u/ewong/rhodecode-enterprise-ce-fork Commit - r2017:2c6364ff

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

"""

21

"""

22

The base Controller API

22

The base Controller API

23

Provides the BaseController class for subclassing. And usage in different

23

Provides the BaseController class for subclassing. And usage in different

24

controllers

24

controllers

25

"""

25

"""

26

27

import logging

27

import logging

28

import socket

28

import socket

29

30

import ipaddress

30

import ipaddress

31

import pyramid.threadlocal

31

import pyramid.threadlocal

32

33

from paste.auth.basic import AuthBasicAuthenticator

33

from paste.auth.basic import AuthBasicAuthenticator

34

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception

34

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception

35

from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION

35

from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION

36

from pylons import config, tmpl_context as c, request, session, url

36

from pylons import config, tmpl_context as c, request, session, url

37

from pylons.controllers import WSGIController

37

from pylons.controllers import WSGIController

38

from pylons.controllers.util import redirect

38

from pylons.controllers.util import redirect

39

from pylons.i18n import translation

39

from pylons.i18n import translation

40

# marcink: don't remove this import

40

# marcink: don't remove this import

41

from pylons.templating import render_mako as render # noqa

41

from pylons.templating import render_mako as render # noqa

42

from pylons.i18n.translation import _

42

from pylons.i18n.translation import _

43

from webob.exc import HTTPFound

43

from webob.exc import HTTPFound

44

45

46

import rhodecode

46

import rhodecode

47

from rhodecode.authentication.base import VCS_TYPE

47

from rhodecode.authentication.base import VCS_TYPE

48

from rhodecode.lib import auth, utils2

48

from rhodecode.lib import auth, utils2

49

from rhodecode.lib import helpers as h

49

from rhodecode.lib import helpers as h

50

from rhodecode.lib.auth import AuthUser, CookieStoreWrapper

50

from rhodecode.lib.auth import AuthUser, CookieStoreWrapper

51

from rhodecode.lib.exceptions import UserCreationError

51

from rhodecode.lib.exceptions import UserCreationError

52

from rhodecode.lib.utils import (

52

from rhodecode.lib.utils import (

53

get_repo_slug, set_rhodecode_config, password_changed,

53

get_repo_slug, set_rhodecode_config, password_changed,

54

get_enabled_hook_classes)

54

get_enabled_hook_classes)

55

from rhodecode.lib.utils2 import (

55

from rhodecode.lib.utils2 import (

56

str2bool, safe_unicode, AttributeDict, safe_int, md5, aslist)

56

str2bool, safe_unicode, AttributeDict, safe_int, md5, aslist)

57

from rhodecode.lib.vcs.exceptions import RepositoryRequirementError

57

from rhodecode.lib.vcs.exceptions import RepositoryRequirementError

58

from rhodecode.model import meta

58

from rhodecode.model import meta

59

from rhodecode.model.db import Repository, User, ChangesetComment

59

from rhodecode.model.db import Repository, User, ChangesetComment

60

from rhodecode.model.notification import NotificationModel

60

from rhodecode.model.notification import NotificationModel

61

from rhodecode.model.scm import ScmModel

61

from rhodecode.model.scm import ScmModel

62

from rhodecode.model.settings import VcsSettingsModel, SettingsModel

62

from rhodecode.model.settings import VcsSettingsModel, SettingsModel

63

64

65

log = logging.getLogger(__name__)

65

log = logging.getLogger(__name__)

66

67

68

def _filter_proxy(ip):

68

def _filter_proxy(ip):

69

"""

69

"""

70

Passed in IP addresses in HEADERS can be in a special format of multiple

70

Passed in IP addresses in HEADERS can be in a special format of multiple

71

ips. Those comma separated IPs are passed from various proxies in the

71

ips. Those comma separated IPs are passed from various proxies in the

72

chain of request processing. The left-most being the original client.

72

chain of request processing. The left-most being the original client.

73

We only care about the first IP which came from the org. client.

73

We only care about the first IP which came from the org. client.

74

75

:param ip: ip string from headers

75

:param ip: ip string from headers

76

"""

76

"""

77

if ',' in ip:

77

if ',' in ip:

78

_ips = ip.split(',')

78

_ips = ip.split(',')

79

_first_ip = _ips[0].strip()

79

_first_ip = _ips[0].strip()

80

log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)

80

log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)

81

return _first_ip

81

return _first_ip

82

return ip

82

return ip

83

84

85

def _filter_port(ip):

85

def _filter_port(ip):

86

"""

86

"""

87

Removes a port from ip, there are 4 main cases to handle here.

87

Removes a port from ip, there are 4 main cases to handle here.

88

- ipv4 eg. 127.0.0.1

88

- ipv4 eg. 127.0.0.1

89

- ipv6 eg. ::1

89

- ipv6 eg. ::1

90

- ipv4+port eg. 127.0.0.1:8080

90

- ipv4+port eg. 127.0.0.1:8080

91

- ipv6+port eg. [::1]:8080

91

- ipv6+port eg. [::1]:8080

92

93

:param ip:

93

:param ip:

94

"""

94

"""

95

def is_ipv6(ip_addr):

95

def is_ipv6(ip_addr):

96

if hasattr(socket, 'inet_pton'):

96

if hasattr(socket, 'inet_pton'):

97

try:

97

try:

98

socket.inet_pton(socket.AF_INET6, ip_addr)

98

socket.inet_pton(socket.AF_INET6, ip_addr)

99

except socket.error:

99

except socket.error:

100

return False

100

return False

101

else:

101

else:

102

# fallback to ipaddress

102

# fallback to ipaddress

103

try:

103

try:

104

ipaddress.IPv6Address(ip_addr)

104

ipaddress.IPv6Address(ip_addr)

105

except Exception:

105

except Exception:

106

return False

106

return False

107

return True

107

return True

108

109

if ':' not in ip: # must be ipv4 pure ip

109

if ':' not in ip: # must be ipv4 pure ip

110

return ip

110

return ip

111

112

if '[' in ip and ']' in ip: # ipv6 with port

112

if '[' in ip and ']' in ip: # ipv6 with port

113

return ip.split(']')[0][1:].lower()

113

return ip.split(']')[0][1:].lower()

114

115

# must be ipv6 or ipv4 with port

115

# must be ipv6 or ipv4 with port

116

if is_ipv6(ip):

116

if is_ipv6(ip):

117

return ip

117

return ip

118

else:

118

else:

119

ip, _port = ip.split(':')[:2] # means ipv4+port

119

ip, _port = ip.split(':')[:2] # means ipv4+port

120

return ip

120

return ip

121

122

123

def get_ip_addr(environ):

123

def get_ip_addr(environ):

124

proxy_key = 'HTTP_X_REAL_IP'

124

proxy_key = 'HTTP_X_REAL_IP'

125

proxy_key2 = 'HTTP_X_FORWARDED_FOR'

125

proxy_key2 = 'HTTP_X_FORWARDED_FOR'

126

def_key = 'REMOTE_ADDR'

126

def_key = 'REMOTE_ADDR'

127

_filters = lambda x: _filter_port(_filter_proxy(x))

127

_filters = lambda x: _filter_port(_filter_proxy(x))

128

129

ip = environ.get(proxy_key)

129

ip = environ.get(proxy_key)

130

if ip:

130

if ip:

131

return _filters(ip)

131

return _filters(ip)

132

133

ip = environ.get(proxy_key2)

133

ip = environ.get(proxy_key2)

134

if ip:

134

if ip:

135

return _filters(ip)

135

return _filters(ip)

136

137

ip = environ.get(def_key, '0.0.0.0')

137

ip = environ.get(def_key, '0.0.0.0')

138

return _filters(ip)

138

return _filters(ip)

139

140

141

def get_server_ip_addr(environ, log_errors=True):

141

def get_server_ip_addr(environ, log_errors=True):

142

hostname = environ.get('SERVER_NAME')

142

hostname = environ.get('SERVER_NAME')

143

try:

143

try:

144

return socket.gethostbyname(hostname)

144

return socket.gethostbyname(hostname)

145

except Exception as e:

145

except Exception as e:

146

if log_errors:

146

if log_errors:

147

# in some cases this lookup is not possible, and we don't want to

147

# in some cases this lookup is not possible, and we don't want to

148

# make it an exception in logs

148

# make it an exception in logs

149

log.exception('Could not retrieve server ip address: %s', e)

149

log.exception('Could not retrieve server ip address: %s', e)

150

return hostname

150

return hostname

151

152

153

def get_server_port(environ):

153

def get_server_port(environ):

154

return environ.get('SERVER_PORT')

154

return environ.get('SERVER_PORT')

155

156

157

def get_access_path(environ):

157

def get_access_path(environ):

158

path = environ.get('PATH_INFO')

158

path = environ.get('PATH_INFO')

159

org_req = environ.get('pylons.original_request')

159

org_req = environ.get('pylons.original_request')

160

if org_req:

160

if org_req:

161

path = org_req.environ.get('PATH_INFO')

161

path = org_req.environ.get('PATH_INFO')

162

return path

162

return path

163

164

165

def get_user_agent(environ):

165

def get_user_agent(environ):

166

return environ.get('HTTP_USER_AGENT')

166

return environ.get('HTTP_USER_AGENT')

167

168

169

def vcs_operation_context(

169

def vcs_operation_context(

170

environ, repo_name, username, action, scm, check_locking=True,

170

environ, repo_name, username, action, scm, check_locking=True,

171

is_shadow_repo=False):

171

is_shadow_repo=False):

172

"""

172

"""

173

Generate the context for a vcs operation, e.g. push or pull.

173

Generate the context for a vcs operation, e.g. push or pull.

174

175

This context is passed over the layers so that hooks triggered by the

175

This context is passed over the layers so that hooks triggered by the

176

vcs operation know details like the user, the user's IP address etc.

176

vcs operation know details like the user, the user's IP address etc.

177

178

:param check_locking: Allows to switch of the computation of the locking

178

:param check_locking: Allows to switch of the computation of the locking

179

data. This serves mainly the need of the simplevcs middleware to be

179

data. This serves mainly the need of the simplevcs middleware to be

180

able to disable this for certain operations.

180

able to disable this for certain operations.

181

182

"""

182

"""

183

# Tri-state value: False: unlock, None: nothing, True: lock

183

# Tri-state value: False: unlock, None: nothing, True: lock

184

make_lock = None

184

make_lock = None

185

locked_by = [None, None, None]

185

locked_by = [None, None, None]

186

is_anonymous = username == User.DEFAULT_USER

186

is_anonymous = username == User.DEFAULT_USER

187

if not is_anonymous and check_locking:

187

if not is_anonymous and check_locking:

188

log.debug('Checking locking on repository "%s"', repo_name)

188

log.debug('Checking locking on repository "%s"', repo_name)

189

user = User.get_by_username(username)

189

user = User.get_by_username(username)

190

repo = Repository.get_by_repo_name(repo_name)

190

repo = Repository.get_by_repo_name(repo_name)

191

make_lock, __, locked_by = repo.get_locking_state(

191

make_lock, __, locked_by = repo.get_locking_state(

192

action, user.user_id)

192

action, user.user_id)

193

194

settings_model = VcsSettingsModel(repo=repo_name)

194

settings_model = VcsSettingsModel(repo=repo_name)

195

ui_settings = settings_model.get_ui_settings()

195

ui_settings = settings_model.get_ui_settings()

196

197

extras = {

197

extras = {

198

'ip': get_ip_addr(environ),

198

'ip': get_ip_addr(environ),

199

'username': username,

199

'username': username,

200

'action': action,

200

'action': action,

201

'repository': repo_name,

201

'repository': repo_name,

202

'scm': scm,

202

'scm': scm,

203

'config': rhodecode.CONFIG['__file__'],

203

'config': rhodecode.CONFIG['__file__'],

204

'make_lock': make_lock,

204

'make_lock': make_lock,

205

'locked_by': locked_by,

205

'locked_by': locked_by,

206

'server_url': utils2.get_server_url(environ),

206

'server_url': utils2.get_server_url(environ),

207

'user_agent': get_user_agent(environ),

207

'user_agent': get_user_agent(environ),

208

'hooks': get_enabled_hook_classes(ui_settings),

208

'hooks': get_enabled_hook_classes(ui_settings),

209

'is_shadow_repo': is_shadow_repo,

209

'is_shadow_repo': is_shadow_repo,

210

}

210

}

211

return extras

211

return extras

212

213

214

class BasicAuth(AuthBasicAuthenticator):

214

class BasicAuth(AuthBasicAuthenticator):

215

216

def __init__(self, realm, authfunc, registry, auth_http_code=None,

216

def __init__(self, realm, authfunc, registry, auth_http_code=None,

217

initial_call_detection=False, acl_repo_name=None):

217

initial_call_detection=False, acl_repo_name=None):

218

self.realm = realm

218

self.realm = realm

219

self.initial_call = initial_call_detection

219

self.initial_call = initial_call_detection

220

self.authfunc = authfunc

220

self.authfunc = authfunc

221

self.registry = registry

221

self.registry = registry

222

self.acl_repo_name = acl_repo_name

222

self.acl_repo_name = acl_repo_name

223

self._rc_auth_http_code = auth_http_code

223

self._rc_auth_http_code = auth_http_code

224

225

def _get_response_from_code(self, http_code):

225

def _get_response_from_code(self, http_code):

226

try:

226

try:

227

return get_exception(safe_int(http_code))

227

return get_exception(safe_int(http_code))

228

except Exception:

228

except Exception:

229

log.exception('Failed to fetch response for code %s' % http_code)

229

log.exception('Failed to fetch response for code %s' % http_code)

230

return HTTPForbidden

230

return HTTPForbidden

231

232

def build_authentication(self):

232

def build_authentication(self):

233

head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

233

head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

234

if self._rc_auth_http_code and not self.initial_call:

234

if self._rc_auth_http_code and not self.initial_call:

235

# return alternative HTTP code if alternative http return code

235

# return alternative HTTP code if alternative http return code

236

# is specified in RhodeCode config, but ONLY if it's not the

236

# is specified in RhodeCode config, but ONLY if it's not the

237

# FIRST call

237

# FIRST call

238

custom_response_klass = self._get_response_from_code(

238

custom_response_klass = self._get_response_from_code(

239

self._rc_auth_http_code)

239

self._rc_auth_http_code)

240

return custom_response_klass(headers=head)

240

return custom_response_klass(headers=head)

241

return HTTPUnauthorized(headers=head)

241

return HTTPUnauthorized(headers=head)

242

243

def authenticate(self, environ):

243

def authenticate(self, environ):

244

authorization = AUTHORIZATION(environ)

244

authorization = AUTHORIZATION(environ)

245

if not authorization:

245

if not authorization:

246

return self.build_authentication()

246

return self.build_authentication()

247

(authmeth, auth) = authorization.split(' ', 1)

247

(authmeth, auth) = authorization.split(' ', 1)

248

if 'basic' != authmeth.lower():

248

if 'basic' != authmeth.lower():

249

return self.build_authentication()

249

return self.build_authentication()

250

auth = auth.strip().decode('base64')

250

auth = auth.strip().decode('base64')

251

_parts = auth.split(':', 1)

251

_parts = auth.split(':', 1)

252

if len(_parts) == 2:

252

if len(_parts) == 2:

253

username, password = _parts

253

username, password = _parts

254

if self.authfunc(

254

if self.authfunc(

255

username, password, environ, VCS_TYPE,

255

username, password, environ, VCS_TYPE,

256

registry=self.registry, acl_repo_name=self.acl_repo_name):

256

registry=self.registry, acl_repo_name=self.acl_repo_name):

257

return username

257

return username

258

if username and password:

258

if username and password:

259

# we mark that we actually executed authentication once, at

259

# we mark that we actually executed authentication once, at

260

# that point we can use the alternative auth code

260

# that point we can use the alternative auth code

261

self.initial_call = False

261

self.initial_call = False

262

263

return self.build_authentication()

263

return self.build_authentication()

264

265

__call__ = authenticate

265

__call__ = authenticate

266

267

268

def attach_context_attributes(context, request, user_id, attach_to_request=False):

268

def attach_context_attributes(context, request, user_id, attach_to_request=False):

269

"""

269

"""

270

Attach variables into template context called `c`, please note that

270

Attach variables into template context called `c`, please note that

271

request could be pylons or pyramid request in here.

271

request could be pylons or pyramid request in here.

272

"""

272

"""

273

rc_config = SettingsModel().get_all_settings(cache=True)

273

rc_config = SettingsModel().get_all_settings(cache=True)

274

275

context.rhodecode_version = rhodecode.__version__

275

context.rhodecode_version = rhodecode.__version__

276

context.rhodecode_edition = config.get('rhodecode.edition')

276

context.rhodecode_edition = config.get('rhodecode.edition')

277

# unique secret + version does not leak the version but keep consistency

277

# unique secret + version does not leak the version but keep consistency

278

context.rhodecode_version_hash = md5(

278

context.rhodecode_version_hash = md5(

279

config.get('beaker.session.secret', '') +

279

config.get('beaker.session.secret', '') +

280

rhodecode.__version__)[:8]

280

rhodecode.__version__)[:8]

281

282

# Default language set for the incoming request

282

# Default language set for the incoming request

283

context.language = translation.get_lang()[0]

283

context.language = translation.get_lang()[0]

284

285

# Visual options

285

# Visual options

286

context.visual = AttributeDict({})

286

context.visual = AttributeDict({})

287

288

# DB stored Visual Items

288

# DB stored Visual Items

289

context.visual.show_public_icon = str2bool(

289

context.visual.show_public_icon = str2bool(

290

rc_config.get('rhodecode_show_public_icon'))

290

rc_config.get('rhodecode_show_public_icon'))

291

context.visual.show_private_icon = str2bool(

291

context.visual.show_private_icon = str2bool(

292

rc_config.get('rhodecode_show_private_icon'))

292

rc_config.get('rhodecode_show_private_icon'))

293

context.visual.stylify_metatags = str2bool(

293

context.visual.stylify_metatags = str2bool(

294

rc_config.get('rhodecode_stylify_metatags'))

294

rc_config.get('rhodecode_stylify_metatags'))

295

context.visual.dashboard_items = safe_int(

295

context.visual.dashboard_items = safe_int(

296

rc_config.get('rhodecode_dashboard_items', 100))

296

rc_config.get('rhodecode_dashboard_items', 100))

297

context.visual.admin_grid_items = safe_int(

297

context.visual.admin_grid_items = safe_int(

298

rc_config.get('rhodecode_admin_grid_items', 100))

298

rc_config.get('rhodecode_admin_grid_items', 100))

299

context.visual.repository_fields = str2bool(

299

context.visual.repository_fields = str2bool(

300

rc_config.get('rhodecode_repository_fields'))

300

rc_config.get('rhodecode_repository_fields'))

301

context.visual.show_version = str2bool(

301

context.visual.show_version = str2bool(

302

rc_config.get('rhodecode_show_version'))

302

rc_config.get('rhodecode_show_version'))

303

context.visual.use_gravatar = str2bool(

303

context.visual.use_gravatar = str2bool(

304

rc_config.get('rhodecode_use_gravatar'))

304

rc_config.get('rhodecode_use_gravatar'))

305

context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')

305

context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')

306

context.visual.default_renderer = rc_config.get(

306

context.visual.default_renderer = rc_config.get(

307

'rhodecode_markup_renderer', 'rst')

307

'rhodecode_markup_renderer', 'rst')

308

context.visual.comment_types = ChangesetComment.COMMENT_TYPES

308

context.visual.comment_types = ChangesetComment.COMMENT_TYPES

309

context.visual.rhodecode_support_url = \

309

context.visual.rhodecode_support_url = \

310

rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')

310

rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')

311

312

context.pre_code = rc_config.get('rhodecode_pre_code')

312

context.pre_code = rc_config.get('rhodecode_pre_code')

313

context.post_code = rc_config.get('rhodecode_post_code')

313

context.post_code = rc_config.get('rhodecode_post_code')

314

context.rhodecode_name = rc_config.get('rhodecode_title')

314

context.rhodecode_name = rc_config.get('rhodecode_title')

315

context.default_encodings = aslist(config.get('default_encoding'), sep=',')

315

context.default_encodings = aslist(config.get('default_encoding'), sep=',')

316

# if we have specified default_encoding in the request, it has more

316

# if we have specified default_encoding in the request, it has more

317

# priority

317

# priority

318

if request.GET.get('default_encoding'):

318

if request.GET.get('default_encoding'):

319

context.default_encodings.insert(0, request.GET.get('default_encoding'))

319

context.default_encodings.insert(0, request.GET.get('default_encoding'))

320

context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')

320

context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')

321

322

# INI stored

322

# INI stored

323

context.labs_active = str2bool(

323

context.labs_active = str2bool(

324

config.get('labs_settings_active', 'false'))

324

config.get('labs_settings_active', 'false'))

325

context.visual.allow_repo_location_change = str2bool(

325

context.visual.allow_repo_location_change = str2bool(

326

config.get('allow_repo_location_change', True))

326

config.get('allow_repo_location_change', True))

327

context.visual.allow_custom_hooks_settings = str2bool(

327

context.visual.allow_custom_hooks_settings = str2bool(

328

config.get('allow_custom_hooks_settings', True))

328

config.get('allow_custom_hooks_settings', True))

329

context.debug_style = str2bool(config.get('debug_style', False))

329

context.debug_style = str2bool(config.get('debug_style', False))

330

331

context.rhodecode_instanceid = config.get('instance_id')

331

context.rhodecode_instanceid = config.get('instance_id')

332

333

context.visual.cut_off_limit_diff = safe_int(

333

context.visual.cut_off_limit_diff = safe_int(

334

config.get('cut_off_limit_diff'))

334

config.get('cut_off_limit_diff'))

335

context.visual.cut_off_limit_file = safe_int(

335

context.visual.cut_off_limit_file = safe_int(

336

config.get('cut_off_limit_file'))

336

config.get('cut_off_limit_file'))

337

338

# AppEnlight

338

# AppEnlight

339

context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))

339

context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))

340

context.appenlight_api_public_key = config.get(

340

context.appenlight_api_public_key = config.get(

341

'appenlight.api_public_key', '')

341

'appenlight.api_public_key', '')

342

context.appenlight_server_url = config.get('appenlight.server_url', '')

342

context.appenlight_server_url = config.get('appenlight.server_url', '')

343

344

# JS template context

344

# JS template context

345

context.template_context = {

345

context.template_context = {

346

'repo_name': None,

346

'repo_name': None,

347

'repo_type': None,

347

'repo_type': None,

348

'repo_landing_commit': None,

348

'repo_landing_commit': None,

349

'rhodecode_user': {

349

'rhodecode_user': {

350

'username': None,

350

'username': None,

351

'email': None,

351

'email': None,

352

'notification_status': False

352

'notification_status': False

353

},

353

},

354

'visual': {

354

'visual': {

355

'default_renderer': None

355

'default_renderer': None

356

},

356

},

357

'commit_data': {

357

'commit_data': {

358

'commit_id': None

358

'commit_id': None

359

},

359

},

360

'pull_request_data': {'pull_request_id': None},

360

'pull_request_data': {'pull_request_id': None},

361

'timeago': {

361

'timeago': {

362

'refresh_time': 120 * 1000,

362

'refresh_time': 120 * 1000,

363

'cutoff_limit': 1000 * 60 * 60 * 24 * 7

363

'cutoff_limit': 1000 * 60 * 60 * 24 * 7

364

},

364

},

365

'pylons_dispatch': {

365

'pylons_dispatch': {

366

# 'controller': request.environ['pylons.routes_dict']['controller'],

366

# 'controller': request.environ['pylons.routes_dict']['controller'],

367

# 'action': request.environ['pylons.routes_dict']['action'],

367

# 'action': request.environ['pylons.routes_dict']['action'],

368

},

368

},

369

'pyramid_dispatch': {

369

'pyramid_dispatch': {

370

371

},

371

},

372

'extra': {'plugins': {}}

372

'extra': {'plugins': {}}

373

}

373

}

374

# END CONFIG VARS

374

# END CONFIG VARS

375

376

# TODO: This dosn't work when called from pylons compatibility tween.

376

# TODO: This dosn't work when called from pylons compatibility tween.

377

# Fix this and remove it from base controller.

377

# Fix this and remove it from base controller.

378

# context.repo_name = get_repo_slug(request) # can be empty

378

# context.repo_name = get_repo_slug(request) # can be empty

379

380

diffmode = 'sideside'

380

diffmode = 'sideside'

381

if request.GET.get('diffmode'):

381

if request.GET.get('diffmode'):

382

if request.GET['diffmode'] == 'unified':

382

if request.GET['diffmode'] == 'unified':

383

diffmode = 'unified'

383

diffmode = 'unified'

384

elif request.session.get('diffmode'):

384

elif request.session.get('diffmode'):

385

diffmode = request.session['diffmode']

385

diffmode = request.session['diffmode']

386

387

context.diffmode = diffmode

387

context.diffmode = diffmode

388

389

if request.session.get('diffmode') != diffmode:

389

if request.session.get('diffmode') != diffmode:

390

request.session['diffmode'] = diffmode

390

request.session['diffmode'] = diffmode

391

392

context.csrf_token = auth.get_csrf_token()

392

context.csrf_token = auth.get_csrf_token()

393

context.backends = rhodecode.BACKENDS.keys()

393

context.backends = rhodecode.BACKENDS.keys()

394

context.backends.sort()

394

context.backends.sort()

395

context.unread_notifications = NotificationModel().get_unread_cnt_for_user(user_id)

395

context.unread_notifications = NotificationModel().get_unread_cnt_for_user(user_id)

396

if attach_to_request:

396

if attach_to_request:

397

request.call_context = context

397

request.call_context = context

398

else:

398

else:

399

context.pyramid_request = pyramid.threadlocal.get_current_request()

399

context.pyramid_request = pyramid.threadlocal.get_current_request()

400

401

402

403

def get_auth_user(environ):

403

def get_auth_user(environ):

404

ip_addr = get_ip_addr(environ)

404

ip_addr = get_ip_addr(environ)

405

# make sure that we update permissions each time we call controller

405

# make sure that we update permissions each time we call controller

406

_auth_token = (request.GET.get('auth_token', '') or

406

_auth_token = (request.GET.get('auth_token', '') or

407

request.GET.get('api_key', ''))

407

request.GET.get('api_key', ''))

408

409

if _auth_token:

409

if _auth_token:

410

# when using API_KEY we assume user exists, and

410

# when using API_KEY we assume user exists, and

411

# doesn't need auth based on cookies.

411

# doesn't need auth based on cookies.

412

auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)

412

auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)

413

authenticated = False

413

authenticated = False

414

else:

414

else:

415

cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

415

cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

416

try:

416

try:

417

auth_user = AuthUser(user_id=cookie_store.get('user_id', None),

417

auth_user = AuthUser(user_id=cookie_store.get('user_id', None),

418

ip_addr=ip_addr)

418

ip_addr=ip_addr)

419

except UserCreationError as e:

419

except UserCreationError as e:

420

h.flash(e, 'error')

420

h.flash(e, 'error')

421

# container auth or other auth functions that create users

421

# container auth or other auth functions that create users

422

# on the fly can throw this exception signaling that there's

422

# on the fly can throw this exception signaling that there's

423

# issue with user creation, explanation should be provided

423

# issue with user creation, explanation should be provided

424

# in Exception itself. We then create a simple blank

424

# in Exception itself. We then create a simple blank

425

# AuthUser

425

# AuthUser

426

auth_user = AuthUser(ip_addr=ip_addr)

426

auth_user = AuthUser(ip_addr=ip_addr)

427

428

if password_changed(auth_user, session):

428

if password_changed(auth_user, session):

429

session.invalidate()

429

session.invalidate()

430

cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

430

cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

431

auth_user = AuthUser(ip_addr=ip_addr)

431

auth_user = AuthUser(ip_addr=ip_addr)

432

433

authenticated = cookie_store.get('is_authenticated')

433

authenticated = cookie_store.get('is_authenticated')

434

435

if not auth_user.is_authenticated and auth_user.is_user_object:

435

if not auth_user.is_authenticated and auth_user.is_user_object:

436

# user is not authenticated and not empty

436

# user is not authenticated and not empty

437

auth_user.set_authenticated(authenticated)

437

auth_user.set_authenticated(authenticated)

438

439

return auth_user

439

return auth_user

440

441

442

class BaseController(WSGIController):

442

class BaseController(WSGIController):

443

444

def __before__(self):

444

def __before__(self):

445

"""

445

"""

446

__before__ is called before controller methods and after __call__

446

__before__ is called before controller methods and after __call__

447

"""

447

"""

448

# on each call propagate settings calls into global settings.

448

# on each call propagate settings calls into global settings.

449

set_rhodecode_config(config)

449

set_rhodecode_config(config)

450

attach_context_attributes(c, request, c.rhodecode_user.user_id)

450

attach_context_attributes(c, request, c.rhodecode_user.user_id)

451

452

# TODO: Remove this when fixed in attach_context_attributes()

452

# TODO: Remove this when fixed in attach_context_attributes()

453

c.repo_name = get_repo_slug(request) # can be empty

453

c.repo_name = get_repo_slug(request) # can be empty

454

455

self.cut_off_limit_diff = safe_int(config.get('cut_off_limit_diff'))

455

self.cut_off_limit_diff = safe_int(config.get('cut_off_limit_diff'))

456

self.cut_off_limit_file = safe_int(config.get('cut_off_limit_file'))

456

self.cut_off_limit_file = safe_int(config.get('cut_off_limit_file'))

457

self.sa = meta.Session

457

self.sa = meta.Session

458

self.scm_model = ScmModel(self.sa)

458

self.scm_model = ScmModel(self.sa)

459

460

# set user language

460

# set user language

461

user_lang = getattr(c.pyramid_request, '_LOCALE_', None)

461

user_lang = getattr(c.pyramid_request, '_LOCALE_', None)

462

if user_lang:

462

if user_lang:

463

translation.set_lang(user_lang)

463

translation.set_lang(user_lang)

464

log.debug('set language to %s for user %s',

464

log.debug('set language to %s for user %s',

465

user_lang, self._rhodecode_user)

465

user_lang, self._rhodecode_user)

466

467

def _dispatch_redirect(self, with_url, environ, start_response):

467

def _dispatch_redirect(self, with_url, environ, start_response):

468

resp = HTTPFound(with_url)

468

resp = HTTPFound(with_url)

469

environ['SCRIPT_NAME'] = '' # handle prefix middleware

469

environ['SCRIPT_NAME'] = '' # handle prefix middleware

470

environ['PATH_INFO'] = with_url

470

environ['PATH_INFO'] = with_url

471

return resp(environ, start_response)

471

return resp(environ, start_response)

472

473

def __call__(self, environ, start_response):

473

def __call__(self, environ, start_response):

474

"""Invoke the Controller"""

474

"""Invoke the Controller"""

475

# WSGIController.__call__ dispatches to the Controller method

475

# WSGIController.__call__ dispatches to the Controller method

476

# the request is routed to. This routing information is

476

# the request is routed to. This routing information is

477

# available in environ['pylons.routes_dict']

477

# available in environ['pylons.routes_dict']

478

from rhodecode.lib import helpers as h

478

from rhodecode.lib import helpers as h

479

480

# Provide the Pylons context to Pyramid's debugtoolbar if it asks

480

# Provide the Pylons context to Pyramid's debugtoolbar if it asks

481

if environ.get('debugtoolbar.wants_pylons_context', False):

481

if environ.get('debugtoolbar.wants_pylons_context', False):

482

environ['debugtoolbar.pylons_context'] = c._current_obj()

482

environ['debugtoolbar.pylons_context'] = c._current_obj()

483

484

_route_name = '.'.join([environ['pylons.routes_dict']['controller'],

484

_route_name = '.'.join([environ['pylons.routes_dict']['controller'],

485

environ['pylons.routes_dict']['action']])

485

environ['pylons.routes_dict']['action']])

486

487

self.rc_config = SettingsModel().get_all_settings(cache=True)

487

self.rc_config = SettingsModel().get_all_settings(cache=True)

488

self.ip_addr = get_ip_addr(environ)

488

self.ip_addr = get_ip_addr(environ)

489

490

# The rhodecode auth user is looked up and passed through the

490

# The rhodecode auth user is looked up and passed through the

491

# environ by the pylons compatibility tween in pyramid.

491

# environ by the pylons compatibility tween in pyramid.

492

# So we can just grab it from there.

492

# So we can just grab it from there.

493

auth_user = environ['rc_auth_user']

493

auth_user = environ['rc_auth_user']

494

495

# set globals for auth user

495

# set globals for auth user

496

request.user = auth_user

496

request.user = auth_user

497

c.rhodecode_user = self._rhodecode_user = auth_user

497

c.rhodecode_user = self._rhodecode_user = auth_user

498

499

log.info('IP: %s User: %s accessed %s [%s]' % (

499

log.info('IP: %s User: %s accessed %s [%s]' % (

500

self.ip_addr, auth_user, safe_unicode(get_access_path(environ)),

500

self.ip_addr, auth_user, safe_unicode(get_access_path(environ)),

501

_route_name)

501

_route_name)

502

)

502

)

503

504

user_obj = auth_user.get_instance()

504

user_obj = auth_user.get_instance()

505

if user_obj and user_obj.user_data.get('force_password_change'):

505

if user_obj and user_obj.user_data.get('force_password_change'):

506

h.flash('You are required to change your password', 'warning',

506

h.flash('You are required to change your password', 'warning',

507

ignore_duplicate=True)

507

ignore_duplicate=True)

508

return self._dispatch_redirect(

508

return self._dispatch_redirect(

509

url('my_account_password'), environ, start_response)

509

url('my_account_password'), environ, start_response)

510

511

return WSGIController.__call__(self, environ, start_response)

511

return WSGIController.__call__(self, environ, start_response)

512

513

514

def add_events_routes(config):

514

def add_events_routes(config):

515

"""

515

"""

516

Adds routing that can be used in events. Because some events are triggered

516

Adds routing that can be used in events. Because some events are triggered

517

outside of pyramid context, we need to bootstrap request with some

517

outside of pyramid context, we need to bootstrap request with some

518

routing registered

518

routing registered

519

"""

519

"""

520

config.add_route(name='home', pattern='/')

520

config.add_route(name='home', pattern='/')

521

522

config.add_route(name='repo_summary', pattern='/{repo_name}')

522

config.add_route(name='repo_summary', pattern='/{repo_name}')

523

config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')

523

config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')

524

config.add_route(name='repo_group_home', pattern='/{repo_group_name}')

524

config.add_route(name='repo_group_home', pattern='/{repo_group_name}')

525

526

config.add_route(name='pullrequest_show',

526

config.add_route(name='pullrequest_show',

527

pattern='/{repo_name}/pull-request/{pull_request_id}')

527

pattern='/{repo_name}/pull-request/{pull_request_id}')

528

config.add_route(name='pull_requests_global',

528

config.add_route(name='pull_requests_global',

529

pattern='/pull-request/{pull_request_id}')

529

pattern='/pull-request/{pull_request_id}')

530

531

config.add_route(name='repo_commit',

531

config.add_route(name='repo_commit',

532

pattern='/{repo_name}/changeset/{commit_id}')

532

pattern='/{repo_name}/changeset/{commit_id}')

533

config.add_route(name='repo_files',

533

config.add_route(name='repo_files',

534

pattern='/{repo_name}/files/{commit_id}/{f_path}')

534

pattern='/{repo_name}/files/{commit_id}/{f_path}')

535

536

537

def bootstrap_request():

537

def bootstrap_request(**kwargs):

538

import pyramid.testing

538

import pyramid.testing

539

request = pyramid.testing.DummyRequest()

539

request = pyramid.testing.DummyRequest(**kwargs)

540

request.application_url = kwargs.pop('application_url', 'http://example.com')

541

request.host = kwargs.pop('host', 'example.com:80')

542

request.domain = kwargs.pop('domain', 'example.com')

543

540

config = pyramid.testing.setUp(request=request)

544

config = pyramid.testing.setUp(request=request)

541

add_events_routes(config)

545

add_events_routes(config)

542

546

543

547

544

class BaseRepoController(BaseController):

548

class BaseRepoController(BaseController):

545

"""

549

"""

546

Base class for controllers responsible for loading all needed data for

550

Base class for controllers responsible for loading all needed data for

547

repository loaded items are

551

repository loaded items are

548

552

549

c.rhodecode_repo: instance of scm repository

553

c.rhodecode_repo: instance of scm repository

550

c.rhodecode_db_repo: instance of db

554

c.rhodecode_db_repo: instance of db

551

c.repository_requirements_missing: shows that repository specific data

555

c.repository_requirements_missing: shows that repository specific data

552

could not be displayed due to the missing requirements

556

could not be displayed due to the missing requirements

553

c.repository_pull_requests: show number of open pull requests

557

c.repository_pull_requests: show number of open pull requests

554

"""

558

"""

555

559

556

def __before__(self):

560

def __before__(self):

557

super(BaseRepoController, self).__before__()

561

super(BaseRepoController, self).__before__()

558

if c.repo_name: # extracted from routes

562

if c.repo_name: # extracted from routes

559

db_repo = Repository.get_by_repo_name(c.repo_name)

563

db_repo = Repository.get_by_repo_name(c.repo_name)

560

if not db_repo:

564

if not db_repo:

561

return

565

return

562

566

563

log.debug(

567

log.debug(

564

'Found repository in database %s with state `%s`',

568

'Found repository in database %s with state `%s`',

565

safe_unicode(db_repo), safe_unicode(db_repo.repo_state))

569

safe_unicode(db_repo), safe_unicode(db_repo.repo_state))

566

route = getattr(request.environ.get('routes.route'), 'name', '')

570

route = getattr(request.environ.get('routes.route'), 'name', '')

567

571

568

# allow to delete repos that are somehow damages in filesystem

572

# allow to delete repos that are somehow damages in filesystem

569

if route in ['delete_repo']:

573

if route in ['delete_repo']:

570

return

574

return

571

575

572

if db_repo.repo_state in [Repository.STATE_PENDING]:

576

if db_repo.repo_state in [Repository.STATE_PENDING]:

573

if route in ['repo_creating_home']:

577

if route in ['repo_creating_home']:

574

return

578

return

575

check_url = url('repo_creating_home', repo_name=c.repo_name)

579

check_url = url('repo_creating_home', repo_name=c.repo_name)

576

return redirect(check_url)

580

return redirect(check_url)

577

581

578

self.rhodecode_db_repo = db_repo

582

self.rhodecode_db_repo = db_repo

579

583

580

missing_requirements = False

584

missing_requirements = False

581

try:

585

try:

582

self.rhodecode_repo = self.rhodecode_db_repo.scm_instance()

586

self.rhodecode_repo = self.rhodecode_db_repo.scm_instance()

583

except RepositoryRequirementError as e:

587

except RepositoryRequirementError as e:

584

missing_requirements = True

588

missing_requirements = True

585

self._handle_missing_requirements(e)

589

self._handle_missing_requirements(e)

586

590

587

if self.rhodecode_repo is None and not missing_requirements:

591

if self.rhodecode_repo is None and not missing_requirements:

588

log.error('%s this repository is present in database but it '

592

log.error('%s this repository is present in database but it '

589

'cannot be created as an scm instance', c.repo_name)

593

'cannot be created as an scm instance', c.repo_name)

590

594

591

h.flash(_(

595

h.flash(_(

592

"The repository at %(repo_name)s cannot be located.") %

596

"The repository at %(repo_name)s cannot be located.") %

593

{'repo_name': c.repo_name},

597

{'repo_name': c.repo_name},

594

category='error', ignore_duplicate=True)

598

category='error', ignore_duplicate=True)

595

redirect(h.route_path('home'))

599

redirect(h.route_path('home'))

596

600

597

# update last change according to VCS data

601

# update last change according to VCS data

598

if not missing_requirements:

602

if not missing_requirements:

599

commit = db_repo.get_commit(

603

commit = db_repo.get_commit(

600

pre_load=["author", "date", "message", "parents"])

604

pre_load=["author", "date", "message", "parents"])

601

db_repo.update_commit_cache(commit)

605

db_repo.update_commit_cache(commit)

602

606

603

# Prepare context

607

# Prepare context

604

c.rhodecode_db_repo = db_repo

608

c.rhodecode_db_repo = db_repo

605

c.rhodecode_repo = self.rhodecode_repo

609

c.rhodecode_repo = self.rhodecode_repo

606

c.repository_requirements_missing = missing_requirements

610

c.repository_requirements_missing = missing_requirements

607

611

608

self._update_global_counters(self.scm_model, db_repo)

612

self._update_global_counters(self.scm_model, db_repo)

609

613

610

def _update_global_counters(self, scm_model, db_repo):

614

def _update_global_counters(self, scm_model, db_repo):

611

"""

615

"""

612

Base variables that are exposed to every page of repository

616

Base variables that are exposed to every page of repository

613

"""

617

"""

614

c.repository_pull_requests = scm_model.get_pull_requests(db_repo)

618

c.repository_pull_requests = scm_model.get_pull_requests(db_repo)

615

619

616

def _handle_missing_requirements(self, error):

620

def _handle_missing_requirements(self, error):

617

self.rhodecode_repo = None

621

self.rhodecode_repo = None

618

log.error(

622

log.error(

619

'Requirements are missing for repository %s: %s',

623

'Requirements are missing for repository %s: %s',

620

c.repo_name, error.message)

624

c.repo_name, error.message)

621

625

622

summary_url = h.route_path('repo_summary', repo_name=c.repo_name)

626

summary_url = h.route_path('repo_summary', repo_name=c.repo_name)

623

statistics_url = url('edit_repo_statistics', repo_name=c.repo_name)

627

statistics_url = url('edit_repo_statistics', repo_name=c.repo_name)

624

settings_update_url = url('repo', repo_name=c.repo_name)

628

settings_update_url = url('repo', repo_name=c.repo_name)

625

path = request.path

629

path = request.path

626

should_redirect = (

630

should_redirect = (

627

path not in (summary_url, settings_update_url)

631

path not in (summary_url, settings_update_url)

628

and '/settings' not in path or path == statistics_url

632

and '/settings' not in path or path == statistics_url

629

)

633

)

630

if should_redirect:

634

if should_redirect:

631

redirect(summary_url)

635

redirect(summary_url)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             The base Controller API
             Provides the BaseController class for subclassing. And usage in different
             controllers
             """
             import logging
             import socket
             import ipaddress
             import pyramid.threadlocal
             from paste.auth.basic import AuthBasicAuthenticator
             from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
             from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
             from pylons import config, tmpl_context as c, request, session, url
             from pylons.controllers import WSGIController
             from pylons.controllers.util import redirect
             from pylons.i18n import translation
             # marcink: don't remove this import
             from pylons.templating import render_mako as render  # noqa
             from pylons.i18n.translation import _
             from webob.exc import HTTPFound
             import rhodecode
             from rhodecode.authentication.base import VCS_TYPE
             from rhodecode.lib import auth, utils2
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
             from rhodecode.lib.exceptions import UserCreationError
             from rhodecode.lib.utils import (
                 get_repo_slug, set_rhodecode_config, password_changed,
                 get_enabled_hook_classes)
             from rhodecode.lib.utils2 import (
                 str2bool, safe_unicode, AttributeDict, safe_int, md5, aslist)
             from rhodecode.lib.vcs.exceptions import RepositoryRequirementError
             from rhodecode.model import meta
             from rhodecode.model.db import Repository, User, ChangesetComment
             from rhodecode.model.notification import NotificationModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.settings import VcsSettingsModel, SettingsModel
             log = logging.getLogger(__name__)
             def _filter_proxy(ip):
                 """
                 Passed in IP addresses in HEADERS can be in a special format of multiple
                 ips. Those comma separated IPs are passed from various proxies in the
                 chain of request processing. The left-most being the original client.
                 We only care about the first IP which came from the org. client.
                 :param ip: ip string from headers
                 """
                 if ',' in ip:
                     _ips = ip.split(',')
                     _first_ip = _ips[0].strip()
                     log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
                     return _first_ip
                 return ip
             def _filter_port(ip):
                 """
                 Removes a port from ip, there are 4 main cases to handle here.
                 - ipv4 eg. 127.0.0.1
                 - ipv6 eg. ::1
                 - ipv4+port eg. 127.0.0.1:8080
                 - ipv6+port eg. [::1]:8080
                 :param ip:
                 """
                 def is_ipv6(ip_addr):
                     if hasattr(socket, 'inet_pton'):
                         try:
                             socket.inet_pton(socket.AF_INET6, ip_addr)
                         except socket.error:
                             return False
                     else:
                         # fallback to ipaddress
                         try:
                             ipaddress.IPv6Address(ip_addr)
                         except Exception:
                             return False
                     return True
                 if ':' not in ip:  # must be ipv4 pure ip
                     return ip
                 if '[' in ip and ']' in ip:  # ipv6 with port
                     return ip.split(']')[0][1:].lower()
                 # must be ipv6 or ipv4 with port
                 if is_ipv6(ip):
                     return ip
                 else:
                     ip, _port = ip.split(':')[:2]  # means ipv4+port
                     return ip
             def get_ip_addr(environ):
                 proxy_key = 'HTTP_X_REAL_IP'
                 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
                 def_key = 'REMOTE_ADDR'
                 _filters = lambda x: _filter_port(_filter_proxy(x))
                 ip = environ.get(proxy_key)
                 if ip:
                     return _filters(ip)
                 ip = environ.get(proxy_key2)
                 if ip:
                     return _filters(ip)
                 ip = environ.get(def_key, '0.0.0.0')
                 return _filters(ip)
             def get_server_ip_addr(environ, log_errors=True):
                 hostname = environ.get('SERVER_NAME')
                 try:
                     return socket.gethostbyname(hostname)
                 except Exception as e:
                     if log_errors:
                         # in some cases this lookup is not possible, and we don't want to
                         # make it an exception in logs
                         log.exception('Could not retrieve server ip address: %s', e)
                     return hostname
             def get_server_port(environ):
                 return environ.get('SERVER_PORT')
             def get_access_path(environ):
                 path = environ.get('PATH_INFO')
                 org_req = environ.get('pylons.original_request')
                 if org_req:
                     path = org_req.environ.get('PATH_INFO')
                 return path
             def get_user_agent(environ):
                 return environ.get('HTTP_USER_AGENT')
             def vcs_operation_context(
                     environ, repo_name, username, action, scm, check_locking=True,
                     is_shadow_repo=False):
                 """
                 Generate the context for a vcs operation, e.g. push or pull.
                 This context is passed over the layers so that hooks triggered by the
                 vcs operation know details like the user, the user's IP address etc.
                 :param check_locking: Allows to switch of the computation of the locking
                     data. This serves mainly the need of the simplevcs middleware to be
                     able to disable this for certain operations.
                 """
                 # Tri-state value: False: unlock, None: nothing, True: lock
                 make_lock = None
                 locked_by = [None, None, None]
                 is_anonymous = username == User.DEFAULT_USER
                 if not is_anonymous and check_locking:
                     log.debug('Checking locking on repository "%s"', repo_name)
                     user = User.get_by_username(username)
                     repo = Repository.get_by_repo_name(repo_name)
                     make_lock, __, locked_by = repo.get_locking_state(
                         action, user.user_id)
                 settings_model = VcsSettingsModel(repo=repo_name)
                 ui_settings = settings_model.get_ui_settings()
                 extras = {
                     'ip': get_ip_addr(environ),
                     'username': username,
                     'action': action,
                     'repository': repo_name,
                     'scm': scm,
                     'config': rhodecode.CONFIG['__file__'],
                     'make_lock': make_lock,
                     'locked_by': locked_by,
                     'server_url': utils2.get_server_url(environ),
                     'user_agent': get_user_agent(environ),
                     'hooks': get_enabled_hook_classes(ui_settings),
                     'is_shadow_repo': is_shadow_repo,
                 }
                 return extras
             class BasicAuth(AuthBasicAuthenticator):
                 def __init__(self, realm, authfunc, registry, auth_http_code=None,
                              initial_call_detection=False, acl_repo_name=None):
                     self.realm = realm
                     self.initial_call = initial_call_detection
                     self.authfunc = authfunc
                     self.registry = registry
                     self.acl_repo_name = acl_repo_name
                     self._rc_auth_http_code = auth_http_code
                 def _get_response_from_code(self, http_code):
                     try:
                         return get_exception(safe_int(http_code))
                     except Exception:
                         log.exception('Failed to fetch response for code %s' % http_code)
                         return HTTPForbidden
                 def build_authentication(self):
                     head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
                     if self._rc_auth_http_code and not self.initial_call:
                         # return alternative HTTP code if alternative http return code
                         # is specified in RhodeCode config, but ONLY if it's not the
                         # FIRST call
                         custom_response_klass = self._get_response_from_code(
                             self._rc_auth_http_code)
                         return custom_response_klass(headers=head)
                     return HTTPUnauthorized(headers=head)
                 def authenticate(self, environ):
                     authorization = AUTHORIZATION(environ)
                     if not authorization:
                         return self.build_authentication()
                     (authmeth, auth) = authorization.split(' ', 1)
                     if 'basic' != authmeth.lower():
                         return self.build_authentication()
                     auth = auth.strip().decode('base64')
                     _parts = auth.split(':', 1)
                     if len(_parts) == 2:
                         username, password = _parts
                         if self.authfunc(
                                 username, password, environ, VCS_TYPE,
                                 registry=self.registry, acl_repo_name=self.acl_repo_name):
                             return username
                         if username and password:
                             # we mark that we actually executed authentication once, at
                             # that point we can use the alternative auth code
                             self.initial_call = False
                     return self.build_authentication()
                 __call__ = authenticate
             def attach_context_attributes(context, request, user_id, attach_to_request=False):
                 """
                 Attach variables into template context called `c`, please note that
                 request could be pylons or pyramid request in here.
                 """
                 rc_config = SettingsModel().get_all_settings(cache=True)
                 context.rhodecode_version = rhodecode.__version__
                 context.rhodecode_edition = config.get('rhodecode.edition')
                 # unique secret + version does not leak the version but keep consistency
                 context.rhodecode_version_hash = md5(
                     config.get('beaker.session.secret', '') +
                     rhodecode.__version__)[:8]
                 # Default language set for the incoming request
                 context.language = translation.get_lang()[0]
                 # Visual options
                 context.visual = AttributeDict({})
                 # DB stored Visual Items
                 context.visual.show_public_icon = str2bool(
                     rc_config.get('rhodecode_show_public_icon'))
                 context.visual.show_private_icon = str2bool(
                     rc_config.get('rhodecode_show_private_icon'))
                 context.visual.stylify_metatags = str2bool(
                     rc_config.get('rhodecode_stylify_metatags'))
                 context.visual.dashboard_items = safe_int(
                     rc_config.get('rhodecode_dashboard_items', 100))
                 context.visual.admin_grid_items = safe_int(
                     rc_config.get('rhodecode_admin_grid_items', 100))
                 context.visual.repository_fields = str2bool(
                     rc_config.get('rhodecode_repository_fields'))
                 context.visual.show_version = str2bool(
                     rc_config.get('rhodecode_show_version'))
                 context.visual.use_gravatar = str2bool(
                     rc_config.get('rhodecode_use_gravatar'))
                 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
                 context.visual.default_renderer = rc_config.get(
                     'rhodecode_markup_renderer', 'rst')
                 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
                 context.visual.rhodecode_support_url = \
                     rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
                 context.pre_code = rc_config.get('rhodecode_pre_code')
                 context.post_code = rc_config.get('rhodecode_post_code')
                 context.rhodecode_name = rc_config.get('rhodecode_title')
                 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
                 # if we have specified default_encoding in the request, it has more
                 # priority
                 if request.GET.get('default_encoding'):
                     context.default_encodings.insert(0, request.GET.get('default_encoding'))
                 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
                 # INI stored
                 context.labs_active = str2bool(
                     config.get('labs_settings_active', 'false'))
                 context.visual.allow_repo_location_change = str2bool(
                     config.get('allow_repo_location_change', True))
                 context.visual.allow_custom_hooks_settings = str2bool(
                     config.get('allow_custom_hooks_settings', True))
                 context.debug_style = str2bool(config.get('debug_style', False))
                 context.rhodecode_instanceid = config.get('instance_id')
                 context.visual.cut_off_limit_diff = safe_int(
                     config.get('cut_off_limit_diff'))
                 context.visual.cut_off_limit_file = safe_int(
                     config.get('cut_off_limit_file'))
                 # AppEnlight
                 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
                 context.appenlight_api_public_key = config.get(
                     'appenlight.api_public_key', '')
                 context.appenlight_server_url = config.get('appenlight.server_url', '')
                 # JS template context
                 context.template_context = {
                     'repo_name': None,
                     'repo_type': None,
                     'repo_landing_commit': None,
                     'rhodecode_user': {
                         'username': None,
                         'email': None,
                         'notification_status': False
                     },
                     'visual': {
                         'default_renderer': None
                     },
                     'commit_data': {
                         'commit_id': None
                     },
                     'pull_request_data': {'pull_request_id': None},
                     'timeago': {
                         'refresh_time': 120 * 1000,
                         'cutoff_limit': 1000 * 60 * 60 * 24 * 7
                     },
                     'pylons_dispatch': {
                         # 'controller': request.environ['pylons.routes_dict']['controller'],
                         # 'action': request.environ['pylons.routes_dict']['action'],
                     },
                     'pyramid_dispatch': {
                     },
                     'extra': {'plugins': {}}
                 }
                 # END CONFIG VARS
                 # TODO: This dosn't work when called from pylons compatibility tween.
                 # Fix this and remove it from base controller.
                 # context.repo_name = get_repo_slug(request)  # can be empty
                 diffmode = 'sideside'
                 if request.GET.get('diffmode'):
                     if request.GET['diffmode'] == 'unified':
                         diffmode = 'unified'
                 elif request.session.get('diffmode'):
                     diffmode = request.session['diffmode']
                 context.diffmode = diffmode
                 if request.session.get('diffmode') != diffmode:
                     request.session['diffmode'] = diffmode
                 context.csrf_token = auth.get_csrf_token()
                 context.backends = rhodecode.BACKENDS.keys()
                 context.backends.sort()
                 context.unread_notifications = NotificationModel().get_unread_cnt_for_user(user_id)
                 if attach_to_request:
                     request.call_context = context
                 else:
                     context.pyramid_request = pyramid.threadlocal.get_current_request()
             def get_auth_user(environ):
                 ip_addr = get_ip_addr(environ)
                 # make sure that we update permissions each time we call controller
                 _auth_token = (request.GET.get('auth_token', '') or
                                request.GET.get('api_key', ''))
                 if _auth_token:
                     # when using API_KEY we assume user exists, and
                     # doesn't need auth based on cookies.
                     auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
                     authenticated = False
                 else:
                     cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                     try:
                         auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
                                              ip_addr=ip_addr)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                         # container auth or other auth functions that create users
                         # on the fly can throw this exception signaling that there's
                         # issue with user creation, explanation should be provided
                         # in Exception itself. We then create a simple blank
                         # AuthUser
                         auth_user = AuthUser(ip_addr=ip_addr)
                     if password_changed(auth_user, session):
                         session.invalidate()
                         cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                         auth_user = AuthUser(ip_addr=ip_addr)
                     authenticated = cookie_store.get('is_authenticated')
                 if not auth_user.is_authenticated and auth_user.is_user_object:
                     # user is not authenticated and not empty
                     auth_user.set_authenticated(authenticated)
                 return auth_user
             class BaseController(WSGIController):
                 def __before__(self):
                     """
                     __before__ is called before controller methods and after __call__
                     """
                     # on each call propagate settings calls into global settings.
                     set_rhodecode_config(config)
                     attach_context_attributes(c, request, c.rhodecode_user.user_id)
                     # TODO: Remove this when fixed in attach_context_attributes()
                     c.repo_name = get_repo_slug(request)  # can be empty
                     self.cut_off_limit_diff = safe_int(config.get('cut_off_limit_diff'))
                     self.cut_off_limit_file = safe_int(config.get('cut_off_limit_file'))
                     self.sa = meta.Session
                     self.scm_model = ScmModel(self.sa)
                     # set user language
                     user_lang = getattr(c.pyramid_request, '_LOCALE_', None)
                     if user_lang:
                         translation.set_lang(user_lang)
                         log.debug('set language to %s for user %s',
                                   user_lang, self._rhodecode_user)
                 def _dispatch_redirect(self, with_url, environ, start_response):
                     resp = HTTPFound(with_url)
                     environ['SCRIPT_NAME'] = ''  # handle prefix middleware
                     environ['PATH_INFO'] = with_url
                     return resp(environ, start_response)
                 def __call__(self, environ, start_response):
                     """Invoke the Controller"""
                     # WSGIController.__call__ dispatches to the Controller method
                     # the request is routed to. This routing information is
                     # available in environ['pylons.routes_dict']
                     from rhodecode.lib import helpers as h
                     # Provide the Pylons context to Pyramid's debugtoolbar if it asks
                     if environ.get('debugtoolbar.wants_pylons_context', False):
                         environ['debugtoolbar.pylons_context'] = c._current_obj()
                     _route_name = '.'.join([environ['pylons.routes_dict']['controller'],
                                             environ['pylons.routes_dict']['action']])
                     self.rc_config = SettingsModel().get_all_settings(cache=True)
                     self.ip_addr = get_ip_addr(environ)
                     # The rhodecode auth user is looked up and passed through the
                     # environ by the pylons compatibility tween in pyramid.
                     # So we can just grab it from there.
                     auth_user = environ['rc_auth_user']
                     # set globals for auth user
                     request.user = auth_user
                     c.rhodecode_user = self._rhodecode_user = auth_user
                     log.info('IP: %s User: %s accessed %s [%s]' % (
                         self.ip_addr, auth_user, safe_unicode(get_access_path(environ)),
                         _route_name)
                     )
                     user_obj = auth_user.get_instance()
                     if user_obj and user_obj.user_data.get('force_password_change'):
                         h.flash('You are required to change your password', 'warning',
                                 ignore_duplicate=True)
                         return self._dispatch_redirect(
                             url('my_account_password'), environ, start_response)
                     return WSGIController.__call__(self, environ, start_response)
             def add_events_routes(config):
                 """
                 Adds routing that can be used in events. Because some events are triggered
                 outside of pyramid context, we need to bootstrap request with some
                 routing registered
                 """
                 config.add_route(name='home', pattern='/')
                 config.add_route(name='repo_summary', pattern='/{repo_name}')
                 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
                 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
                 config.add_route(name='pullrequest_show',
                                  pattern='/{repo_name}/pull-request/{pull_request_id}')
                 config.add_route(name='pull_requests_global',
                                  pattern='/pull-request/{pull_request_id}')
                 config.add_route(name='repo_commit',
                                  pattern='/{repo_name}/changeset/{commit_id}')
                 config.add_route(name='repo_files',
                                  pattern='/{repo_name}/files/{commit_id}/{f_path}')
-            def bootstrap_request():
+            def bootstrap_request(**kwargs):
                 import pyramid.testing
-                request = pyramid.testing.DummyRequest()
+                request = pyramid.testing.DummyRequest(**kwargs)
+                request.application_url = kwargs.pop('application_url', 'http://example.com')
+                request.host = kwargs.pop('host', 'example.com:80')
+                request.domain = kwargs.pop('domain', 'example.com')
                 config = pyramid.testing.setUp(request=request)
                 add_events_routes(config)
             class BaseRepoController(BaseController):
                 """
                 Base class for controllers responsible for loading all needed data for
                 repository loaded items are
                 c.rhodecode_repo: instance of scm repository
                 c.rhodecode_db_repo: instance of db
                 c.repository_requirements_missing: shows that repository specific data
                     could not be displayed due to the missing requirements
                 c.repository_pull_requests: show number of open pull requests
                 """
                 def __before__(self):
                     super(BaseRepoController, self).__before__()
                     if c.repo_name:  # extracted from routes
                         db_repo = Repository.get_by_repo_name(c.repo_name)
                         if not db_repo:
                             return
                         log.debug(
                             'Found repository in database %s with state `%s`',
                             safe_unicode(db_repo), safe_unicode(db_repo.repo_state))
                         route = getattr(request.environ.get('routes.route'), 'name', '')
                         # allow to delete repos that are somehow damages in filesystem
                         if route in ['delete_repo']:
                             return
                         if db_repo.repo_state in [Repository.STATE_PENDING]:
                             if route in ['repo_creating_home']:
                                 return
                             check_url = url('repo_creating_home', repo_name=c.repo_name)
                             return redirect(check_url)
                         self.rhodecode_db_repo = db_repo
                         missing_requirements = False
                         try:
                             self.rhodecode_repo = self.rhodecode_db_repo.scm_instance()
                         except RepositoryRequirementError as e:
                             missing_requirements = True
                             self._handle_missing_requirements(e)
                         if self.rhodecode_repo is None and not missing_requirements:
                             log.error('%s this repository is present in database but it '
                                       'cannot be created as an scm instance', c.repo_name)
                             h.flash(_(
                                 "The repository at %(repo_name)s cannot be located.") %
                                 {'repo_name': c.repo_name},
                                 category='error', ignore_duplicate=True)
                             redirect(h.route_path('home'))
                         # update last change according to VCS data
                         if not missing_requirements:
                             commit = db_repo.get_commit(
                                 pre_load=["author", "date", "message", "parents"])
                             db_repo.update_commit_cache(commit)
                         # Prepare context
                         c.rhodecode_db_repo = db_repo
                         c.rhodecode_repo = self.rhodecode_repo
                         c.repository_requirements_missing = missing_requirements
                         self._update_global_counters(self.scm_model, db_repo)
                 def _update_global_counters(self, scm_model, db_repo):
                     """
                     Base variables that are exposed to every page of repository
                     """
                     c.repository_pull_requests = scm_model.get_pull_requests(db_repo)
                 def _handle_missing_requirements(self, error):
                     self.rhodecode_repo = None
                     log.error(
                         'Requirements are missing for repository %s: %s',
                         c.repo_name, error.message)
                     summary_url = h.route_path('repo_summary', repo_name=c.repo_name)
                     statistics_url = url('edit_repo_statistics', repo_name=c.repo_name)
                     settings_update_url = url('repo', repo_name=c.repo_name)
                     path = request.path
                     should_redirect = (
                         path not in (summary_url, settings_update_url)
                         and '/settings' not in path or path == statistics_url
                     )
                     if should_redirect:
                         redirect(summary_url)