password)

                log.debug('Got ldap DN response %s', user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

                                                           .get(k), [''])[0]

                user_attrs = {

                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

                 'email': get_ldap_attr('ldap_attr_email'),

                }

                if user_model.create_ldap(username, password, user_dn,

                                          user_attrs):

                    log.info('created new ldap user %s', username)

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

def get_container_username(environ, cfg=config):

    from paste.httpheaders import REMOTE_USER

    from paste.deploy.converters import asbool

    username = REMOTE_USER(environ)

    if not username and asbool(cfg.get('proxypass_auth_enabled', False)):

        username = environ.get('HTTP_X_FORWARDED_USER')

    if username:

        #Removing realm and domain from username

        username = username.partition('@')[0]

        username = username.rpartition('\\')[2]

        log.debug('Received username %s from container', username)

    return username

class  AuthUser(object):

    """

    A simple object that handles all attributes of user in RhodeCode

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

    def __init__(self, user_id=None, api_key=None, username=None):

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = User.get_by_username('default')

        is_user_loaded = False

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            #try go get user by api key

            log.debug('Auth User lookup by API KEY %s', self._api_key)

            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

        elif self.user_id is not None \

            and self.user_id != self.anonymous_user.user_id:

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

        elif self.username:

            log.debug('Auth User lookup by USER NAME %s', self.username)

                for k, v in dbuser.get_dict().items():

                    setattr(self, k, v)

                self.set_authenticated()

                is_user_loaded = True

        if not is_user_loaded:

            if self.anonymous_user.active is True:

                user_model.fill_data(self,

                                     user_id=self.anonymous_user.user_id)

                #then we set this user is logged in

                self.is_authenticated = True

            else:

                self.user_id = None

                self.username = None

                self.is_authenticated = False

        if not self.username:

            self.username = 'None'

        log.debug('Auth User is now %s', self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    @property

    def full_contact(self):

           'admin_updated_repo':'database_edit.png',

           'push':'script_add.png',

           'push_local':'script_edit.png',

           'push_remote':'connect.png',

           'pull':'down_16.png',

           'started_following_repo':'heart_add.png',

           'stopped_following_repo':'heart_delete.png',

            }

    return literal(tmpl % ((url('/images/icons/')),

                           map.get(action, action), action))

#==============================================================================

# PERMS

#==============================================================================

from rhodecode.lib.auth import HasPermissionAny, HasPermissionAll, \

HasRepoPermissionAny, HasRepoPermissionAll

#==============================================================================

# GRAVATAR URL

#==============================================================================

def gravatar_url(email_address, size=30):

    if not str2bool(config['app_conf'].get('use_gravatar')) or \

        email_address == 'anonymous@rhodecode.org':

        return url("/images/user%s.png" % size)

    ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')

    default = 'identicon'

    baseurl_nossl = "http://www.gravatar.com/avatar/"

    baseurl_ssl = "https://secure.gravatar.com/avatar/"

    baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl

    if isinstance(email_address, unicode):

        #hashlib crashes on unicode items

        email_address = safe_str(email_address)

    # construct the url

    gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"

    gravatar_url += urllib.urlencode({'d':default, 's':str(size)})

    return gravatar_url

#==============================================================================

# REPO PAGER, PAGER FOR REPOSITORY

#==============================================================================

class RepoPage(Page):

    def get_by_api_key(self, api_key, cache=False):

        user = self.sa.query(User)\

                .filter(User.api_key == api_key)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % api_key))

        return user.scalar()

    def create(self, form_data):

        try:

            new_user = User()

            for k, v in form_data.items():

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            self.sa.add(new_user)

            self.sa.commit()

            return new_user

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_ldap(self, username, password, user_dn, attrs):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        :param user_dn:

        :param attrs:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for such ldap account in RhodeCode database')

        if self.get_by_username(username, case_insensitive=True) is None:

            try:

                new_user = User()

                # add ldap account always lowercase

                new_user.username = username.lower()

                new_user.password = get_crypt_password(password)

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email']

                new_user.active = True

                new_user.ldap_dn = safe_unicode(user_dn)

                new_user.name = attrs['name']

                new_user.lastname = attrs['lastname']