def my_account_api_keys_add(self):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(self.authuser.user_id, description, lifetime)

        Session().commit()

        return redirect(url('my_account_api_keys'))

    def my_account_api_keys_delete(self):

        api_key = request.POST.get('del_api_key')

        user_id = self.authuser.user_id

        if request.POST.get('del_api_key_builtin'):

            user = User.get(user_id)

            if user:

                user.api_key = generate_api_key(user.username)

                Session().add(user)

                Session().commit()

        elif api_key:

            ApiKeyModel().delete(api_key, self.authuser.user_id)

            Session().commit()

        return redirect(url('my_account_api_keys'))

            return redirect(url('users'))

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

            if user:

                user.api_key = generate_api_key(user.username)

                Session().add(user)

                Session().commit()

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

        except ValueError, e:

            # catch JSON errors Here

            return jsonrpc_error(retid=self._req_id,

                                 message="JSON parse error ERR:%s RAW:%r"

                                 % (e, raw_body))

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            self._request_params = json_body['args']

            if not isinstance(self._request_params, dict):

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            if u is None:

                return jsonrpc_error(retid=self._req_id,

            #check if we are allowed to use this IP

            auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr)

            if not auth_u.ip_allowed:

                return jsonrpc_error(retid=self._req_id,

                        message='request from IP:%s not allowed' % (ip_addr,))

            else:

                log.info('Access for IP:%s allowed' % (ip_addr,))

        except Exception, e:

            return jsonrpc_error(retid=self._req_id,

        self._error = None

        try:

            self._func = self._find_method()

        except AttributeError, e:

            return jsonrpc_error(retid=self._req_id,

                                    self._func.__name__, USER_SESSION_ATTR)

            )

        # get our arglist and check if we provided them as args

        for arg, default in func_kwargs.iteritems():

            if arg == USER_SESSION_ATTR:

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is

            # NotImplementedType (default_empty)

            if default == default_empty and arg not in self._request_params:

            id : <id_given_in_input>

            result: None if user does not exist or

                    {

                        "user_id" :     "<user_id>",

                        "api_key" :     "<api_key>",

                        "username" :    "<username>",

                        "firstname":    "<firstname>",

                        "lastname" :    "<lastname>",

                        "email" :       "<email>",

                        "emails":       "[<list of all emails including additional ones>]",

                        "ip_addresses": "[<ip_address_for_user>,...]",

def check_password(password, hashed):

    return KallitheaCrypto.hash_check(password, hashed)

def generate_api_key(str_, salt=None):

    """

    :param str_:

    :param salt:

    """

    if salt is None:

        # lookup by userid

        if self.user_id is not None and self.user_id != self.anonymous_user.user_id:

            log.debug('Auth User lookup by USER ID %s' % self.user_id)

            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

        elif self._api_key and self._api_key != self.anonymous_user.api_key:

            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

        # lookup by username

        elif self.username:

            log.debug('Auth User lookup by USER NAME %s' % self.username)

            is_user_loaded = user_model.fill_data(self, username=self.username)

    # notifications assigned to this user

    user_created_notifications = relationship('Notification', cascade='all')

    # comments created by this user

    user_comments = relationship('ChangesetComment', cascade='all')

    #extra emails for this user

    user_emails = relationship('UserEmailMap', cascade='all')

    user_api_keys = relationship('UserApiKeys', cascade='all')

    @hybrid_property

    def email(self):

        return self._email

    # notifications assigned to this user

    user_created_notifications = relationship('Notification', cascade='all')

    # comments created by this user

    user_comments = relationship('ChangesetComment', cascade='all')

    #extra emails for this user

    user_emails = relationship('UserEmailMap', cascade='all')

    user_api_keys = relationship('UserApiKeys', cascade='all')

    @hybrid_property

    def email(self):

        return self._email

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.api_key

~~~~~~~~~~~~~~~~~~~~~~~

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Sep 8, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

    # notifications assigned to this user

    user_created_notifications = relationship('Notification', cascade='all')

    # comments created by this user

    user_comments = relationship('ChangesetComment', cascade='all')

    #extra emails for this user

    user_emails = relationship('UserEmailMap', cascade='all')

    user_api_keys = relationship('UserApiKeys', cascade='all')

    @hybrid_property

    def email(self):

        return self._email

        Fills auth_user attributes with those taken from database.

        Additionally sets is_authenticated if lookup fails

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param username: username to fetch by

        """

        if user_id is None and api_key is None and username is None:

            raise Exception('You need to pass user_id, api_key or username')

        dbuser = None

        <td>${_('expires')}: ${_('never')}</td>

        <td>

            ${h.form(url('my_account_api_keys'),method='delete')}

                ${h.hidden('del_api_key',c.user.api_key)}

                ${h.hidden('del_api_key_builtin',1)}

                <button class="btn btn-mini btn-danger" type="submit"

                    ${_('reset')}

                </button>

            ${h.end_form()}

        </td>

    </tr>

    %if c.user_api_keys:

                 %endif

            </td>

            <td>

                ${h.form(url('my_account_api_keys'),method='delete')}

                    ${h.hidden('del_api_key',api_key.api_key)}

                    <button class="btn btn-mini btn-danger" type="submit"

                        <i class="icon-minus-circled"></i>

                        ${_('remove')}

                    </button>

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %else:

    %endif

  </table>

</div>

<div>

    ${h.form(url('my_account_api_keys'), method='post')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

             <div class="field">

                <div class="label">

                </div>

                <div class="input">

                    ${h.text('description', class_='medium', placeholder=_('Description'))}

                    ${h.select('lifetime', '', c.lifetime_options)}

                </div>

             </div>

        <td>${_('expires')}: ${_('never')}</td>

        <td>

            ${h.form(url('edit_user_api_keys', id=c.user.user_id),method='delete')}

                ${h.hidden('del_api_key',c.user.api_key)}

                ${h.hidden('del_api_key_builtin',1)}

                <button class="btn btn-mini btn-danger" type="submit"

                    ${_('reset')}

                </button>

            ${h.end_form()}

        </td>

    </tr>

    %if c.user_api_keys:

                 %endif

            </td>

            <td>

                ${h.form(url('edit_user_api_keys', id=c.user.user_id),method='delete')}

                    ${h.hidden('del_api_key',api_key.api_key)}

                    <button class="btn btn-mini btn-danger" type="submit"

                        <i class="icon-minus-circled"></i>

                        ${_('remove')}

                    </button>

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %else:

    %endif

  </table>

</div>

<div>

    ${h.form(url('edit_user_api_keys', id=c.user.user_id), method='put')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

             <div class="field">

                <div class="label">

                </div>

                <div class="input">

                    ${h.text('description', class_='medium', placeholder=_('Description'))}

                    ${h.select('lifetime', '', c.lifetime_options)}

                </div>

             </div>

        self.assertEqual(oattr1(), oattr1)

    def test_api_wrong_key(self):

        id_, params = _build_data('trololo', 'get_user')

        response = api_call(self, params)

        self._compare_error(id_, expected, given=response.body)

    def test_api_missing_non_optional_param(self):

        id_, params = _build_data(self.apikey, 'get_repo')

        response = api_call(self, params)

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'put', 'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        try:

            response = response.follow()

            user = User.get(user_id)

            for api_key in user.api_keys:

                response.mustcontain(api_key)

        finally:

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                {'_method': 'put', 'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

        response = response.follow()

        #now delete our key

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        self.assertEqual(1, len(keys))

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        self.assertEqual(0, len(keys))

    def test_reset_main_api_key(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        response = self.app.get(url('edit_user_api_keys', id=user_id))

        response.mustcontain(api_key)

        response.mustcontain('expires: never')

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        response = response.follow()

        response.mustcontain(no=[api_key])

        with mock.patch('kallithea.CONFIG', whitelist):

            self.assertEqual(['ChangesetController:changeset_raw'],

                             whitelist['api_access_controllers_whitelist'])

            new_api_key = ApiKeyModel().create(TEST_USER_ADMIN_LOGIN, u'test')

            Session().commit()

            new_api_key.expires = 0

            Session().add(new_api_key)

            Session().commit()

            with fixture.anon_access(False):

                self.app.get(url(controller='changeset',

                                 action='changeset_raw',

    ])

    def test_my_account_add_api_keys(self, desc, lifetime):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        try:

            response = response.follow()

            user = User.get(usr['user_id'])

            for api_key in user.api_keys:

                response.mustcontain(api_key)

        finally:

    def test_my_account_remove_api_key(self):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

        response = response.follow()

        #now delete our key

        keys = UserApiKeys.query().all()

        self.assertEqual(1, len(keys))

        response = self.app.post(url('my_account_api_keys'),

                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        keys = UserApiKeys.query().all()

        self.assertEqual(0, len(keys))

    def test_my_account_reset_main_api_key(self):

        usr = self.log_user('test_regular2', 'test12')

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(api_key)

        response.mustcontain('expires: never')

        response = self.app.post(url('my_account_api_keys'),

                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        response = response.follow()

        response.mustcontain(no=[api_key])