: full username, i.e.: "Joe Doe <joe.doe@example.com>"

        :param revision: changeset id for which new tag would be created

        :param message: message of the tag's commit

        :param date: date of tag's commit

        :raises TagAlreadyExistError: if tag with same name already exists

        """

        if name in self.tags:

            raise TagAlreadyExistError("Tag %s already exists" % name)

        changeset = self.get_changeset(revision)

        local = kwargs.setdefault('local', False)

        if message is None:

            message = "Added tag %s for changeset %s" % (name,

                changeset.short_id)

        if date is None:

            date = safe_bytes(datetime.datetime.now().strftime('%a, %d %b %Y %H:%M:%S'))

        try:

            mercurial.tags.tag(self._repo, safe_bytes(name), changeset._ctx.node(), safe_bytes(message), local, safe_bytes(user), date)

        except mercurial.error.Abort as e:

        # Reinitialize tags

        self.tags = self._get_tags()

        tag_id = self.tags[name]

        return self.get_changeset(revision=tag_id)

    def remove_tag(self, name, user, message=None, date=None):

        """

        Removes tag with the given ``name``.

        :param name: name of the tag to be removed

        :param user: full username, i.e.: "Joe Doe <joe.doe@example.com>"

        :param message: message of the tag's removal commit

        :param date: date of tag's removal commit

        :raises TagDoesNotExistError: if tag with given name does not exists

        """

        if name not in self.tags:

            raise TagDoesNotExistError("Tag %s does not exist" % name)

        if message is None:

            message = "Removed tag %s" % name

        if date is None:

            date = safe_bytes(datetime.datetime.now().strftime('%a, %d %b %Y %H:%M:%S'))

        local = False

        try:

            mercurial.tags.tag(self._repo, safe_bytes(name), mercurial.commands.nullid, safe_bytes(message), local, safe_bytes(user), date)

            self.tags = self._get_tags()

        except mercurial.error.Abort as e:

    @LazyProperty

    def bookmarks(self):

        """

        Gets bookmarks for this repository

        """

        return self._get_bookmarks()

    def _get_bookmarks(self):

        if self._empty:

            return {}

        return OrderedDict(sorted(

            ((safe_unicode(n), ascii_str(h)) for n, h in self._repo._bookmarks.items()),

            reverse=True,

            key=lambda x: x[0],  # sort by name

        ))

    def _get_all_revisions(self):

        return [ascii_str(self._repo[x].hex()) for x in self._repo.filtered(b'visible').changelog.revs()]

    def get_diff(self, rev1, rev2, path='', ignore_whitespace=False,

                  context=3):

        """

        Returns (git like) *diff*, as plain text. Shows changes introduced by

        ``rev2`` since ``rev1``.

        :param rev1: Entry point from which diff is shown. Can be

          ``self.EMPTY_CHANGESET`` - in this case, patch showing all

          the changes since empty state of the repository until ``rev2``

        :param rev2: Until which revision changes should be shown.

        :param ignore_whitespace: If set to ``True``, would not show whitespace

          changes. Defaults to ``False``.

        :param context: How many lines before/after changed lines should be

          shown. Defaults to ``3``. If negative value is passed-in, it will be

          set to ``0`` instead.

        """

        # Negative context values make no sense, and will result in

        # errors. Ensure this does not happen.

        if context < 0:

            context = 0

        if hasattr(rev1, 'raw_id'):

            rev1 = getattr(rev1, 'raw_id')

        if hasattr(rev2, 'raw_id'):

            rev2 = getattr(rev2, 'raw_id')

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.ssh_key

~~~~~~~~~~~~~~~~~~~~~~~

SSH key model for Kallithea

"""

import errno

import logging

import os

import stat

import tempfile

from tg import config

from tg.i18n import ugettext as _

from kallithea.lib import ssh

from kallithea.lib.utils2 import str2bool

from kallithea.lib.vcs.exceptions import RepositoryError

from kallithea.model.db import User, UserSshKeys

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class SshKeyModelException(RepositoryError):

    """Exception raised by SshKeyModel methods to report errors"""

class SshKeyModel(object):

    def create(self, user, description, public_key):

        """

        :param user: user or user_id

        :param description: description of SshKey

        :param publickey: public key text

        Will raise SshKeyModelException on errors

        """

        try:

            keytype, pub, comment = ssh.parse_pub_key(public_key)

        except ssh.SshKeyParseError as e:

        if not description.strip():

            description = comment.strip()

        user = User.guess_instance(user)

        new_ssh_key = UserSshKeys()

        new_ssh_key.user_id = user.user_id

        new_ssh_key.description = description

        new_ssh_key.public_key = public_key

        for ssh_key in UserSshKeys.query().filter(UserSshKeys.fingerprint == new_ssh_key.fingerprint).all():

            raise SshKeyModelException(_('SSH key %s is already used by %s') %

                                       (new_ssh_key.fingerprint, ssh_key.user.username))

        Session().add(new_ssh_key)

        return new_ssh_key

    def delete(self, fingerprint, user):

        """

        Deletes ssh key with given fingerprint for the given user.

        Will raise SshKeyModelException on errors

        """

        ssh_key = UserSshKeys.query().filter(UserSshKeys.fingerprint == fingerprint)

        user = User.guess_instance(user)

        ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)

        ssh_key = ssh_key.scalar()

        if ssh_key is None:

            raise SshKeyModelException(_('SSH key with fingerprint %r found') % fingerprint)

        Session().delete(ssh_key)

    def get_ssh_keys(self, user):

        user = User.guess_instance(user)

        user_ssh_keys = UserSshKeys.query() \

            .filter(UserSshKeys.user_id == user.user_id).all()

        return user_ssh_keys

    def write_authorized_keys(self):

        if not str2bool(config.get('ssh_enabled', False)):

            log.error("Will not write SSH authorized_keys file - ssh_enabled is not configured")

            return

        authorized_keys = config.get('ssh_authorized_keys')

        kallithea_cli_path = config.get('kallithea_cli_path', 'kallithea-cli')

        if not authorized_keys:

            log.error('Cannot write SSH authorized_keys file - ssh_authorized_keys is not configured')

            return