self.passwd = ''.join([random.choice(type) for _ in xrange(len)])

        return self.passwd

def get_crypt_password(password):

    """Cryptographic function used for password hashing based on sha1

    :param password: password to hash

    """

    return bcrypt.hashpw(password, bcrypt.gensalt(10))

def check_password(password, hashed):

    return bcrypt.hashpw(password, hashed) == hashed

def authfunc(environ, username, password):

    """

    Authentication function used in Mercurial/Git/ and access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param environ: needed only for using in Basic auth, can be None

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    if user is not None and user.is_ldap is False:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly', username)

                return True

            elif user.username == username and check_password(password, user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.error('user %s is disabled', username)

    else:

        #since ldap is searching in case insensitive check if this user is still

        #not in our system

        username = username.lower()

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and user_obj.is_ldap is False:

            return False

        from rhodecode.model.settings import SettingsModel

        ldap_settings = SettingsModel().get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IN ENABLE                

        #======================================================================

        if ldap_settings.get('ldap_active', False):

            kwargs = {

                  'server':ldap_settings.get('ldap_host', ''),

                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

                  'port':ldap_settings.get('ldap_port'),

                  'bind_dn':ldap_settings.get('ldap_dn_user'),

                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

                  'ldap_version':3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                res = aldap.authenticate_ldap(username, password)

                authenticated = res[1]['uid'][0] == username

                if authenticated and user_model.create_ldap(username, password):

                    log.info('created new ldap user')

                return authenticated

            except (LdapUsernameError, LdapPasswordError):

                return False

            except:

                log.error(traceback.format_exc())

                return False

    return False

class  AuthUser(object):

    """

    A simple object that handles a mercurial username for authentication

    """

    def __init__(self):

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.user_id = None

        self.is_authenticated = False