def credentials_filter(uri):

    """

    Returns a url with removed credentials

    :param uri:

    """

    uri = uri_filter(uri)

    #check if we have port

    if len(uri) > 2 and uri[2]:

        uri[2] = ':' + uri[2]

    return ''.join(uri)

def get_changeset_safe(repo, rev):

    """

    Safe version of get_changeset if this changeset doesn't exists for a 

    repo it returns a Dummy one instead

    :param repo:

    :param rev:

    """

    from vcs.backends.base import BaseRepository

    from vcs.exceptions import RepositoryError

    if not isinstance(repo, BaseRepository):

        raise Exception('You must pass an Repository '

                        'object as first argument got %s', type(repo))

    try:

        cs = repo.get_changeset(rev)

    except RepositoryError:

        from rhodecode.lib.utils import EmptyChangeset

        cs = EmptyChangeset(requested_revision=rev)

    return cs

def get_current_revision(quiet=False):

    """

    Returns tuple of (number, id) from repository containing this package

    or None if repository could not be found.

    :param quiet: prints error for fetching revision if True

    """

    try:

        from vcs import get_repo

        from vcs.utils.helpers import get_scm

        repopath = os.path.join(os.path.dirname(__file__), '..', '..')

        scm = get_scm(repopath)[0]

        repo = get_repo(path=repopath, alias=scm)

        tip = repo.get_changeset()

        return (tip.revision, tip.short_id)

        if not quiet:

            print ("Cannot retrieve rhodecode's revision. Original error "

                   "was: %s" % err)

        return None

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \

    LdapPasswordError

log = logging.getLogger(__name__)

try:

    import ldap

except ImportError:

    # means that python-ldap is not installed

    pass

class AuthLdap(object):

    def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',

                 tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,

                 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',

                 search_scope='SUBTREE',

                 attr_login='uid'):

        self.ldap_version = ldap_version

        ldap_server_type = 'ldap'

        self.TLS_KIND = tls_kind

        if self.TLS_KIND == 'LDAPS':

            port = port or 689

            ldap_server_type = ldap_server_type + 's'

        self.LDAP_SERVER_ADDRESS = server

        self.LDAP_SERVER_PORT = port

        #USE FOR READ ONLY BIND TO LDAP SERVER

        self.LDAP_BIND_DN = bind_dn

        self.LDAP_BIND_PASS = bind_pass

        self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,

                                               self.LDAP_SERVER_ADDRESS,

                                               self.LDAP_SERVER_PORT)

        self.BASE_DN = base_dn

        self.LDAP_FILTER = ldap_filter

        self.attr_login = attr_login

    def authenticate_ldap(self, username, password):

        """Authenticate a user via LDAP and return his/her LDAP properties.

        Raises AuthenticationError if the credentials are rejected, or

        EnvironmentError if the LDAP server can't be reached.

        :param username: username

        :param password: password

        """

        from rhodecode.lib.helpers import chop_at

        uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)

        if "," in username:

            raise LdapUsernameError("invalid character in username: ,")

        try:

            ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)

            ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)

            ldap.set_option(ldap.OPT_TIMEOUT, 20)

            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)

            ldap.set_option(ldap.OPT_TIMELIMIT, 15)

            if self.TLS_KIND != 'PLAIN':

                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)

            server = ldap.initialize(self.LDAP_SERVER)

            if self.ldap_version == 2:

                server.protocol = ldap.VERSION2

            else:

                server.protocol = ldap.VERSION3

            if self.TLS_KIND == 'START_TLS':

                server.start_tls_s()

            if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

                server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)

            filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,

                                     username)

            log.debug("Authenticating %r filt %s at %s", self.BASE_DN,

                      filt, self.LDAP_SERVER)

            lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,

                                           filt)

            if not lobjects:

                raise ldap.NO_SUCH_OBJECT()

            for (dn, _attrs) in lobjects:

                if dn is None:

                    continue

                try:

                    server.simple_bind_s(dn, password)

                    attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,

                                                '(objectClass=*)')[0][1]

                    break

                except ldap.INVALID_CREDENTIALS, e:

                    log.debug("LDAP rejected password for user '%s' (%s): %s",

                              uid, username, dn)

            else:

                log.debug("No matching LDAP objects for authentication "

                          "of '%s' (%s)", uid, username)

                raise LdapPasswordError()

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        if case_insensitive:

            gr = Session.query(cls)\

            .filter(cls.users_group_name.ilike(group_name))

        else:

            gr = Session.query(UsersGroup)\

                .filter(UsersGroup.users_group_name == group_name)

        if cache:

            gr = gr.options(FromCache("sql_cache_short",

                                          "get_user_%s" % group_name))

        return gr.scalar()

    @classmethod

    def get(cls, users_group_id, cache=False):

        users_group = Session.query(cls)

        if cache:

            users_group = users_group.options(FromCache("sql_cache_short",

                                    "get_users_group_%s" % users_group_id))

        return users_group.get(users_group_id)

    @classmethod

    def create(cls, form_data):

        try:

            new_users_group = cls()

            for k, v in form_data.items():

                setattr(new_users_group, k, v)

            Session.add(new_users_group)

            Session.commit()

            return new_users_group

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

    @classmethod

    def update(cls, users_group_id, form_data):

        try:

            users_group = cls.get(users_group_id, cache=False)

            for k, v in form_data.items():

                if k == 'users_group_members':

                    users_group.members = []

                    Session.flush()

                    members_list = []

                    if v:

                        for u_id in set(v):

                    setattr(users_group, 'members', members_list)

                setattr(users_group, k, v)

            Session.add(users_group)

            Session.commit()

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

    @classmethod

    def delete(cls, users_group_id):

        try:

            # check if this group is not assigned to repo

            assigned_groups = UsersGroupRepoToPerm.query()\

                .filter(UsersGroupRepoToPerm.users_group_id ==

                        users_group_id).all()

            if assigned_groups:

                raise UsersGroupsAssignedException('Group assigned to %s' %

                                                   assigned_groups)

            users_group = cls.get(users_group_id, cache=False)

            Session.delete(users_group)

            Session.commit()

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

class UsersGroupMember(Base, BaseModel):

    __tablename__ = 'users_groups_members'

    __table_args__ = {'extend_existing':True}

    users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    user = relationship('User', lazy='joined')

    users_group = relationship('UsersGroup')

    def __init__(self, gr_id='', u_id=''):

        self.users_group_id = gr_id

        self.user_id = u_id

class Repository(Base, BaseModel):