#  either by editing here or by creating a new file:

#  echo "BRAND = 'rhodecode'" > kallithea/brand.py

BRAND = "kallithea"

try:

    from kallithea.brand import BRAND

except ImportError:

    pass

# Prefix for the ui and settings table names

DB_PREFIX = (BRAND + "_") if BRAND != "kallithea" else ""

try:

    from kallithea.lib import get_current_revision

    _rev = get_current_revision(quiet=True)

    if _rev and len(VERSION) > 3:

        VERSION += ('%s' % _rev[0],)

except ImportError:

    pass

__version__ = ('.'.join((str(each) for each in VERSION[:3])))

__dbversion__ = 31  # defines current db version for migrations

__platform__ = platform.system()

__license__ = 'GPLv3'

import time

import logging

import traceback

import formencode

from sqlalchemy import func, or_

from formencode import htmlfill

from pylons import request, tmpl_context as c, url

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

from kallithea.lib import helpers as h

from kallithea.lib.auth import LoginRequired, NotAnonymous, AuthUser

from kallithea.lib.base import BaseController, render

from kallithea.lib.utils2 import generate_api_key, safe_int

from kallithea.lib.compat import json

from kallithea.model.db import Repository, PullRequest, PullRequestReviewers, \

    UserEmailMap, UserApiKeys, User, UserFollowing

from kallithea.model.forms import UserForm, PasswordChangeForm

from kallithea.model.user import UserModel

from kallithea.model.repo import RepoModel

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.meta import Session

    @LoginRequired()

    @NotAnonymous()

    def __before__(self):

        super(MyAccountController, self).__before__()

    def __load_data(self):

        c.user = User.get(self.authuser.user_id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            return redirect(url('users'))

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = [x.follows_repository for x in

                          Session().query(UserFollowing).filter(

                              UserFollowing.user_id ==

                              self.authuser.user_id).all()]

        else:

            admin = True

            repos_list = Session().query(Repository)\

                         .filter(Repository.user_id ==

                             old_data={'user_id': self.authuser.user_id,

                                       'email': self.authuser.email})()

            form_result = {}

            try:

                post_data = dict(request.POST)

                post_data['new_password'] = ''

                post_data['password_confirmation'] = ''

                form_result = _form.to_python(post_data)

                # skip updating those attrs for my account

                skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',

                              'new_password', 'password_confirmation']

                #TODO: plugin should define if username can be updated

                    # forbid updating username for external accounts

                    skip_attrs.append('username')

                UserModel().update(self.authuser.user_id, form_result,

                                   skip_attrs=skip_attrs)

                h.flash(_('Your account was updated successfully'),

                        category='success')

                Session().commit()

                update = True

            except formencode.Invalid, errors:

                return htmlfill.render(

        user_model = UserModel()

        c.user = user_model.get(id)

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            skip_attrs = ['extern_type', 'extern_name']

            #TODO: plugin should define if username can be updated

                # forbid updating username for external accounts

                skip_attrs.append('username')

            user_model.update(id, form_result, skip_attrs=skip_attrs)

            usr = form_result['username']

            action_logger(self.authuser, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session().commit()

        except formencode.Invalid, errors:

            defaults = errors.value

            e = errors.error_dict or {}

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.active = 'profile'

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

:created_on: Aug 20, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import time

import traceback

import logging

from sqlalchemy import or_

from kallithea.controllers.api import JSONRPCController, JSONRPCError

from kallithea.lib.auth import (

    PasswordGenerator, AuthUser, HasPermissionAllDecorator,

    HasPermissionAnyDecorator, HasPermissionAnyApi, HasRepoPermissionAnyApi,

    HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAny)

from kallithea.lib.utils import map_groups, repo2db_mapper

from kallithea.lib.utils2 import (

    str2bool, time_to_datetime, safe_int, Optional, OAttr)

from kallithea.model.meta import Session

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.scm import ScmModel, UserGroupList

from kallithea.model.repo import RepoModel

        result = []

        users_list = User.query().order_by(User.username) \

            .filter(User.username != User.DEFAULT_USER) \

            .all()

        for user in users_list:

            result.append(user.get_api_data())

        return result

    @HasPermissionAllDecorator('hg.admin')

    def create_user(self, apiuser, username, email, password=Optional(''),

                    firstname=Optional(''), lastname=Optional(''),

                    active=Optional(True), admin=Optional(False),

        """

        Creates new user. Returns new user object. This command can

        be executed only using api_key belonging to user with admin rights.

        :param apiuser: filled automatically from apikey

        :type apiuser: AuthUser

        :param username: new username

        :type username: str or int

        :param email: email

        :type email: str

        :param password: password

        :type password: Optional(str)

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Authentication modules

"""

import logging

import traceback

from kallithea.lib.compat import importlib

from kallithea.lib.utils2 import str2bool

from kallithea.lib.compat import formatted_json, hybrid_property

from kallithea.lib.auth import PasswordGenerator

from kallithea.model.user import UserModel

from kallithea.model.db import Setting, User, UserGroup

from kallithea.model.meta import Session

from kallithea.model.user_group import UserGroupModel

log = logging.getLogger(__name__)

def importplugin(plugin):

    """

    Imports and returns the authentication plugin in the module named by plugin

    (e.g., plugin='kallithea.lib.auth_modules.auth_internal'). Returns the

    KallitheaAuthPluginBase subclass on success, raises exceptions on failure.

    raises:

        AttributeError -- no KallitheaAuthPlugin class in the module

        TypeError -- if the KallitheaAuthPlugin is not a subclass of ours KallitheaAuthPluginBase

        ImportError -- if we couldn't import the plugin at all

    """

    log.debug("Importing %s" % plugin)

    PLUGIN_CLASS_NAME = "KallitheaAuthPlugin"

    try:

        module = importlib.import_module(plugin)

    except (ImportError, TypeError):

        log.error(traceback.format_exc())

        # TODO: make this more error prone, if by some accident we screw up

        # the plugin name, the crash is preatty bad and hard to recover

        raise

    log.debug("Loaded auth plugin from %s (module:%s, file:%s)"

              % (plugin, module.__name__, module.__file__))

Kallithea authentication plugin for built in internal auth

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Created on Nov 17, 2012

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

from kallithea.lib import auth_modules

from kallithea.lib.compat import formatted_json, hybrid_property

from kallithea.model.db import User

log = logging.getLogger(__name__)

class KallitheaAuthPlugin(auth_modules.KallitheaAuthPluginBase):

    def __init__(self):

        pass

    @hybrid_property

    def name(self):

    def settings(self):

        return []

    def user_activation_state(self):

        def_user_perms = User.get_default_user().AuthUser.permissions['global']

        return 'hg.register.auto_activate' in def_user_perms

    def accepts(self, user, accepts_empty=True):

        """

        Custom accepts for this auth that doesn't accept empty users. We

        know that user exisits in database.

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import sys

import time

import uuid

import logging

from os.path import dirname as dn, join as jn

import datetime

from kallithea.model.user import UserModel

from kallithea.lib.utils import ask_ok

from kallithea.model import init_model

from kallithea.model.db import User, Permission, Ui, \

    Setting, UserToPerm, DbMigrateVersion, RepoGroup, \

    UserRepoGroupToPerm, CacheInvalidation, UserGroup, Repository

from sqlalchemy.engine import create_engine

from kallithea.model.repo_group import RepoGroupModel

#from kallithea.model import meta

from kallithea.model.meta import Session, Base

from kallithea.model.repo import RepoModel

            self.sa.add(sett)

        self.create_auth_plugin_options()

        self.create_default_options()

        log.info('created ui config')

    def create_user(self, username, password, email='', admin=False):

        log.info('creating user %s' % username)

        UserModel().create_or_update(username, password, email,

                                     firstname='Kallithea', lastname='Admin',

                                     active=True, admin=admin,

    def create_default_user(self):

        log.info('creating default user')

        # create default user for handling default permissions.

        user = UserModel().create_or_update(username=User.DEFAULT_USER,

                                            password=str(uuid.uuid1())[:20],

                                            email='anonymous@kallithea-scm.org',

                                            firstname='Anonymous',

                                            lastname='User')

        # based on configuration options activate/deactive this user which

        # controlls anonymous access

        if self.cli_args.get('public_access') is False:

import logging

import datetime

from sqlalchemy import *

from sqlalchemy.exc import DatabaseError

from sqlalchemy.orm import relation, backref, class_mapper, joinedload

from sqlalchemy.orm.session import Session

from sqlalchemy.ext.declarative import declarative_base

from kallithea.lib.dbmigrate.migrate import *

from kallithea.lib.dbmigrate.migrate.changeset import *

from kallithea.model.meta import Base

from kallithea.model import meta

from kallithea.lib.dbmigrate.versions import _reset_base, notify

log = logging.getLogger(__name__)

def upgrade(migrate_engine):

    """

    for usr in models.User.get_all():

        usr.created_on = datetime.datetime.now()

        _SESSION().add(usr)

        _SESSION().commit()

    notify('Migrating LDAP attribute to extern')

    for usr in models.User.get_all():

        ldap_dn = usr.ldap_dn

        if ldap_dn:

            usr.extern_name = ldap_dn

            usr.extern_type = 'ldap'

        else:

        _SESSION().add(usr)

        _SESSION().commit()

import logging

import datetime

from sqlalchemy import *

from sqlalchemy.exc import DatabaseError

from sqlalchemy.orm import relation, backref, class_mapper, joinedload

from sqlalchemy.orm.session import Session

from sqlalchemy.ext.declarative import declarative_base

from kallithea.lib.dbmigrate.migrate import *

from kallithea.lib.dbmigrate.migrate.changeset import *

from kallithea.lib.utils2 import str2bool

from kallithea.model.meta import Base

from kallithea.model import meta

from kallithea.lib.dbmigrate.versions import _reset_base, notify

log = logging.getLogger(__name__)

def upgrade(migrate_engine):

    fixups(db_2_0_1, meta.Session)

def downgrade(migrate_engine):

    meta = MetaData()

    meta.bind = migrate_engine

def fixups(models, _SESSION):

    #fix all empty extern type users to default 'internal'

    for usr in models.User.query().all():

        if not usr.extern_name:

            _SESSION().add(usr)

            _SESSION().commit()

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

from pylons import url

from pylons.i18n.translation import _

from sqlalchemy.exc import DatabaseError

from kallithea.lib.utils2 import safe_unicode, generate_api_key, get_current_authuser

from kallithea.lib.caching_query import FromCache

from kallithea.model import BaseModel

from kallithea.model.db import User, UserToPerm, Notification, \

    UserEmailMap, UserIpMap

from kallithea.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

            if not edit:

                log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_registration(self, form_data):

        from kallithea.model.notification import NotificationModel

        try:

            form_data['admin'] = False

            new_user = self.create(form_data)

            self.sa.add(new_user)

            self.sa.flush()

            # notification to admins

            subject = _('New user registration')

            body = ('New user registration\n'

                    '---------------------\n'

                    '- Username: %s\n'

                    '- Full Name: %s\n'

                    '- Email: %s\n')

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update your user email address.')}

                    [${_('current IP')}: ${c.perm_user.ip_addr or "?"}]

                %endif

               </p>

           </div>

         </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

                <% readonly = "readonly" %>

                <% disabled = " disabled" %>

                <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>

           %endif

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                  ${h.text('username',class_='medium%s' % disabled, readonly=readonly)}

                  ${h.hidden('extern_name', c.extern_name)}

                  ${h.hidden('extern_type', c.extern_type)}

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update this user email address.')}

                        ##show current ip just if we show ourself

                        %if c.authuser.username == c.user.username:

                            [${_('current IP')}: ${c.perm_user.ip_addr or "?"}]

                        %endif

                %endif

           </div>

        </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

             <div class="field">

               <% readonly = "readonly" %>

               <% disabled = " disabled" %>

               <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.extern_type)}.</strong>

             </div>

            %endif

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">