index_dir = %(here)s/data/index

app_instance_uuid = ${app_instance_uuid}

cut_off_limit = 256000

force_https = false 

commit_parse_limit = 50

use_gravatar = true

####################################

###        CELERY CONFIG        ####

####################################

use_celery = false

broker.host = localhost

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

class  AuthUser(object):

    """

    A simple object that handles all attributes of user in RhodeCode

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

        self.user_id = user_id

        self.api_key = None

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self._api_key = api_key

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

        self.anonymous_user = User.get_by_username('default')

        if self._api_key and self._api_key != self.anonymous_user.api_key:

            #try go get user by api key

            log.debug('Auth User lookup by API KEY %s', self._api_key)

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            else:

        log.debug('Auth User is now %s', self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

import logging

import time

from pylons import config, tmpl_context as c, request, session, url

from pylons.controllers import WSGIController

from pylons.controllers.util import redirect

from pylons.templating import render_mako as render

from rhodecode import __version__

from rhodecode.lib.utils import get_repo_slug

from rhodecode.model import meta

from rhodecode.model.scm import ScmModel

from rhodecode import BACKENDS

from rhodecode.model.db import Repository

        # available in environ['pylons.routes_dict']

        start = time.time()

        try:

            # putting this here makes sure that we update permissions each time

            api_key = request.GET.get('api_key')

            user_id = getattr(session.get('rhodecode_user'), 'user_id', None)

                                        getattr(session.get('rhodecode_user'),

                                       'is_authenticated', False))

            session['rhodecode_user'] = self.rhodecode_user

            session.save()

            return WSGIController.__call__(self, environ, start_response)

        finally:

#==============================================================================

# GRAVATAR URL

#==============================================================================

def gravatar_url(email_address, size=30):

    if not str2bool(config['app_conf'].get('use_gravatar')) or \

        return url("/images/user%s.png" % size)

    ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')

    default = 'identicon'

    baseurl_nossl = "http://www.gravatar.com/avatar/"

    baseurl_ssl = "https://secure.gravatar.com/avatar/"

from dulwich.web import HTTPGitApplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib import safe_str

from rhodecode.lib.utils import invalidate_cache, is_valid_repo

from rhodecode.model.db import User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

log = logging.getLogger(__name__)

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if action in ['pull', 'push']:

                    try:

                        user = self.__get_user(username)

                            return HTTPForbidden()(environ, start_response)                        

                        username = user.username

                    except:

                        log.error(traceback.format_exc())

                        return HTTPInternalServerError()(environ,

                                                         start_response)

from mercurial.hgweb import hgweb_mod

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib import safe_str

from rhodecode.lib.utils import make_ui, invalidate_cache, \

    is_valid_repo, ui_sections

from rhodecode.model.db import User

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM

                # BASIC AUTH

                #==============================================================

                if action in ['pull', 'push']:

                    try:

                        user = self.__get_user(username)

                            return HTTPForbidden()(environ, start_response)

                        username = user.username

                    except:

                        log.error(traceback.format_exc())

                        return HTTPInternalServerError()(environ,

                                                         start_response)

            return new_user

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_ldap(self, username, password, user_dn, attrs):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

                log.debug('filling %s data', dbuser)

                for k, v in dbuser.get_dict().items():

                    setattr(auth_user, k, v)

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

    def fill_perms(self, user):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups