length = int(environ['CONTENT_LENGTH'])

            log.debug('Content-Length: %s' % length)

        if length == 0:

            log.debug("Content-Length is 0")

            return jsonrpc_error(retid=self._req_id,

                                 message="Content-Length is 0")

        raw_body = environ['wsgi.input'].read(length)

        try:

            json_body = json.loads(urllib.unquote_plus(raw_body))

        except ValueError, e:

            # catch JSON errors Here

            return jsonrpc_error(retid=self._req_id,

                                 message="JSON parse error ERR:%s RAW:%r" \

                                 % (e, urllib.unquote_plus(raw_body)))

        # check AUTH based on API KEY

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

            log.debug(

                'method: %s, params: %s' % (self._req_method,

                                            self._request_params)

            )

        except KeyError, e:

            return jsonrpc_error(retid=self._req_id,

                                 message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

                                     message='Invalid API KEY')

            #check if we are allowed to use this IP

            auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr)

            if not auth_u.ip_allowed:

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr))

            else:

                log.info('Access for IP:%s allowed' % (ip_addr))

        except Exception, e:

                retid=self._req_id,

                message='This method [%s] does not support '

                         'authentication (missing %s param)' % (

                                    self._func.__name__, USER_SESSION_ATTR)

            )

        # get our arglist and check if we provided them as args

        for arg, default in func_kwargs.iteritems():

            if arg == USER_SESSION_ATTR:

                # USER_SESSION_ATTR is something translated from api key and

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if (default == default_empty and arg not in self._request_params):

                return jsonrpc_error(

                    retid=self._req_id,

                    message=(

                        'Missing non optional `%s` arg in JSON DATA' % arg

                    )

                )

        self._rpc_args = {USER_SESSION_ATTR: u}

        self._rpc_args.update(self._request_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        self._rpc_args['start_response'] = start_response

        status = []

        headers = []

        exc_info = []

        def change_content(new_status, new_headers, new_exc_info=None):

            status.append(new_status)

            headers.extend(new_headers)

            exc_info.append(new_exc_info)

        output = WSGIController.__call__(self, environ, change_content)

        output = list(output)

        headers.append(('Content-Length', str(len(output[0]))))

        replace_header(headers, 'Content-Type', 'application/json')

        start_response(status[0], headers, exc_info[0])

        log.info('IP: %s Request to %s time: %.3fs' % (

            _get_ip_addr(environ),

            safe_unicode(_get_access_path(environ)), time.time() - start)

        )

        self.assertEqual(expected, given)

#    def test_Optional(self):

#        from rhodecode.controllers.api.api import Optional

#        option1 = Optional(None)

#        self.assertEqual('<Optional:%s>' % None, repr(option1))

#

#        self.assertEqual(1, Optional.extract(Optional(1)))

#        self.assertEqual('trololo', Optional.extract('trololo'))

    def test_api_wrong_key(self):

        id_, params = _build_data('trololo', 'get_user')

        response = api_call(self, params)

        expected = 'Invalid API KEY'

        self._compare_error(id_, expected, given=response.body)

    def test_api_missing_non_optional_param(self):

        id_, params = _build_data(self.apikey, 'get_repo')

        response = api_call(self, params)

        expected = 'Missing non optional `repoid` arg in JSON DATA'

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_users(self):

        id_, params = _build_data(self.apikey, 'get_users',)

        response = api_call(self, params)

        ret_all = []

        for usr in UserModel().get_all():

            ret = usr.get_api_data()

            ret_all.append(jsonify(ret))

        expected = ret_all

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user(self):

        id_, params = _build_data(self.apikey, 'get_user',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)

        ret = usr.get_api_data()

        ret['permissions'] = AuthUser(usr.user_id).permissions

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user_that_does_not_exist(self):

        id_, params = _build_data(self.apikey, 'get_user',