(_(u"hour"), 3600),

                 (_(u"minute"), 60),

                 (_(u"second"), 1), ]

    age = datetime.now() - curdate

    age_seconds = (age.days * agescales[2][1]) + age.seconds

    pos = 1

    for scale in agescales:

        if scale[1] <= age_seconds:

            if pos == 6:pos = 5

            return '%s %s' % (time_ago_in_words(curdate,

                                                agescales[pos][0]), _('ago'))

        pos += 1

    return _(u'just now')

def uri_filter(uri):

    """

    Removes user:password from given url string

    :param uri:

    :rtype: unicode

    :returns: filtered list of strings  

    """

    if not uri:

        return ''

    proto = ''

    for pat in ('https://', 'http://'):

        if uri.startswith(pat):

            uri = uri[len(pat):]

            proto = pat

            break

    # remove passwords and username

    uri = uri[uri.find('@') + 1:]

    # get the port

    cred_pos = uri.find(':')

    if cred_pos == -1:

        host, port = uri, None

    else:

        host, port = uri[:cred_pos], uri[cred_pos + 1:]

    return filter(None, [proto, host, port])

def credentials_filter(uri):

    """

    Returns a url with removed credentials

    :param uri:

    """

    uri = uri_filter(uri)

    #check if we have port

    if len(uri) > 2 and uri[2]:

        uri[2] = ':' + uri[2]

    return ''.join(uri)

def get_changeset_safe(repo, rev):

    """

    Safe version of get_changeset if this changeset doesn't exists for a 

    repo it returns a Dummy one instead

    :param repo:

    :param rev:

    """

    from vcs.backends.base import BaseRepository

    from vcs.exceptions import RepositoryError

    if not isinstance(repo, BaseRepository):

        raise Exception('You must pass an Repository '

                        'object as first argument got %s', type(repo))

    try:

        cs = repo.get_changeset(rev)

    except RepositoryError:

        from rhodecode.lib.utils import EmptyChangeset

        cs = EmptyChangeset(requested_revision=rev)

    return cs

def get_current_revision(quiet=False):

    """

    Returns tuple of (number, id) from repository containing this package

    or None if repository could not be found.

    :param quiet: prints error for fetching revision if True

    """

    try:

        from vcs import get_repo

        from vcs.utils.helpers import get_scm

        repopath = os.path.join(os.path.dirname(__file__), '..', '..')

        scm = get_scm(repopath)[0]

        repo = get_repo(path=repopath, alias=scm)

        tip = repo.get_changeset()

        return (tip.revision, tip.short_id)

        if not quiet:

            print ("Cannot retrieve rhodecode's revision. Original error "

                   "was: %s" % err)

        return None

# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.changelog

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    RhodeCode authentication library for LDAP

    :created_on: Created on Nov 17, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \

    LdapPasswordError

log = logging.getLogger(__name__)

try:

    import ldap

except ImportError:

    # means that python-ldap is not installed

    pass

class AuthLdap(object):

    def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',

                 tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,

                 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',

                 search_scope='SUBTREE',

                 attr_login='uid'):

        self.ldap_version = ldap_version

        ldap_server_type = 'ldap'

        self.TLS_KIND = tls_kind

        if self.TLS_KIND == 'LDAPS':

            port = port or 689

            ldap_server_type = ldap_server_type + 's'

        self.LDAP_SERVER_ADDRESS = server

        self.LDAP_SERVER_PORT = port

        #USE FOR READ ONLY BIND TO LDAP SERVER

        self.LDAP_BIND_DN = bind_dn

        self.LDAP_BIND_PASS = bind_pass

        self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,

                                               self.LDAP_SERVER_ADDRESS,

                                               self.LDAP_SERVER_PORT)

        self.BASE_DN = base_dn

        self.LDAP_FILTER = ldap_filter

        self.attr_login = attr_login

    def authenticate_ldap(self, username, password):

        """Authenticate a user via LDAP and return his/her LDAP properties.

        Raises AuthenticationError if the credentials are rejected, or

        EnvironmentError if the LDAP server can't be reached.

        :param username: username

        :param password: password

        """

        from rhodecode.lib.helpers import chop_at

        uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)

        if "," in username:

            raise LdapUsernameError("invalid character in username: ,")

        try:

            ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)

            ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)

            ldap.set_option(ldap.OPT_TIMEOUT, 20)

            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)

            ldap.set_option(ldap.OPT_TIMELIMIT, 15)

            if self.TLS_KIND != 'PLAIN':

                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)

            server = ldap.initialize(self.LDAP_SERVER)

            if self.ldap_version == 2:

                server.protocol = ldap.VERSION2

            else:

                server.protocol = ldap.VERSION3

            if self.TLS_KIND == 'START_TLS':

                server.start_tls_s()

            if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

                server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)

            filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,

                                     username)

            log.debug("Authenticating %r filt %s at %s", self.BASE_DN,

                      filt, self.LDAP_SERVER)

            lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,

                                           filt)

            if not lobjects:

                raise ldap.NO_SUCH_OBJECT()

            for (dn, _attrs) in lobjects:

                if dn is None:

                    continue

                try:

                    server.simple_bind_s(dn, password)

                    attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,

                                                '(objectClass=*)')[0][1]

                    break

                except ldap.INVALID_CREDENTIALS, e:

                    log.debug("LDAP rejected password for user '%s' (%s): %s",

                              uid, username, dn)

            else:

                log.debug("No matching LDAP objects for authentication "

                          "of '%s' (%s)", uid, username)

                raise LdapPasswordError()

        except ldap.NO_SUCH_OBJECT, e:

            log.debug("LDAP says no such user '%s' (%s)", uid, username)

            raise LdapUsernameError()

        except ldap.SERVER_DOWN, e:

            raise LdapConnectionError("LDAP can't access "

                                      "authentication server")

        return (dn, attrs)

            new_user = cls()

            for k, v in form_data.items():

                if k == 'password':

                    v = get_crypt_password(v)

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            Session.add(new_user)

            Session.commit()

            return new_user

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

class UserLog(Base, BaseModel):

    __tablename__ = 'user_logs'

    __table_args__ = {'extend_existing':True}

    user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)

    @property

    def action_as_day(self):

        return date(*self.action_date.timetuple()[:3])

    user = relationship('User')

    repository = relationship('Repository')

class UsersGroup(Base, BaseModel):

    __tablename__ = 'users_groups'

    __table_args__ = {'extend_existing':True}

    users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)

    members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")

    def __repr__(self):

        return '<userGroup(%s)>' % (self.users_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        if case_insensitive:

            gr = Session.query(cls)\

            .filter(cls.users_group_name.ilike(group_name))

        else:

            gr = Session.query(UsersGroup)\

                .filter(UsersGroup.users_group_name == group_name)

        if cache:

            gr = gr.options(FromCache("sql_cache_short",

                                          "get_user_%s" % group_name))

        return gr.scalar()

    @classmethod

    def get(cls, users_group_id, cache=False):

        users_group = Session.query(cls)

        if cache:

            users_group = users_group.options(FromCache("sql_cache_short",

                                    "get_users_group_%s" % users_group_id))

        return users_group.get(users_group_id)

    @classmethod

    def create(cls, form_data):

        try:

            new_users_group = cls()

            for k, v in form_data.items():

                setattr(new_users_group, k, v)

            Session.add(new_users_group)

            Session.commit()

            return new_users_group

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

    @classmethod

    def update(cls, users_group_id, form_data):

        try:

            users_group = cls.get(users_group_id, cache=False)

            for k, v in form_data.items():

                if k == 'users_group_members':

                    users_group.members = []

                    Session.flush()

                    members_list = []

                    if v:

                        for u_id in set(v):

                    setattr(users_group, 'members', members_list)

                setattr(users_group, k, v)

            Session.add(users_group)

            Session.commit()

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

    @classmethod

    def delete(cls, users_group_id):

        try:

            # check if this group is not assigned to repo

            assigned_groups = UsersGroupRepoToPerm.query()\

                .filter(UsersGroupRepoToPerm.users_group_id ==

                        users_group_id).all()

            if assigned_groups:

                raise UsersGroupsAssignedException('Group assigned to %s' %

                                                   assigned_groups)

            users_group = cls.get(users_group_id, cache=False)

            Session.delete(users_group)

            Session.commit()

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

class UsersGroupMember(Base, BaseModel):

    __tablename__ = 'users_groups_members'

    __table_args__ = {'extend_existing':True}

    users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    user = relationship('User', lazy='joined')

    users_group = relationship('UsersGroup')

    def __init__(self, gr_id='', u_id=''):

        self.users_group_id = gr_id

        self.user_id = u_id

class Repository(Base, BaseModel):

    __tablename__ = 'repositories'

    __table_args__ = (UniqueConstraint('repo_name'), {'extend_existing':True},)

    repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    repo_name = Column("repo_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    clone_uri = Column("clone_uri", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)

    repo_type = Column("repo_type", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)

    private = Column("private", Boolean(), nullable=True, unique=None, default=None)

    enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)

    enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)

    description = Column("description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)

    fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)

    group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)

    user = relationship('User')

    fork = relationship('Repository', remote_side=repo_id)

    group = relationship('Group')

    repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id')

    users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')

    stats = relationship('Statistics', cascade='all', uselist=False)

    followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')

    logs = relationship('UserLog', cascade='all')

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.repo_id, self.repo_name)

    @classmethod

    def url_sep(cls):

        return '/'

    @classmethod

    def get_by_repo_name(cls, repo_name):

        q = Session.query(cls).filter(cls.repo_name == repo_name)

        q = q.options(joinedload(Repository.fork))\

                .options(joinedload(Repository.user))\

                .options(joinedload(Repository.group))\

        return q.one()

    @classmethod