u/pc/rhodecode-enterprise-ce-fork-pc Commit - r3294:4cc76f67

release: Merge default into stable for release preparation

marcink -

r3294:4cc76f67 stable

parent child

docs/auth/auth-saml-duosecurity.rst

0 created 644 +105 0

@@ -0,0 +1,105 b''
	1	.. _config-saml-duosecurity-ref:
	2
	3
	4	SAML 2.0 with Duo Security
	5	--------------------------
	6
	7	This plugin is available only in EE Edition.
	8
	9	\|RCE\| supports SAML 2.0 Authentication with Duo Security provider. This allows
	10	users to log-in to RhodeCode via SSO mechanism of external identity provider
	11	such as Duo. The login can be triggered either by the external IDP, or internally
	12	by clicking specific authentication button on the log-in page.
	13
	14
	15	Configuration steps
	16	^^^^^^^^^^^^^^^^^^^
	17
	18	To configure Duo Security SAML authentication, use the following steps:
	19
	20	1. From the \|RCE\| interface, select
	21	:menuselection:`Admin --> Authentication`
	22	2. Activate the `Duo Security` plugin and select :guilabel:`Save`
	23	3. Go to newly available menu option called `Duo Security` on the left side.
	24	4. Check the `enabled` check box in the plugin configuration section,
	25	and fill in the required SAML information and :guilabel:`Save`, for more details,
	26	see :ref:`config-saml-duosecurity`
	27
	28
	29	.. _config-saml-duosecurity:
	30
	31
	32	Example SAML Duo Security configuration
	33	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	34
	35	Example configuration for SAML 2.0 with Duo Security provider::
	36
	37	option: `enabled` => `True`
	38	# Enable or disable this authentication plugin.
	39
	40	option: `cache_ttl` => `0`
	41	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
	42	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
	43
	44	option: `debug` => `True`
	45	# Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
	46
	47	option: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
	48	# Identity Provider entity/metadata URI.
	49	# E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
	50
	51	option: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
	52	# SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
	53	# E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
	54
	55	option: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
	56	# SLO (SingleLogout) endpoint URL of the IdP.
	57	# E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
	58
	59	option: `x509cert` => `<CERTIFICATE_STRING>`
	60	# Identity provider public x509 certificate. It will be converted to single-line format without headers
	61
	62	option: `name_id_format` => `sha-1`
	63	# The format that specifies how the NameID is sent to the service provider.
	64
	65	option: `signature_algo` => `sha-256`
	66	# Type of Algorithm to use for verification of SAML signature on Identity provider side
	67
	68	option: `digest_algo` => `sha-256`
	69	# Type of Algorithm to use for verification of SAML digest on Identity provider side
	70
	71	option: `cert_dir` => `/etc/saml/`
	72	# Optional directory to store service provider certificate and private keys.
	73	# Expected certs for the SP should be stored in this folder as:
	74	# * sp.key Private Key
	75	# * sp.crt Public cert
	76	# * sp_new.crt Future Public cert
	77	#
	78	# Also you can use other cert to sign the metadata of the SP using the:
	79	# * metadata.key
	80	# * metadata.crt
	81
	82	option: `user_id_attribute` => `PersonImmutableID`
	83	# User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
	84	# Ensure this is returned from DuoSecurity for example via duo_username
	85
	86	option: `username_attribute` => `User.username`
	87	# Username Attribute name. This defines which attribute in SAML response will map to an username.
	88
	89	option: `email_attribute` => `User.email`
	90	# Email Attribute name. This defines which attribute in SAML response will map to an email address.
	91
	92
	93	Below is example setup from DUO Administration page that can be used with above config.
	94
	95	.. image:: ../images/saml-duosecurity-service-provider-example.png
	96	:alt: DUO Security SAML setup example
	97	:scale: 50 %
	98
	99
	100	Below is an example attribute mapping set for IDP provider required by the above config.
	101
	102
	103	.. image:: ../images/saml-duosecurity-attributes-example.png
	104	:alt: DUO Security SAML setup example
	105	:scale: 50 % No newline at end of file

docs/auth/auth-saml-generic.rst

0 created 644 +18 0

@@ -0,0 +1,18 b''
	1	.. _config-saml-generic-ref:
	2
	3
	4	SAML 2.0 Authentication
	5	-----------------------
	6
	7
	8	This plugin is available only in EE Edition.
	9
	10	RhodeCode Supports standard SAML 2.0 SSO for the web-application part.
	11
	12	Please check for reference two example providers:
	13
	14	.. toctree::
	15
	16	auth-saml-duosecurity
	17	auth-saml-onelogin
	18

docs/auth/auth-saml-onelogin.rst

0 created 644 +106 0

@@ -0,0 +1,106 b''
	1	.. _config-saml-onelogin-ref:
	2
	3
	4	SAML 2.0 with One Login
	5	-----------------------
	6
	7	This plugin is available only in EE Edition.
	8
	9	\|RCE\| supports SAML 2.0 Authentication with OneLogin provider. This allows
	10	users to log-in to RhodeCode via SSO mechanism of external identity provider
	11	such as OneLogin. The login can be triggered either by the external IDP, or internally
	12	by clicking specific authentication button on the log-in page.
	13
	14
	15	Configuration steps
	16	^^^^^^^^^^^^^^^^^^^
	17
	18	To configure OneLogin SAML authentication, use the following steps:
	19
	20	1. From the \|RCE\| interface, select
	21	:menuselection:`Admin --> Authentication`
	22	2. Activate the `OneLogin` plugin and select :guilabel:`Save`
	23	3. Go to newly available menu option called `OneLogin` on the left side.
	24	4. Check the `enabled` check box in the plugin configuration section,
	25	and fill in the required SAML information and :guilabel:`Save`, for more details,
	26	see :ref:`config-saml-onelogin`
	27
	28
	29	.. _config-saml-onelogin:
	30
	31
	32	Example SAML OneLogin configuration
	33	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	34
	35	Example configuration for SAML 2.0 with OneLogin provider::
	36
	37	option: `enabled` => `True`
	38	# Enable or disable this authentication plugin.
	39
	40	option: `cache_ttl` => `0`
	41	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
	42	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
	43
	44	option: `debug` => `True`
	45	# Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
	46
	47	option: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
	48	# Identity Provider entity/metadata URI.
	49	# E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
	50
	51	option: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
	52	# SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
	53	# E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
	54
	55	option: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
	56	# SLO (SingleLogout) endpoint URL of the IdP.
	57	# E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
	58
	59	option: `x509cert` => `<CERTIFICATE_STRING>`
	60	# Identity provider public x509 certificate. It will be converted to single-line format without headers
	61
	62	option: `name_id_format` => `sha-1`
	63	# The format that specifies how the NameID is sent to the service provider.
	64
	65	option: `signature_algo` => `sha-256`
	66	# Type of Algorithm to use for verification of SAML signature on Identity provider side
	67
	68	option: `digest_algo` => `sha-256`
	69	# Type of Algorithm to use for verification of SAML digest on Identity provider side
	70
	71	option: `cert_dir` => `/etc/saml/`
	72	# Optional directory to store service provider certificate and private keys.
	73	# Expected certs for the SP should be stored in this folder as:
	74	# * sp.key Private Key
	75	# * sp.crt Public cert
	76	# * sp_new.crt Future Public cert
	77	#
	78	# Also you can use other cert to sign the metadata of the SP using the:
	79	# * metadata.key
	80	# * metadata.crt
	81
	82	option: `user_id_attribute` => `PersonImmutableID`
	83	# User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
	84	# Ensure this is returned from OneLogin for example via Internal ID
	85
	86	option: `username_attribute` => `User.username`
	87	# Username Attribute name. This defines which attribute in SAML response will map to an username.
	88
	89	option: `email_attribute` => `User.email`
	90	# Email Attribute name. This defines which attribute in SAML response will map to an email address.
	91
	92
	93
	94	Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
	95
	96	.. image:: ../images/saml-onelogin-config-example.png
	97	:alt: OneLogin SAML setup example
	98	:scale: 50 %
	99
	100
	101	Below is an example attribute mapping set for IDP provider required by the above config.
	102
	103
	104	.. image:: ../images/saml-onelogin-attributes-example.png
	105	:alt: OneLogin SAML setup example
	106	:scale: 50 % No newline at end of file

docs/images/saml-duosecurity-attributes-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/images/saml-duosecurity-service-provider-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/images/saml-onelogin-attributes-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/images/saml-onelogin-config-example.png

0 created 644 binary 0 0

NO CONTENT: new file 100644, binary diff hidden

docs/release-notes/release-notes-4.15.0.rst

0 created 644 +81 0

@@ -0,0 +1,81 b''
	1	\|RCE\| 4.15.0 \|RNS\|
	2	------------------
	3
	4	Release Date
	5	^^^^^^^^^^^^
	6
	7	- 2018-12-10
	8
	9
	10	New Features
	11	^^^^^^^^^^^^
	12
	13	- Authentication: Added SAML 2.0 Authentication, with support of OneLogin and DUO Security.
	14	- Core: add debug mode that switches logging to debug.
	15	It's no longer required to reconfigure all logging. A `debug=true` set in .ini file
	16	does it automatically.
	17
	18
	19	General
	20	^^^^^^^
	21
	22	- Authentication: rename oauth to external identity as it would now be serving both
	23	oAuth and SAML.
	24	- Authentication: allow setting extern type with registration.
	25	This will allow external identity plugins to define proper externs instead of always
	26	using "rhodecode" one.
	27	- Authentication: show if plugin is activated and enabled in the list.
	28	- Authentication: add better logging for ldap related attributes to help track
	29	LDAP connection problems more easily.
	30	- Visual: add change logo header template
	31	- UI: updated error pages style to be consistent with other pages.
	32	- Utils: updated request generation so ishell can run some automation scripts.
	33	- Docs: updated documentation for SVN 1.10 Wandisco repositories.
	34	- System info: expose base_url set in .ini file.
	35	- Style: update pygments template styling.
	36	- Style: updated li style and markdown style.
	37	- Dependencies: added python-saml library.
	38	- Dependencies: bumped hgsubversion to 1.9.3 release.
	39	- Dependencies: bumped gevent to 1.3.7 release.
	40	- Dependencies: bumped lxml to 4.2.5 release.
	41	- Dependencies: bumped gevent to 1.3.7 release.
	42	- Dependencies: bumped alembic to 1.0.5 release.
	43	- Dependencies: bumped peppercorn to 0.6 release.
	44	- Dependencies: bumped pyotp to 2.2.7 release.
	45	- Dependencies: bumped deform to 2.0.7 release
	46	- Dependencies: bumped py-gfm to 0.1.4 release.
	47	- Dependencies: bumped colander to 1.5.1 release
	48	- Dependencies: bumped appenlight-client to 0.6.26 release.
	49	- Dependencies: bumped bleach to 3.0.2 release.
	50	- Dependencies: bumped pygments to 2.3.0
	51
	52
	53	Security
	54	^^^^^^^^
	55
	56	- Mercurial: support evolve sub-commands when checking for permissions.
	57	Those defaulted to write, while only read is required for evolve.
	58	- auth/security: enforce that external users cannot reset their password.
	59	External users don't use RhodeCode passwords, so resetting them shouldn't be allowed.
	60
	61
	62	Performance
	63	^^^^^^^^^^^
	64
	65	- Markdown: use lazy loaded markdown initialization to speed up app startup.
	66	- Gevent: changed DNS resolver to ares for better stability on long running processes.
	67
	68
	69	Fixes
	70	^^^^^
	71
	72	- Default Reviewers: use target repo owner as default reviewer in case of CE edition.
	73	- LDAP: ensure the proper cert files and dirs are set.
	74	It's also now possible to specify custom paths for those.
	75	- Markdown: fixed auto checkbox generation from markdown code
	76
	77
	78	Upgrade notes
	79	^^^^^^^^^^^^^
	80
	81	- LDAP cert dirs No newline at end of file

rhodecode/config/rcextensions/examples/custom_email_integration_template.py

0 created 644 +175 0

@@ -0,0 +1,175 b''
	1	# This code allows override the integrations templates. Put this into the __init__.py
	2	# file of rcextensions
	3
	4
	5	# EMAIL
	6	from rhodecode.integrations import email
	7	email.REPO_PUSH_TEMPLATE_HTML = email.Template('''
	8	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	9	<html xmlns="http://www.w3.org/1999/xhtml">
	10	<head>
	11	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	12	<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
	13	<title>${subject}</title>
	14	<style type="text/css">
	15	/* Based on The MailChimp Reset INLINE: Yes. */
	16	#outlook a {padding:0;} /* Force Outlook to provide a "view in browser" menu link. */
	17	body{width:100% !important; -webkit-text-size-adjust:100%; -ms-text-size-adjust:100%; margin:0; padding:0;}
	18	/* Prevent Webkit and Windows Mobile platforms from changing default font sizes.*/
	19	.ExternalClass {width:100%;} /* Force Hotmail to display emails at full width */
	20	.ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div {line-height: 100%;}
	21	/* Forces Hotmail to display normal line spacing. More on that: http://www.emailonacid.com/forum/viewthread/43/ */
	22	#backgroundTable {margin:0; padding:0; line-height: 100% !important;}
	23	/* End reset */
	24
	25	/* defaults for images*/
	26	img {outline:none; text-decoration:none; -ms-interpolation-mode: bicubic;}
	27	a img {border:none;}
	28	.image_fix {display:block;}
	29
	30	body {line-height:1.2em;}
	31	p {margin: 0 0 20px;}
	32	h1, h2, h3, h4, h5, h6 {color:#323232!important;}
	33	a {color:#427cc9;text-decoration:none;outline:none;cursor:pointer;}
	34	a:focus {outline:none;}
	35	a:hover {color: #305b91;}
	36	h1 a, h2 a, h3 a, h4 a, h5 a, h6 a {color:#427cc9!important;text-decoration:none!important;}
	37	h1 a:active, h2 a:active, h3 a:active, h4 a:active, h5 a:active, h6 a:active {color: #305b91!important;}
	38	h1 a:visited, h2 a:visited, h3 a:visited, h4 a:visited, h5 a:visited, h6 a:visited {color: #305b91!important;}
	39	table {font-size:13px;border-collapse:collapse;mso-table-lspace:0pt;mso-table-rspace:0pt;}
	40	table td {padding:.65em 1em .65em 0;border-collapse:collapse;vertical-align:top;text-align:left;}
	41	input {display:inline;border-radius:2px;border-style:solid;border: 1px solid #dbd9da;padding:.5em;}
	42	input:focus {outline: 1px solid #979797}
	43	@media only screen and (-webkit-min-device-pixel-ratio: 2) {
	44	/* Put your iPhone 4g styles in here */
	45	}
	46
	47	/* Android targeting */
	48	@media only screen and (-webkit-device-pixel-ratio:.75){
	49	/* Put CSS for low density (ldpi) Android layouts in here */
	50	}
	51	@media only screen and (-webkit-device-pixel-ratio:1){
	52	/* Put CSS for medium density (mdpi) Android layouts in here */
	53	}
	54	@media only screen and (-webkit-device-pixel-ratio:1.5){
	55	/* Put CSS for high density (hdpi) Android layouts in here */
	56	}
	57	/* end Android targeting */
	58
	59	</style>
	60
	61	<!-- Targeting Windows Mobile -->
	62	<!--[if IEMobile 7]>
	63	<style type="text/css">
	64
	65	</style>
	66	<![endif]-->
	67
	68	<!--[if gte mso 9]>
	69	<style>
	70	/* Target Outlook 2007 and 2010 */
	71	</style>
	72	<![endif]-->
	73	</head>
	74	<body>
	75	<!-- Wrapper/Container Table: Use a wrapper table to control the width and the background color consistently of your email. Use this approach instead of setting attributes on the body tag. -->
	76	<table cellpadding="0" cellspacing="0" border="0" id="backgroundTable" align="left" style="margin:1%;width:97%;padding:0;font-family:sans-serif;font-weight:100;border:1px solid #dbd9da">
	77	<tr>
	78	<td valign="top" style="padding:0;">
	79	<table cellpadding="0" cellspacing="0" border="0" align="left" width="100%">
	80	<tr><td style="width:100%;padding:7px;background-color:#202020" valign="top">
	81	<a style="color:#eeeeee;text-decoration:none;" href="${instance_url}">
	82	${'RhodeCode'}
	83	</a>
	84	</td></tr>
	85	<tr>
	86	<td style="padding:15px;" valign="top">
	87	% if data['push']['commits']:
	88	% for commit in data['push']['commits']:
	89	<a href="${commit['url']}">${commit['short_id']}</a> by ${commit['author']} at ${commit['date']} <br/>
	90	${commit['message_html']} <br/>
	91	<br/>
	92	% endfor
	93	% else:
	94	No commit data
	95	% endif
	96	</td>
	97	</tr>
	98	</table>
	99	</td>
	100	</tr>
	101	</table>
	102	<!-- End of wrapper table -->
	103	<p><a style="margin-top:15px;margin-left:1%;font-family:sans-serif;font-weight:100;font-size:11px;color:#666666;text-decoration:none;" href="${instance_url}">
	104	${'This is a notification from RhodeCode. %(instance_url)s' % {'instance_url': instance_url}}
	105	</a></p>
	106	</body>
	107	</html>
	108	''')
	109
	110
	111	# JIRA (EE ONLY)
	112	from rc_integrations import jira_tracker
	113
	114	jira_tracker.COMMENT_TEMPLATE_PULL_REQUEST = jira_tracker.Template('''
	115	${action} by ${author} (status: ${status}). \n
	116	pull-request: ${url}
	117	''')
	118
	119
	120	jira_tracker.COMMENT_TEMPLATE_COMMIT = jira_tracker.Template('''
	121	Commit `${short_id}` by ${author} on `${branch}` branch references this issue. \n
	122	${url}\n
	123
	124	## MODIFICATION add custom COMMIT message to the comment
	125	${commit['message']}
	126	''')
	127
	128
	129	jira_tracker.COMMENT_TEMPLATE_COMMIT_WITH_STATUS = jira_tracker.Template('''
	130	Commit `${short_id}` by ${author} on `${branch}` branch changed this issue. \n
	131	'{url}\n
	132
	133	## MODIFICATION add custom COMMIT message to the comment
	134	${commit['message']}
	135	''')
	136
	137
	138	# REDMINE (EE ONLY)
	139	from rc_integrations import redmine_tracker
	140
	141	redmine_tracker.COMMENT_TEMPLATE_COMMIT = redmine_tracker.Template('''
	142	Commit `${short_id}` by ${author} on `${branch}` branch references this issue. \n
	143	commit: ${url}\n
	144
	145	## MODIFICATION add custom COMMIT message to the comment
	146	message:
	147	```
	148	${commit['message']}
	149	```
	150
	151	''')
	152
	153	redmine_tracker.COMMENT_TEMPLATE_COMMIT_WITH_STATUS = redmine_tracker.Template('''
	154	Commit `${short_id}` by ${author} on `${branch}` branch changed this issue. \n
	155	commit: ${url}\n
	156
	157	## MODIFICATION add custom COMMIT message to the comment
	158	message:
	159	```
	160	${commit['message']}
	161	```
	162
	163	''')
	164
	165	redmine_tracker.COMMENT_TEMPLATE_PULL_REQUEST = redmine_tracker.Template('''
	166	${action} by ${author} (status: ${status}). \n'
	167	${url}\n
	168
	169	## MODIFICATION add custom COMMIT message to the comment
	170	message:
	171	```
	172	${commit['message']}
	173	```
	174
	175	''')

rhodecode/config/rcextensions/examples/validate_commit_message_author.py

0 created 644 +91 0

@@ -0,0 +1,91 b''
	1	# Example to validate commit message or author using some sort of rules
	2
	3
	4	@has_kwargs({
	5	'server_url': 'url of instance that triggered this hook',
	6	'config': 'path to .ini config used',
	7	'scm': 'type of version control "git", "hg", "svn"',
	8	'username': 'username of actor who triggered this event',
	9	'ip': 'ip address of actor who triggered this hook',
	10	'action': '',
	11	'repository': 'repository name',
	12	'repo_store_path': 'full path to where repositories are stored',
	13	'commit_ids': 'pre transaction metadata for commit ids',
	14	'hook_type': '',
	15	'user_agent': 'Client user agent, e.g git or mercurial CLI version',
	16	})
	17	@has_kwargs({
	18	'server_url': 'url of instance that triggered this hook',
	19	'config': 'path to .ini config used',
	20	'scm': 'type of version control "git", "hg", "svn"',
	21	'username': 'username of actor who triggered this event',
	22	'ip': 'ip address of actor who triggered this hook',
	23	'action': '',
	24	'repository': 'repository name',
	25	'repo_store_path': 'full path to where repositories are stored',
	26	'commit_ids': 'pre transaction metadata for commit ids',
	27	'hook_type': '',
	28	'user_agent': 'Client user agent, e.g git or mercurial CLI version',
	29	})
	30	def _pre_push_hook(args, *kwargs):
	31	"""
	32	Post push hook
	33	To stop version control from storing the transaction and send a message to user
	34	use non-zero HookResponse with a message, e.g return HookResponse(1, 'Not allowed')
	35
	36	This message will be shown back to client during PUSH operation
	37
	38	Commit ids might look like that::
	39
	40	[{u'hg_env\|git_env': ...,
	41	u'multiple_heads': [],
	42	u'name': u'default',
	43	u'new_rev': u'd0befe0692e722e01d5677f27a104631cf798b69',
	44	u'old_rev': u'd0befe0692e722e01d5677f27a104631cf798b69',
	45	u'ref': u'',
	46	u'total_commits': 2,
	47	u'type': u'branch'}]
	48	"""
	49	import re
	50	from .helpers import extra_fields, extract_pre_commits
	51	from .utils import str2bool
	52
	53	# returns list of dicts with key-val fetched from extra fields
	54	repo_extra_fields = extra_fields.run(**kwargs)
	55
	56	# optionally use 'extra fields' to control the logic per repo
	57	should_validate = str2bool(repo_extra_fields.get('validate_author', True))
	58
	59	# optionally store validation regex into extra fields
	60	validation_regex = repo_extra_fields.get('validation_regex', '')
	61
	62	def validate_commit_message(commit_message, message_regex=None):
	63	"""
	64	This function validates commit_message against some sort of rules.
	65	It should return a valid boolean, and a reason for failure
	66	"""
	67
	68	if "secret_string" in commit_message:
	69	msg = "!!Push forbidden: secret string found in commit messages"
	70	return False, msg
	71
	72	if validation_regex:
	73	regexp = re.compile(validation_regex)
	74	if not regexp.match(message):
	75	msg = "!!Push forbidden: commit message does not match regexp"
	76	return False, msg
	77
	78	return True, ''
	79
	80	if should_validate:
	81	# returns list of dicts with key-val fetched from extra fields
	82	commit_list = extract_pre_commits.run(**kwargs)
	83
	84	for commit_data in commit_list:
	85	message = commit_data['message']
	86
	87	message_valid, reason = validate_commit_message(message, validation_regex)
	88	if not message_valid:
	89	return HookResponse(1, reason)
	90
	91	return HookResponse(0, '')

.bumpversion.cfg

0 +1 -1

             [bumpversion]
-            current_version = 4.14.1
+            current_version = 4.15.0
             message = release: Bump version {current_version} to {new_version}
             [bumpversion:file:rhodecode/VERSION]

.release.cfg

0 +4 -9

             done = true
             [task:rc_tools_pinned]
-            done = true
             [task:fixes_on_stable]
-            done = true
             [task:pip2nix_generated]
-            done = true
             [task:changelog_updated]
-            done = true
             [task:generate_api_docs]
-            done = true
+            [task:updated_translation]
             [release]
-            state = prepared
+            state = in_progress
-            version = 4.14.1
+            version = 4.15.0
-            [task:updated_translation]
             [task:generate_js_routes]

README.rst

0 +12 -10

@@ -7,18 +7,20 b' About'
7		7
8	``RhodeCode`` is a fast and powerful management tool for Mercurial_ and GIT_	8	``RhodeCode`` is a fast and powerful management tool for Mercurial_ and GIT_
9	and Subversion_ with a built in push/pull server, full text search,	9	and Subversion_ with a built in push/pull server, full text search,
10	pull requests and powerful code-review system. It works on http/https and	10	pull requests and powerful code-review system. It works on http/https, SSH and
11	has a few unique features like:	11	has a few unique features like:
12		12
13	- plugable architecture	13	- plugable architecture from Pyramid web-framework.
14	- advanced permission system with IP restrictions	14	- advanced permission system with IP restrictions, inheritation, and user-groups.
15	- rich set of authentication plugins including LDAP,	15	- rich set of authentication plugins including LDAP, ActiveDirectory, SAML 2.0,
16	~~ActiveDirectory,~~ Atlassian Crowd, Http-Headers, Pam, Token-Auth.	16	Atlassian Crowd, Http-Headers, Pam, Token-Auth, OAuth.
17	- live code-review chat	17	- live code-review chat, and reviewer rules.
18	- full web based file editing	18	- full web based file editing.
19	- unified multi vcs support	19	- unified multi vcs support.
20	- snippets (gist) system	20	- snippets (gist) system.
21	- integration with all 3rd party issue trackers	21	- integration framework for Slack, CI systems, Webhooks.
		22	- integration with all 3rd party issue trackers.
		23
22		24
23	RhodeCode also provides rich API, and multiple event hooks so it's easy	25	RhodeCode also provides rich API, and multiple event hooks so it's easy
24	integrable with existing external systems.	26	integrable with existing external systems.

configs/development.ini

0 +3 -9

             ################################################################################
-            ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
+            ##                RHODECODE COMMUNITY  EDITION CONFIGURATION                  ##
             ################################################################################
             [DEFAULT]
+            ## Debug flag sets all loggers to debug, and enables request tracking
             debug = true
             ################################################################################
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             ## (by default the client ignores own entries: appenlight_client.client)
             appenlight.log_namespace_blacklist =
-            ################################################################################
-            ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
-            ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
-            ## execute malicious code after an exception is raised.                       ##
-            ################################################################################
-            #set debug = false
             # enable debug style page
             debug_style = true

configs/production.ini

0 +5 -10

             ################################################################################
-            ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
+            ##                RHODECODE COMMUNITY  EDITION CONFIGURATION                  ##
             ################################################################################
             [DEFAULT]
-            debug = true
+            ## Debug flag sets all loggers to debug, and enables request tracking
+            debug = false
             ################################################################################
             ##                            EMAIL CONFIGURATION                             ##
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             appenlight.log_namespace_blacklist =
-            ################################################################################
-            ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
-            ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
-            ## execute malicious code after an exception is raised.                       ##
-            ################################################################################
-            set debug = false
             ###########################################
             ###   MAIN RHODECODE DATABASE CONFIG    ###
             ###########################################
             ## Push/Pull operations hooks protocol, available options are:
             ## `http` - use http-rpc backend (default)
             vcs.hooks.protocol = http
             ## Host on which this instance is listening for hooks. If vcsserver is in other location
             ## this should be adjusted.
             vcs.hooks.host = 127.0.0.1

docs/admin/adding-anonymous-user.rst

0 +4 -4

             Anonymous Users
             ---------------
-            By default, |RCM| provides |repo| access for registered users only. It can be
+            By default, |RCE| provides |repo| access for registered users only. It can be
             configured to be **world-open** in terms of read and write permissions. This
-            configuration is called "Anonymous Access" and allows |RCM| to be used as a
+            configuration is called "Anonymous Access" and allows |RCE| to be used as a
             public hub where unregistered users have access to your |repos|.
             Anonymous access is useful for open source projects, universities,
             or if running inside a restricted internal corporate network to serve
             documents to all employees. Anonymous users get the default user permission
-            settings that are applied across the whole |RCM| system.
+            settings that are applied across the whole |RCE| system.
             To enable anonymous access to your |repos|, use the following steps:
-. From the |RCM| interface, select :menuselection:`Admin --> Permissions`.
+. From the |RCE| interface, select :menuselection:`Admin --> Permissions`.
 . On the Application tab, check the :guilabel:`Allow anonymous access` box.
 . Select :guilabel:`Save`.
 . To set the anonymous user access permissions, which are based on the

docs/admin/admin-tricks.rst

0 +1 -1

                ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
 . Select :guilabel:`Save`
-            Also, see the |RC| Extensions section of the :ref:`rc-tools` guide. |RC|
+            Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode
             Extensions can be used to add additional hooks to your instance and comes
             with a number of pre-built plugins if you chose to install them.

docs/admin/apache-wsgi-coding.rst

0 +2 -2

             Apache WSGI Configuration
             ^^^^^^^^^^^^^^^^^^^^^^^^^
-            |RCM| can also be set up with Apache under ``mod_wsgi``. To configure this
+            |RCE| can also be set up with Apache under ``mod_wsgi``. To configure this
             use the following steps.
 . Install ``mod_wsgi`` using the following command:
             .. note::
                When using `mod_wsgi` the same version of |hg| must be running in your
-               system's |PY| environment and on |RCM|. To check the |RCM| version,
+               system's |PY| environment and on |RCE|. To check the |RCE| version,
                on the interface go to
                :menuselection:`Admin --> Settings --> System Info`

docs/admin/config-files-overview.rst

0 +1 -1

                     Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
                     |RCC| uses this file to source the latest available builds from the
-                    secure |RC| download channels. The only reason to mess with this file
+                    secure RhodeCode download channels. The only reason to mess with this file
                     is if you need to do an offline installation,
                     see the :ref:`Offline Installation<control:offline-installer-ref>`
                     instructions, otherwise |RCC| will completely manage this file.

docs/admin/enable-debug.rst

0 +55 -19

             Enabling Debug Mode
             -------------------
+            Debug Mode will enable debug logging, and request tracking middleware. Debug Mode
+            enabled DEBUG log-level which allows tracking various information about authentication
+            failures, LDAP connection, email etc.
+            The request tracking will add a special
+            unique ID: `| req_id:00000000-0000-0000-0000-000000000000` at the end of each log line.
+            The req_id is the same for each individual requests, it means that if you want to
+            track particular user logs only, and exclude other concurrent ones
+            simply grep by `req_id` uuid which you'll have to find for the individual request.
             To enable debug mode on a |RCE| instance you need to set the debug property
             in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
             do this, use the following steps
 . Restart you instance using the ``rccontrol restart`` command,
                see the following example:
-            You can also set the log level, the follow are the valid options;
-            ``debug``, ``info``, ``warning``, or ``fatal``.
             .. code-block:: ini
                 [DEFAULT]
                 debug = true
-                pdebug = false
             .. code-block:: bash
                 Instance "enterprise-1" successfully stopped.
                 Instance "enterprise-1" successfully started.
             Debug and Logging Configuration
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                 ### LOGGING CONFIGURATION   ####
                 ################################
                 [loggers]
-                keys = root, sqlalchemy, rhodecode, ssh_wrapper
+                keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
                 [handlers]
                 keys = console, console_sql, file, file_rotating
                 level = NOTSET
                 handlers = console
-                [logger_routes]
+                [logger_sqlalchemy]
+                level = INFO
+                handlers = console_sql
+                qualname = sqlalchemy.engine
+                propagate = 0
+                [logger_beaker]
                 level = DEBUG
                 handlers =
-                qualname = routes.middleware
+                qualname = beaker.container
-                ## "level = DEBUG" logs the route matched and routing variables.
                 propagate = 1
                 [logger_rhodecode]
                 qualname = rhodecode
                 propagate = 1
-                [logger_sqlalchemy]
+                [logger_ssh_wrapper]
-                level = INFO
+                level = DEBUG
-                handlers = console_sql
+                handlers =
-                qualname = sqlalchemy.engine
+                qualname = ssh_wrapper
-                propagate = 0
+                propagate = 1
+                [logger_celery]
+                level = DEBUG
+                handlers =
+                qualname = celery
                 ##############
                 ## HANDLERS ##
                 [handler_console]
                 class = StreamHandler
-                args = (sys.stderr,)
+                args = (sys.stderr, )
-                level = INFO
+                level = DEBUG
                 formatter = generic
                 [handler_console_sql]
                 class = StreamHandler
-                args = (sys.stderr,)
+                args = (sys.stderr, )
-                level = WARN
+                level = INFO
                 formatter = generic
                 [handler_file]
                 class = FileHandler
-                args = ('rhodecode.log', 'a',)
+                args = ('rhodecode_debug.log', 'a',)
                 level = INFO
                 formatter = generic
                 class = logging.handlers.TimedRotatingFileHandler
                 # 'D', 5 - rotate every 5days
                 # you can set 'h', 'midnight'
-                args = ('rhodecode.log', 'D', 5, 10,)
+                args = ('rhodecode_debug_rotated.log', 'D', 5, 10,)
                 level = INFO
                 formatter = generic
+                ################
+                ## FORMATTERS ##
+                ################
+                [formatter_generic]
+                class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
+                format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
+                datefmt = %Y-%m-%d %H:%M:%S
+                [formatter_color_formatter]
+                class = rhodecode.lib.logging_formatter.ColorFormatter
+                format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
+                datefmt = %Y-%m-%d %H:%M:%S
+                [formatter_color_formatter_sql]
+                class = rhodecode.lib.logging_formatter.ColorFormatterSql
+                format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
+                datefmt = %Y-%m-%d %H:%M:%S
  No newline at end of file

docs/admin/glossary.rst

0 +1 -1

                     Adding more machines or workers into your pool of resources.
                 Instance
-                    A single installed version of one of the |RC| products. It could
+                    A single installed version of one of the RhodeCode products. It could
                     refer to |RCE| or the VCS server depending on the context.
                 Plugin

docs/admin/indexing.rst

0 +3 -3

             Full-text Search
             ----------------
-            By default |RC| is configured to use `Whoosh`_ to index |repos| and
+            By default RhodeCode is configured to use `Whoosh`_ to index |repos| and
             provide full-text search.
             |RCE| also provides support for `Elasticsearch`_ as a backend for scalable
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
             |RCT| uses the :file:`/home/{user}/.rhoderc` file for connection details
-            to |RCM| instances. If this file is not automatically created,
+            to |RCE| instances. If this file is not automatically created,
             you can configure it using the following example. You need to configure the
             details for each instance you want to index.
                  - VERSION: 1.5.0
                  - URL: http://127.0.0.1:10000
-            To get your API Token, on the |RCM| interface go to
+            To get your API Token, on the |RCE| interface go to
             :menuselection:`username --> My Account --> Auth tokens`
             .. code-block:: ini

docs/admin/public-access.rst

0 +1 -1

             Public Access
             -------------
-            By default |RCM| allows users to read all **public** |repos|. User
+            By default |RCE| allows users to read all **public** |repos|. User
             permissions and |repo| access can be configured explicitly,
             and those permissions will override any default settings. The default
             settings can be found under the following section:

docs/admin/repo-extra-fields.rst

0 +1 -1

             each repository. This allows storing custom data per-repository.
             It can be used in :ref:`integrations-webhook` or in |RCX|.
-            To install and read more about |RCX|, see the :ref:`install-rcx` section.
+            To read more about |RCX|, see the :ref:`integrations-rcextensions` section.
             Enabling Extra Fields

docs/admin/repo-hooks.rst

0 +2 -7

@@ -46,11 +46,6 b' This is the complete list of \|repos\| hoo'
46	Using Repository Hooks	46	Using Repository Hooks
47	----------------------	47	----------------------
48		48
49	To use these hooks you need to ~~install~~ \|RCX\|. For more information, see the	49	To use these hooks you need to setup \|RCX\|. For more information, see the
50	:ref:`in~~stall-rcx~~` section.	50	:ref:`integrations-rcextensions` section.
51		51
52	Creating Extensions
53	-------------------
54
55	To create your own extensions using these hooks, see the :ref:`dev-plug`
56	section.

docs/admin/setting-default-permissions.rst

0 +5 -5

             Setting Default Permissions
             ---------------------------
-            Default permissions allow you to configure |RCM| so that when a new |repo|, user group,
+            Default permissions allow you to configure |RCE| so that when a new |repo|, user group,
             or user is created their permissions are already defined. To set default permissions you need administrator
             privileges. See the following sections for setting up your permissions system:
             To set default user permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
+. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
 . Select the :guilabel:`Global` tab from the left-hand menu. The permissions
                set on this screen apply to users and user-groups across the whole instance.
 . Save your changes
             To set default user group permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> User groups`
+. From the |RCE| interface, select :menuselection:`Admin --> User groups`
 . Select :guilabel:`Permissions`, and configure the default user
                permissions. All users will get these permissions unless
                individually set.
             To set default |repo| permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
+. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
 . Select the :guilabel:`Object` tab from the left-hand menu and set the
                |perm| permissions
 . Save your changes
             To set default Repository Group permissions, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Repository Groups`
+. From the |RCE| interface, select :menuselection:`Admin --> Repository Groups`
 . Select :guilabel:`Edit` beside the |repo| group you wish to configure
 . On the left-hand pane select :guilabel:`Permissions`
 . Set the default permissions for all |repos| created in this group

docs/admin/setting-repo-perms.rst

0 +2 -2

             Repository Administration
             =========================
-            Repository permissions in |RCM| can be managed in a number of different ways.
+            Repository permissions in |RCE| can be managed in a number of different ways.
             This overview should give you an insight into how you could adopt particular
             settings for your needs:
             * Global |repo| permissions: This allows you to set the default permissions
-              for each new |repo| created within |RCM|, see :ref:`repo-default-ref`. All
+              for each new |repo| created within |RCE|, see :ref:`repo-default-ref`. All
               |repos| created will inherit these permissions unless explicitly configured.
             * Individual |repo| permissions: To set individual |repo| permissions,
               see :ref:`set-repo-perms`.

docs/admin/svn-http.rst

0 +11 -4

             .. tip::
                We recommend using Wandisco repositories which provide latest SVN versions
-               for most platforms.
+               for most platforms. If you skip this version you'll have to ensure the Client version
+               is compatible with installed SVN version which might differ depending on the operating system.
                Here is an example how to add the Wandisco repositories for Ubuntu.
                 .. code-block:: bash
-                    $ sudo sh -c 'echo "deb http://opensource.wandisco.com/ubuntu `lsb_release -cs` svn19" >> /etc/apt/sources.list.d/subversion19.list'
+                    $ sudo sh -c 'echo "deb http://opensource.wandisco.com/ubuntu `lsb_release -cs` svn110" >> /etc/apt/sources.list.d/subversion110.list'
-                    $ sudo wget -q http://opensource.wandisco.com/wandisco-debian.gpg -O- | sudo apt-key add -
+                    $ sudo wget -q http://opensource.wandisco.com/wandisco-debian-new.gpg -O- | sudo apt-key add -
                     $ sudo apt-get update
                 Here is an example how to add the Wandisco repositories for Centos/Redhat. Using
             .. code-block:: bash
                 $ sudo apt-get install apache2
-                $ sudo apt-get install libapache2-mod-svn
+                $ sudo apt-get install libapache2-svn
             Once installed you need to enable ``dav_svn`` on Ubuntu:
                 LoadModule headers_module     modules/mod_headers.so
                 LoadModule authn_anon_module  modules/mod_authn_anon.so
+            .. tip::
+               To check the installed mod_dav_svn module version, you can use such command.
+               `strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by'`
             Configuring Apache Setup
             ========================

docs/admin/system-overview.rst

0 +3 -3

             System Requirements
             -------------------
-            |RCM| performs best on machines with ultra-fast hard disks. Generally disk
+            |RCE| performs best on machines with ultra-fast hard disks. Generally disk
             performance is more important than CPU performance. In a corporate production
             environment handling 1000s of users and |repos| you should deploy on a 12+
             core 64GB RAM server. In short, the more RAM the better.
             For example:
              - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU
-             - above 250 active users, |RCM| needs at least 8GB of memory.
+             - above 250 active users, |RCE| needs at least 8GB of memory.
                Number of CPUs is less important, but recommended to have at least 2-3 CPUs
             * HTTPS
             * SSH
-            * |RCM| API
+            * |RCE| API
             Internationalization Support
             ----------------------------

docs/admin/tuning-scale-horizontally-cluster.rst

0 +1 -1

             .. code-block:: ini
-                # use an unique generated long string
+                # use a unique generated long string
                 beaker.session.secret = 70e116cae2274656ba7265fd860aebbd
 ) Configure stored cached/archive cache to our shared NFS `rc-node-1`

docs/admin/user-admin.rst

0 +1 -1

             User Administration
             ===================
-            |RCM| enables you to define permissions for the following entities within the
+            |RCE| enables you to define permissions for the following entities within the
             system; **users**, **user groups**, **repositories**, **repository groups**.
             Within each one of these entities you can set default settings,

docs/admin/vcs-server.rst

0 +6 -6

             VCS Server Management
             ---------------------
-            The VCS Server handles |RCM| backend functionality. You need to configure
+            The VCS Server handles |RCE| backend functionality. You need to configure
-            a VCS Server to run with a |RCM| instance. If you do not, you will be missing
+            a VCS Server to run with a |RCE| instance. If you do not, you will be missing
-            the connection between |RCM| and its |repos|. This will cause error messages
+            the connection between |RCE| and its |repos|. This will cause error messages
             on the web interface. You can run your setup in the following configurations,
             currently the best performance is one of following:
-            * One VCS Server per |RCM| instance.
+            * One VCS Server per |RCE| instance.
             * One VCS Server handling multiple instances.
             .. important::
             |RCE| VCS Server Options
             ^^^^^^^^^^^^^^^^^^^^^^^^
-            The following list shows the available options on the |RCM| side of the
+            The following list shows the available options on the |RCE| side of the
             connection to the VCS Server. The settings are configured per
             instance in the
             :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
                 \vcs.server <host:port>
                     Set the host, either hostname or IP Address, and port of the VCS server
-                    you wish to run with your |RCM| instance.
+                    you wish to run with your |RCE| instance.
             .. code-block:: ini

docs/api/api.rst

0 +4 -4

             decorated with a `@LoginRequired` decorator. To enable API access, change
             the standard login decorator to `@LoginRequired(api_access=True)`.
-            From |RCM| version 1.7.0 you can configure a white list
+            From |RCE| version 1.7.0 you can configure a white list
             of views that have API access enabled by default. To enable these,
-            edit the |RCM| configuration ``.ini`` file. The default location is:
+            edit the |RCE| configuration ``.ini`` file. The default location is:
-            * |RCM| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
+            * |RCE| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
-            * |RCM| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
+            * |RCE| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
             To configure the white list, edit this section of the file. In this
             configuration example, API access is granted to the patch/diff raw file and

docs/auth/auth-crowd.rst

0 +2 -2

             To enable Crowd authentication, use the following steps:
-. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
+. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
-. Enable the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
+. Activate the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
                :guilabel:`Save`
 . On the Crowd plugin settings section, do the following:

docs/auth/auth-ldap-groups.rst

0 +108 -60

@@ -3,25 +3,24 b''
3	LDAP/AD With User Groups Sync	3	LDAP/AD With User Groups Sync
4	-----------------------------	4	-----------------------------
5		5
6	\|RCM\| supports LDAP (Lightweight Directory Access Protocol) or	6	This plugin is available only in EE Edition.
		7
		8	\|RCE\| supports LDAP (Lightweight Directory Access Protocol) or
7	AD (active Directory) authentication.	9	AD (active Directory) authentication.
8	All LDAP versions are supported, with the following \|RCM\| plugins managing each:	10	All LDAP versions are currently supported.
9
10	* For LDAP/AD with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
11		11
12	RhodeCode reads all data defined from plugin and creates corresponding	12	RhodeCode reads all data defined from plugin and creates corresponding
13	accounts on local database after receiving data from LDAP. This is done on	13	accounts on local database after receiving data from LDAP. This is done on
14	every user log-in including operations like pushing/pulling/checkout.	14	every user log-in including operations like pushing/pulling/checkout.
15	In addition group membership is read from LDAP and following operations are done:	15	In addition group membership is read from LDAP and following operations are done:
16		16
17	- automatic addition of user to \|RCM\| user group	17	- automatic addition of user to \|RCE\| user group
18	- automatic removal of user from any other \|RCM\| user groups not specified in LDAP.	18	- automatic removal of user from any other \|RCE\| user groups not specified in LDAP.
19	The removal is done only on groups that are marked to be synced from ldap.	19	The removal is done only on groups that are marked to be synced from ldap.
20	This setting can be changed in advanced settings on user groups	20	This setting can be changed in advanced settings on user groups
21	- automatic creation of user groups if they aren't yet existing in \|RCM\|	21	- automatic creation of user groups if they aren't yet existing in \|RCE\|
22	- marking user as super-admins if he is a member of any admin group defined in plugin settings	22	- marking user as super-admins if he is a member of any admin group defined in plugin settings
23		23
24	This plugin is available only in EE Edition.
25		24
26	.. important::	25	.. important::
27		26
@@ -39,11 +38,12 b' LDAP Configuration Steps'
39		38
40	To configure \|LDAP\|, use the following steps:	39	To configure \|LDAP\|, use the following steps:
41		40
42	1. From the \|RCM\| interface, select	41	1. From the \|RCE\| interface, select
43	:menuselection:`Admin --> Authentication`	42	:menuselection:`Admin --> Authentication`
44	2. ~~Enable the ldap+ groups~~ plugin and select :guilabel:`Save`	43	2. Activate the `LDAP + User Groups` plugin and select :guilabel:`Save`
45	3. Select the :guilabel:`Enabled` check box in the plugin configuration section	44	3. Go to newly available menu option called `LDAP + User Groups` on the left side.
46	4. Add the required LDAP information and :guilabel:`Save`, for more details,	45	4. Check the `enabled` check box in the plugin configuration section,
		46	and fill in the required LDAP information and :guilabel:`Save`, for more details,
47	see :ref:`config-ldap-groups-examples`	47	see :ref:`config-ldap-groups-examples`
48		48
49	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:	49	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
@@ -52,59 +52,107 b' For a more detailed description of LDAP '
52		52
53	Example LDAP configuration	53	Example LDAP configuration
54	^^^^^^^^^^^^^^^^^^^^^^^^^^	54	^^^^^^^^^^^^^^^^^^^^^^^^^^
55	.. code-block:: bash	55
		56	Below is example setup that can be used with Active Directory and LDAP server with groups sync::
		57
		58	option: `enabled` => `True`
		59	# Enable or disable this authentication plugin.
		60
		61	option: `cache_ttl` => `360`
		62	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
		63	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
		64
		65	option: `host` => `192.168.245.143,192.168.1.240`
		66	# Host[s] of the LDAP Server
		67	# (e.g., 192.168.2.154, or ldap-server.domain.com.
		68	# Multiple servers can be specified using commas
		69
		70	option: `port` => `389`
		71	# Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
		72
		73	option: `timeout` => `300`
		74	# Timeout for LDAP connection
		75
		76	option: `dn_user` => `Administrator@rhodecode.com`
		77	# Optional user DN/account to connect to LDAP if authentication is required.
		78	# e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
		79
		80	option: `dn_pass` => `SomeSecret`
		81	# Password to authenticate for given user DN.
		82
		83	option: `tls_kind` => `PLAIN`
		84	# TLS Type
		85
		86	option: `tls_reqcert` => `NEVER`
		87	# Require Cert over TLS?. Self-signed and custom certificates can be used when
		88	# `RhodeCode Certificate` found in admin > settings > system info page is extended.
		89
		90	option: `tls_cert_file` => ``
		91	# This specifies the PEM-format file path containing certificates for use in TLS connection.
		92	# If not specified `TLS Cert dir` will be used
		93
		94	option: `tls_cert_dir` => `/etc/openldap/cacerts`
		95	# This specifies the path of a directory that contains individual CA certificates in separate files.
		96
		97	option: `base_dn` => `dc=rhodecode,dc=com`
		98	# Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
		99	# (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
		100
		101	option: `user_search_base` => `ou=RC-Users`
		102	# User search base will extend the Base DN
		103	# (e.g., ou=Users will result in ou=Users,dc=mydomain,dc=com root DN)
56		104
57	# Auth Cache TTL, Defines the caching for authentication to offload LDAP server.	105	option: `user_search_filter` => ``
58	# This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access	106	# Filter to narrow results
59	3600	107	# (e.g., (&(objectCategory=Person)(objectClass=user)), or
60	# Host, comma seperated format is optionally possible to specify more than 1 server	108	# (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
61	https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/	109
62	# Default LDAP Port, use 689 for LDAPS	110	option: `search_scope` => `SUBTREE`
63	389	111	# How deep to search LDAP. If unsure set to SUBTREE
64	# Account, used for SimpleBind if LDAP server requires an authentication	112
65	e.g admin@server.com	113	option: `attr_login` => `sAMAccountName`
66	# Password used for simple bind	114	# LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
67	ldap-user-password	115
68	# LDAP connection security	116	option: `attr_email` => `mail`
69	LDAPS	117	# LDAP Attribute to map to email address (e.g., mail).
70	# Certificate checks level	118	# Emails are a crucial part of RhodeCode.
71	DEMAND	119	# If possible add a valid email attribute to ldap users.
72	# Base DN	120
73	cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com	121	option: `attr_firstname` => `givenName`
74	# User Search Base	122	# LDAP Attribute to map to first name (e.g., givenName)
75	ou=groups,ou=users	123
76	# LDAP search filter to narrow the results	124	option: `attr_lastname` => `sn`
77	(objectClass=person)	125	# LDAP Attribute to map to last name (e.g., sn)
78	# LDAP search scope	126
79	SUBTREE	127	option: `group_extraction_type` => `rfc2307bis`
80	# Login attribute	128	# With rfc2307, group members are listed by name in the memberUid attribute
81	sAMAccountName	129	# With rfc2307bis (Microsoft AD compatible) group members are listed by DN and stored in the member attribute
82	# First Name Attribute to read
83	givenName
84	# Last Name Attribute to read
85	sn
86	# Email Attribute to read email address from
87	mail
88	# group extraction method
89	rfc2307bis
90	# Group search base
91	ou=RC-Groups
92	# Group Name Attribute, field to read the group name from
93	sAMAAccountName
94	# User Member of Attribute, field in which groups are stored
95	memberOf
96	# LDAP Group Search Filter, allows narrowing the results
97		130
98	# Admin Groups. Comma separated list of groups. If user is member of	131	option: `group_search_base` => `ou=RC-Groups`
99	# any of those he will be marked as super-admin in RhodeCode	132	# Group search base will extend the Base DN (e.g. ou=Groups will result in ou=Groups,dc=mydomain,dc=com)
100	admins, management
101		133
		134	option: `group_name_attr` => `sAMAccountName`
		135	# LDAP Attribute to map to group name (e.g., cn, or sAMAccountName)
		136
		137	option: `user_member_of` => `memberOf`
		138	# Users Attribute used to fetch the group membership.
		139	# Use if users have stored group membership inside their attributes
		140	# (e.g., memberOf, or userMemberOf)
102		141
103	Below is example setup that can be used with Active Directory and ldap groups.	142	option: `group_search_filter` => ``
		143	# Filter to narrow results (e.g., (&(objectCategory=Group)(objectClass=group)), etc)
		144
		145	option: `group_member_of` => `memberOf`
		146	# LDAP Attribute used to resolve the parent group (e.g., memberOf)
104		147
105	.. image:: ../images/ldap-groups-example.png	148	option: `admin_groups` => `Admins,Management`
106	:alt: LDAP/AD setup example	149	# A comma separated list of group names that identify users as RhodeCode Administrators (e.g., admins)
107	:scale: 50 %	150
		151	option: `admin_groups_sync` => `full`
		152	# Way to sync Admin groups.
		153	# Full means admin flag is set to on or off according to membership in administrator group defined above.
		154	# On-only means the flag is only set to on, and not turned off once user is no longer a member
		155
108		156
109	.. toctree::	157	.. toctree::
110		158

docs/auth/auth-ldap.rst

0 +70 -42

@@ -3,11 +3,9 b''
3	LDAP/AD	3	LDAP/AD
4	-------	4	-------
5		5
6	\|RCM\| supports LDAP (Lightweight Directory Access Protocol) or	6	\|RCE\| supports LDAP (Lightweight Directory Access Protocol) or
7	AD (active Directory) authentication.	7	AD (active Directory) authentication.
8	All LDAP versions are supported, with the following \|RCM\| plugins managing each:	8	All LDAP versions are currently supported.
9
10	* For LDAP or Active Directory use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
11		9
12	RhodeCode reads all data defined from plugin and creates corresponding	10	RhodeCode reads all data defined from plugin and creates corresponding
13	accounts on local database after receiving data from LDAP. This is done on	11	accounts on local database after receiving data from LDAP. This is done on
@@ -30,11 +28,12 b' LDAP Configuration Steps'
30		28
31	To configure \|LDAP\|, use the following steps:	29	To configure \|LDAP\|, use the following steps:
32		30
33	1. From the \|RCM\| interface, select	31	1. From the \|RCE\| interface, select
34	:menuselection:`Admin --> Authentication`	32	:menuselection:`Admin --> Authentication`
35	2. ~~Enable the ldap~~ plugin and select :guilabel:`Save`	33	2. Activate the `LDAP` plugin and select :guilabel:`Save`
36	3. Select the :guilabel:`Enabled` check box in the plugin configuration section	34	3. Go to newly available menu option called `LDAP` on the left side.
37	4. Add the required LDAP information and :guilabel:`Save`, for more details,	35	4. Check the `enabled` check box in the plugin configuration section,
		36	and fill in the required LDAP information and :guilabel:`Save`, for more details,
38	see :ref:`config-ldap-examples`	37	see :ref:`config-ldap-examples`
39		38
40	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:	39	For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
@@ -43,44 +42,73 b' For a more detailed description of LDAP '
43		42
44	Example LDAP configuration	43	Example LDAP configuration
45	^^^^^^^^^^^^^^^^^^^^^^^^^^	44	^^^^^^^^^^^^^^^^^^^^^^^^^^
46	.. code-block:: bash	45
		46	Below is example setup that can be used with Active Directory/LDAP server::
		47
		48	option: `enabled` => `True`
		49	# Enable or disable this authentication plugin.
		50
		51	option: `cache_ttl` => `360`
		52	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
		53	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
		54
		55	option: `host` => `192.168.245.143,192.168.1.240`
		56	# Host[s] of the LDAP Server
		57	# (e.g., 192.168.2.154, or ldap-server.domain.com.
		58	# Multiple servers can be specified using commas
		59
		60	option: `port` => `389`
		61	# Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
		62
		63	option: `timeout` => `300`
		64	# Timeout for LDAP connection
		65
		66	option: `dn_user` => `Administrator@rhodecode.com`
		67	# Optional user DN/account to connect to LDAP if authentication is required.
		68	# e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
		69
		70	option: `dn_pass` => `SomeSecret`
		71	# Password to authenticate for given user DN.
		72
		73	option: `tls_kind` => `PLAIN`
		74	# TLS Type
47		75
48	# Auth Cache TTL, Defines the caching for authentication to offload LDAP server.	76	option: `tls_reqcert` => `NEVER`
49	# This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access	77	# Require Cert over TLS?. Self-signed and custom certificates can be used when
50	3600	78	# `RhodeCode Certificate` found in admin > settings > system info page is extended.
51	# Host, comma seperated format is optionally possible to specify more than 1 server	79
52	https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/	80	option: `tls_cert_file` => ``
53	# Default LDAP Port, use 689 for LDAPS	81	# This specifies the PEM-format file path containing certificates for use in TLS connection.
54	389	82	# If not specified `TLS Cert dir` will be used
55	# Account, used for SimpleBind if LDAP server requires an authentication	83
56	e.g admin@server.com	84	option: `tls_cert_dir` => `/etc/openldap/cacerts`
57	# Password used for simple bind	85	# This specifies the path of a directory that contains individual CA certificates in separate files.
58	ldap-user-password	86
59	# LDAP connection security	87	option: `base_dn` => `cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com`
60	LDAPS	88	# Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
61	# Certificate checks level	89	# (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
62	DEMAND
63	# Base DN
64	cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
65	# LDAP search filter to narrow the results
66	(objectClass=person)
67	# LDAP search scope
68	SUBTREE
69	# Login attribute
70	sAMAccountName
71	# First Name Attribute to read
72	givenName
73	# Last Name Attribute to read
74	sn
75	# Email Attribute to read email address from
76	mail
77		90
		91	option: `filter` => `(objectClass=person)`
		92	# Filter to narrow results
		93	# (e.g., (&(objectCategory=Person)(objectClass=user)), or
		94	# (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
78		95
79	Below is example setup that can be used with Active Directory/LDAP server.	96	option: `search_scope` => `SUBTREE`
		97	# How deep to search LDAP. If unsure set to SUBTREE
		98
		99	option: `attr_login` => `sAMAccountName`
		100	# LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
80		101
81	.. image:: ../images/ldap-example.png	102	option: `attr_email` => `mail`
82	:alt: LDAP/AD setup example	103	# LDAP Attribute to map to email address (e.g., mail).
83	:scale: 50 %	104	# Emails are a crucial part of RhodeCode.
		105	# If possible add a valid email attribute to ldap users.
		106
		107	option: `attr_firstname` => `givenName`
		108	# LDAP Attribute to map to first name (e.g., givenName)
		109
		110	option: `attr_lastname` => `sn`
		111	# LDAP Attribute to map to last name (e.g., sn)
84		112
85		113
86	.. toctree::	114	.. toctree::

docs/auth/auth-pam.rst

0 +2 -2

             To enable PAM authentication, use the following steps:
-. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
+. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
-. Enable the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
+. Activate the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
 . On the PAM plugin settings section, do the following:
                * Check the :guilabel:`Enable` checkbox

docs/auth/auth-token.rst

0 +17 -13

             Authentication Tokens
             ---------------------
-            |RCE| has 4 different kinds of authentication tokens.
+            |RCE| has 4 different kinds of authentication tokens. `API token`, `Feed tokens` work
+            without a need to enable any additional authentication. `VCS tokens` require dedicated
+            authentication plugin to be activated. `Web Interface tokens` are controlled by the
+            white_list configuration.
             * *API tokens*: API tokens can only be used to execute |RCE| API operations.
               You can store your API token and assign it to each instance in
               example in :ref:`indexing-ref` section for more details.
             * *Feed tokens*: The feed token can only be used to access the RSS feed.
-               Usually those are safe to store inside your RSS feed reader.
+              Usually those are safe to store inside your RSS feed reader.
-            * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
-              operations instead of a password. They are designed to be used with
-              CI Servers or other third party tools that require |repo| access.
-              They are also a good replacement for SSH based access.
-              To use these tokens you need be enabled special authentication method on
-              |RCE|, as they are disabled by default.
-              See :ref:`enable-vcs-tokens`.
             * *Web Interface tokens*: These token allows users to access the web
               interface of |RCE| without logging in.
                https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token>
                # To show commit diff without logging into Web UI
-               https://rhodecode.com/repo/changeset-diff/<sha>?auth_token=<web-api-token>
+               https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token>
+            * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
+              operations instead of a password. They are designed to be used with
+              CI Servers or other third party tools that require |repo| access.
+              They are also a good replacement for SSH based access.
+              To use these tokens you need be enabled special authentication method on
+              |RCE|, as they are disabled by default.
+              See :ref:`enable-vcs-tokens`.
             .. _enable-vcs-tokens:
             To enable VCS Tokens, use the following steps:
 . Go to :menuselection:`Admin --> Authentication`.
-. Enable the ``rhodecode.lib.auth_modules.auth_token`` plugin.
+. Activate the ``rhodecode.lib.auth_modules.auth_token`` plugin.
 . Click :guilabel:`Save`.
             Authentication Token Tips
             To create authentication tokens for an user, use the following steps:
-. From the |RCM| interface go to
+. From the |RCE| interface go to
                :menuselection:`Username --> My Account --> Auth tokens`.
 . Label and Add the tokens you wish to use with |RCE|.

docs/auth/auth.rst

0 +11 -9

             ======================
             |RCE| provides a built in authentication against its own database. This is
-            implemented using ``rhodecode.lib.auth_rhodecode`` plugin. This plugin is
+            implemented using ``RhodeCode Internal`` plugin. This plugin is enabled by default.
-            enabled by default.
             Additionally, |RCE| provides a Pluggable Authentication System. This gives the
             administrator greater control over how users authenticate with the system.
             .. important::
-              You can disable the built in |RCM| authentication plugin
+              You can disable the built in |RCE| authentication plugin
-              ``rhodecode.lib.auth_rhodecode`` and force all authentication to go
+              ``RhodeCode Internal`` and force all authentication to go
               through your authentication plugin of choice e.g LDAP only.
               However, if you do this, and your external authentication tools fails,
-              you will be unable to access |RCM|.
+              accessing |RCE| will be blocked unless a fallback plugin is
+              enabled via :file: rhodecode.ini
-            |RCM| comes with the following user authentication management plugins:
+            |RCE| comes with the following user authentication management plugins:
             .. toctree::
+                auth-token
                 auth-ldap
                 auth-ldap-groups
+                auth-saml-generic
+                auth-saml-onelogin
+                auth-saml-duosecurity
                 auth-crowd
                 auth-pam
-                auth-token
                 ssh-connection

docs/auth/ldap-active-directory.rst

0 +65 -19

@@ -3,27 +3,73 b''
3	Active Directory	3	Active Directory
4	----------------	4	----------------
5		5
6	\|RCM\| can use Microsoft Active Directory for user authentication. This is	6	\|RCE\| can use Microsoft Active Directory for user authentication. This is
7	done through an LDAP or LDAPS connection to Active Directory. Use the	7	done through an LDAP or LDAPS connection to Active Directory. Use the
8	following example LDAP configuration setting to set your Active Directory	8	following example LDAP configuration setting to set your Active Directory
9	authentication.	9	authentication::
10
11	.. code-block:: ini
12
13	# Set the Base DN
14	Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
15	# Set the Active Directory SAM-Account-Name
16	Login Attribute = sAMAccountName
17	# Set the Active Directory user name
18	First Name Attribute = usernameame
19	# Set the Active Directory user surname
20	Last Name Attribute = user_surname
21	# Set the Active Directory user email
22	E-mail Attribute = userEmail
23		10
24		11
25	Below is example setup that can be used with Active Directory and ldap groups.	12	option: `enabled` => `True`
		13	# Enable or disable this authentication plugin.
		14
		15	option: `cache_ttl` => `360`
		16	# Amount of seconds to cache the authentication and permissions check response call for this plugin.
		17	# Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
		18
		19	option: `host` => `192.168.245.143,192.168.1.240`
		20	# Host[s] of the LDAP Server
		21	# (e.g., 192.168.2.154, or ldap-server.domain.com.
		22	# Multiple servers can be specified using commas
		23
		24	option: `port` => `389`
		25	# Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
		26
		27	option: `timeout` => `300`
		28	# Timeout for LDAP connection
		29
		30	option: `dn_user` => `Administrator@rhodecode.com`
		31	# Optional user DN/account to connect to LDAP if authentication is required.
		32	# e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
		33
		34	option: `dn_pass` => `SomeSecret`
		35	# Password to authenticate for given user DN.
		36
		37	option: `tls_kind` => `PLAIN`
		38	# TLS Type
		39
		40	option: `tls_reqcert` => `NEVER`
		41	# Require Cert over TLS?. Self-signed and custom certificates can be used when
		42	# `RhodeCode Certificate` found in admin > settings > system info page is extended.
26		43
27	.. image:: ../images/ldap-groups-example.png	44	option: `tls_cert_file` => ``
28	:alt: LDAP/AD setup example	45	# This specifies the PEM-format file path containing certificates for use in TLS connection.
29	:scale: 50 % No newline at end of file	46	# If not specified `TLS Cert dir` will be used
		47
		48	option: `tls_cert_dir` => `/etc/openldap/cacerts`
		49	# This specifies the path of a directory that contains individual CA certificates in separate files.
		50
		51	option: `base_dn` => `OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local`
		52	# Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
		53	# (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
		54
		55	option: `filter` => `(objectClass=person)`
		56	# Filter to narrow results
		57	# (e.g., (&(objectCategory=Person)(objectClass=user)), or
		58	# (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
		59
		60	option: `search_scope` => `SUBTREE`
		61	# How deep to search LDAP. If unsure set to SUBTREE
		62
		63	option: `attr_login` => `sAMAccountName`
		64	# LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
		65
		66	option: `attr_email` => `userEmail`
		67	# LDAP Attribute to map to email address (e.g., mail).
		68	# Emails are a crucial part of RhodeCode.
		69	# If possible add a valid email attribute to ldap users.
		70
		71	option: `attr_firstname` => `user_firstname`
		72	# LDAP Attribute to map to first name (e.g., givenName)
		73
		74	option: `attr_lastname` => `user_surname`
		75	# LDAP Attribute to map to last name (e.g., sn)

docs/auth/ldap-authentication.rst

0 +2 -8

             * The LDAP username or account used to connect to |RCE|. This will be added
               to the LDAP filter for locating the user object.
             * For example, if an LDAP filter is specified as `LDAPFILTER`,
-              the login attribute is specified as `uid`, and the user connects as
+              the login/username attribute is specified as `uid`, and the user connects as
               `jsmith`, then the LDAP Filter will be like the following example.
             .. code-block:: vim
             Optional settings
             ^^^^^^^^^^^^^^^^^
-            The following are optional when enabling LDAP on |RCM|
+            The following are optional when enabling LDAP on |RCE|
             * An LDAP account is only required if the LDAP server does not allow
               anonymous browsing of records.
                following directory: `/etc/openldap/cacerts`
-            Below is example setup that can be used with Active Directory and ldap groups.
-            .. image:: ../images/ldap-groups-example.png
-               :alt: LDAP/AD setup example
-               :scale: 50 %
             .. _RFC 2254: http://www.rfc-base.org/rfc-2254.html

docs/code-review/code-review.rst

0 +1 -1

             Code Review
             ===========
-            |RCM| provides two ways in which you can review code. You can review |prs| or
+            |RCE| provides two ways in which you can review code. You can review |prs| or
             commits. To better understand |prs|, see the :ref:`pull-requests-ref`
             and :ref:`collaborate-ref` sections. For more information about why
             code review matters, see these posts on the topic:

docs/code-review/review-diffs.rst

0 +1 -1

             Reviewing Changes
             -----------------
-            |RCM| displays all code changes made with each commit. Removed content is
+            |RCE| displays all code changes made with each commit. Removed content is
             marked in red and new content in green.
             .. image:: ../images/plain-diff.png

docs/collaboration/approve-pull-request.rst

0 +1 -1

 . Set the review status to :guilabel:`Approved`
 . Select :guilabel:`Comment`
-            If you approve the |pr|, you will be able to merge automatically if |RCM|
+            If you approve the |pr|, you will be able to merge automatically if |RCE|
             detects that it can do so safely. You will see this message:
             :guilabel:`This pull request can be automatically merged.`

docs/collaboration/collaboration.rst

0 +1 -1

                Forking and branching does not work with |svn| |repos|.
-            Collaboration in |RCM| is accomplished through a combination of the following
+            Collaboration in |RCE| is accomplished through a combination of the following
             functions:
             .. only:: latex

docs/collaboration/forks-branches.rst

0 +1 -1

                 $ git commit -a -m "ghost script: initial file"
                 $ git push
-            Once it is pushed to the |RCM| server, you can switch to the newly created
+            Once it is pushed to the |RCE| server, you can switch to the newly created
             branch using the following steps:
 . Select :menuselection:`Admin --> Repositories`.

docs/collaboration/mention-reviewer-function.rst

0 +1 -1

             -------------------
             To notify users of items that require their attention you can use the mention
-            function. The mention function allows you to use ``@username`` within |RCM|.
+            function. The mention function allows you to use ``@username`` within |RCE|.
             The notification function can be used within the following
             items to highlight their need for attention:

docs/collaboration/merge-pull-request.rst

0 +2 -2

             Merge a |pr|
             ------------
-            |RCM| can detect if it can automatically merge the changes in a |pr|. If it
+            |RCE| can detect if it can automatically merge the changes in a |pr|. If it
             can, you will see the following message:
             :guilabel:`This pull request can be automatically merged.` To merge,
             click the big blue button! To enable this feature, see :ref:`server-side-merge`.
             Manual Merge a |PR|
             ^^^^^^^^^^^^^^^^^^^
-            If |RCM| cannot safely merge the changes in a |pr|,
+            If |RCE| cannot safely merge the changes in a |pr|,
             usually due to conflicts, you need to manually merge the changes on the
             command line. You can see more information for each |repo| type at the
             following links:

docs/collaboration/notifications-overview.rst

0 +1 -1

             Notifications Overview
             ----------------------
-            |RCM| has an integrated notification system which alerts users to requests
+            |RCE| has an integrated notification system which alerts users to requests
             that they have received. Notifications can occur for the following reasons:
             * Pull request reviews

docs/collaboration/pull-req-mgmt.rst

0 +2 -2

             .. only:: html
-                There are two ways of tracking |prs| within |RCM|.
+                There are two ways of tracking |prs| within |RCE|.
 . :ref:`prs-your-review`
 . :ref:`prs-per-repo`
             To view pull requests for your review, use the following steps:
-. From the |RCM| interface, Select
+. From the |RCE| interface, Select
                :menuselection:`username --> Notifications`
 . Select :guilabel:`Pull Requests`

docs/collaboration/review-pull-request.rst

0 +1 -1

 . Select Comment
             When the |pr| is approved by all reviewers you will be able to merge
-            automatically if |RCM| detects that it can do so safely. You will see this
+            automatically if |RCE| detects that it can do so safely. You will see this
             message: `This pull request can be automatically merged.`
             If rejected, you can fix the issues raised during review and then update the

docs/collaboration/supported-workflows.rst

0 +1 -1

             Supported Workflows
             -------------------
-            |RCM| can be used to develop using a variety of different workflows.
+            |RCE| can be used to develop using a variety of different workflows.
             * Centralized, using |svn|, |git|, or |hg| |repos|
             * Feature-Branch, using |git| or |hg| |repos|

docs/common.py

0 0 -4

             .. |psf| replace:: Python Software Foundation
             .. |repo| replace:: repository
             .. |repos| replace:: repositories
-            .. |RCI| replace:: RhodeCode Control
             .. |RCC| replace:: RhodeCode Control
-            .. |RCV| replace:: RhodeCode Enterprise
-            .. |RCM| replace:: RhodeCode Enterprise
             .. |RCE| replace:: RhodeCode Enterprise
             .. |RCCE| replace:: RhodeCode Community
             .. |RCEE| replace:: RhodeCode Enterprise
             .. |RCT| replace:: RhodeCode Tools
             .. |RCEBOLD| replace:: **RhodeCode Enterprise**
             .. |RCEITALICS| replace:: `RhodeCode Enterprise`
-            .. |RC| replace:: RhodeCode
             .. |RNS| replace:: Release Notes
             '''

docs/extensions/extensions-hooks.rst

0 +1 -1

             Hooks
             -----
-            Within |RCM| there are two types of supported hooks.
+            Within |RCE| there are two types of supported hooks.
             * **Internal built-in hooks**: The internal |hg|, |git| or |svn| hooks are
               triggered by different VCS operations, like push, pull,

docs/index.rst

0 +4 -4

-            |RCM|
+            |RCE|
             =====
-            |RCM| is a high-performance source code management and collaboration system.
+            |RCE| is a high-performance source code management and collaboration system.
             It enables you to develop projects securely behind the firewall while
             providing collaboration tools that work with |git|, |hg|,
             and |svn| |repos|. The user interface allows you to create, edit,
             and commit files and |repos| while managing their security permissions.
-            |RCM| provides the following features:
+            |RCE| provides the following features:
             * Source code management.
             * Extended permissions management.
             * Web-based hook management.
             * Native |svn| support.
             * Migration from existing databases.
-            * |RCM| SDK.
+            * |RCE| SDK.
             * Built-in analytics
             * Built in integrations including: Slack, Webhooks (used for Jenkins/TeamCity and other CIs), Jira, Redmine, Hipchat
             * Pluggable authentication system.

docs/install/install-database.rst

0 +18 -20

@@ -5,8 +5,24 b' Supported Databases'
5		5
6	.. important::	6	.. important::
7		7
8	We do not recommend using SQLite in a production environment~~. It is~~	8	We do not recommend using SQLite in a production environment of more than 5 people.
9	supported by \|RCE\| for evaluation purposes.	9	It is not suited for higher usage and mayb cause problems.
		10
		11
		12	\|RCE\| supports the following databases. The recommended encoding is UTF-8.
		13
		14	.. only:: latex
		15
		16	* :ref:`install-sqlite-database`
		17	* :ref:`install-mysql-database`
		18	* :ref:`install-postgresql-database`
		19
		20	.. toctree::
		21
		22	using-mysql
		23	using-postgresql
		24	using-sqllite
		25
10		26
11	Database Overview	27	Database Overview
12	-----------------	28	-----------------
@@ -48,21 +64,3 b' following example to configure the corre'
48	# for the RCE instance you are installing	64	# for the RCE instance you are installing
49	Database name: example-db-name-for-2xx # The 2xx version database	65	Database name: example-db-name-for-2xx # The 2xx version database
50	Database name: example-db-name-for-3xx # The 3xx version database	66	Database name: example-db-name-for-3xx # The 3xx version database
51
52	Supported Databases
53	-------------------
54
55	\|RCM\| supports the following databases. The recommended encoding is Unicode
56	UTF-8.
57
58	.. only:: latex
59
60	* :ref:`install-sqlite-database`
61	* :ref:`install-mysql-database`
62	* :ref:`install-postgresql-database`
63
64	.. toctree::
65
66	using-mysql
67	using-postgresql
68	using-sqllite

docs/install/install-steps.rst

0 +1 -1

             =======================
             The following tasks are the most common post installation requirements. Use
-            the information in these sections to configure your instance of |RCM|.
+            the information in these sections to configure your instance of |RCE|.
             .. toctree::

docs/install/migrate-repos.rst

0 +6 -6

             Migrating |repos|
             -----------------
-            If you have installed |RCM| and have |repos| that you wish to migrate into
+            If you have installed |RCE| and have |repos| that you wish to migrate into
             the system, use the following instructions.
-. On the |RCM| interface, check your |repo| storage location under
+. On the |RCE| interface, check your |repo| storage location under
                :menuselection:`Admin --> Settings --> System Info`. For example,
                Storage location: /home/{username}/repos.
-. Copy the |repos| that you want |RCM| to manage to this location.
+. Copy the |repos| that you want |RCE| to manage to this location.
 . Remap and rescan the |repos|, see :ref:`remap-rescan`
             .. important::
-               Directories create |repo| groups inside |RCM|.
+               Directories create |repo| groups inside |RCE|.
-               Importing adds |RCM| git hooks to your |repos|.
+               Importing adds |RCE| git hooks to your |repos|.
                You should verify if custom ``.hg`` or ``.hgrc`` files inside
-               repositories should be adjusted since |RCM| reads the content of them.
+               repositories should be adjusted since |RCE| reads the content of them.

docs/install/quick-start.rst

0 +4 -1

             .. code-block:: bash
-                $ chmod 755 RhodeCode-installer-linux-*
+                $ chmod +x RhodeCode-installer-linux-*
                 $ ./RhodeCode-installer-linux-*
+                Do you accept the RhodeCode Control license?
+                Press [Y] to accept license and [V] to view license text: y
 . Install a VCS Server, and configure it to start at boot.
             .. code-block:: bash

docs/install/setup-email.rst

0 +2 -2

             Set up Email
             ------------
-            To setup email with your |RCM| instance, open the default
+            To setup email with your |RCE| instance, open the default
             :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
             file and uncomment and configure the email section. If it is not there,
             use the below example to insert it.
-            Once configured you can check the settings for your |RCM| instance on the
+            Once configured you can check the settings for your |RCE| instance on the
             :menuselection:`Admin --> Settings --> Email` page.
             .. code-block:: ini

docs/install/using-mysql.rst

0 +3 -3

             ----------------
             To use a MySQL or MariaDB database you should install and configure the
-            database before installing |RCM|. This is because during |RCM| installation
+            database before installing |RCE|. This is because during |RCE| installation
             you will setup a connection to your MySQL or MariaDB database. To work with
             either, use the following steps:
 . Depending on your |os|, install a MySQL or MariaDB database following the
                appropriate instructions from the `MySQL website`_ or `MariaDB website`_.
 . Configure the database with a username and password which you will use
-               with |RCM|.
+               with |RCE|.
-. Install |RCM|, and during installation select MySQL as your database.
+. Install |RCE|, and during installation select MySQL as your database.
 . Enter the following information during the database setup:
                * Your network IP Address

docs/install/using-postgresql.rst

0 +3 -3

             ----------
             To use a PostgreSQL database, you should install and configure the database
-            before installing |RCV|. This is because during |RCV| installation you will
+            before installing |RCE|. This is because during |RCE| installation you will
             setup the connection to your PostgreSQL database. To work with PostgreSQL,
             use the following steps:
 . Depending on your |os|, install a PostgreSQL database following the
                appropriate instructions from the `PostgreSQL website`_.
 . Configure the database with a username and password, which you will use
-               with |RCV|.
+               with |RCE|.
-. Install |RCV|, and during installation select PostgreSQL as your database.
+. Install |RCE|, and during installation select PostgreSQL as your database.
 . Enter the following information during the database setup:
                * Your network IP Address

docs/install/using-sqllite.rst

0 +3 -3

                 as it has an internal locking mechanism which can become a performance
                 bottleneck when there are more than 5 concurrent users.
-            |RCM| installs SQLite as the default database if you do not specify another
+            |RCE| installs SQLite as the default database if you do not specify another
             during installation. SQLite is suitable for small teams,
             projects with a low load, and evaluation purposes since it is built into
-            |RCM| and does not require any additional database server.
+            |RCE| and does not require any additional database server.
             Using MySQL or PostgreSQL in an large setup gives you much greater
             performance, and while migration tools exist to move from one database type
             to another, it is better to get it right first time and to immediately use
-            MySQL or PostgreSQL when you deploy |RCM| in a production environment.
+            MySQL or PostgreSQL when you deploy |RCE| in a production environment.
             Migrating From SQLite to PostgreSQL
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

docs/integrations/integrations.rst

0 +13 -13

@@ -11,20 +11,20 b' different Slack channels, for example.'
11	Supported integrations	11	Supported integrations
12	^^^^^^^^^^^^^^^^^^^^^^	12	^^^^^^^^^^^^^^^^^^^^^^
13		13
14	================================ ============ ========================================	14	================================ ================== ========================================
15	Type/Name ~~\|RC\|~~ Edition Description	15	Type/Name RhodeCode Edition Description
16	================================ ============ ========================================	16	================================ ================== ========================================
17	:ref:`integrations-webhook` \|RCCEshort\| Trigger events as `json` to a custom url	17	:ref:`integrations-webhook` \|RCCEshort\| Trigger events as `json` to a custom url
18	:ref:`integrations-slack` \|RCCEshort\| Integrate with https://slack.com/	18	:ref:`integrations-slack` \|RCCEshort\| Integrate with https://slack.com/
19	:ref:`integrations-hipchat` \|RCCEshort\| Integrate with https://www.hipchat.com/	19	:ref:`integrations-hipchat` \|RCCEshort\| Integrate with https://www.hipchat.com/
20	:ref:`integrations-email` \|RCCEshort\| Send repo push commits by email	20	:ref:`integrations-email` \|RCCEshort\| Send repo push commits by email
21	:ref:`integrations-ci` \|RCCEshort\| Trigger Builds for Common CI Systems	21	:ref:`integrations-ci` \|RCCEshort\| Trigger Builds for Common CI Systems
22	:ref:`integrations-rcextensions` \|RCCEshort\| Advanced low-level integration framework	22	:ref:`integrations-rcextensions` \|RCCEshort\| Advanced low-level integration framework
23		23
24	:ref:`integrations-jenkins` \|RCEEshort\| Trigger Builds for Jenkins CI System	24	:ref:`integrations-jenkins` \|RCEEshort\| Trigger Builds for Jenkins CI System
25	:ref:`integrations-redmine` \|RCEEshort\| Close/Resolve/Reference Redmine issues	25	:ref:`integrations-redmine` \|RCEEshort\| Close/Resolve/Reference Redmine issues
26	:ref:`integrations-jira` \|RCEEshort\| Close/Resolve/Reference JIRA issues	26	:ref:`integrations-jira` \|RCEEshort\| Close/Resolve/Reference JIRA issues
27	================================ ============ ========================================	27	================================ ================== ========================================
28		28
29	.. _creating-integrations:	29	.. _creating-integrations:
30		30

docs/issue-trackers/issue-trackers.rst

0 +1 -1

             * At the |repo| level, you can configure an integration with a different issue
               tracker.
-            To integrate |RCM| with an issue tracker, you need to define a regular
+            To integrate |RCE| with an issue tracker, you need to define a regular
             expression that will fetch the issue ID stored in commit messages, and replace
             it with a URL. This enables |RCE| to generate a link matching each issue to the
             target |repo|.

docs/known-issues/error-msg-guide.rst

0 +1 -1

             Error creating repository repo-name
             Cause
-            As of |RCM| 3.0, a VCS Server is required to run backend operations.
+            As of |RCE| 3.0, a VCS Server is required to run backend operations.
             Solution
             Install a VCS Server. See the `Install a VCS Server`_ section of |RCC|

docs/nix/nix.rst

0 +1 -1

             Nix Packaging
             =============
-            |RCM| is installed using |Nix Package Manager|. The Nix environment provides
+            |RCE| is installed using |Nix Package Manager|. The Nix environment provides
             the following features for maintenance and deployment:
             * Atomic upgrades and rollbacks

docs/python-packages-generated.nix

0 +27 -27

             self: super: {
               "alabaster" = super.buildPythonPackage {
-                name = "alabaster-0.7.11";
+                name = "alabaster-0.7.12";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/3f/46/9346ea429931d80244ab7f11c4fce83671df0b7ae5a60247a2b588592c46/alabaster-0.7.11.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/cc/b4/ed8dcb0d67d5cfb7f83c4d5463a7614cb1d078ad7ae890c9143edebbf072/alabaster-0.7.12.tar.gz";
-                  sha256 = "1mvm69xsn5xf1jc45kdq1mn0yq0pfn54mv2jcww4s1vwqx6iyfxn";
+                  sha256 = "00nwwjj2d2ym4s2kk217x7jkx1hnczc3fvm8yxbqmsp6b0nxfqd6";
                 };
               };
               "babel" = super.buildPythonPackage {
                 };
               };
               "certifi" = super.buildPythonPackage {
-                name = "certifi-2018.8.24";
+                name = "certifi-2018.11.29";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/e1/0f/f8d5e939184547b3bdc6128551b831a62832713aa98c2ccdf8c47ecc7f17/certifi-2018.8.24.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/55/54/3ce77783acba5979ce16674fc98b1920d00b01d337cfaaf5db22543505ed/certifi-2018.11.29.tar.gz";
-                  sha256 = "0f0nhrj9mlrf79iway4578wrsgmjh0fmacl9zv8zjckdy7b90rip";
+                  sha256 = "1dvccavd2fzq4j37w0sznylp92ps14zi6gvlxzm23in0yhzciya7";
                 };
               };
               "chardet" = super.buildPythonPackage {
                 };
               };
               "packaging" = super.buildPythonPackage {
-                name = "packaging-17.1";
+                name = "packaging-18.0";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."pyparsing"
                   self."six"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/77/32/439f47be99809c12ef2da8b60a2c47987786d2c6c9205549dd6ef95df8bd/packaging-17.1.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/cf/50/1f10d2626df0aa97ce6b62cf6ebe14f605f4e101234f7748b8da4138a8ed/packaging-18.0.tar.gz";
-                  sha256 = "0nrpayk8kij1zm9sjnk38ldz3a6705ggvw8ljylqbrb4vmqbf6gh";
+                  sha256 = "01wq9c53ix5rz6qg2c98gy8n4ff768rmanifm8m5jpjiaizj51h8";
                 };
               };
               "pygments" = super.buildPythonPackage {
-                name = "pygments-2.2.0";
+                name = "pygments-2.3.0";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/71/2a/2e4e77803a8bd6408a2903340ac498cb0a2181811af7c9ec92cb70b0308a/Pygments-2.2.0.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/63/a2/91c31c4831853dedca2a08a0f94d788fc26a48f7281c99a303769ad2721b/Pygments-2.3.0.tar.gz";
-                  sha256 = "1k78qdvir1yb1c634nkv6rbga8wv4289xarghmsbbvzhvr311bnv";
+                  sha256 = "1z34ms51dh4jq4h3cizp7vd1dmsxcbvffkjsd2xxfav22nn6lrl2";
                 };
               };
               "pyparsing" = super.buildPythonPackage {
-                name = "pyparsing-2.2.0";
+                name = "pyparsing-2.3.0";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/3c/ec/a94f8cf7274ea60b5413df054f82a8980523efd712ec55a59e7c3357cf7c/pyparsing-2.2.0.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/d0/09/3e6a5eeb6e04467b737d55f8bba15247ac0876f98fae659e58cd744430c6/pyparsing-2.3.0.tar.gz";
-                  sha256 = "016b9gh606aa44sq92jslm89bg874ia0yyiyb643fa6dgbsbqch8";
+                  sha256 = "14k5v7n3xqw8kzf42x06bzp184spnlkya2dpjyflax6l3yrallzk";
                 };
               };
               "pytz" = super.buildPythonPackage {
                 };
               };
               "requests" = super.buildPythonPackage {
-                name = "requests-2.19.1";
+                name = "requests-2.20.1";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."chardet"
                   self."certifi"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/54/1f/782a5734931ddf2e1494e4cd615a51ff98e1879cbe9eecbdfeaf09aa75e9/requests-2.19.1.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/40/35/298c36d839547b50822985a2cf0611b3b978a5ab7a5af5562b8ebe3e1369/requests-2.20.1.tar.gz";
-                  sha256 = "0snf8xxdzsgh1x2zv3vilvbrv9jbpmnfagzzb1rjmmvflckdh8pc";
+                  sha256 = "0qzj6cgv3k9wyj7wlxgz7xq0cfg4jbbkfm24pp8dnhczwl31527a";
                 };
               };
               "setuptools" = super.buildPythonPackage {
-                name = "setuptools-40.2.0";
+                name = "setuptools-40.6.2";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/ef/1d/201c13e353956a1c840f5d0fbf0461bd45bbd678ea4843ebf25924e8984c/setuptools-40.2.0.zip";
+                  url = "https://files.pythonhosted.org/packages/b0/d1/8acb42f391cba52e35b131e442e80deffbb8d0676b93261d761b1f0ef8fb/setuptools-40.6.2.zip";
-                  sha256 = "19ng5m7kigllg3x96c91y3a2k28g6kwnbb1v4warrnp4xma1v227";
+                  sha256 = "0r2c5hapirlzm34h7pl1lgkm6gk7bcrlrdj28qgsvaqg3f74vfw6";
                 };
               };
               "six" = super.buildPythonPackage {
                 };
               };
               "sphinx" = super.buildPythonPackage {
-                name = "sphinx-1.7.8";
+                name = "sphinx-1.8.2";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."six"
                   self."typing"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/ac/54/4ef326d0c654da1ed91341a7a1f43efc18a8c770ddd2b8e45df97cb79d82/Sphinx-1.7.8.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/4c/ea/7388faba7cf02999e1bc42f6a8eb1ea0120aec3dd93474cee21cea2d693f/Sphinx-1.8.2.tar.gz";
-                  sha256 = "1ryz0w4c31930f1br2sjwrxwx9cmsy7cqdb0d81g98n9bj250w50";
+                  sha256 = "1sia2h5rfzy76rbsd69ghr8bbidhsjzzinf3f523dcmivp5k41qj";
                 };
               };
               "sphinx-rtd-theme" = super.buildPythonPackage {
                 };
               };
               "urllib3" = super.buildPythonPackage {
-                name = "urllib3-1.23";
+                name = "urllib3-1.24.1";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/3c/d2/dc5471622bd200db1cd9319e02e71bc655e9ea27b8e0ce65fc69de0dac15/urllib3-1.23.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/b1/53/37d82ab391393565f2f831b8eedbffd57db5a718216f82f1a8b4d381a1c1/urllib3-1.24.1.tar.gz";
-                  sha256 = "1bvbd35q3zdcd7gsv38fwpizy7p06dr0154g5gfybrvnbvhwb2m6";
+                  sha256 = "08lwd9f3hqznyf32vnzwvp87pchx062nkbgyrf67rwlkgj0jk5fy";
                 };
               };

docs/release-notes/release-notes-3.0.0.rst

0 +1 -1

             |RCE| 3.0.0 |RNS|
             -----------------
-            As |RCM| 3.0 is a big release, the release notes have been split into the following sections:
+            As |RCE| 3.0 is a big release, the release notes have been split into the following sections:
             * :ref:`general-rn-ref`
             * :ref:`security-rn-ref`

docs/release-notes/release-notes.rst

0 +1 0

             .. toctree::
                :maxdepth: 1
+               release-notes-4.15.0.rst
                release-notes-4.14.1.rst
                release-notes-4.14.0.rst
                release-notes-4.13.3.rst

docs/requirements_docs.txt

0 +2 -2

-            sphinx==1.7.8
+            sphinx==1.8.2
             six==1.11.0
             sphinx_rtd_theme==0.4.1
             docutils==0.14.0
-            pygments==2.2.0
+            pygments==2.3.0
             markupsafe==1.0.0
             jinja2==2.9.6
             pytz==2018.4

docs/tools/install-tools.rst

0 +2 -2

             Installing |RCT|
             ^^^^^^^^^^^^^^^^
-            |RCT| enable you to automate many of the most common |RCM| functions through
+            |RCT| enable you to automate many of the most common |RCE| functions through
             the API. Installing them on a local machine lets you carry out maintenance on
             the server remotely. Once installed you can use them to index your |repos|
-            to setup full-text search, strip commits, or install |RC| Extensions for
+            to setup full-text search, strip commits, or install RhodeCode Extensions for
             additional functionality.
             For more detailed instructions about using |RCT| for indexing and full-text

docs/tools/rhodecode-tools.rst

0 +1 -1

             |RCT|
             =====
-            |RCT| enable you to automate many of the most common |RCM| functions through
+            |RCT| enable you to automate many of the most common |RCE| functions through
             the API.
             .. toctree::

docs/tools/tools-cli.rst

0 +5 -5

             ---------------
             Use |RCT| to setup automation, run the indexer, and install extensions for
-            your |RCM| instances. Options:
+            your |RCE| instances. Options:
             .. rst-class:: dl-horizontal
             rhodecode-api
             -------------
-            The |RC| API lets you connect to |RCE| and carry out management tasks from a
+            The RhodeCode API lets you connect to |RCE| and carry out management tasks from a
             remote machine, for more information about the API, see the :ref:`api`. To
             pass arguments on the command-line use the ``method:option`` syntax.
             rhodecode-cleanup-gists
             -----------------------
-            Use this to delete gists within |RCM|. Options:
+            Use this to delete gists within |RCE|. Options:
             .. rst-class:: dl-horizontal
             rhodecode-cleanup-repos
             -----------------------
-            Use this to manage |repos| and |repo| groups within |RCM|. Options:
+            Use this to manage |repos| and |repo| groups within |RCE|. Options:
             .. rst-class:: dl-horizontal
             rhodecode-gist
             --------------
-            Use this to create, list, show, or delete gists within |RCM|. Options:
+            Use this to create, list, show, or delete gists within |RCE|. Options:
             .. rst-class:: dl-horizontal

docs/tools/tools-overview.rst

0 +1 -1

             :ref:`install-tools`, and :ref:`config-rhoderc`.
             Once |RCT| is installed, and the :file:`/home/{user}/.rhoderc` file is
-            configured you can then use |RCT| on each |RCM| instance to carry out admin
+            configured you can then use |RCT| on each |RCE| instance to carry out admin
             tasks. Use the following example to configure that file,
             and once configured see the :ref:`tools-cli` for more details.

docs/tutorials/deploy-from-host.rst

0 +2 -2

                 # Check that the script is uploaded to your home directory
                 $ ls -1
-                RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
+                RhodeCode-installer-linux-buildYYYYXXXX_ZZZZ
                 # Change the script permissions
-                $ chmod 755 RhodeCode-installer-linux*
+                $ chmod +x RhodeCode-installer-linux*
                 # Run the installer and accept the prompts
                 $ ./RhodeCode-installer-linux-*

docs/tutorials/git-lfs-ext.rst

0 +4 -4

             Git Large File Storage (or LFS) is a new, open-source extension to Git that
             aims to improve handling of large files. It does this by replacing large files
             in your repository—such as graphics and videos—with simple text pointers.
-            |RC| Server includes an embedded LFS object store server, allowing storage of
+            RhodeCode Server includes an embedded LFS object store server, allowing storage of
             large files without the need for an external object store.
             Git LFS is disabled by default, globally, and for each individual repository.
             .. note::
-                |RC| implements V2 API of Git LFS. Please make sure your git client is
+                RhodeCode implements V2 API of Git LFS. Please make sure your git client is
                 using the latest version (2.0.X recommended) to leverage full feature set
                 of the V2 API.
             Enabling Git LFS
             ++++++++++++++++
-            Git LFS is disabled by default within |RC| Server.
+            Git LFS is disabled by default within RhodeCode Server.
             To enable Git LFS Globally:
             The object itself will be uploaded to a separate location via the Git LFS Batch API.
-            The transfer is validated and authorized by |RC| server itself.
+            The transfer is validated and authorized by RhodeCode server itself.
             If give repository has Git LFS disabled, a proper message will be sent back to
             the client and upload of LFS objects will be forbidden.

docs/tutorials/hg-large-ext.rst

0 +1 -1

             Enabling HG Largefiles
             ++++++++++++++++++++++
-            Mercurial Largefiles extension is disabled by default within |RC| Server.
+            Mercurial Largefiles extension is disabled by default within RhodeCode Server.
             To enable Mercurial Largefiles Globally:

docs/tutorials/windows-to-linux.rst

0 +1 -1

             * For MySQL, do not use `localhost` in the database connection string of the
               :file:`rhodecode.ini` file.
             * InnoDB must be the database tables engine.
-            * Contact |RC| for a new licence Key/Token pair. If you don't, a trial licence
+            * Contact RhodeCode for a new licence Key/Token pair. If you don't, a trial licence
               will be applied so you are not locked out of the upgraded instance.
             You can find the specific instructions to carry out these pre-requisite steps

docs/usage/basic-vcs-commands.rst

0 +4 -4

             Getting Started with VCS
             ------------------------
-            When using |RCM|, you will be working with |git|, |svn| or |hg| |repos| from the
+            When using |RCE|, you will be working with |git|, |svn| or |hg| |repos| from the
             command line or using a GUI client such as Tortoise, Tower or SourceTree.
-            |RCM| uses a standard |git|, |svn| and |hg| protocols. So all tools that
+            |RCE| uses a standard |git|, |svn| and |hg| protocols. So all tools that
             can interact with there protocols are supported, including Eclipse or PyCharm
             plugins.
             If you have never used either before, the following information should
             help you set up your local machine so that you can sync changes with the
-            |RCM| server.
+            |RCE| server.
-            All of the following instructions assume you have a |RCM| account,
+            All of the following instructions assume you have a |RCE| account,
             and you can access your |repos| from the web interface.
             .. note::

docs/usage/file-editing.rst

0 +3 -3

             To edit files using the online editor, use the following steps.
-. From the |RCM| interface, select :menuselection:`Admin --> Repositories`
+. From the |RCE| interface, select :menuselection:`Admin --> Repositories`
 . Select the |repo| in which you want to edit a file.
 . Select the :guilabel:`file` view of the |repo|, and double-click on the file.
 . To open the editor, select the :guilabel:`edit on branch:default` button.
-               * If the filename has an extension |RCM| recognises,
+               * If the filename has an extension |RCE| recognises,
                  the syntax highlighting will appear automatically.
-               * If the filename does not have an extension |RCM| recognises,
+               * If the filename does not have an extension |RCE| recognises,
                  you can set the language syntax highlighter by
                  choosing from the file type drop down menu.
 . To save your changes, select :guilabel:`Commit changes`

docs/usage/gist-editing.rst

0 +2 -2

             ^^^^^^^^^^^^
             Gists are standalone files that only the creator can edit. To work with
-            gists, click on the :guilabel:`Gists` tab on the |RCM| header. The gist
+            gists, click on the :guilabel:`Gists` tab on the |RCE| header. The gist
             editor also has syntax highlighting.
             You can set the following properties for each gist:
               and will show up in searches.
             * :guilabel:`Gist Lifetime`: You can set a gist to expire after a set
               period by using the :guilabel:`Gist Lifetime` dropdown menu.
-              This means that when the gist expires it will be deleted from the |RCM|
+              This means that when the gist expires it will be deleted from the |RCE|
               gist database.
             * :guilabel:`Private`: This means that the gist will not show up in searches.
             * :guilabel:`Gist access level`: If you create a private gist you can have

docs/usage/online-editing.rst

0 +1 -1

             Online Editing
             --------------
-            |RCM| has an integrated online editor, allowing you to edit files in the
+            |RCE| has an integrated online editor, allowing you to edit files in the
             browser. The online editor has syntax highlighting and the ability to fork,
             merge, and commit changes to files.

pkgs/node-packages.nix

0 +195 -206

                     sha512 = "tx5TauYSmzsIvmSqepUPDYbs4/Ejz2XbZ1IkD7JEGqkdNUJlh+9KU85G56Tfdk/xjEZ8zorFfN09OSwiMrIQWA==";
                   };
                 };
-                "@polymer/iron-a11y-announcer-3.0.1" = {
+                "@polymer/iron-a11y-announcer-3.0.2" = {
                   name = "_at_polymer_slash_iron-a11y-announcer";
                   packageName = "@polymer/iron-a11y-announcer";
-                  version = "3.0.1";
+                  version = "3.0.2";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/@polymer/iron-a11y-announcer/-/iron-a11y-announcer-3.0.1.tgz";
+                    url = "https://registry.npmjs.org/@polymer/iron-a11y-announcer/-/iron-a11y-announcer-3.0.2.tgz";
-                    sha512 = "Xiqmpz0AEEbMNGYPpbrXBIrcI/xaR4tn77pmSLfxVKGGwjEUR/YrRgyIwXp4EN7lvst1dFC8kyl2hLga0uDIVQ==";
+                    sha512 = "LqnMF39mXyxSSRbTHRzGbcJS8nU0NVTo2raBOgOlpxw5yfGJUVcwaTJ/qy5NtWCZLRfa4suycf0oAkuUjHTXHQ==";
                   };
                 };
                 "@polymer/iron-a11y-keys-3.0.1" = {
                     sha1 = "e7365648c1b42136a59c7d5040637b3b5c83b614";
                   };
                 };
-                "@types/node-6.14.0" = {
+                "@types/node-6.14.2" = {
                   name = "_at_types_slash_node";
                   packageName = "@types/node";
-                  version = "6.14.0";
+                  version = "6.14.2";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/@types/node/-/node-6.14.0.tgz";
+                    url = "https://registry.npmjs.org/@types/node/-/node-6.14.2.tgz";
-                    sha512 = "6tQyh4Q4B5pECcXBOQDZ5KjyBIxRZGzrweGPM47sAYTdVG4+7R+2EGMTmp0h6ZwgqHrFRCeg2gdhsG9xXEl2Sg==";
+                    sha512 = "JWB3xaVfsfnFY8Ofc9rTB/op0fqqTSqy4vBcVk1LuRJvta7KTX+D//fCkiTMeLGhdr2EbFZzQjC97gvmPilk9Q==";
                   };
                 };
                 "@types/parse5-2.2.34" = {
                     sha512 = "mJ3QKWtCchL1vhU/kZlJnLPuQZnlDOdZsyP0bbLWPGdYsQDnSBvyTLhzwBA3QAMlzEL9V4JHygEmK6/OTEyytA==";
                   };
                 };
-                "@webcomponents/shadycss-1.5.2" = {
+                "@webcomponents/shadycss-1.6.0" = {
                   name = "_at_webcomponents_slash_shadycss";
                   packageName = "@webcomponents/shadycss";
-                  version = "1.5.2";
+                  version = "1.6.0";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/@webcomponents/shadycss/-/shadycss-1.5.2.tgz";
+                    url = "https://registry.npmjs.org/@webcomponents/shadycss/-/shadycss-1.6.0.tgz";
-                    sha512 = "0OyrmVc7S+INtzoqP2ofAo+OdVn2Nj0Qvq4wD9FEGN7nMmLRxaD2mzy6hD6EslzxUSuGH302CDU4KXiY66SEqg==";
+                    sha512 = "iURGZZU6BaiRJtGgjMn208QxPkY11QwT/VmuHNa4Yb+kJxU/WODe4C8b0LDOtnk4KJzJg50hCfwvPRAjePEzbA==";
                   };
                 };
-                "@webcomponents/webcomponentsjs-2.1.3" = {
+                "@webcomponents/webcomponentsjs-2.2.1" = {
                   name = "_at_webcomponents_slash_webcomponentsjs";
                   packageName = "@webcomponents/webcomponentsjs";
-                  version = "2.1.3";
+                  version = "2.2.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/@webcomponents/webcomponentsjs/-/webcomponentsjs-2.1.3.tgz";
+                    url = "https://registry.npmjs.org/@webcomponents/webcomponentsjs/-/webcomponentsjs-2.2.1.tgz";
-                    sha512 = "0UHJNY88lR3pnEYtBVT7F8cuuxOiITQGWJa0LxoELqkBSB7IabzJFOj5K99PajD3CGAsWpjB0CAeijfe376Y1w==";
+                    sha512 = "lZZ+Lkke6JhsJcQQqSVk1Pny6/8y4qhJ98LO7a/MwBSRO8WqHqK1X2vscfeL8vOnYGFnmBUyVG95lwYv/AXyLQ==";
                   };
                 };
                 "@xtuc/ieee754-1.2.0" = {
                     sha1 = "82ffb02b29e662ae53bdc20af15947706739c536";
                   };
                 };
-                "ajv-6.5.4" = {
+                "ajv-6.6.1" = {
                   name = "ajv";
                   packageName = "ajv";
-                  version = "6.5.4";
+                  version = "6.6.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/ajv/-/ajv-6.5.4.tgz";
+                    url = "https://registry.npmjs.org/ajv/-/ajv-6.6.1.tgz";
-                    sha512 = "4Wyjt8+t6YszqaXnLDfMmG/8AlO5Zbcsy3ATHncCzjW/NoPzAId8AK6749Ybjmdt+kUY1gP60fCu46oDxPv/mg==";
+                    sha512 = "ZoJjft5B+EJBjUyu9C9Hc0OZyPZSSlOF+plzouTrg6UlA8f+e/n8NIgBFG/9tppJtpPWfthHakK7juJdNDODww==";
                   };
                 };
                 "ajv-keywords-3.2.0" = {
                     sha512 = "DYWGk01lDcxeS/K9IHPGWfT8PsJmbXRtRd2Sx72Tnb8pcYZQFF1oSDb8hJtS1vhp212q1Rzi5dUf9+nq0o9UIg==";
                   };
                 };
-                "bluebird-3.5.2" = {
+                "bluebird-3.5.3" = {
                   name = "bluebird";
                   packageName = "bluebird";
-                  version = "3.5.2";
+                  version = "3.5.3";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/bluebird/-/bluebird-3.5.2.tgz";
+                    url = "https://registry.npmjs.org/bluebird/-/bluebird-3.5.3.tgz";
-                    sha512 = "dhHTWMI7kMx5whMQntl7Vr9C6BvV10lFXDAasnqnrMYhXVCzzk6IO9Fo2L75jXHT07WrOngL1WDXOp+yYS91Yg==";
+                    sha512 = "/qKPUQlaW1OyR51WeCPBvRnAlnZFUJkCSG5HzGnuIqhgyJtF+T94lFnn33eiazjRm2LAHVy2guNnaq48X9SJuw==";
                   };
                 };
                 "bn.js-4.11.8" = {
                     sha1 = "9bb5304d2e0b56698b2c758b08a3eaa9daa58a39";
                   };
                 };
-                "camelcase-4.1.0" = {
+                "camelcase-5.0.0" = {
                   name = "camelcase";
                   packageName = "camelcase";
-                  version = "4.1.0";
+                  version = "5.0.0";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/camelcase/-/camelcase-4.1.0.tgz";
+                    url = "https://registry.npmjs.org/camelcase/-/camelcase-5.0.0.tgz";
-                    sha1 = "d545635be1e33c542649c69173e5de6acfae34dd";
+                    sha512 = "faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA==";
                   };
                 };
                 "caniuse-api-1.6.1" = {
                     sha1 = "b534e7c734c4f81ec5fbe8aca2ad24354b962c6c";
                   };
                 };
-                "caniuse-db-1.0.30000900" = {
+                "caniuse-db-1.0.30000912" = {
                   name = "caniuse-db";
                   packageName = "caniuse-db";
-                  version = "1.0.30000900";
+                  version = "1.0.30000912";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/caniuse-db/-/caniuse-db-1.0.30000900.tgz";
+                    url = "https://registry.npmjs.org/caniuse-db/-/caniuse-db-1.0.30000912.tgz";
-                    sha512 = "fvicVRDlhHIQpt/bmbLl3hDHKUZb5ZP8O2OuZLz2fSEPlUBbvwwbhhqhGS617ldN6bDoo9A3+MQKQyFq0p7UXA==";
+                    sha512 = "uiepPdHcJ06Na9t15L5l+pp3NWQU4IETbmleghD6tqCqbIYqhHSu7nVfbK2gqPjfy+9jl/wHF1UQlyTszh9tJQ==";
                   };
                 };
-                "caniuse-lite-1.0.30000900" = {
+                "caniuse-lite-1.0.30000912" = {
                   name = "caniuse-lite";
                   packageName = "caniuse-lite";
-                  version = "1.0.30000900";
+                  version = "1.0.30000912";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000900.tgz";
+                    url = "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000912.tgz";
-                    sha512 = "xDVs8pBFr6bzq9pXUkLKpGQQnzsF/l6/yX38UnCkTcUcwC0rDl1NGZGildcJVTU+uGBxfsyniK/ZWagPNn1Oqw==";
+                    sha512 = "M3zAtV36U+xw5mMROlTXpAHClmPAor6GPKAMD5Yi7glCB5sbMPFtnQ3rGpk4XqPdUrrTIaVYSJZxREZWNy8QJg==";
                   };
                 };
                 "caseless-0.12.0" = {
                     sha1 = "22817534f24bfa4950c34d532d48ecbc621b8c14";
                   };
                 };
-                "clipboard-2.0.1" = {
+                "clipboard-2.0.4" = {
                   name = "clipboard";
                   packageName = "clipboard";
-                  version = "2.0.1";
+                  version = "2.0.4";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/clipboard/-/clipboard-2.0.1.tgz";
+                    url = "https://registry.npmjs.org/clipboard/-/clipboard-2.0.4.tgz";
-                    sha512 = "7yhQBmtN+uYZmfRjjVjKa0dZdWuabzpSKGtyQZN+9C8xlC788SSJjOHWh7tzurfwTqTD5UDYAhIv5fRJg3sHjQ==";
+                    sha512 = "Vw26VSLRpJfBofiVaFb/I8PVfdI1OxKcYShe6fm0sP/DtmiWQNCjhM/okTvdCo0G+lMMm1rMYbk4IK4x1X+kgQ==";
                   };
                 };
                 "cliui-2.1.0" = {
                     sha1 = "676f6eb3c39997c2ee1ac3a924fd6124748f578d";
                   };
                 };
-                "copy-webpack-plugin-4.5.4" = {
+                "copy-webpack-plugin-4.6.0" = {
                   name = "copy-webpack-plugin";
                   packageName = "copy-webpack-plugin";
-                  version = "4.5.4";
+                  version = "4.6.0";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-4.5.4.tgz";
+                    url = "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-4.6.0.tgz";
-                    sha512 = "0lstlEyj74OAtYMrDxlNZsU7cwFijAI3Ofz2fD6Mpo9r4xCv4yegfa3uHIKvZY1NSuOtE9nvG6TAhJ+uz9gDaQ==";
+                    sha512 = "Y+SQCF+0NoWQryez2zXn5J5knmr9z/9qSQt7fbL78u83rxmigOy8X5+BFn8CFSuX+nKT8gpYwJX68ekqtQt6ZA==";
                   };
                 };
                 "core-js-2.5.7" = {
                     sha1 = "2b3a110539c5355f1cd8d314623e870b121ec858";
                   };
                 };
-                "css-selector-tokenizer-0.7.0" = {
+                "css-selector-tokenizer-0.7.1" = {
                   name = "css-selector-tokenizer";
                   packageName = "css-selector-tokenizer";
-                  version = "0.7.0";
+                  version = "0.7.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/css-selector-tokenizer/-/css-selector-tokenizer-0.7.0.tgz";
+                    url = "https://registry.npmjs.org/css-selector-tokenizer/-/css-selector-tokenizer-0.7.1.tgz";
-                    sha1 = "e6988474ae8c953477bf5e7efecfceccd9cf4c86";
+                    sha512 = "xYL0AMZJ4gFzJQsHUKa5jiWWi2vH77WVNg7JYRyewwj6oPh4yb/y6Y9ZCw9dsj/9UauMhtuxR+ogQd//EdEVNA==";
                   };
                 };
                 "css-what-2.1.2" = {
                     sha1 = "f6534d15148269b20352e7bee26f501f9a191290";
                   };
                 };
-                "decamelize-2.0.0" = {
-                  name = "decamelize";
-                  packageName = "decamelize";
-                  version = "2.0.0";
-                  src = fetchurl {
-                    url = "https://registry.npmjs.org/decamelize/-/decamelize-2.0.0.tgz";
-                    sha512 = "Ikpp5scV3MSYxY39ymh45ZLEecsTdv/Xj2CaQfI8RLMuwi7XvjX9H/fhraiSuU+C5w5NTDu4ZU72xNiZnurBPg==";
-                  };
-                };
                 "decode-uri-component-0.2.0" = {
                   name = "decode-uri-component";
                   packageName = "decode-uri-component";
                     sha1 = "3a83a904e54353287874c564b7549386849a98c9";
                   };
                 };
-                "electron-to-chromium-1.3.82" = {
+                "electron-to-chromium-1.3.85" = {
                   name = "electron-to-chromium";
                   packageName = "electron-to-chromium";
-                  version = "1.3.82";
+                  version = "1.3.85";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.82.tgz";
+                    url = "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.85.tgz";
-                    sha512 = "NI4nB2IWGcU4JVT1AE8kBb/dFor4zjLHMLsOROPahppeHrR0FG5uslxMmkp/thO1MvPjM2xhlKoY29/I60s0ew==";
+                    sha512 = "kWSDVVF9t3mft2OHVZy4K85X2beP6c6mFm3teFS/mLSDJpQwuFIWHrULCX+w6H1E55ZYmFRlT+ATAFRwhrYzsw==";
                   };
                 };
                 "elliptic-6.4.1" = {
                     sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2";
                   };
                 };
-                "fastparse-1.1.1" = {
+                "fastparse-1.1.2" = {
                   name = "fastparse";
                   packageName = "fastparse";
-                  version = "1.1.1";
+                  version = "1.1.2";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/fastparse/-/fastparse-1.1.1.tgz";
+                    url = "https://registry.npmjs.org/fastparse/-/fastparse-1.1.2.tgz";
-                    sha1 = "d1e2643b38a94d7583b479060e6c4affc94071f8";
+                    sha512 = "483XLLxTVIwWK3QTrMGRqUfUpoOs/0hbQrl2oz4J0pAcm3A3bu84wxTFqGqkJzewCLdME38xJLJAxBABfQT8sQ==";
                   };
                 };
                 "favico.js-0.3.10" = {
                     sha1 = "15a4806a57547cb2d2dbf27f42e89a8c3451b364";
                   };
                 };
-                "graceful-fs-4.1.11" = {
+                "graceful-fs-4.1.15" = {
                   name = "graceful-fs";
                   packageName = "graceful-fs";
-                  version = "4.1.11";
+                  version = "4.1.15";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz";
+                    url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz";
-                    sha1 = "0e8bdfe4d1ddb8854d64e04ea7c00e2a026e5658";
+                    sha512 = "6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==";
                   };
                 };
                 "grunt-0.4.5" = {
                     sha1 = "56937cd5194324adff6d207631832a9d6ba4e7f0";
                   };
                 };
-                "grunt-cli-1.3.1" = {
+                "grunt-cli-1.3.2" = {
                   name = "grunt-cli";
                   packageName = "grunt-cli";
-                  version = "1.3.1";
+                  version = "1.3.2";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/grunt-cli/-/grunt-cli-1.3.1.tgz";
+                    url = "https://registry.npmjs.org/grunt-cli/-/grunt-cli-1.3.2.tgz";
-                    sha512 = "UwBRu/QpAjDc53DRLEkyilFdL0zenpxu+fddTIlsF/KJqdNcHaQmvyu1W3cDesZ9rqqZdKK5A8+QDIyLUEWoZQ==";
+                    sha512 = "8OHDiZZkcptxVXtMfDxJvmN7MVJNE8L/yIcPb4HB7TlyFD1kDvjHrb62uhySsU14wJx9ORMnTuhRMQ40lH/orQ==";
                   };
                 };
                 "grunt-contrib-concat-0.5.1" = {
                     sha1 = "6d4524e8b955f95d4f5b58851ce21dd72fb4e952";
                   };
                 };
-                "lru-cache-4.1.3" = {
+                "lru-cache-4.1.5" = {
                   name = "lru-cache";
                   packageName = "lru-cache";
-                  version = "4.1.3";
+                  version = "4.1.5";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.3.tgz";
+                    url = "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz";
-                    sha512 = "fFEhvcgzuIoJVUF8fYr5KR0YqxD238zgObTps31YdADwPPAp82a4M8TrckkWyx7ekNlf9aBcVn81cFwwXngrJA==";
+                    sha512 = "sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==";
                   };
                 };
                 "make-dir-1.3.0" = {
                     sha512 = "pxiuXh0iVEq7VM7KMIhs5gxsfxCux2URptUQaXo4iZZJxBAzTPOLE2BumO5dbfVYq/hBJFBR/a1mFDmOx5AGmw==";
                   };
                 };
-                "map-age-cleaner-0.1.2" = {
+                "map-age-cleaner-0.1.3" = {
                   name = "map-age-cleaner";
                   packageName = "map-age-cleaner";
-                  version = "0.1.2";
+                  version = "0.1.3";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/map-age-cleaner/-/map-age-cleaner-0.1.2.tgz";
+                    url = "https://registry.npmjs.org/map-age-cleaner/-/map-age-cleaner-0.1.3.tgz";
-                    sha512 = "UN1dNocxQq44IhJyMI4TU8phc2m9BddacHRPRjKGLYaF0jqd3xLz0jS0skpAU9WgYyoR4gHtUpzytNBS385FWQ==";
+                    sha512 = "bJzx6nMoP6PDLPBFmg7+xRKeFZvFboMrGlxmNj9ClvX53KrmvM5bXFXEWjbz4cz1AFn+jWJ9z/DJSz7hrs0w3w==";
                   };
                 };
                 "map-cache-0.2.2" = {
                     sha512 = "hMp0onDKIajHfIkdRk3P4CdCmErkYAxxDtP3Wx/4nZ3aGlau2VKh3mZpcuFkH27WQkL/3WBCPOktzA9ZOAnMQQ==";
                   };
                 };
-                "pako-1.0.6" = {
+                "pako-1.0.7" = {
                   name = "pako";
                   packageName = "pako";
-                  version = "1.0.6";
+                  version = "1.0.7";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/pako/-/pako-1.0.6.tgz";
+                    url = "https://registry.npmjs.org/pako/-/pako-1.0.7.tgz";
-                    sha512 = "lQe48YPsMJAig+yngZ87Lus+NF+3mtu7DVOBu6b/gHO1YpKwIj5AWjZ/TOS7i46HD/UixzWb1zeWDZfGZ3iYcg==";
+                    sha512 = "3HNK5tW4x8o5mO8RuHZp3Ydw9icZXx0RANAOMzlMzx7LVXhMJ4mo3MOBpzyd7r/+RUu8BmndP47LXT+vzjtWcQ==";
                   };
                 };
                 "parallel-transform-1.1.0" = {
                     sha1 = "b2c6a98c0072cf91b932d1a496508114311735bf";
                   };
                 };
-                "postcss-modules-extract-imports-1.2.0" = {
+                "postcss-modules-extract-imports-1.2.1" = {
                   name = "postcss-modules-extract-imports";
                   packageName = "postcss-modules-extract-imports";
-                  version = "1.2.0";
+                  version = "1.2.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-1.2.0.tgz";
+                    url = "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-1.2.1.tgz";
-                    sha1 = "66140ecece38ef06bf0d3e355d69bf59d141ea85";
+                    sha512 = "6jt9XZwUhwmRUhb/CkyJY020PYaPJsCyt3UjbaWo6XEbH/94Hmv6MP7fG2C5NDU/BcHzyGYxNtHvM+LTf9HrYw==";
                   };
                 };
                 "postcss-modules-local-by-default-1.2.0" = {
                     sha1 = "04e6926f662895354f3dd015203633b857297e2c";
                   };
                 };
-                "sshpk-1.15.1" = {
+                "sshpk-1.15.2" = {
                   name = "sshpk";
                   packageName = "sshpk";
-                  version = "1.15.1";
+                  version = "1.15.2";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/sshpk/-/sshpk-1.15.1.tgz";
+                    url = "https://registry.npmjs.org/sshpk/-/sshpk-1.15.2.tgz";
-                    sha512 = "mSdgNUaidk+dRU5MhYtN9zebdzF2iG0cNPWy8HG+W8y+fT1JnSkh0fzzpjOa0L7P8i1Rscz38t0h4gPcKz43xA==";
+                    sha512 = "Ra/OXQtuh0/enyl4ETZAfTaeksa6BXks5ZcjpSUNrjBr0DvrJKX+1fsKDPpT9TBXgHAFsa4510aNVgI8g/+SzA==";
                   };
                 };
                 "ssri-5.3.0" = {
                     sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==";
                   };
                 };
+                "string_decoder-1.2.0" = {
+                  name = "string_decoder";
+                  packageName = "string_decoder";
+                  version = "1.2.0";
+                  src = fetchurl {
+                    url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.2.0.tgz";
+                    sha512 = "6YqyX6ZWEYguAxgZzHGL7SsCeGx3V2TtOTqZz1xSTSWnqsbWwbptafNyvf/ACquZUXV3DANr5BDIwNYe1mN42w==";
+                  };
+                };
                 "stringstream-0.0.6" = {
                   name = "stringstream";
                   packageName = "stringstream";
                     sha1 = "9f5772413952135c6fefbf40afe6a4faa88b4bb5";
                   };
                 };
-                "tapable-0.2.8" = {
+                "tapable-0.2.9" = {
                   name = "tapable";
                   packageName = "tapable";
-                  version = "0.2.8";
+                  version = "0.2.9";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/tapable/-/tapable-0.2.8.tgz";
+                    url = "https://registry.npmjs.org/tapable/-/tapable-0.2.9.tgz";
-                    sha1 = "99372a5c999bf2df160afc0d74bed4f47948cd22";
+                    sha512 = "2wsvQ+4GwBvLPLWsNfLCDYGsW6xb7aeC6utq2Qh0PFwgEy7K7dsma9Jsmb2zSQj7GvYAyUGSntLtsv++GmgL1A==";
                   };
                 };
-                "tapable-1.1.0" = {
+                "tapable-1.1.1" = {
                   name = "tapable";
                   packageName = "tapable";
-                  version = "1.1.0";
+                  version = "1.1.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/tapable/-/tapable-1.1.0.tgz";
+                    url = "https://registry.npmjs.org/tapable/-/tapable-1.1.1.tgz";
-                    sha512 = "IlqtmLVaZA2qab8epUXbVWRn3aB1imbDMJtjB3nu4X0NqPkcY/JH9ZtCBWKHWPxs8Svi9tyo8w2dBoi07qZbBA==";
+                    sha512 = "9I2ydhj8Z9veORCw5PRm4u9uebCn0mcCa6scWoNcbZ6dAtoo2618u9UUzxgmsCOreJpqDDuv61LvwofW7hLcBA==";
                   };
                 };
                 "throttleit-1.0.0" = {
                     sha1 = "0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5";
                   };
                 };
-                "through2-2.0.3" = {
+                "through2-2.0.5" = {
                   name = "through2";
                   packageName = "through2";
-                  version = "2.0.3";
+                  version = "2.0.5";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/through2/-/through2-2.0.3.tgz";
+                    url = "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz";
-                    sha1 = "0004569b37c7c74ba39c43f3ced78d1ad94140be";
+                    sha512 = "/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ==";
                   };
                 };
                 "timers-browserify-2.0.10" = {
                     sha512 = "1wFuMUIM16MDJRCrpbpuEPTUGmM5QMUg0cr3KFwra2XgOgFcPGDQHDh3CszSCD2Zewc/dh/pamNEW8CbfDebUw==";
                   };
                 };
-                "v8flags-3.0.2" = {
+                "v8flags-3.1.1" = {
                   name = "v8flags";
                   packageName = "v8flags";
-                  version = "3.0.2";
+                  version = "3.1.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/v8flags/-/v8flags-3.0.2.tgz";
+                    url = "https://registry.npmjs.org/v8flags/-/v8flags-3.1.1.tgz";
-                    sha512 = "6sgSKoFw1UpUPd3cFdF7QGnrH6tDeBgW1F3v9gy8gLY0mlbiBXq8soy8aQpY6xeeCjH5K+JvC62Acp7gtl7wWA==";
+                    sha512 = "iw/1ViSEaff8NJ3HLyEjawk/8hjJib3E7pvG4pddVXfUg1983s3VGsiClDjhK64MQVDGqc1Q8r18S4VKQZS9EQ==";
                   };
                 };
                 "vendors-1.0.2" = {
                     sha1 = "b5243d8f3ec1aa35f1364605bc0d1036e30ab69f";
                   };
                 };
-                "xregexp-4.0.0" = {
-                  name = "xregexp";
-                  packageName = "xregexp";
-                  version = "4.0.0";
-                  src = fetchurl {
-                    url = "https://registry.npmjs.org/xregexp/-/xregexp-4.0.0.tgz";
-                    sha512 = "PHyM+sQouu7xspQQwELlGwwd05mXUFqwFYfqPO0cC7x4fxyHnnuetmQr6CjJiafIDoH4MogHb9dOoJzR/Y4rFg==";
-                  };
-                };
                 "xtend-4.0.1" = {
                   name = "xtend";
                   packageName = "xtend";
                     sha1 = "1c11f9218f076089a47dd512f93c6699a6a81d52";
                   };
                 };
-                "yargs-12.0.2" = {
+                "yargs-12.0.5" = {
                   name = "yargs";
                   packageName = "yargs";
-                  version = "12.0.2";
+                  version = "12.0.5";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/yargs/-/yargs-12.0.2.tgz";
+                    url = "https://registry.npmjs.org/yargs/-/yargs-12.0.5.tgz";
-                    sha512 = "e7SkEx6N6SIZ5c5H22RTZae61qtn3PYUE8JYbBFlK9sYmh3DMQ6E5ygtaG/2BW0JZi4WGgTR2IV5ChqlqrDGVQ==";
+                    sha512 = "Lhz8TLaYnxq/2ObqHDql8dX8CJi97oHxrjUcYtzKbbykPtVW9WB+poxI+NM2UIzsMgNCZTIf0AQwsjK5yMAqZw==";
                   };
                 };
                 "yargs-3.10.0" = {
                     sha1 = "f7ee7bd857dd7c1d2d38c0e74efbd681d1431fd1";
                   };
                 };
-                "yargs-parser-10.1.0" = {
+                "yargs-parser-11.1.1" = {
                   name = "yargs-parser";
                   packageName = "yargs-parser";
-                  version = "10.1.0";
+                  version = "11.1.1";
                   src = fetchurl {
-                    url = "https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz";
+                    url = "https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz";
-                    sha512 = "VCIyR1wJoEBZUqk5PA+oOBF6ypbwh5aNB3I50guxAL/quggdfs4TtNHQrSazFA3fYZ+tEqfs0zIGlv0c/rgjbQ==";
+                    sha512 = "C6kB/WJDiaxONLJQnF8ccx9SEeoTTLek8RVbaOIsrAUS8VrBEXfmeSnCZxygc+XC2sNMBIwOOnfcxiynjHsVSQ==";
                   };
                 };
                 "yauzl-2.4.1" = {
                 src = ./..;
                 dependencies = [
                   sources."@polymer/font-roboto-3.0.2"
-                  sources."@polymer/iron-a11y-announcer-3.0.1"
+                  sources."@polymer/iron-a11y-announcer-3.0.2"
                   sources."@polymer/iron-a11y-keys-3.0.1"
                   sources."@polymer/iron-a11y-keys-behavior-3.0.1"
                   sources."@polymer/iron-ajax-3.0.1"
                   sources."@polymer/paper-tooltip-3.0.1"
                   sources."@polymer/polymer-3.1.0"
                   sources."@types/clone-0.1.30"
-                  sources."@types/node-6.14.0"
+                  sources."@types/node-6.14.2"
                   sources."@types/parse5-2.2.34"
                   sources."@webassemblyjs/ast-1.7.10"
                   sources."@webassemblyjs/floating-point-hex-parser-1.7.10"
                   sources."@webassemblyjs/wasm-parser-1.7.10"
                   sources."@webassemblyjs/wast-parser-1.7.10"
                   sources."@webassemblyjs/wast-printer-1.7.10"
-                  sources."@webcomponents/shadycss-1.5.2"
+                  sources."@webcomponents/shadycss-1.6.0"
-                  sources."@webcomponents/webcomponentsjs-2.1.3"
+                  sources."@webcomponents/webcomponentsjs-2.2.1"
                   sources."@xtuc/ieee754-1.2.0"
                   sources."@xtuc/long-4.2.1"
                   sources."abbrev-1.1.1"
                   sources."bcrypt-pbkdf-1.0.2"
                   sources."big.js-3.2.0"
                   sources."binary-extensions-1.12.0"
-                  sources."bluebird-3.5.2"
+                  sources."bluebird-3.5.3"
                   sources."bn.js-4.11.8"
                   sources."boolbase-1.0.0"
                   sources."boom-2.10.1"
                   (sources."cacache-10.0.4" // {
                     dependencies = [
                       sources."glob-7.1.3"
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
-                      sources."lru-cache-4.1.3"
+                      sources."lru-cache-4.1.5"
                       sources."minimatch-3.0.4"
                       sources."rimraf-2.6.2"
                     ];
                   })
                   sources."cache-base-1.0.1"
                   sources."camel-case-3.0.0"
-                  sources."camelcase-4.1.0"
+                  sources."camelcase-5.0.0"
                   (sources."caniuse-api-1.6.1" // {
                     dependencies = [
                       sources."browserslist-1.7.7"
                     ];
                   })
-                  sources."caniuse-db-1.0.30000900"
+                  sources."caniuse-db-1.0.30000912"
-                  sources."caniuse-lite-1.0.30000900"
+                  sources."caniuse-lite-1.0.30000912"
                   sources."caseless-0.12.0"
                   sources."center-align-0.1.3"
                   sources."chalk-0.5.1"
                       sources."minimatch-3.0.4"
                     ];
                   })
-                  sources."clipboard-2.0.1"
+                  sources."clipboard-2.0.4"
                   (sources."cliui-4.1.0" // {
                     dependencies = [
                       sources."ansi-regex-3.0.0"
                     ];
                   })
                   sources."copy-descriptor-0.1.1"
-                  (sources."copy-webpack-plugin-4.5.4" // {
+                  (sources."copy-webpack-plugin-4.6.0" // {
                     dependencies = [
                       sources."is-glob-4.0.0"
                       sources."minimatch-3.0.4"
                   sources."css-color-names-0.0.4"
                   sources."css-loader-0.28.11"
                   sources."css-select-1.2.0"
-                  (sources."css-selector-tokenizer-0.7.0" // {
+                  (sources."css-selector-tokenizer-0.7.1" // {
                     dependencies = [
                       sources."regexpu-core-1.0.0"
                     ];
                   })
                   sources."css-what-2.1.2"
                   sources."cssesc-0.1.0"
-                  (sources."cssnano-3.10.0" // {
+                  sources."cssnano-3.10.0"
-                    dependencies = [
-                      sources."decamelize-1.2.0"
-                    ];
-                  })
                   sources."csso-2.3.2"
                   sources."cycle-1.0.3"
                   sources."cyclist-0.2.2"
                   sources."date-now-0.1.4"
                   sources."dateformat-1.0.2-1.2.3"
                   sources."debug-2.6.9"
-                  sources."decamelize-2.0.0"
+                  sources."decamelize-1.2.0"
                   sources."decode-uri-component-0.2.0"
                   sources."deep-for-each-2.0.3"
                   sources."define-properties-1.1.3"
                     ];
                   })
                   sources."ecc-jsbn-0.1.2"
-                  sources."electron-to-chromium-1.3.82"
+                  sources."electron-to-chromium-1.3.85"
                   sources."elliptic-6.4.1"
                   sources."emojis-list-2.1.0"
                   sources."end-of-stream-1.4.1"
                   (sources."enhanced-resolve-4.1.0" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   sources."entities-1.0.0"
                   sources."eyes-0.1.8"
                   sources."fast-deep-equal-2.0.1"
                   sources."fast-json-stable-stringify-2.0.0"
-                  sources."fastparse-1.1.1"
+                  sources."fastparse-1.1.2"
                   sources."favico.js-0.3.10"
                   sources."faye-websocket-0.4.4"
                   sources."fd-slicer-1.0.1"
                   })
                   (sources."fs-extra-1.0.0" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   (sources."fs-write-stream-atomic-1.0.10" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   sources."fs.realpath-1.0.0"
                   sources."good-listener-1.2.2"
                   sources."graceful-fs-1.2.3"
                   sources."grunt-0.4.5"
-                  (sources."grunt-cli-1.3.1" // {
+                  (sources."grunt-cli-1.3.2" // {
                     dependencies = [
                       sources."nopt-4.0.1"
                     ];
                   sources."json5-0.5.1"
                   (sources."jsonfile-2.4.0" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   sources."jsonify-0.0.0"
                   sources."kind-of-6.0.2"
                   (sources."klaw-1.3.1" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   sources."lazy-cache-1.0.4"
                   sources."lcid-2.0.0"
                   (sources."less-2.7.3" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   (sources."liftoff-2.5.0" // {
                   sources."lru-cache-2.7.3"
                   sources."make-dir-1.3.0"
                   sources."make-iterator-1.0.1"
-                  sources."map-age-cleaner-0.1.2"
+                  sources."map-age-cleaner-0.1.3"
                   sources."map-cache-0.2.2"
                   sources."map-visit-1.0.0"
                   sources."math-expression-evaluator-1.2.17"
                   sources."no-case-2.3.2"
                   (sources."node-libs-browser-2.1.0" // {
                     dependencies = [
-                      sources."readable-stream-2.3.6"
+                      (sources."readable-stream-2.3.6" // {
-                      sources."string_decoder-1.1.1"
+                        dependencies = [
+                          sources."string_decoder-1.1.1"
+                        ];
+                      })
+                      sources."string_decoder-1.2.0"
                     ];
                   })
                   sources."nopt-1.0.10"
                   sources."p-limit-1.3.0"
                   sources."p-locate-2.0.0"
                   sources."p-try-1.0.0"
-                  sources."pako-1.0.6"
+                  sources."pako-1.0.7"
                   (sources."parallel-transform-1.1.0" // {
                     dependencies = [
                       sources."readable-stream-2.3.6"
                   sources."postcss-minify-gradients-1.0.5"
                   sources."postcss-minify-params-1.2.2"
                   sources."postcss-minify-selectors-2.1.1"
-                  (sources."postcss-modules-extract-imports-1.2.0" // {
+                  (sources."postcss-modules-extract-imports-1.2.1" // {
                     dependencies = [
                       sources."ansi-styles-3.2.1"
                       sources."chalk-2.4.1"
                   })
                   (sources."readdirp-2.2.1" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                       sources."readable-stream-2.3.6"
                       sources."string_decoder-1.1.1"
                     ];
                   sources."sax-1.2.4"
                   (sources."schema-utils-0.4.7" // {
                     dependencies = [
-                      sources."ajv-6.5.4"
+                      sources."ajv-6.6.1"
                     ];
                   })
                   sources."select-1.1.2"
                   sources."split-1.0.1"
                   sources."split-string-3.1.0"
                   sources."sprintf-js-1.0.3"
-                  (sources."sshpk-1.15.1" // {
+                  (sources."sshpk-1.15.2" // {
                     dependencies = [
                       sources."assert-plus-1.0.0"
                     ];
                       sources."js-yaml-3.7.0"
                     ];
                   })
-                  sources."tapable-1.1.0"
+                  sources."tapable-1.1.1"
                   sources."throttleit-1.0.0"
                   sources."through-2.3.8"
-                  (sources."through2-2.0.3" // {
+                  (sources."through2-2.0.5" // {
                     dependencies = [
                       sources."readable-stream-2.3.6"
                       sources."string_decoder-1.1.1"
                     dependencies = [
                       sources."colors-1.3.2"
                       sources."enhanced-resolve-3.4.1"
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                       sources."loader-utils-0.2.17"
-                      sources."tapable-0.2.8"
+                      sources."tapable-0.2.9"
                     ];
                   })
                   sources."tslib-1.9.3"
                   sources."utila-0.4.0"
                   sources."uuid-3.3.2"
                   sources."v8-compile-cache-2.0.2"
-                  sources."v8flags-3.0.2"
+                  sources."v8flags-3.1.1"
                   sources."vendors-1.0.2"
                   (sources."verror-1.10.0" // {
                     dependencies = [
                   sources."vm-browserify-0.0.4"
                   (sources."watchpack-1.6.0" // {
                     dependencies = [
-                      sources."graceful-fs-4.1.11"
+                      sources."graceful-fs-4.1.15"
                     ];
                   })
                   sources."waypoints-4.0.1"
                   (sources."webpack-4.23.1" // {
                     dependencies = [
-                      sources."ajv-6.5.4"
+                      sources."ajv-6.6.1"
                     ];
                   })
                   (sources."webpack-cli-3.1.2" // {
                       sources."camelcase-1.2.1"
                       sources."chalk-1.1.3"
                       sources."cliui-2.1.0"
-                      sources."decamelize-1.2.0"
                       sources."has-ansi-2.0.0"
                       sources."strip-ansi-3.0.1"
                       sources."supports-color-2.0.0"
                     ];
                   })
                   sources."wrappy-1.0.2"
-                  sources."xregexp-4.0.0"
                   sources."xtend-4.0.1"
                   sources."y18n-4.0.0"
                   sources."yallist-2.1.2"
-                  (sources."yargs-12.0.2" // {
+                  (sources."yargs-12.0.5" // {
                     dependencies = [
                       sources."find-up-3.0.0"
                       sources."locate-path-3.0.0"
                       sources."p-try-2.0.0"
                     ];
                   })
-                  sources."yargs-parser-10.1.0"
+                  sources."yargs-parser-11.1.1"
                   sources."yauzl-2.4.1"
                 ];
                 buildInputs = globalBuildInputs;

pkgs/python-packages-overrides.nix

0 +21 -1

                 ];
               });
-             "nbconvert" = super."nbconvert".override (attrs: {
+              "nbconvert" = super."nbconvert".override (attrs: {
                 propagatedBuildInputs = attrs.propagatedBuildInputs ++ [
                   # marcink: plug in jupyter-client for notebook rendering
                   self."jupyter-client"
                   pkgs.curl
                   pkgs.openssl
                 ];
                 preConfigure = ''
                   substituteInPlace setup.py --replace '--static-libs' '--libs'
                   export PYCURL_SSL_LIBRARY=openssl
                 '';
                 meta = {
                   license = pkgs.lib.licenses.mit;
                 };
                 propagatedBuildInputs = [
                     pkgs.pam
                 ];
                 # TODO: johbo: Check if this can be avoided, or transform into
                 # a real patch
                 patchPhase = ''
                   substituteInPlace pam.py \
                     --replace 'find_library("pam")' '"${pkgs.pam}/lib/libpam.so.0"'
                 '';
                 });
+              "python-saml" = super."python-saml".override (attrs: {
+                buildInputs = [
+                  pkgs.libxml2
+                  pkgs.libxslt
+                ];
+              });
+              "dm.xmlsec.binding" = super."dm.xmlsec.binding".override (attrs: {
+                buildInputs = [
+                  pkgs.libxml2
+                  pkgs.libxslt
+                  pkgs.xmlsec
+                  pkgs.libtool
+                ];
+              });
               "pyzmq" = super."pyzmq".override (attrs: {
                 buildInputs = [
                   pkgs.czmq

pkgs/python-packages.nix

0 +109 -81

             self: super: {
               "alembic" = super.buildPythonPackage {
-                name = "alembic-0.9.9";
+                name = "alembic-1.0.5";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."sqlalchemy"
                   self."python-dateutil"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/89/03/756d5b8e1c90bf283c3f435766aa3f20208d1c3887579dd8f2122e01d5f4/alembic-0.9.9.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/1c/65/b8e4f5b2f345bb13b5e0a3fddd892b0b3f0e8ad4880e954fdc6a50d00d84/alembic-1.0.5.tar.gz";
-                  sha256 = "0bmkq6isjbmy4p7nxfvfpknjsx7rb3xn9g00169y891hcfkkxgc5";
+                  sha256 = "0rpjqp2iq6p49x1nli18ivak1izz547nnjxi110mzrgc1v7dxzz9";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.mit ];
                 };
               };
               "appenlight-client" = super.buildPythonPackage {
-                name = "appenlight-client-0.6.25";
+                name = "appenlight-client-0.6.26";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."webob"
                   self."six"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/fa/44/2911ef85ea4f4fe65058fd22959d8dad598fab6a3c84e5bcb569d15c8783/appenlight_client-0.6.25.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/2e/56/418fc10379b96e795ee39a15e69a730c222818af04c3821fa354eaa859ec/appenlight_client-0.6.26.tar.gz";
-                  sha256 = "1r9l2rfg677nxhamdbyb9y4fs1zgy2dy1p19c68fnvqkxz40y627";
+                  sha256 = "0s9xw3sb8s3pk73k78nnq4jil3q4mk6bczfa1fmgfx61kdxl2712";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.bsdOriginal ];
                 };
               };
               "bleach" = super.buildPythonPackage {
-                name = "bleach-2.1.4";
+                name = "bleach-3.0.2";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."six"
-                  self."html5lib"
+                  self."webencodings"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/7a/b7/fa555afb61462b030abaf9ed1479b8ea031510f58c7706b06113be9f82ea/bleach-2.1.4.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/ae/31/680afc7d44040004296a2d8f0584983c2f2386448cd9d0964197e6c1160e/bleach-3.0.2.tar.gz";
-                  sha256 = "1n337zbdml6z6zia0b1qgv6xiddx3qlwmcg9vk2mk60jcxhmzs8f";
+                  sha256 = "06474zg7f73hv8h1xw2wcsmvn2ygj73zxgxxqg8zcx8ap1srdls8";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.asl20 ];
                 };
               };
               "colander" = super.buildPythonPackage {
-                name = "colander-1.4";
+                name = "colander-1.5.1";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."translationstring"
                   self."iso8601"
+                  self."enum34"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/cc/e2/c4e716ac4a426d8ad4dfe306c34f0018a22275d2420815784005bf771c84/colander-1.4.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/ec/d1/fcca811a0a692c69d27e36b4d11a73acb98b4bab48323442642b6fd4386d/colander-1.5.1.tar.gz";
-                  sha256 = "0wjfphyr5aakv5hw73q287lbc15cbm0aardajv7i2mqf377rl3p2";
+                  sha256 = "18ah4cwwxnpm6qxi6x9ipy51dal4spd343h44s5wd01cnhgrwsyq";
                 };
                 meta = {
                   license = [ { fullName = "BSD-derived (http://www.repoze.org/LICENSE.txt)"; } ];
                 };
               };
               "deform" = super.buildPythonPackage {
-                name = "deform-2.0.5";
+                name = "deform-2.0.7";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."chameleon"
                   self."zope.deprecation"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/0c/b1/ba711d5808c12538c8504f534d79c124ed834f19ac36f0ac5391c3bbd1c1/deform-2.0.5.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/cf/a1/bc234527b8f181de9acd80e796483c00007658d1e32b7de78f1c2e004d9a/deform-2.0.7.tar.gz";
-                  sha256 = "0ybg9zsnfac1kaxrjanmkjk0xaklf4d3piywxwr08l1cl1336kc7";
+                  sha256 = "0jnpi0zr2hjvbmiz6nm33yqv976dn9lf51vhlzqc0i75xcr9rwig";
+                };
+                meta = {
+                  license = [ { fullName = "Repoze Public License"; } { fullName = "BSD-derived (http://www.repoze.org/LICENSE.txt)"; } ];
+                };
+              };
+              "defusedxml" = super.buildPythonPackage {
+                name = "defusedxml-0.5.0";
+                doCheck = false;
+                src = fetchurl {
+                  url = "https://files.pythonhosted.org/packages/74/ba/4ba4e89e21b5a2e267d80736ea674609a0a33cc4435a6d748ef04f1f9374/defusedxml-0.5.0.tar.gz";
+                  sha256 = "1x54n0h8hl92vvwyymx883fbqpqjwn2mc8fb383bcg3z9zwz5mr4";
                 };
                 meta = {
-                  license = [ { fullName = "BSD-derived (http://www.repoze.org/LICENSE.txt)"; } ];
+                  license = [ pkgs.lib.licenses.psfl ];
+                };
+              };
+              "dm.xmlsec.binding" = super.buildPythonPackage {
+                name = "dm.xmlsec.binding-1.3.7";
+                doCheck = false;
+                propagatedBuildInputs = [
+                  self."setuptools"
+                  self."lxml"
+                ];
+                src = fetchurl {
+                  url = "https://files.pythonhosted.org/packages/2c/9e/7651982d50252692991acdae614af821fd6c79bc8dcd598ad71d55be8fc7/dm.xmlsec.binding-1.3.7.tar.gz";
+                  sha256 = "03jjjscx1pz2nc0dwiw9nia02qbz1c6f0f9zkyr8fmvys2n5jkb3";
+                };
+                meta = {
+                  license = [ pkgs.lib.licenses.bsdOriginal ];
                 };
               };
               "docutils" = super.buildPythonPackage {
                 };
               };
               "gevent" = super.buildPythonPackage {
-                name = "gevent-1.3.6";
+                name = "gevent-1.3.7";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."greenlet"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/49/13/aa4bb3640b5167fe58875d3d7e65390cdb14f9682a41a741a566bb560842/gevent-1.3.6.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/10/c1/9499b146bfa43aa4f1e0ed1bab1bd3209a4861d25650c11725036c731cf5/gevent-1.3.7.tar.gz";
-                  sha256 = "1ih4k73dqz2zb561hda99vbanja3m6cdch3mgxxn1mla3qwkqhbv";
+                  sha256 = "0b0fr04qdk1p4sniv87fh8z5psac60x01pv054kpgi94520g81iz";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.mit ];
                   license = [ pkgs.lib.licenses.mit ];
                 };
               };
-              "html5lib" = super.buildPythonPackage {
-                name = "html5lib-1.0.1";
-                doCheck = false;
-                propagatedBuildInputs = [
-                  self."six"
-                  self."webencodings"
-                ];
-                src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/85/3e/cf449cf1b5004e87510b9368e7a5f1acd8831c2d6691edd3c62a0823f98f/html5lib-1.0.1.tar.gz";
-                  sha256 = "0dipzfrycv6j1jw82v9b7d8lzggx3x8xngx6l4xrqkxwvg7hvjv6";
-                };
-                meta = {
-                  license = [ pkgs.lib.licenses.mit ];
-                };
-              };
               "hupper" = super.buildPythonPackage {
-                name = "hupper-1.3.1";
+                name = "hupper-1.4.2";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/cf/4b/467b826a84c8594b81f414b5ab6794e981951dac90ca40abaf9ea1cb36b0/hupper-1.3.1.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/f1/75/1915dc7650b4867fa3049256e24ca8eddb5989998fcec788cf52b9812dfc/hupper-1.4.2.tar.gz";
-                  sha256 = "03mf13n6i4dd60wlb9m99ddl4m3lmly70cjp7f82vdkibfl1v6l9";
+                  sha256 = "16vb9fkiaakdpcp6pn56h3w0dwvm67bxq2k2dv4i382qhqwphdzb";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.mit ];
                   license = [ pkgs.lib.licenses.mit ];
                 };
               };
+              "isodate" = super.buildPythonPackage {
+                name = "isodate-0.6.0";
+                doCheck = false;
+                propagatedBuildInputs = [
+                  self."six"
+                ];
+                src = fetchurl {
+                  url = "https://files.pythonhosted.org/packages/b1/80/fb8c13a4cd38eb5021dc3741a9e588e4d1de88d895c1910c6fc8a08b7a70/isodate-0.6.0.tar.gz";
+                  sha256 = "1n7jkz68kk5pwni540pr5zdh99bf6ywydk1p5pdrqisrawylldif";
+                };
+                meta = {
+                  license = [ pkgs.lib.licenses.bsdOriginal ];
+                };
+              };
               "itsdangerous" = super.buildPythonPackage {
                 name = "itsdangerous-0.24";
                 doCheck = false;
                 };
               };
               "lxml" = super.buildPythonPackage {
-                name = "lxml-3.7.3";
+                name = "lxml-4.2.5";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/39/e8/a8e0b1fa65dd021d48fe21464f71783655f39a41f218293c1c590d54eb82/lxml-3.7.3.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/4b/20/ddf5eb3bd5c57582d2b4652b4bbcf8da301bdfe5d805cb94e805f4d7464d/lxml-4.2.5.tar.gz";
-                  sha256 = "1iv1jgkqn1hdh1xyxri6g0y1s67h01jzjkw2nhkx3rqylmw2sl5a";
+                  sha256 = "0zw0y9hs0nflxhl9cs6ipwwh53szi3w2x06wl0k9cylyqac0cwin";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.bsdOriginal ];
                 };
               };
               "peppercorn" = super.buildPythonPackage {
-                name = "peppercorn-0.5";
+                name = "peppercorn-0.6";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/45/ec/a62ec317d1324a01567c5221b420742f094f05ee48097e5157d32be3755c/peppercorn-0.5.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/e4/77/93085de7108cdf1a0b092ff443872a8f9442c736d7ddebdf2f27627935f4/peppercorn-0.6.tar.gz";
-                  sha256 = "0jvp144zn7yqk9kbpxc059167mlqk85i5lpvl1niw8gsa5fvl74j";
+                  sha256 = "1ip4bfwcpwkq9hz2dai14k2cyabvwrnvcvrcmzxmqm04g8fnimwn";
                 };
                 meta = {
                   license = [ { fullName = "BSD-derived (http://www.repoze.org/LICENSE.txt)"; } ];
                 };
               };
               "py-gfm" = super.buildPythonPackage {
-                name = "py-gfm-0.1.3";
+                name = "py-gfm-0.1.4";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."setuptools"
                   self."markdown"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/12/e4/6b3d8678da04f97d7490d8264d8de51c2dc9fb91209ccee9c515c95e14c5/py-gfm-0.1.3.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/06/ee/004a03a1d92bb386dae44f6dd087db541bc5093374f1637d4d4ae5596cc2/py-gfm-0.1.4.tar.gz";
-                  sha256 = "162ggwwj0af9g3s1k8m4bfwbvis03x9pinnf35mj79pb90rf81zi";
+                  sha256 = "0zip06g2isivx8fzgqd4n9qzsa22c25jas1rsb7m2rnjg72m0rzg";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.bsdOriginal ];
                 };
               };
               "pygments" = super.buildPythonPackage {
-                name = "pygments-2.2.0";
+                name = "pygments-2.3.0";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/71/2a/2e4e77803a8bd6408a2903340ac498cb0a2181811af7c9ec92cb70b0308a/Pygments-2.2.0.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/63/a2/91c31c4831853dedca2a08a0f94d788fc26a48f7281c99a303769ad2721b/Pygments-2.3.0.tar.gz";
-                  sha256 = "1k78qdvir1yb1c634nkv6rbga8wv4289xarghmsbbvzhvr311bnv";
+                  sha256 = "1z34ms51dh4jq4h3cizp7vd1dmsxcbvffkjsd2xxfav22nn6lrl2";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.bsdOriginal ];
                 };
               };
               "pyotp" = super.buildPythonPackage {
-                name = "pyotp-2.2.6";
+                name = "pyotp-2.2.7";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/67/69/131f5ad63de40c30f3be88d891e4a2ea1b69398528db99bc1e5c543422fa/pyotp-2.2.6.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/b1/ab/477cda97b6ca7baced5106471cb1ac1fe698d1b035983b9f8ee3422989eb/pyotp-2.2.7.tar.gz";
-                  sha256 = "0sdxxvr3j4j0pk26v258jpxhgpbnpmyqhvzhl24hsd50j7fk14fx";
+                  sha256 = "00p69nw431f0s2ilg0hnd77p1l22m06p9rq4f8zfapmavnmzw3xy";
                 };
                 meta = {
-                  license = [ pkgs.lib.licenses.bsdOriginal ];
+                  license = [ pkgs.lib.licenses.mit ];
                 };
               };
               "pyparsing" = super.buildPythonPackage {
                 };
               };
               "python-dateutil" = super.buildPythonPackage {
-                name = "python-dateutil-2.7.3";
+                name = "python-dateutil-2.7.5";
                 doCheck = false;
                 propagatedBuildInputs = [
                   self."six"
                 ];
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/a0/b0/a4e3241d2dee665fea11baec21389aec6886655cd4db7647ddf96c3fad15/python-dateutil-2.7.3.tar.gz";
+                  url = "https://files.pythonhosted.org/packages/0e/01/68747933e8d12263d41ce08119620d9a7e5eb72c876a3442257f74490da0/python-dateutil-2.7.5.tar.gz";
-                  sha256 = "1f7h54lg0w2ckch7592xpjkh8dg87k2br256h0iw49zn6bg02w72";
+                  sha256 = "00ngwcdw36w5b37b51mdwn3qxid9zdf3kpffv2q6n9kl05y2iyc8";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.bsdOriginal pkgs.lib.licenses.asl20 { fullName = "Dual License"; } ];
                   license = [ { fullName = "License :: OSI Approved :: MIT License"; } pkgs.lib.licenses.mit ];
                 };
               };
+              "python-saml" = super.buildPythonPackage {
+                name = "python-saml-2.4.2";
+                doCheck = false;
+                propagatedBuildInputs = [
+                  self."dm.xmlsec.binding"
+                  self."isodate"
+                  self."defusedxml"
+                ];
+                src = fetchurl {
+                  url = "https://files.pythonhosted.org/packages/79/a8/a6611017e0883102fd5e2b73c9d90691b8134e38247c04ee1531d3dc647c/python-saml-2.4.2.tar.gz";
+                  sha256 = "0dls4hwvf13yg7x5yfjrghbywg8g38vn5vr0rsf70hli3ydbfm43";
+                };
+                meta = {
+                  license = [ pkgs.lib.licenses.mit ];
+                };
+              };
               "pytz" = super.buildPythonPackage {
                 name = "pytz-2018.4";
                 doCheck = false;
                 };
               };
               "rhodecode-enterprise-ce" = super.buildPythonPackage {
-                name = "rhodecode-enterprise-ce-4.14.1";
+                name = "rhodecode-enterprise-ce-4.15.0";
                 buildInputs = [
                   self."pytest"
                   self."py"
                   self."attrs"
                   self."babel"
                   self."beaker"
+                  self."bleach"
                   self."celery"
                   self."chameleon"
                   self."channelstream"
                   self."markdown"
                   self."markupsafe"
                   self."msgpack-python"
-                  self."mysql-python"
-                  self."pymysql"
                   self."pyotp"
                   self."packaging"
                   self."paste"
                   self."pathlib2"
                   self."peppercorn"
                   self."psutil"
-                  self."psycopg2"
                   self."py-bcrypt"
                   self."pycrypto"
                   self."pycurl"
                   self."pyramid-mako"
                   self."pyramid"
                   self."pyramid-mailer"
-                  self."pysqlite"
                   self."python-dateutil"
                   self."python-ldap"
                   self."python-memcached"
                   self."python-pam"
+                  self."python-saml"
                   self."pytz"
                   self."tzlocal"
                   self."pyzmq"
                   self."supervisor"
                   self."tempita"
                   self."translationstring"
-                  self."trollius"
                   self."urllib3"
                   self."urlobject"
                   self."venusian"
                   self."zope.deprecation"
                   self."zope.event"
                   self."zope.interface"
+                  self."mysql-python"
+                  self."pymysql"
+                  self."pysqlite"
+                  self."psycopg2"
                   self."nbconvert"
-                  self."bleach"
                   self."nbformat"
                   self."jupyter-client"
                   self."alembic"
                 };
               };
               "setuptools" = super.buildPythonPackage {
-                name = "setuptools-40.4.3";
+                name = "setuptools-40.6.2";
                 doCheck = false;
                 src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/6e/9c/6a003320b00ef237f94aa74e4ad66c57a7618f6c79d67527136e2544b728/setuptools-40.4.3.zip";
+                  url = "https://files.pythonhosted.org/packages/b0/d1/8acb42f391cba52e35b131e442e80deffbb8d0676b93261d761b1f0ef8fb/setuptools-40.6.2.zip";
-                  sha256 = "058v6zns4634n4al2nmmvp15j8nrgwn8wjrbdks47wk3vm05gg5c";
+                  sha256 = "0r2c5hapirlzm34h7pl1lgkm6gk7bcrlrdj28qgsvaqg3f74vfw6";
                 };
                 meta = {
                   license = [ pkgs.lib.licenses.mit ];
                   license = [ { fullName = "BSD-like (http://repoze.org/license.html)"; } ];
                 };
               };
-              "trollius" = super.buildPythonPackage {
-                name = "trollius-1.0.4";
-                doCheck = false;
-                propagatedBuildInputs = [
-                  self."futures"
-                ];
-                src = fetchurl {
-                  url = "https://files.pythonhosted.org/packages/aa/e6/4141db437f55e6ee7a3fb69663239e3fde7841a811b4bef293145ad6c836/trollius-1.0.4.tar.gz";
-                  sha256 = "0xny8y12x3wrflmyn6xi8a7n3m3ac80fgmgzphx5jbbaxkjcm148";
-                };
-                meta = {
-                  license = [ pkgs.lib.licenses.asl20 ];
-                };
-              };
               "tzlocal" = super.buildPythonPackage {
                 name = "tzlocal-1.5.1";
                 doCheck = false;

pkgs/shell-generate.nix

0 +5 0

                 # We need postgresql to be around
                 pkgs.postgresql
+                # we need the below for saml
+                pkgs.libxml2
+                pkgs.libxslt
+                pkgs.xmlsec
                 # Curl is needed for pycurl
                 pkgs.curl
               ];

requirements.txt

0 +17 -16

             attrs==18.2.0
             babel==1.3
             beaker==1.9.1
+            bleach==3.0.2
             celery==4.1.1
             chameleon==2.24
             channelstream==0.5.2
             click==6.6
-            colander==1.4.0
+            colander==1.5.1
             # our custom configobj
             https://code.rhodecode.com/upstream/configobj/archive/a11ff0a0bd4fbda9e3a91267e720f88329efb4a6.tar.gz?md5=9916c524ea11a6c418217af6b28d4b3c#egg=configobj==5.0.6
             cssselect==1.0.3
             decorator==4.1.2
-            deform==2.0.5
+            deform==2.0.7
             docutils==0.14.0
             dogpile.cache==0.6.7
             dogpile.core==0.4.1
             jinja2==2.9.6
             billiard==3.5.0.3
             kombu==4.2.0
-            lxml==3.7.3
+            lxml==4.2.5
             mako==1.0.7
             markdown==2.6.11
             markupsafe==1.0.0
             msgpack-python==0.5.6
-            mysql-python==1.2.5
+            pyotp==2.2.7
-            pymysql==0.8.1
-            pyotp==2.2.6
             packaging==15.2
             paste==2.0.3
             pastedeploy==1.5.2
             pastescript==2.0.2
             pathlib2==2.3.2
-            peppercorn==0.5
+            peppercorn==0.6
             psutil==5.4.7
-            psycopg2==2.7.5
             py-bcrypt==0.4
             pycrypto==2.6.1
             pycurl==7.43.0.2
             pyflakes==0.8.1
             pygments-markdown-lexer==0.1.0.dev39
-            pygments==2.2.0
+            pygments==2.3.0
             pyparsing==1.5.7
             pyramid-beaker==0.8
             pyramid-debugtoolbar==4.4.0
             pyramid-mako==1.0.2
             pyramid==1.9.2
             pyramid_mailer==0.15.1
-            pysqlite==2.8.3
             python-dateutil
             python-ldap==3.1.0
             python-memcached==1.59
             python-pam==1.8.4
+            python-saml
             pytz==2018.4
             tzlocal==1.5.1
             pyzmq==14.6.0
-            py-gfm==0.1.3
+            py-gfm==0.1.4
             redis==2.10.6
             repoze.lru==0.7
             requests==2.9.1
             supervisor==3.3.4
             tempita==0.5.2
             translationstring==1.3
-            trollius==1.0.4
             urllib3==1.21
             urlobject==2.4.3
             venusian==1.1.0
             zope.event==4.3.0
             zope.interface==4.5.0
+            # DB drivers
+            mysql-python==1.2.5
+            pymysql==0.8.1
+            pysqlite==2.8.3
+            psycopg2==2.7.5
             # IPYTHON RENDERING
             # entrypoints backport, pypi version doesn't support egg installs
             https://code.rhodecode.com/upstream/entrypoints/archive/96e6d645684e1af3d7df5b5272f3fe85a546b233.tar.gz?md5=7db37771aea9ac9fefe093e5d6987313#egg=entrypoints==0.2.2.rhodecode-upstream1
             nbconvert==5.3.1
-            bleach==2.1.4
             nbformat==4.4.0
             jupyter_client==5.0.0
             ## cli tools
-            alembic==0.9.9
+            alembic==1.0.5
             invoke==0.13.0
             bumpversion==0.5.3
             ## http servers
-            gevent==1.3.6
+            gevent==1.3.7
             greenlet==0.4.15
             gunicorn==19.9.0
             waitress==1.1.0
             https://code.rhodecode.com/rhodecode-tools-ce/archive/v1.0.1.tar.gz?md5=ffb5d6bcb855305b93cfe23ad42e500b#egg=rhodecode-tools==1.0.1
             ## appenlight
-            appenlight-client==0.6.25
+            appenlight-client==0.6.26
             ## test related requirements
             -r requirements_test.txt

rhodecode/VERSION

0 +1 -1

	@@ -1,1 +1,1 b''
	1	4.1~~4.1~~ No newline at end of file		1	4.15.0 No newline at end of file

rhodecode/api/tests/test_create_pull_request.py

0 +21 -14

                     expected_message = "Created new pull request `{title}`".format(
                         title=data['title'])
                     result = response.json
-                    assert result['error'] == None
+                    assert result['error'] is None
                     assert result['result']['msg'] == expected_message
                     pull_request_id = result['result']['pull_request_id']
                     pull_request = PullRequestModel().get(pull_request_id)
                     expected_message = "Created new pull request `{title}`".format(
                         title=data['title'])
                     result = response.json
-                    assert result['error'] == None
+                    assert result['error'] is None
                     assert result['result']['msg'] == expected_message
                     pull_request_id = result['result']['pull_request_id']
                     pull_request = PullRequestModel().get(pull_request_id)
                     expected_message = "Created new pull request `{title}`".format(
                         title=data['title'])
                     result = response.json
-                    assert result['error'] == None
+                    assert result['error'] is None
                     assert result['result']['msg'] == expected_message
                     pull_request_id = result['result']['pull_request_id']
                     pull_request = PullRequestModel().get(pull_request_id)
                             entry['mandatory'] = rev.mandatory
                         actual_reviewers.append(entry)
-                    # default reviewer will be added who is an owner of the repo
+                    owner_username = pull_request.target_repo.user.username
-                    reviewers.append(
+                    for spec_reviewer in reviewers[::]:
-                        {'username': pull_request.author.username,
+                        # default reviewer will be added who is an owner of the repo
-                         'reasons': [u'Default reviewer', u'Repository owner']},
+                        # this get's overridden by a add owner to reviewers rule
+                        if spec_reviewer['username'] == owner_username:
+                            spec_reviewer['reasons'] = [u'Default reviewer', u'Repository owner']
+                            # since owner is more important, we don't inherit mandatory flag
+                            del spec_reviewer['mandatory']
                     assert sorted(actual_reviewers, key=lambda e: e['username']) \
                            == sorted(reviewers, key=lambda e: e['username'])
                     expected_message = "Created new pull request `{title}`".format(
                         title=data['title'])
                     result = response.json
-                    assert result['error'] == None
+                    assert result['error'] is None
                     assert result['result']['msg'] == expected_message
                     pull_request_id = result['result']['pull_request_id']
                     pull_request = PullRequestModel().get(pull_request_id)
                         if rev.mandatory:
                             entry['mandatory'] = rev.mandatory
                         actual_reviewers.append(entry)
-                    # default reviewer will be added who is an owner of the repo
-                    reviewers.append(
+                    owner_user_id = pull_request.target_repo.user.user_id
-                        {'username': pull_request.author.user_id,
+                    for spec_reviewer in reviewers[::]:
-                         'reasons': [u'Default reviewer', u'Repository owner']},
+                        # default reviewer will be added who is an owner of the repo
+                        # this get's overridden by a add owner to reviewers rule
+                        if spec_reviewer['username'] == owner_user_id:
+                            spec_reviewer['reasons'] = [u'Default reviewer', u'Repository owner']
                     assert sorted(actual_reviewers, key=lambda e: e['username']) \
                            == sorted(reviewers, key=lambda e: e['username'])

rhodecode/apps/_base/interfaces.py ~~rhodecode/apps/admin/interfaces.py~~

0 renamed 0 0

NO CONTENT: file renamed from rhodecode/apps/admin/interfaces.py to rhodecode/apps/_base/interfaces.py

rhodecode/apps/_base/navigation.py ~~rhodecode/apps/admin/navigation.py~~

0 renamed +8 -7

             from zope.interface import implementer
-            from rhodecode.apps.admin.interfaces import IAdminNavigationRegistry
+            from rhodecode.apps._base.interfaces import IAdminNavigationRegistry
             from rhodecode.lib.utils2 import str2bool
             from rhodecode.translation import _
                     self._registered_entries[entry.key] = entry
                 def get_navlist(self, request):
-                    navlist = [NavListEntry(i.key, i.get_localized_name(request),
+                    nav_list = [
-                                            i.generate_url(request), i.active_list)
+                        NavListEntry(i.key, i.get_localized_name(request),
-                               for i in self._registered_entries.values()]
+                                     i.generate_url(request), i.active_list)
-                    return navlist
+                        for i in self._registered_entries.values()]
+                    return nav_list
             def navigation_registry(request, registry=None):
                 # Create admin navigation registry and add it to the pyramid registry.
                 settings = config.get_settings()
                 labs_active = str2bool(settings.get('labs_settings_active', False))
-                navigation_registry = NavigationRegistry(labs_active=labs_active)
+                navigation_registry_instance = NavigationRegistry(labs_active=labs_active)
-                config.registry.registerUtility(navigation_registry)
  No newline at end of file
+                config.registry.registerUtility(navigation_registry_instance)

rhodecode/apps/_base/subscribers.py ~~rhodecode/apps/admin/subscribers.py~~

0 renamed 0 0

NO CONTENT: file renamed from rhodecode/apps/admin/subscribers.py to rhodecode/apps/_base/subscribers.py

rhodecode/apps/admin/__init__.py

0 +1 -3

             def includeme(config):
-                from rhodecode.apps.admin.navigation import includeme as nav_includeme
+                from rhodecode.apps._base.navigation import includeme as nav_includeme
                 # Create admin navigation registry and add it to the pyramid registry.
                 nav_includeme(config)
                 config.add_route(name='admin_home', pattern=ADMIN_PREFIX)
                 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
-                config.include('.subscribers')
                 # Scan module for configuration decorators.
                 config.scan('.views', ignore='.tests')

rhodecode/apps/admin/tests/test_admin_auth_settings.py

0 +1 -1

                         'timeout': 3600,
                         'tls_kind': 'PLAIN',
                         'tls_reqcert': 'NEVER',
+                        'tls_cert_dir':'/etc/openldap/cacerts',
                         'dn_user': 'test_user',
                         'dn_pass': 'test_pass',
                         'base_dn': 'test_base_dn',

rhodecode/apps/admin/views/exception_tracker.py

0 +1 -1

             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.apps.admin.navigation import navigation_list
+            from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)

rhodecode/apps/admin/views/open_source_licenses.py

0 +1 -1

             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.apps.admin.navigation import navigation_list
+            from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.lib.auth import (LoginRequired, HasPermissionAllDecorator)
             from rhodecode.lib.utils import read_opensource_licenses

rhodecode/apps/admin/views/process_management.py

0 +1 -1

             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.apps.admin.navigation import navigation_list
+            from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.lib import system_info
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)

rhodecode/apps/admin/views/sessions.py

0 +1 -1

             from pyramid.httpexceptions import HTTPFound
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.apps.admin.navigation import navigation_list
+            from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib.utils2 import safe_int

rhodecode/apps/admin/views/settings.py

0 +2 -3

             from pyramid.response import Response
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.apps.admin.navigation import navigation_list
+            from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.apps.svn_support.config_keys import generate_config
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                     try:
                         if c.visual.allow_repo_location_change:
-                            model.update_global_path_setting(
+                            model.update_global_path_setting(form_result['paths_root_path'])
-                                form_result['paths_root_path'])
                         model.update_global_ssl_setting(form_result['web_push_ssl'])
                         model.update_global_hook_settings(form_result)

rhodecode/apps/admin/views/system_info.py

0 +2 -1

             import rhodecode
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.apps.admin.navigation import navigation_list
+            from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (LoginRequired, HasPermissionAllDecorator)
             from rhodecode.lib.utils2 import str2bool
                         # RhodeCode specific
                         (_('RhodeCode Version'), val('rhodecode_app')['text'], state('rhodecode_app')),
                         (_('Latest version'), version, update_state),
+                        (_('RhodeCode Base URL'), val('rhodecode_config')['config'].get('app.base_url'), state('rhodecode_config')),
                         (_('RhodeCode Server IP'), val('server')['server_ip'], state('server')),
                         (_('RhodeCode Server ID'), val('server')['server_id'], state('server')),
                         (_('RhodeCode Configuration'), val('rhodecode_config')['path'], state('rhodecode_config')),

rhodecode/apps/admin/views/users.py

0 +2 -2

                 def users_new(self):
                     _ = self.request.translate
                     c = self.load_default_context()
-                    c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
+                    c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     self._set_personal_repo_group_template_vars(c)
                     return self._get_template_context(c)
                 def users_create(self):
                     _ = self.request.translate
                     c = self.load_default_context()
-                    c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
+                    c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     user_model = UserModel()
                     user_form = UserForm(self.request.translate)()
                     try:

rhodecode/apps/channelstream/__init__.py

0 +1 -1

                 settings = event.app.registry.settings
                 history_dir = settings.get('channelstream.history.location', '')
                 if history_dir and not os.path.exists(history_dir):
-                    os.makedirs(history_dir, 0750)
+                    os.makedirs(history_dir, 0o750)
             def includeme(config):

rhodecode/apps/login/views.py

0 +42 -17

             from rhodecode.apps._base import BaseAppView
             from rhodecode.authentication.base import authenticate, HTTP_TYPE
+            from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.events import UserRegistered, trigger
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
                 'CaptchaData', 'active, private_key, public_key')
-            def _store_user_in_session(session, username, remember=False):
+            def store_user_in_session(session, username, remember=False):
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
                         auth_info = authenticate(
                             '', '', self.request.environ, HTTP_TYPE, skip_missing=True)
                         if auth_info:
-                            headers = _store_user_in_session(
+                            headers = store_user_in_session(
                                 self.session, auth_info.get('username'))
                             raise HTTPFound(c.came_from, headers=headers)
                     except UserCreationError as e:
                         self.session.invalidate()
                         form_result = login_form.to_python(self.request.POST)
                         # form checks for username/password, now we're authenticated
-                        headers = _store_user_in_session(
+                        headers = store_user_in_session(
                             self.session,
                             username=form_result['username'],
                             remember=form_result['remember'])
                     route_name='register', request_method='POST',
                     renderer='rhodecode:templates/register.mako')
                 def register_post(self):
+                    from rhodecode.authentication.plugins import auth_rhodecode
                     self.load_default_context()
                     captcha = self._get_captcha_data()
                     auto_active = 'hg.register.auto_activate' in User.get_default_user()\
                         .AuthUser().permissions['global']
+                    extern_name = auth_rhodecode.RhodeCodeAuthPlugin.uid
+                    extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     register_form = RegisterForm(self.request.translate)()
                     try:
                         form_result = register_form.to_python(self.request.POST)
                         form_result['active'] = auto_active
+                        external_identity = self.request.POST.get('external_identity')
+                        if external_identity:
+                            extern_name = external_identity
+                            extern_type = external_identity
                         if captcha.active:
                             captcha_status, captcha_message = self.validate_captcha(
                                 raise formencode.Invalid(
                                     _msg, _value, None, error_dict=error_dict)
-                        new_user = UserModel().create_registration(form_result)
+                        new_user = UserModel().create_registration(
+                            form_result, extern_name=extern_name, extern_type=extern_type)
                         action_data = {'data': new_user.get_api_data(),
                                        'user_agent': self.request.user_agent}
+                        if external_identity:
+                            action_data['external_identity'] = external_identity
                         audit_user = audit_logger.UserWrap(
                             username=new_user.username,
                             user_id=new_user.user_id,
                     # matching emails
                     msg = _('If such email exists, a password reset link was sent to it.')
+                    def default_response():
+                        log.debug('faking response on invalid password reset')
+                        # make this take 2s, to prevent brute forcing.
+                        time.sleep(2)
+                        h.flash(msg, category='success')
+                        return HTTPFound(self.request.route_path('reset_password'))
                     if self.request.POST:
                         if h.HasPermissionAny('hg.password_reset.disabled')():
                             _email = self.request.POST.get('email', '')
                             log.error('Failed attempt to reset password for `%s`.', _email)
-                            h.flash(_('Password reset has been disabled.'),
+                            h.flash(_('Password reset has been disabled.'), category='error')
-                                               category='error')
                             return HTTPFound(self.request.route_path('reset_password'))
                         password_reset_form = PasswordResetForm(self.request.translate)()
+                        description = u'Generated token for password reset from {}'.format(
+                            datetime.datetime.now().isoformat())
                         try:
                             form_result = password_reset_form.to_python(
                                 self.request.POST)
                             # Generate reset URL and send mail.
                             user = User.get_by_email(user_email)
+                            # only allow rhodecode based users to reset their password
+                            # external auth shouldn't allow password reset
+                            if user and user.extern_type != auth_rhodecode.RhodeCodeAuthPlugin.uid:
+                                log.warning('User %s with external type `%s` tried a password reset. '
+                                            'This try was rejected', user, user.extern_type)
+                                return default_response()
                             # generate password reset token that expires in 10 minutes
-                            description = u'Generated token for password reset from {}'.format(
-                                datetime.datetime.now().isoformat())
                             reset_token = UserModel().add_auth_token(
                                 user=user, lifetime_minutes=10,
                                 role=UserModel.auth_token_role.ROLE_PASSWORD_RESET,
                                 _query={'key': reset_token.api_key})
                             UserModel().reset_password_link(
                                 form_result, password_reset_url)
-                            # Display success message and redirect.
-                            h.flash(msg, category='success')
                             action_data = {'email': user_email,
                                            'user_agent': self.request.user_agent}
                             audit_logger.store_web(
                                 'user.password.reset_request', action_data=action_data,
                                 user=self._rhodecode_user, commit=True)
-                            return HTTPFound(self.request.route_path('reset_password'))
+                            return default_response()
                         except formencode.Invalid as errors:
                             template_context.update({
                                 # case of failed captcha
                                 return self._get_template_context(c, **template_context)
-                        log.debug('faking response on invalid password reset')
+                        return default_response()
-                        # make this take 2s, to prevent brute forcing.
-                        time.sleep(2)
-                        h.flash(msg, category='success')
-                        return HTTPFound(self.request.route_path('reset_password'))
                     return self._get_template_context(c, **template_context)

rhodecode/apps/repository/utils.py

0 +3 -3

                 """ Return json for default reviewers of a repository """
                 reasons = ['Default reviewer', 'Repository owner']
-                default = reviewer_as_json(
+                json_reviewers = [reviewer_as_json(
-                    user=current_user, reasons=reasons, mandatory=False)
+                    user=target_repo.user, reasons=reasons, mandatory=False, rules=None)]
                 return {
                     'api_ver': 'v1',  # define version for later possible schema upgrade
-                    'reviewers': [default],
+                    'reviewers': json_reviewers,
                     'rules': {},
                     'rules_data': {},
                 }

rhodecode/apps/repository/views/repo_changelog.py

0 +3 -3

                             base_commit = self.rhodecode_vcs_repo.get_commit(commit_id)
                             try:
-                                collection = base_commit.get_file_history(
+                                collection = base_commit.get_path_history(
                                     f_path, limit=hist_limit, pre_load=pre_load)
                                 if collection and partial_xhr:
                                     # for ajax call we remove first one since we're looking
                                 # this node is not present at tip!
                                 try:
                                     commit = self._get_commit_or_redirect(commit_id)
-                                    collection = commit.get_file_history(f_path)
+                                    collection = commit.get_path_history(f_path)
                                 except RepositoryError as e:
                                     h.flash(safe_str(e), category='warning')
                                     redirect_url = h.route_path(
                             raise HTTPFound(
                                 h.route_path('repo_changelog', repo_name=self.db_repo_name))
-                        collection = base_commit.get_file_history(
+                        collection = base_commit.get_path_history(
                             f_path, limit=hist_limit, pre_load=pre_load)
                         collection = list(reversed(collection))
                     else:

rhodecode/apps/repository/views/repo_files.py

0 +3 -3

                         pass
                     if is_file:
-                        history = commit.get_file_history(f_path)
+                        history = commit.get_path_history(f_path)
                         prev_commit_id = history[1].raw_id \
                             if len(history) > 1 else prev_commit_id
                     prev_url = h.route_path(
                     if commits is None:
                         pre_load = ["author", "branch"]
                         try:
-                            commits = tip.get_file_history(f_path, pre_load=pre_load)
+                            commits = tip.get_path_history(f_path, pre_load=pre_load)
                         except (NodeDoesNotExistError, CommitError):
                             # this node is not present at tip!
-                            commits = commit_obj.get_file_history(f_path, pre_load=pre_load)
+                            commits = commit_obj.get_path_history(f_path, pre_load=pre_load)
                     history = []
                     commits_group = ([], _("Changesets"))

rhodecode/apps/repository/views/repo_review_rules.py

0 +4 -3

             from rhodecode.apps._base import RepoAppView
             from rhodecode.apps.repository.utils import get_default_reviewers_data
             from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
+            from rhodecode.model.db import Repository
             log = logging.getLogger(__name__)
                     renderer='json_ext')
                 def repo_default_reviewers_data(self):
                     self.load_default_context()
+                    target_repo_name = self.request.GET.get('target_repo', self.db_repo.repo_name)
+                    target_repo = Repository.get_by_repo_name(target_repo_name)
                     review_data = get_default_reviewers_data(
-                        self.db_repo.user, None, None, None, None)
+                        self.db_repo.user, None, None, target_repo, None)
                     return review_data

rhodecode/apps/svn_support/utils.py

0 +13 -9

@@ -35,15 +35,8 b' from .events import ModDavSvnConfigChang'
35	log = logging.getLogger(__name__)	35	log = logging.getLogger(__name__)
36		36
37		37
38	def ~~genera~~te_mod_dav_svn_config(~~registry~~):	38	def write_mod_dav_svn_config(settings):
39	"""	39	use_ssl = str2bool(settings['force_https'])
40	Generate the configuration file for use with subversion's mod_dav_svn
41	module. The configuration has to contain a <Location> block for each
42	available repository group because the mod_dav_svn module does not support
43	repositories organized in sub folders.
44	"""
45	settings = registry.settings
46	use_ssl = str2bool(registry.settings['force_https'])
47		40
48	config = _render_mod_dav_svn_config(	41	config = _render_mod_dav_svn_config(
49	use_ssl=use_ssl,	42	use_ssl=use_ssl,
@@ -54,6 +47,17 b' def generate_mod_dav_svn_config(registry'
54	realm=get_rhodecode_realm(), template=settings[config_keys.template])	47	realm=get_rhodecode_realm(), template=settings[config_keys.template])
55	_write_mod_dav_svn_config(config, settings[config_keys.config_file_path])	48	_write_mod_dav_svn_config(config, settings[config_keys.config_file_path])
56		49
		50
		51	def generate_mod_dav_svn_config(registry):
		52	"""
		53	Generate the configuration file for use with subversion's mod_dav_svn
		54	module. The configuration has to contain a <Location> block for each
		55	available repository group because the mod_dav_svn module does not support
		56	repositories organized in sub folders.
		57	"""
		58	settings = registry.settings
		59	write_mod_dav_svn_config(settings)
		60
57	# Trigger an event on mod dav svn configuration change.	61	# Trigger an event on mod dav svn configuration change.
58	trigger(ModDavSvnConfigChange(), registry)	62	trigger(ModDavSvnConfigChange(), registry)
59		63

rhodecode/apps/user_group/__init__.py

0 +1 -1

             # and proprietary license terms, please see https://rhodecode.com/licenses/
-            from rhodecode.apps.admin.navigation import NavigationRegistry
+            from rhodecode.apps._base.navigation import NavigationRegistry
             from rhodecode.apps._base import ADMIN_PREFIX
             from rhodecode.lib.utils2 import str2bool

rhodecode/authentication/__init__.py

0 +3 -36

             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
-            import os
             import logging
             import importlib
-            from pkg_resources import iter_entry_points
             from pyramid.authentication import SessionAuthenticationPolicy
             from rhodecode.authentication.registry import AuthenticationPluginRegistry
             from rhodecode.apps._base import ADMIN_PREFIX
             from rhodecode.model.settings import SettingsModel
             log = logging.getLogger(__name__)
-            # Plugin ID prefixes to distinct between normal and legacy plugins.
-            plugin_prefix = 'egg:'
             legacy_plugin_prefix = 'py:'
             plugin_default_auth_ttl = 30
-            # TODO: Currently this is only used to discover the authentication plugins.
-            # Later on this may be used in a generic way to look up and include all kinds
-            # of supported enterprise plugins. Therefore this has to be moved and
-            # refactored to a real 'plugin look up' machinery.
-            # TODO: When refactoring this think about splitting it up into distinct
-            # discover, load and include phases.
-            def _discover_plugins(config, entry_point='enterprise.plugins1'):
-                for ep in iter_entry_points(entry_point):
-                    plugin_id = '{}{}#{}'.format(
-                        plugin_prefix, ep.dist.project_name, ep.name)
-                    log.debug('Plugin discovered: "%s"', plugin_id)
-                    try:
-                        module = ep.load()
-                        plugin = module(plugin_id=plugin_id)
-                        config.include(plugin.includeme)
-                    except Exception as e:
-                        log.exception(
-                            'Exception while loading authentication plugin '
-                            '"{}": {}'.format(plugin_id, e.message))
             def _import_legacy_plugin(plugin_id):
                 module_name = plugin_id.split(legacy_plugin_prefix, 1)[-1]
                 module = importlib.import_module(module_name)
                 return module.plugin_factory(plugin_id=plugin_id)
-            def _discover_legacy_plugins(config, prefix=legacy_plugin_prefix):
+            def discover_legacy_plugins(config, prefix=legacy_plugin_prefix):
                 """
                 Function that imports the legacy plugins stored in the 'auth_plugins'
                 setting in database which are using the specified prefix. Normally 'py:' is
                 used for the legacy plugins.
                 """
+                log.debug('authentication: running legacy plugin discovery for prefix %s',
+                          legacy_plugin_prefix)
                 try:
                     auth_plugins = SettingsModel().get_setting_by_name('auth_plugins')
                     enabled_plugins = auth_plugins.app_settings_value
                                 request_method='POST',
                                 route_name='auth_home',
                                 context=AuthnRootResource)
-                for key in ['RC_CMD_SETUP_RC', 'RC_CMD_UPGRADE_DB', 'RC_CMD_SSH_WRAPPER']:
-                    if os.environ.get(key):
-                        # skip this heavy step below on certain CLI commands
-                        return
-                # Auto discover authentication plugins and include their configuration.
-                _discover_plugins(config)
-                _discover_legacy_plugins(config)

rhodecode/authentication/base.py

0 +38 -4

             from rhodecode.lib import rc_cache
             from rhodecode.lib.auth import PasswordGenerator, _RhodeCodeCryptoBCrypt
             from rhodecode.lib.utils2 import safe_int, safe_str
-            from rhodecode.lib.exceptions import LdapConnectionError
+            from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \
+                LdapPasswordError
             from rhodecode.model.db import User
             from rhodecode.model.meta import Session
             from rhodecode.model.settings import SettingsModel
             VCS_TYPE = 'vcs'
             HTTP_TYPE = 'http'
+            external_auth_session_key = 'rhodecode.external_auth'
             class hybrid_property(object):
                 """
             class RhodeCodeAuthPluginBase(object):
+                # UID is used to register plugin to the registry
+                uid = None
                 # cache the authentication request for N amount of seconds. Some kind
                 # of authentication methods are very heavy and it's very efficient to cache
                 # the result of a call. If it's set to None (default) cache is off
                     "active":
                         'True|False defines active state of user internally for RhodeCode',
                     "active_from_extern":
-                        "True|False\None, active state from the external auth, "
+                        "True|False|None, active state from the external auth, "
                         "None means use definition from RhodeCode extern_type active value"
                 }
                         db_type = '{}.encrypted'.format(db_type)
                     return db_type
+                @classmethod
+                def docs(cls):
+                    """
+                    Defines documentation url which helps with plugin setup
+                    """
+                    return ''
+                @classmethod
+                def icon(cls):
+                    """
+                    Defines ICON in SVG format for authentication method
+                    """
+                    return ''
                 def is_enabled(self):
                     """
                     Returns true if this plugin is enabled. An enabled plugin can be
             class AuthLdapBase(object):
                 @classmethod
-                def _build_servers(cls, ldap_server_type, ldap_server, port):
+                def _build_servers(cls, ldap_server_type, ldap_server, port, use_resolver=True):
                     def host_resolver(host, port, full_resolve=True):
                         """
                         Main work for this function is to prevent ldap connection issues,
                     return ', '.join(
                         ["{}://{}".format(
                             ldap_server_type,
-                            host_resolver(host, port, full_resolve=full_resolve))
+                            host_resolver(host, port, full_resolve=use_resolver and full_resolve))
                          for host in ldap_server])
                 @classmethod
                         uid = chop_at(username, "@%s" % server_addr)
                     return uid
+                @classmethod
+                def validate_username(cls, username):
+                    if "," in username:
+                        raise LdapUsernameError(
+                            "invalid character `,` in username: `{}`".format(username))
+                @classmethod
+                def validate_password(cls, username, password):
+                    if not password:
+                        msg = "Authenticating user %s with blank password not allowed"
+                        log.warning(msg, username)
+                        raise LdapPasswordError(msg)
             def loadplugin(plugin_id):
                 """

rhodecode/authentication/plugins/auth_crowd.py

0 +12 -2

             log = logging.getLogger(__name__)
-            def plugin_factory(plugin_id, *args, **kwds):
+            def plugin_factory(plugin_id, *args, **kwargs):
                 """
                 Factory function that is called during plugin discovery.
                 It returns the plugin instance.
             class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
+                uid = 'crowd'
                 _settings_unsafe_keys = ['app_password']
                 def includeme(self, config):
                 def get_display_name(self):
                     return _('CROWD')
+                @classmethod
+                def docs(cls):
+                    return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-crowd.html"
                 @hybrid_property
                 def name(self):
-                    return "crowd"
+                    return u"crowd"
                 def use_fake_password(self):
                     return True
                     log.debug("Final crowd user object: \n%s", formatted_json(user_attrs))
                     log.info('user `%s` authenticated correctly', user_attrs['username'])
                     return user_attrs
+            def includeme(config):
+                plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
+                plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/plugins/auth_headers.py

0 +8 -3

             log = logging.getLogger(__name__)
-            def plugin_factory(plugin_id, *args, **kwds):
+            def plugin_factory(plugin_id, *args, **kwargs):
                 """
                 Factory function that is called during plugin discovery.
                 It returns the plugin instance.
             class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
+                uid = 'headers'
                 def includeme(self, config):
                     config.add_authn_plugin(self)
                     config.add_authn_resource(self.get_id(), HeadersAuthnResource(self))
                 @hybrid_property
                 def name(self):
-                    return 'headers'
+                    return u"headers"
                 @property
                 def is_headers_auth(self):
                     log.info('user `%s` authenticated correctly', user_attrs['username'])
                     return user_attrs
+            def includeme(config):
+                plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
+                plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/plugins/auth_jasig_cas.py

0 +8 -2

             log = logging.getLogger(__name__)
-            def plugin_factory(plugin_id, *args, **kwds):
+            def plugin_factory(plugin_id, *args, **kwargs):
                 """
                 Factory function that is called during plugin discovery.
                 It returns the plugin instance.
             class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
+                uid = 'jasig_cas'
                 def includeme(self, config):
                     config.add_authn_plugin(self)
                 @hybrid_property
                 def name(self):
-                    return "jasig-cas"
+                    return u"jasig-cas"
                 @property
                 def is_headers_auth(self):
                     log.info('user `%s` authenticated correctly', user_attrs['username'])
                     return user_attrs
+            def includeme(config):
+                plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
+                plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/plugins/auth_ldap.py

0 +209 -180

@@ -53,7 +53,7 b' class LdapError(Exception):'
53	pass	53	pass
54		54
55		55
56	def plugin_factory(plugin_id, args, *kwds):	56	def plugin_factory(plugin_id, args, *kwargs):
57	"""	57	"""
58	Factory function that is called during plugin discovery.	58	Factory function that is called during plugin discovery.
59	It returns the plugin instance.	59	It returns the plugin instance.
@@ -66,6 +66,171 b' class LdapAuthnResource(AuthnPluginResou'
66	pass	66	pass
67		67
68		68
		69	class AuthLdap(AuthLdapBase):
		70	default_tls_cert_dir = '/etc/openldap/cacerts'
		71
		72	def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
		73	tls_kind='PLAIN', tls_reqcert='DEMAND', tls_cert_file=None,
		74	tls_cert_dir=None, ldap_version=3,
		75	search_scope='SUBTREE', attr_login='uid',
		76	ldap_filter='', timeout=None):
		77	if ldap == Missing:
		78	raise LdapImportError("Missing or incompatible ldap library")
		79
		80	self.debug = False
		81	self.timeout = timeout or 60 * 5
		82	self.ldap_version = ldap_version
		83	self.ldap_server_type = 'ldap'
		84
		85	self.TLS_KIND = tls_kind
		86
		87	if self.TLS_KIND == 'LDAPS':
		88	port = port or 689
		89	self.ldap_server_type += 's'
		90
		91	OPT_X_TLS_DEMAND = 2
		92	self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert, OPT_X_TLS_DEMAND)
		93	self.TLS_CERT_FILE = tls_cert_file or ''
		94	self.TLS_CERT_DIR = tls_cert_dir or self.default_tls_cert_dir
		95
		96	# split server into list
		97	self.SERVER_ADDRESSES = self._get_server_list(server)
		98	self.LDAP_SERVER_PORT = port
		99
		100	# USE FOR READ ONLY BIND TO LDAP SERVER
		101	self.attr_login = attr_login
		102
		103	self.LDAP_BIND_DN = safe_str(bind_dn)
		104	self.LDAP_BIND_PASS = safe_str(bind_pass)
		105
		106	self.SEARCH_SCOPE = getattr(ldap, 'SCOPE_%s' % search_scope)
		107	self.BASE_DN = safe_str(base_dn)
		108	self.LDAP_FILTER = safe_str(ldap_filter)
		109
		110	def _get_ldap_conn(self):
		111
		112	if self.debug:
		113	ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
		114
		115	if self.TLS_CERT_FILE and hasattr(ldap, 'OPT_X_TLS_CACERTFILE'):
		116	ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.TLS_CERT_FILE)
		117
		118	elif hasattr(ldap, 'OPT_X_TLS_CACERTDIR'):
		119	ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, self.TLS_CERT_DIR)
		120
		121	if self.TLS_KIND != 'PLAIN':
		122	ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
		123
		124	ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
		125	ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
		126
		127	# init connection now
		128	ldap_servers = self._build_servers(
		129	self.ldap_server_type, self.SERVER_ADDRESSES, self.LDAP_SERVER_PORT)
		130	log.debug('initializing LDAP connection to:%s', ldap_servers)
		131	ldap_conn = ldap.initialize(ldap_servers)
		132	ldap_conn.set_option(ldap.OPT_NETWORK_TIMEOUT, self.timeout)
		133	ldap_conn.set_option(ldap.OPT_TIMEOUT, self.timeout)
		134	ldap_conn.timeout = self.timeout
		135
		136	if self.ldap_version == 2:
		137	ldap_conn.protocol = ldap.VERSION2
		138	else:
		139	ldap_conn.protocol = ldap.VERSION3
		140
		141	if self.TLS_KIND == 'START_TLS':
		142	ldap_conn.start_tls_s()
		143
		144	if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
		145	log.debug('Trying simple_bind with password and given login DN: %r',
		146	self.LDAP_BIND_DN)
		147	ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
		148
		149	return ldap_conn
		150
		151	def fetch_attrs_from_simple_bind(self, server, dn, username, password):
		152	try:
		153	log.debug('Trying simple bind with %r', dn)
		154	server.simple_bind_s(dn, safe_str(password))
		155	user = server.search_ext_s(
		156	dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0]
		157	_, attrs = user
		158	return attrs
		159
		160	except ldap.INVALID_CREDENTIALS:
		161	log.debug(
		162	"LDAP rejected password for user '%s': %s, org_exc:",
		163	username, dn, exc_info=True)
		164
		165	def authenticate_ldap(self, username, password):
		166	"""
		167	Authenticate a user via LDAP and return his/her LDAP properties.
		168
		169	Raises AuthenticationError if the credentials are rejected, or
		170	EnvironmentError if the LDAP server can't be reached.
		171
		172	:param username: username
		173	:param password: password
		174	"""
		175
		176	uid = self.get_uid(username, self.SERVER_ADDRESSES)
		177	user_attrs = {}
		178	dn = ''
		179
		180	self.validate_password(username, password)
		181	self.validate_username(username)
		182
		183	ldap_conn = None
		184	try:
		185	ldap_conn = self._get_ldap_conn()
		186	filter_ = '(&%s(%s=%s))' % (
		187	self.LDAP_FILTER, self.attr_login, username)
		188	log.debug("Authenticating %r filter %s", self.BASE_DN, filter_)
		189
		190	lobjects = ldap_conn.search_ext_s(
		191	self.BASE_DN, self.SEARCH_SCOPE, filter_)
		192
		193	if not lobjects:
		194	log.debug("No matching LDAP objects for authentication "
		195	"of UID:'%s' username:(%s)", uid, username)
		196	raise ldap.NO_SUCH_OBJECT()
		197
		198	log.debug('Found matching ldap object, trying to authenticate')
		199	for (dn, _attrs) in lobjects:
		200	if dn is None:
		201	continue
		202
		203	user_attrs = self.fetch_attrs_from_simple_bind(
		204	ldap_conn, dn, username, password)
		205	if user_attrs:
		206	break
		207	else:
		208	raise LdapPasswordError(
		209	'Failed to authenticate user `{}`'
		210	'with given password'.format(username))
		211
		212	except ldap.NO_SUCH_OBJECT:
		213	log.debug("LDAP says no such user '%s' (%s), org_exc:",
		214	uid, username, exc_info=True)
		215	raise LdapUsernameError('Unable to find user')
		216	except ldap.SERVER_DOWN:
		217	org_exc = traceback.format_exc()
		218	raise LdapConnectionError(
		219	"LDAP can't access authentication "
		220	"server, org_exc:%s" % org_exc)
		221	finally:
		222	if ldap_conn:
		223	log.debug('ldap: connection release')
		224	try:
		225	ldap_conn.unbind_s()
		226	except Exception:
		227	# for any reason this can raise exception we must catch it
		228	# to not crush the server
		229	pass
		230
		231	return dn, user_attrs
		232
		233
69	class LdapSettingsSchema(AuthnPluginSettingsSchemaBase):	234	class LdapSettingsSchema(AuthnPluginSettingsSchemaBase):
70	tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']	235	tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']
71	tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']	236	tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']
@@ -84,7 +249,7 b' class LdapSettingsSchema(AuthnPluginSett'
84	colander.Int(),	249	colander.Int(),
85	default=389,	250	default=389,
86	description=_('Custom port that the LDAP server is listening on. '	251	description=_('Custom port that the LDAP server is listening on. '
87	'Default value is: 389'),	252	'Default value is: 389, use 689 for LDAPS(SSL)'),
88	preparer=strip_whitespace,	253	preparer=strip_whitespace,
89	title=_('Port'),	254	title=_('Port'),
90	validator=colander.Range(min=0, max=65536),	255	validator=colander.Range(min=0, max=65536),
@@ -133,6 +298,22 b' class LdapSettingsSchema(AuthnPluginSett'
133	title=_('Certificate Checks'),	298	title=_('Certificate Checks'),
134	validator=colander.OneOf(tls_reqcert_choices),	299	validator=colander.OneOf(tls_reqcert_choices),
135	widget='select')	300	widget='select')
		301	tls_cert_file = colander.SchemaNode(
		302	colander.String(),
		303	default='',
		304	description=_('This specifies the PEM-format file path containing '
		305	'certificates for use in TLS connection.\n'
		306	'If not specified `TLS Cert dir` will be used'),
		307	title=_('TLS Cert file'),
		308	missing='',
		309	widget='string')
		310	tls_cert_dir = colander.SchemaNode(
		311	colander.String(),
		312	default=AuthLdap.default_tls_cert_dir,
		313	description=_('This specifies the path of a directory that contains individual '
		314	'CA certificates in separate files.'),
		315	title=_('TLS Cert dir'),
		316	widget='string')
136	base_dn = colander.SchemaNode(	317	base_dn = colander.SchemaNode(
137	colander.String(),	318	colander.String(),
138	default='',	319	default='',
@@ -169,6 +350,16 b' class LdapSettingsSchema(AuthnPluginSett'
169	title=_('Login Attribute'),	350	title=_('Login Attribute'),
170	missing_msg=_('The LDAP Login attribute of the CN must be specified'),	351	missing_msg=_('The LDAP Login attribute of the CN must be specified'),
171	widget='string')	352	widget='string')
		353	attr_email = colander.SchemaNode(
		354	colander.String(),
		355	default='',
		356	description=_('LDAP Attribute to map to email address (e.g., mail).\n'
		357	'Emails are a crucial part of RhodeCode. \n'
		358	'If possible add a valid email attribute to ldap users.'),
		359	missing='',
		360	preparer=strip_whitespace,
		361	title=_('Email Attribute'),
		362	widget='string')
172	attr_firstname = colander.SchemaNode(	363	attr_firstname = colander.SchemaNode(
173	colander.String(),	364	colander.String(),
174	default='',	365	default='',
@@ -185,182 +376,10 b' class LdapSettingsSchema(AuthnPluginSett'
185	preparer=strip_whitespace,	376	preparer=strip_whitespace,
186	title=_('Last Name Attribute'),	377	title=_('Last Name Attribute'),
187	widget='string')	378	widget='string')
188	attr_email = colander.SchemaNode(
189	colander.String(),
190	default='',
191	description=_('LDAP Attribute to map to email address (e.g., mail).\n'
192	'Emails are a crucial part of RhodeCode. \n'
193	'If possible add a valid email attribute to ldap users.'),
194	missing='',
195	preparer=strip_whitespace,
196	title=_('Email Attribute'),
197	widget='string')
198
199
200	class AuthLdap(AuthLdapBase):
201
202	def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
203	tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
204	search_scope='SUBTREE', attr_login='uid',
205	ldap_filter='', timeout=None):
206	if ldap == Missing:
207	raise LdapImportError("Missing or incompatible ldap library")
208
209	self.debug = False
210	self.timeout = timeout or 60 * 5
211	self.ldap_version = ldap_version
212	self.ldap_server_type = 'ldap'
213
214	self.TLS_KIND = tls_kind
215
216	if self.TLS_KIND == 'LDAPS':
217	port = port or 689
218	self.ldap_server_type += 's'
219
220	OPT_X_TLS_DEMAND = 2
221	self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert,
222	OPT_X_TLS_DEMAND)
223	self.LDAP_SERVER = server
224	# split server into list
225	self.SERVER_ADDRESSES = self._get_server_list(server)
226	self.LDAP_SERVER_PORT = port
227
228	# USE FOR READ ONLY BIND TO LDAP SERVER
229	self.attr_login = attr_login
230
231	self.LDAP_BIND_DN = safe_str(bind_dn)
232	self.LDAP_BIND_PASS = safe_str(bind_pass)
233
234	self.SEARCH_SCOPE = getattr(ldap, 'SCOPE_%s' % search_scope)
235	self.BASE_DN = safe_str(base_dn)
236	self.LDAP_FILTER = safe_str(ldap_filter)
237
238	def _get_ldap_conn(self):
239
240	if self.debug:
241	ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
242
243	if hasattr(ldap, 'OPT_X_TLS_CACERTDIR'):
244	ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
245	if self.TLS_KIND != 'PLAIN':
246	ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
247
248	ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
249	ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
250
251	# init connection now
252	ldap_servers = self._build_servers(
253	self.ldap_server_type, self.SERVER_ADDRESSES, self.LDAP_SERVER_PORT)
254	log.debug('initializing LDAP connection to:%s', ldap_servers)
255	ldap_conn = ldap.initialize(ldap_servers)
256	ldap_conn.set_option(ldap.OPT_NETWORK_TIMEOUT, self.timeout)
257	ldap_conn.set_option(ldap.OPT_TIMEOUT, self.timeout)
258	ldap_conn.timeout = self.timeout
259
260	if self.ldap_version == 2:
261	ldap_conn.protocol = ldap.VERSION2
262	else:
263	ldap_conn.protocol = ldap.VERSION3
264
265	if self.TLS_KIND == 'START_TLS':
266	ldap_conn.start_tls_s()
267
268	if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
269	log.debug('Trying simple_bind with password and given login DN: %s',
270	self.LDAP_BIND_DN)
271	ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
272
273	return ldap_conn
274
275	def fetch_attrs_from_simple_bind(self, server, dn, username, password):
276	try:
277	log.debug('Trying simple bind with %s', dn)
278	server.simple_bind_s(dn, safe_str(password))
279	user = server.search_ext_s(
280	dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0]
281	_, attrs = user
282	return attrs
283
284	except ldap.INVALID_CREDENTIALS:
285	log.debug(
286	"LDAP rejected password for user '%s': %s, org_exc:",
287	username, dn, exc_info=True)
288
289	def authenticate_ldap(self, username, password):
290	"""
291	Authenticate a user via LDAP and return his/her LDAP properties.
292
293	Raises AuthenticationError if the credentials are rejected, or
294	EnvironmentError if the LDAP server can't be reached.
295
296	:param username: username
297	:param password: password
298	"""
299
300	uid = self.get_uid(username, self.SERVER_ADDRESSES)
301	user_attrs = {}
302	dn = ''
303
304	if not password:
305	msg = "Authenticating user %s with blank password not allowed"
306	log.warning(msg, username)
307	raise LdapPasswordError(msg)
308	if "," in username:
309	raise LdapUsernameError(
310	"invalid character `,` in username: `{}`".format(username))
311	ldap_conn = None
312	try:
313	ldap_conn = self._get_ldap_conn()
314	filter_ = '(&%s(%s=%s))' % (
315	self.LDAP_FILTER, self.attr_login, username)
316	log.debug(
317	"Authenticating %r filter %s", self.BASE_DN, filter_)
318	lobjects = ldap_conn.search_ext_s(
319	self.BASE_DN, self.SEARCH_SCOPE, filter_)
320
321	if not lobjects:
322	log.debug("No matching LDAP objects for authentication "
323	"of UID:'%s' username:(%s)", uid, username)
324	raise ldap.NO_SUCH_OBJECT()
325
326	log.debug('Found matching ldap object, trying to authenticate')
327	for (dn, _attrs) in lobjects:
328	if dn is None:
329	continue
330
331	user_attrs = self.fetch_attrs_from_simple_bind(
332	ldap_conn, dn, username, password)
333	if user_attrs:
334	break
335
336	else:
337	raise LdapPasswordError(
338	'Failed to authenticate user `{}`'
339	'with given password'.format(username))
340
341	except ldap.NO_SUCH_OBJECT:
342	log.debug("LDAP says no such user '%s' (%s), org_exc:",
343	uid, username, exc_info=True)
344	raise LdapUsernameError('Unable to find user')
345	except ldap.SERVER_DOWN:
346	org_exc = traceback.format_exc()
347	raise LdapConnectionError(
348	"LDAP can't access authentication "
349	"server, org_exc:%s" % org_exc)
350	finally:
351	if ldap_conn:
352	log.debug('ldap: connection release')
353	try:
354	ldap_conn.unbind_s()
355	except Exception:
356	# for any reason this can raise exception we must catch it
357	# to not crush the server
358	pass
359
360	return dn, user_attrs
361		379
362		380
363	class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):	381	class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
		382	uid = 'ldap'
364	# used to define dynamic binding in the	383	# used to define dynamic binding in the
365	DYNAMIC_BIND_VAR = '$login'	384	DYNAMIC_BIND_VAR = '$login'
366	_settings_unsafe_keys = ['dn_pass']	385	_settings_unsafe_keys = ['dn_pass']
@@ -389,9 +408,13 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
389	def get_display_name(self):	408	def get_display_name(self):
390	return _('LDAP')	409	return _('LDAP')
391		410
		411	@classmethod
		412	def docs(cls):
		413	return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-ldap.html"
		414
392	@hybrid_property	415	@hybrid_property
393	def name(self):	416	def name(self):
394	return "ldap"	417	return u"ldap"
395		418
396	def use_fake_password(self):	419	def use_fake_password(self):
397	return True	420	return True
@@ -448,6 +471,8 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
448	'bind_pass': settings.get('dn_pass'),	471	'bind_pass': settings.get('dn_pass'),
449	'tls_kind': settings.get('tls_kind'),	472	'tls_kind': settings.get('tls_kind'),
450	'tls_reqcert': settings.get('tls_reqcert'),	473	'tls_reqcert': settings.get('tls_reqcert'),
		474	'tls_cert_file': settings.get('tls_cert_file'),
		475	'tls_cert_dir': settings.get('tls_cert_dir'),
451	'search_scope': settings.get('search_scope'),	476	'search_scope': settings.get('search_scope'),
452	'attr_login': settings.get('attr_login'),	477	'attr_login': settings.get('attr_login'),
453	'ldap_version': 3,	478	'ldap_version': 3,
@@ -477,12 +502,11 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
477	extern_type = getattr(userobj, 'extern_type', '')	502	extern_type = getattr(userobj, 'extern_type', '')
478		503
479	groups = []	504	groups = []
		505
480	user_attrs = {	506	user_attrs = {
481	'username': username,	507	'username': username,
482	'firstname': safe_unicode(	508	'firstname': safe_unicode(get_ldap_attr('attr_firstname') or firstname),
483	get_ldap_attr('attr_~~fir~~stname') or ~~fir~~stname),	509	'lastname': safe_unicode(get_ldap_attr('attr_lastname') or lastname),
484	'lastname': safe_unicode(
485	get_ldap_attr('attr_lastname') or lastname),
486	'groups': groups,	510	'groups': groups,
487	'user_group_sync': False,	511	'user_group_sync': False,
488	'email': get_ldap_attr('attr_email') or email,	512	'email': get_ldap_attr('attr_email') or email,
@@ -492,6 +516,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
492	'extern_name': user_dn,	516	'extern_name': user_dn,
493	'extern_type': extern_type,	517	'extern_type': extern_type,
494	}	518	}
		519
495	log.debug('ldap user: %s', user_attrs)	520	log.debug('ldap user: %s', user_attrs)
496	log.info('user `%s` authenticated correctly', user_attrs['username'])	521	log.info('user `%s` authenticated correctly', user_attrs['username'])
497		522
@@ -504,3 +529,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
504	log.exception("Other exception")	529	log.exception("Other exception")
505	return None	530	return None
506		531
		532
		533	def includeme(config):
		534	plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
		535	plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/plugins/auth_pam.py

0 +12 -2

             log = logging.getLogger(__name__)
-            def plugin_factory(plugin_id, *args, **kwds):
+            def plugin_factory(plugin_id, *args, **kwargs):
                 """
                 Factory function that is called during plugin discovery.
                 It returns the plugin instance.
             class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
+                uid = 'pam'
                 # PAM authentication can be slow. Repository operations involve a lot of
                 # auth calls. Little caching helps speedup push/pull operations significantly
                 AUTH_CACHE_TTL = 4
                 def get_display_name(self):
                     return _('PAM')
+                @classmethod
+                def docs(cls):
+                    return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-pam.html"
                 @hybrid_property
                 def name(self):
-                    return "pam"
+                    return u"pam"
                 def get_settings_schema(self):
                     return PamSettingsSchema()
                     log.debug("pamuser: %s", user_attrs)
                     log.info('user `%s` authenticated correctly', user_attrs['username'])
                     return user_attrs
+            def includeme(config):
+                plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
+                plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/plugins/auth_rhodecode.py

0 +13 -3

             log = logging.getLogger(__name__)
-            def plugin_factory(plugin_id, *args, **kwds):
+            def plugin_factory(plugin_id, *args, **kwargs):
                 plugin = RhodeCodeAuthPlugin(plugin_id)
                 return plugin
             class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
+                uid = 'rhodecode'
                 def includeme(self, config):
                     config.add_authn_plugin(self)
                         context=RhodecodeAuthnResource)
                 def get_display_name(self):
-                    return _('Rhodecode')
+                    return _('RhodeCode Internal')
+                @classmethod
+                def docs(cls):
+                    return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth.html"
                 @hybrid_property
                 def name(self):
-                    return "rhodecode"
+                    return u"rhodecode"
                 def user_activation_state(self):
                     def_user_perms = User.get_default_user().AuthUser().permissions['global']
                             'user `%s` failed to authenticate via %s, reason: account not '
                             'active.', username, self.name)
                         return None
+            def includeme(config):
+                plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
+                plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/plugins/auth_token.py

0 +13 -3

             log = logging.getLogger(__name__)
-            def plugin_factory(plugin_id, *args, **kwds):
+            def plugin_factory(plugin_id, *args, **kwargs):
                 plugin = RhodeCodeAuthPlugin(plugin_id)
                 return plugin
                 """
                 Enables usage of authentication tokens for vcs operations.
                 """
+                uid = 'token'
                 def includeme(self, config):
                     config.add_authn_plugin(self)
                         context=RhodecodeAuthnResource)
                 def get_display_name(self):
-                    return _('Rhodecode Token Auth')
+                    return _('Rhodecode Token')
+                @classmethod
+                def docs(cls):
+                    return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-token.html"
                 @hybrid_property
                 def name(self):
-                    return "authtoken"
+                    return u"authtoken"
                 def user_activation_state(self):
                     def_user_perms = User.get_default_user().AuthUser().permissions['global']
                             'user `%s` failed to authenticate via %s, reason: account not '
                             'active.', username, self.name)
                     return None
+            def includeme(config):
+                plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
+                plugin_factory(plugin_id).includeme(config)

rhodecode/authentication/routes.py

0 +14 -9

             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
+            import collections
             from pyramid.exceptions import ConfigurationError
                 """
                 def __init__(self):
-                    self._store = {}
+                    self._store = collections.OrderedDict()
                     self._resource_name_map = {}
-                    self.display_name = _('Global')
+                    self.display_name = _('Authentication Plugins')
                 def __getitem__(self, key):
                     """
                     # TODO: Store this info in the resource element.
                     return self._resource_name_map[resource_name]
-                def get_sorted_list(self):
+                def get_sorted_list(self, sort_key=None):
                     """
                     Returns a sorted list of sub resources for displaying purposes.
                     """
-                    def sort_key(resource):
+                    def default_sort_key(resource):
                         return str.lower(safe_str(resource.display_name))
                     active = [item for item in self]
-                    return sorted(active, key=sort_key)
+                    return sorted(active, key=sort_key or default_sort_key)
-                def get_nav_list(self):
+                def get_nav_list(self, sort=True):
                     """
                     Returns a sorted list of resources for displaying the navigation.
                     """
-                    list = self.get_sorted_list()
+                    if sort:
-                    list.insert(0, self)
+                        nav_list = self.get_sorted_list()
-                    return list
+                    else:
+                        nav_list = [item for item in self]
+                    nav_list.insert(0, self)
+                    return nav_list
                 def add_authn_resource(self, config, plugin_id, resource):
                     """

rhodecode/config/middleware.py

0 +173 -28

@@ -23,6 +23,7 b' import sys'
23	import logging	23	import logging
24	import collections	24	import collections
25	import tempfile	25	import tempfile
		26	import time
26		27
27	from paste.gzipper import make_gzip_middleware	28	from paste.gzipper import make_gzip_middleware
28	import pyramid.events	29	import pyramid.events
@@ -63,6 +64,14 b' def is_http_error(response):'
63	return response.status_code > 499	64	return response.status_code > 499
64		65
65		66
		67	def should_load_all():
		68	"""
		69	Returns if all application components should be loaded. In some cases it's
		70	desired to skip apps loading for faster shell script execution
		71	"""
		72	return True
		73
		74
66	def make_pyramid_app(global_config, **settings):	75	def make_pyramid_app(global_config, **settings):
67	"""	76	"""
68	Constructs the WSGI application based on Pyramid.	77	Constructs the WSGI application based on Pyramid.
@@ -78,8 +87,13 b' def make_pyramid_app(global_config, **se'
78		87
79	# Allows to use format style "{ENV_NAME}" placeholders in the configuration. It	88	# Allows to use format style "{ENV_NAME}" placeholders in the configuration. It
80	# will be replaced by the value of the environment variable "NAME" in this case.	89	# will be replaced by the value of the environment variable "NAME" in this case.
81	environ = {	90	start_time = time.time()
82	'ENV_{}'.format(key): value for key, value in os.environ.items()}	91
		92	debug = asbool(global_config.get('debug'))
		93	if debug:
		94	enable_debug()
		95
		96	environ = {'ENV_{}'.format(key): value for key, value in os.environ.items()}
83		97
84	global_config = _substitute_values(global_config, environ)	98	global_config = _substitute_values(global_config, environ)
85	settings = _substitute_values(settings, environ)	99	settings = _substitute_values(settings, environ)
@@ -105,8 +119,10 b' def make_pyramid_app(global_config, **se'
105	config.configure_celery(global_config['__file__'])	119	config.configure_celery(global_config['__file__'])
106	# creating the app uses a connection - return it after we are done	120	# creating the app uses a connection - return it after we are done
107	meta.Session.remove()	121	meta.Session.remove()
		122	total_time = time.time() - start_time
		123	log.info('Pyramid app `%s` created and configured in %.2fs',
		124	pyramid_app.func_name, total_time)
108		125
109	log.info('Pyramid app %s created and configured.', pyramid_app)
110	return pyramid_app	126	return pyramid_app
111		127
112		128
@@ -215,6 +231,7 b' def includeme_first(config):'
215		231
216		232
217	def includeme(config):	233	def includeme(config):
		234	log.debug('Initializing main includeme from %s', os.path.basename(__file__))
218	settings = config.registry.settings	235	settings = config.registry.settings
219	config.set_request_factory(Request)	236	config.set_request_factory(Request)
220		237
@@ -229,41 +246,58 b' def includeme(config):'
229	if asbool(settings.get('appenlight', 'false')):	246	if asbool(settings.get('appenlight', 'false')):
230	config.include('appenlight_client.ext.pyramid_tween')	247	config.include('appenlight_client.ext.pyramid_tween')
231		248
		249	load_all = should_load_all()
		250
232	# Includes which are required. The application would fail without them.	251	# Includes which are required. The application would fail without them.
233	config.include('pyramid_mako')	252	config.include('pyramid_mako')
234	config.include('pyramid_beaker')	253	config.include('pyramid_beaker')
235	config.include('rhodecode.lib.rc_cache')	254	config.include('rhodecode.lib.rc_cache')
236		255
		256	config.include('rhodecode.apps._base.navigation')
		257	config.include('rhodecode.apps._base.subscribers')
		258	config.include('rhodecode.tweens')
		259
		260	config.include('rhodecode.integrations')
237	config.include('rhodecode.authentication')	261	config.include('rhodecode.authentication')
238	config.include('rhodecode.integrations')	262
		263	if load_all:
		264	from rhodecode.authentication import discover_legacy_plugins
		265	# load CE authentication plugins
		266	config.include('rhodecode.authentication.plugins.auth_crowd')
		267	config.include('rhodecode.authentication.plugins.auth_headers')
		268	config.include('rhodecode.authentication.plugins.auth_jasig_cas')
		269	config.include('rhodecode.authentication.plugins.auth_ldap')
		270	config.include('rhodecode.authentication.plugins.auth_pam')
		271	config.include('rhodecode.authentication.plugins.auth_rhodecode')
		272	config.include('rhodecode.authentication.plugins.auth_token')
		273
		274	# Auto discover authentication plugins and include their configuration.
		275	discover_legacy_plugins(config)
239		276
240	# apps	277	# apps
241	config.include('rhodecode.apps._base')	278	config.include('rhodecode.apps._base')
242	config.include('rhodecode.apps.ops')
243		279
244	config.include('rhodecode.apps.admin')	280	if load_all:
245	config.include('rhodecode.apps.~~channelstream~~')	281	config.include('rhodecode.apps.ops')
246	config.include('rhodecode.apps.~~log~~in')	282	config.include('rhodecode.apps.admin')
247	config.include('rhodecode.apps.~~home~~')	283	config.include('rhodecode.apps.channelstream')
248	config.include('rhodecode.apps.~~journal~~')	284	config.include('rhodecode.apps.login')
249	config.include('rhodecode.apps.~~repository~~')	285	config.include('rhodecode.apps.home')
250	config.include('rhodecode.apps.~~repo_group~~')	286	config.include('rhodecode.apps.journal')
251	config.include('rhodecode.apps.~~user_group~~')	287	config.include('rhodecode.apps.repository')
252	config.include('rhodecode.apps.~~search~~')	288	config.include('rhodecode.apps.repo_group')
253	config.include('rhodecode.apps.user_~~profile~~')	289	config.include('rhodecode.apps.user_group')
254	config.include('rhodecode.apps.~~user_group_profile~~')	290	config.include('rhodecode.apps.search')
255	config.include('rhodecode.apps.~~my_account~~')	291	config.include('rhodecode.apps.user_profile')
256	config.include('rhodecode.apps.~~svn_support~~')	292	config.include('rhodecode.apps.user_group_profile')
257	config.include('rhodecode.apps.~~ssh_suppor~~t')	293	config.include('rhodecode.apps.my_account')
258	config.include('rhodecode.apps.~~gis~~t')	294	config.include('rhodecode.apps.svn_support')
		295	config.include('rhodecode.apps.ssh_support')
		296	config.include('rhodecode.apps.gist')
		297	config.include('rhodecode.apps.debug_style')
		298	config.include('rhodecode.api')
259		299
260	config.include('rhodecode.apps.debug_style')	300	config.add_route('rhodecode_support', 'https://rhodecode.com/help/', static=True)
261	config.include('rhodecode.tweens')
262	config.include('rhodecode.api')
263
264	config.add_route(
265	'rhodecode_support', 'https://rhodecode.com/help/', static=True)
266
267	config.add_translation_dirs('rhodecode:i18n/')	301	config.add_translation_dirs('rhodecode:i18n/')
268	settings['default_locale_name'] = settings.get('lang', 'en')	302	settings['default_locale_name'] = settings.get('lang', 'en')
269		303
@@ -403,6 +437,114 b' def sanitize_settings_and_apply_defaults'
403	return settings	437	return settings
404		438
405		439
		440	def enable_debug():
		441	"""
		442	Helper to enable debug on running instance
		443	:return:
		444	"""
		445	import tempfile
		446	import textwrap
		447	import logging.config
		448
		449	ini_template = textwrap.dedent("""
		450	#####################################
		451	### DEBUG LOGGING CONFIGURATION ####
		452	#####################################
		453	[loggers]
		454	keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
		455
		456	[handlers]
		457	keys = console, console_sql
		458
		459	[formatters]
		460	keys = generic, color_formatter, color_formatter_sql
		461
		462	#############
		463	## LOGGERS ##
		464	#############
		465	[logger_root]
		466	level = NOTSET
		467	handlers = console
		468
		469	[logger_sqlalchemy]
		470	level = INFO
		471	handlers = console_sql
		472	qualname = sqlalchemy.engine
		473	propagate = 0
		474
		475	[logger_beaker]
		476	level = DEBUG
		477	handlers =
		478	qualname = beaker.container
		479	propagate = 1
		480
		481	[logger_rhodecode]
		482	level = DEBUG
		483	handlers =
		484	qualname = rhodecode
		485	propagate = 1
		486
		487	[logger_ssh_wrapper]
		488	level = DEBUG
		489	handlers =
		490	qualname = ssh_wrapper
		491	propagate = 1
		492
		493	[logger_celery]
		494	level = DEBUG
		495	handlers =
		496	qualname = celery
		497
		498
		499	##############
		500	## HANDLERS ##
		501	##############
		502
		503	[handler_console]
		504	class = StreamHandler
		505	args = (sys.stderr, )
		506	level = DEBUG
		507	formatter = color_formatter
		508
		509	[handler_console_sql]
		510	# "level = DEBUG" logs SQL queries and results.
		511	# "level = INFO" logs SQL queries.
		512	# "level = WARN" logs neither. (Recommended for production systems.)
		513	class = StreamHandler
		514	args = (sys.stderr, )
		515	level = WARN
		516	formatter = color_formatter_sql
		517
		518	################
		519	## FORMATTERS ##
		520	################
		521
		522	[formatter_generic]
		523	class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
		524	format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s \| %(req_id)s
		525	datefmt = %Y-%m-%d %H:%M:%S
		526
		527	[formatter_color_formatter]
		528	class = rhodecode.lib.logging_formatter.ColorRequestTrackingFormatter
		529	format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s \| %(req_id)s
		530	datefmt = %Y-%m-%d %H:%M:%S
		531
		532	[formatter_color_formatter_sql]
		533	class = rhodecode.lib.logging_formatter.ColorFormatterSql
		534	format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
		535	datefmt = %Y-%m-%d %H:%M:%S
		536	""")
		537
		538	with tempfile.NamedTemporaryFile(prefix='rc_debug_logging_', suffix='.ini',
		539	delete=False) as f:
		540	log.info('Saved Temporary DEBUG config at %s', f.name)
		541	f.write(ini_template)
		542
		543	logging.config.fileConfig(f.name)
		544	log.debug('DEBUG MODE ON')
		545	os.remove(f.name)
		546
		547
406	def _sanitize_appenlight_settings(settings):	548	def _sanitize_appenlight_settings(settings):
407	_bool_setting(settings, 'appenlight', 'false')	549	_bool_setting(settings, 'appenlight', 'false')
408		550
@@ -447,7 +589,7 b' def _sanitize_cache_settings(settings):'
447		589
448	# ensure we have our dir created	590	# ensure we have our dir created
449	if not os.path.isdir(default_cache_dir):	591	if not os.path.isdir(default_cache_dir):
450	os.makedirs(default_cache_dir, mode=0755)	592	os.makedirs(default_cache_dir, mode=0o755)
451		593
452	# exception store cache	594	# exception store cache
453	_string_setting(	595	_string_setting(
@@ -578,5 +720,8 b' def _substitute_values(mapping, substitu'
578	raise ValueError(	720	raise ValueError(
579	'Failed to substitute env variable: {}. '	721	'Failed to substitute env variable: {}. '
580	'Make sure you have specified this env variable without ENV_ prefix'.format(e))	722	'Make sure you have specified this env variable without ENV_ prefix'.format(e))
		723	except ValueError as e:
		724	log.warning('Failed to substitute ENV variable: %s', e)
		725	result = mapping
581		726
582	return result	727	return result

rhodecode/config/rcextensions/helpers/extract_pre_commits.py

0 +30 -3

@@ -27,6 +27,7 b' us in hooks::'
27	"""	27	"""
28	import re	28	import re
29	import collections	29	import collections
		30	import json
30		31
31		32
32	def get_hg_commits(repo, refs):	33	def get_hg_commits(repo, refs):
@@ -36,6 +37,31 b' def get_hg_commits(repo, refs):'
36		37
37	def get_git_commits(repo, refs):	38	def get_git_commits(repo, refs):
38	commits = []	39	commits = []
		40
		41	for data in refs:
		42	# we should now extract commit data
		43	old_rev = data['old_rev']
		44	new_rev = data['new_rev']
		45
		46	if '00000000' in old_rev:
		47	# new branch, we don't need to extract nothing
		48	return commits
		49
		50	git_env = dict(data['git_env'])
		51	cmd = [
		52	'log',
		53	'--pretty=format:{"commit_id": "%H", "author": "%aN <%aE>", "date": "%ad", "message": "%f"}',
		54	'{}...{}'.format(old_rev, new_rev)
		55	]
		56
		57	stdout, stderr = repo.run_git_command(cmd, extra_env=git_env)
		58	for line in stdout.splitlines():
		59	try:
		60	data = json.loads(line)
		61	commits.append(data)
		62	except Exception:
		63	print('Failed to load data from GIT line')
		64
39	return commits	65	return commits
40		66
41		67
@@ -51,13 +77,14 b' def run(args, *kwargs):'
51		77
52	commits = []	78	commits = []
53		79
54	for rev_data in kwargs['commit_ids']:
55	new_environ = dict((k, v) for k, v in rev_data['hg_env'])
56
57	if vcs_type == 'git':	80	if vcs_type == 'git':
		81	for rev_data in kwargs['commit_ids']:
		82	new_environ = dict((k, v) for k, v in rev_data['git_env'])
58	commits = get_git_commits(vcs_repo, kwargs['commit_ids'])	83	commits = get_git_commits(vcs_repo, kwargs['commit_ids'])
59		84
60	if vcs_type == 'hg':	85	if vcs_type == 'hg':
		86	for rev_data in kwargs['commit_ids']:
		87	new_environ = dict((k, v) for k, v in rev_data['hg_env'])
61	commits = get_hg_commits(vcs_repo, kwargs['commit_ids'])	88	commits = get_hg_commits(vcs_repo, kwargs['commit_ids'])
62		89
63	return commits	90	return commits

rhodecode/config/rcextensions/utils.py

0 +38 0

@@ -145,3 +145,41 b' def maybe_log_call(name, args, kwargs):'
145	if hasattr(rcextensions, 'calls'):	145	if hasattr(rcextensions, 'calls'):
146	calls = rcextensions.calls	146	calls = rcextensions.calls
147	calls[name].append((args, kwargs))	147	calls[name].append((args, kwargs))
		148
		149
		150	def str2bool(_str):
		151	"""
		152	returns True/False value from given string, it tries to translate the
		153	string into boolean
		154
		155	:param _str: string value to translate into boolean
		156	:rtype: boolean
		157	:returns: boolean from given string
		158	"""
		159	if _str is None:
		160	return False
		161	if _str in (True, False):
		162	return _str
		163	_str = str(_str).strip().lower()
		164	return _str in ('t', 'true', 'y', 'yes', 'on', '1')
		165
		166
		167	def aslist(obj, sep=None, strip=True):
		168	"""
		169	Returns given string separated by sep as list
		170
		171	:param obj:
		172	:param sep:
		173	:param strip:
		174	"""
		175	if isinstance(obj, (basestring,)):
		176	lst = obj.split(sep)
		177	if strip:
		178	lst = [v.strip() for v in lst]
		179	return lst
		180	elif isinstance(obj, (list, tuple)):
		181	return obj
		182	elif obj is None:
		183	return []
		184	else:
		185	return [obj] No newline at end of file

rhodecode/config/routing_links.py

0 +1 -1

             The redirection must be first implemented in our servers before
             you can see it working.
             """
-            # flake8: noqa
+            # pragma: no cover
             from __future__ import unicode_literals
             link_config = [

rhodecode/events/__init__.py

0 +4 -4

                     integrations_event_handler(event)
-            from rhodecode.events.user import (  # noqa
+            from rhodecode.events.user import (  # pragma: no cover
                 UserPreCreate,
                 UserPostCreate,
                 UserPreUpdate,
                 UserPermissionsChange,
             )
-            from rhodecode.events.repo import (  # noqa
+            from rhodecode.events.repo import (  # pragma: no cover
                 RepoEvent,
                 RepoPreCreateEvent, RepoCreateEvent,
                 RepoPreDeleteEvent, RepoDeleteEvent,
                 RepoPrePullEvent,   RepoPullEvent,
             )
-            from rhodecode.events.repo_group import (  # noqa
+            from rhodecode.events.repo_group import (  # pragma: no cover
                 RepoGroupEvent,
                 RepoGroupCreateEvent,
                 RepoGroupUpdateEvent,
                 RepoGroupDeleteEvent,
             )
-            from rhodecode.events.pullrequest import (  # noqa
+            from rhodecode.events.pullrequest import (  # pragma: no cover
                 PullRequestEvent,
                 PullRequestCreateEvent,
                 PullRequestUpdateEvent,

rhodecode/integrations/registry.py

0 +1 -1

                     if key in self:
                         log.debug(
                             'Overriding existing integration type %s (%s) with %s',
-                            self[key], key, IntegrationType)
+                            self[key].__class__, key, IntegrationType)
                     self[key] = IntegrationType

rhodecode/integrations/types/hipchat.py

0 +21 -22

@@ -36,6 +36,26 b' from rhodecode.integrations.types.base i'
36		36
37	log = logging.getLogger(__name__)	37	log = logging.getLogger(__name__)
38		38
		39	REPO_PUSH_TEMPLATE = Template('''
		40	<b>${data['actor']['username']}</b> pushed to repo <a href="${data['repo']['url']}">${data['repo']['repo_name']}</a>:
		41	<br>
		42	<ul>
		43	%for branch, branch_commits in branches_commits.items():
		44	<li>
		45	% if branch:
		46	<a href="${branch_commits['branch']['url']}">branch: ${branch_commits['branch']['name']}</a>
		47	% else:
		48	to trunk
		49	% endif
		50	<ul>
		51	% for commit in branch_commits['commits']:
		52	<li><a href="${commit['url']}">${commit['short_id']}</a> - ${commit['message_html']}</li>
		53	% endfor
		54	</ul>
		55	</li>
		56	%endfor
		57	''')
		58
39		59
40	class HipchatSettingsSchema(colander.Schema):	60	class HipchatSettingsSchema(colander.Schema):
41	color_choices = [	61	color_choices = [
@@ -76,27 +96,6 b' class HipchatSettingsSchema(colander.Sch'
76	)	96	)
77		97
78		98
79	repo_push_template = Template('''
80	<b>${data['actor']['username']}</b> pushed to repo <a href="${data['repo']['url']}">${data['repo']['repo_name']}</a>:
81	<br>
82	<ul>
83	%for branch, branch_commits in branches_commits.items():
84	<li>
85	% if branch:
86	<a href="${branch_commits['branch']['url']}">branch: ${branch_commits['branch']['name']}</a>
87	% else:
88	to trunk
89	% endif
90	<ul>
91	% for commit in branch_commits['commits']:
92	<li><a href="${commit['url']}">${commit['short_id']}</a> - ${commit['message_html']}</li>
93	% endfor
94	</ul>
95	</li>
96	%endfor
97	''')
98
99
100	class HipchatIntegrationType(IntegrationTypeBase, CommitParsingDataHandler):	99	class HipchatIntegrationType(IntegrationTypeBase, CommitParsingDataHandler):
101	key = 'hipchat'	100	key = 'hipchat'
102	display_name = _('Hipchat')	101	display_name = _('Hipchat')
@@ -226,7 +225,7 b' class HipchatIntegrationType(Integration'
226	data['push']['branches'], data['push']['commits'])	225	data['push']['branches'], data['push']['commits'])
227		226
228	result = render_with_traceback(	227	result = render_with_traceback(
229	repo_push_template,	228	REPO_PUSH_TEMPLATE,
230	data=data,	229	data=data,
231	branches_commits=branches_commits,	230	branches_commits=branches_commits,
232	)	231	)

rhodecode/integrations/types/slack.py

0 +25 -24

@@ -41,6 +41,30 b' from rhodecode.integrations.types.base i'
41	log = logging.getLogger(__name__)	41	log = logging.getLogger(__name__)
42		42
43		43
		44	def html_to_slack_links(message):
		45	return re.compile(r'<a .?href=["\'](.+?)".?>(.+?)</a>').sub(
		46	r'<\1\|\2>', message)
		47
		48
		49	REPO_PUSH_TEMPLATE = Template('''
		50	<%
		51	def branch_text(branch):
		52	if branch:
		53	return 'on branch: <{}\|{}>'.format(branch_commits['branch']['url'], branch_commits['branch']['name'])
		54	else:
		55	## case for SVN no branch push...
		56	return 'to trunk'
		57	%> \
		58
		59	% for branch, branch_commits in branches_commits.items():
		60	${len(branch_commits['commits'])} ${'commit' if len(branch_commits['commits']) == 1 else 'commits'} ${branch_text(branch)}
		61	% for commit in branch_commits['commits']:
		62	`<${commit['url']}\|${commit['short_id']}>` - ${commit['message_html']\|html_to_slack_links}
		63	% endfor
		64	% endfor
		65	''')
		66
		67
44	class SlackSettingsSchema(colander.Schema):	68	class SlackSettingsSchema(colander.Schema):
45	service = colander.SchemaNode(	69	service = colander.SchemaNode(
46	colander.String(),	70	colander.String(),
@@ -258,7 +282,6 b' class SlackIntegrationType(IntegrationTy'
258	return title, text	282	return title, text
259		283
260	def format_repo_push_event(self, data):	284	def format_repo_push_event(self, data):
261
262	branches_commits = self.aggregate_branch_data(	285	branches_commits = self.aggregate_branch_data(
263	data['push']['branches'], data['push']['commits'])	286	data['push']['branches'], data['push']['commits'])
264		287
@@ -267,25 +290,8 b' class SlackIntegrationType(IntegrationTy'
267	''')	290	''')
268	title = render_with_traceback(template, data=data)	291	title = render_with_traceback(template, data=data)
269		292
270	repo_push_template = Template(textwrap.dedent(r'''
271	<%
272	def branch_text(branch):
273	if branch:
274	return 'on branch: <{}\|{}>'.format(branch_commits['branch']['url'], branch_commits['branch']['name'])
275	else:
276	## case for SVN no branch push...
277	return 'to trunk'
278	%> \
279	% for branch, branch_commits in branches_commits.items():
280	${len(branch_commits['commits'])} ${'commit' if len(branch_commits['commits']) == 1 else 'commits'} ${branch_text(branch)}
281	% for commit in branch_commits['commits']:
282	`<${commit['url']}\|${commit['short_id']}>` - ${commit['message_html']\|html_to_slack_links}
283	% endfor
284	% endfor
285	'''))
286
287	text = render_with_traceback(	293	text = render_with_traceback(
288	repo_push_template,	294	REPO_PUSH_TEMPLATE,
289	data=data,	295	data=data,
290	branches_commits=branches_commits,	296	branches_commits=branches_commits,
291	html_to_slack_links=html_to_slack_links,	297	html_to_slack_links=html_to_slack_links,
@@ -308,11 +314,6 b' class SlackIntegrationType(IntegrationTy'
308	return title, text	314	return title, text
309		315
310		316
311	def html_to_slack_links(message):
312	return re.compile(r'<a .?href=["\'](.+?)".?>(.+?)</a>').sub(
313	r'<\1\|\2>', message)
314
315
316	@async_task(ignore_result=True, base=RequestContextTask)	317	@async_task(ignore_result=True, base=RequestContextTask)
317	def post_text_to_slack(settings, title, text, fields=None, overrides=None):	318	def post_text_to_slack(settings, title, text, fields=None, overrides=None):
318	log.debug('sending %s (%s) to slack %s', title, text, settings['service'])	319	log.debug('sending %s (%s) to slack %s', title, text, settings['service'])

rhodecode/integrations/views.py

0 +2 -2

             from pyramid.httpexceptions import HTTPFound, HTTPForbidden, HTTPNotFound
+            from rhodecode.integrations import integration_type_registry
             from rhodecode.apps._base import BaseAppView
-            from rhodecode.integrations import integration_type_registry
+            from rhodecode.apps._base.navigation import navigation_list
-            from rhodecode.apps.admin.navigation import navigation_list
             from rhodecode.lib.auth import (
                 LoginRequired, CSRFRequired, HasPermissionAnyDecorator,
                 HasRepoPermissionAnyDecorator, HasRepoGroupPermissionAnyDecorator)

rhodecode/lib/bleach_whitelist.py

0 +3 -1

                 "table", "thead", "tbody", "tfoot", "tr", "th", "td",
                 "img",
                 "a",
+                "input",
             ]
             markdown_attrs = {
                 "a": ["href", "alt", "title", "name"],
                 "abbr": ["title"],
                 "acronym": ["title"],
-                "pre": ["lang"]
+                "pre": ["lang"],
+                "input": ["type", "disabled"]
             }
             standard_styles = [

rhodecode/lib/celerylib/loader.py

0 +1 -1

             from celery import Celery
             from celery import signals
             from celery import Task
-            from celery import exceptions  # noqa
+            from celery import exceptions  # pragma: no cover
             from kombu.serialization import register
             from pyramid.threadlocal import get_current_request

rhodecode/lib/dbmigrate/schema/db_4_11_0_0.py

0 +2 -2

                 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
                 Text, Float, PickleType)
             from sqlalchemy.sql.expression import true, false
-            from sqlalchemy.sql.functions import coalesce, count  # noqa
+            from sqlalchemy.sql.functions import coalesce, count  # pragma: no cover
             from sqlalchemy.orm import (
                 relationship, joinedload, class_mapper, validates, aliased)
             from sqlalchemy.ext.declarative import declared_attr
             from sqlalchemy.ext.hybrid import hybrid_property
-            from sqlalchemy.exc import IntegrityError  # noqa
+            from sqlalchemy.exc import IntegrityError  # pragma: no cover
             from sqlalchemy.dialects.mysql import LONGTEXT
             from beaker.cache import cache_region
             from zope.cachedescriptors.property import Lazy as LazyProperty

rhodecode/lib/dbmigrate/schema/db_4_13_0_0.py

0 +2 -2

                 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
                 Text, Float, PickleType)
             from sqlalchemy.sql.expression import true, false
-            from sqlalchemy.sql.functions import coalesce, count  # noqa
+            from sqlalchemy.sql.functions import coalesce, count  # pragma: no cover
             from sqlalchemy.orm import (
                 relationship, joinedload, class_mapper, validates, aliased)
             from sqlalchemy.ext.declarative import declared_attr
             from sqlalchemy.ext.hybrid import hybrid_property
-            from sqlalchemy.exc import IntegrityError  # noqa
+            from sqlalchemy.exc import IntegrityError  # pragma: no cover
             from sqlalchemy.dialects.mysql import LONGTEXT
             from beaker.cache import cache_region
             from zope.cachedescriptors.property import Lazy as LazyProperty

rhodecode/lib/dbmigrate/schema/db_4_9_0_0.py

0 +1 -1

             from sqlalchemy.orm import (
                 relationship, joinedload, class_mapper, validates, aliased)
             from sqlalchemy.sql.expression import true
-            from sqlalchemy.sql.functions import coalesce, count  # noqa
+            from sqlalchemy.sql.functions import coalesce, count  # pragma: no cover
             from beaker.cache import cache_region
             from zope.cachedescriptors.property import Lazy as LazyProperty

rhodecode/lib/diff_match_patch.py

0 +3 -3

                   Array of changes.
                 """
                 # Set a deadline by which time the diff must be complete.
-                if deadline == None:
+                if deadline is None:
                   # Unlike in most languages, Python counts time in seconds.
                   if self.Diff_Timeout <= 0:
                     deadline = sys.maxint
                     deadline = time.time() + self.Diff_Timeout
                 # Check for null inputs.
-                if text1 == None or text2 == None:
+                if text1 is None or text2 is None:
                   raise ValueError("Null inputs. (diff_main)")
                 # Check for equality (speedup).
                   Best match index or -1.
                 """
                 # Check for null inputs.
-                if text == None or pattern == None:
+                if text is None or pattern is None:
                   raise ValueError("Null inputs. (match_main)")
                 loc = max(0, min(loc, len(text)))

rhodecode/lib/helpers.py

0 +4 -3

                 return html_value
-            def bool2icon(value):
+            def bool2icon(value, show_at_false=True):
                 """
                 Returns boolean value of a given value, represented as html element with
                 classes that will represent icons
                 if value:  # does bool conversion
                     return HTML.tag('i', class_="icon-true")
                 else:  # not true as bool
-                    return HTML.tag('i', class_="icon-false")
+                    if show_at_false:
+                        return HTML.tag('i', class_="icon-false")
+                    return HTML.tag('i')
             #==============================================================================
             # PERMS

rhodecode/lib/index/whoosh.py

0 +1 -1

                     # inside hit object, and we don't need all
                     res = dict(hit)
-                    f_path = ''  # noqa
+                    f_path = ''  # pragma: no cover
                     if self.search_type in ['content', 'path']:
                         f_path = res['path'][len(res['repository']):]
                         f_path = f_path.lstrip(os.sep)

rhodecode/lib/logging_formatter.py

0 +2 -1

             def _inject_req_id(record):
                 from pyramid.threadlocal import get_current_request
                 req = get_current_request()
-                req_id = 'req_id:%-36s ' % (getattr(req, 'req_id', None))
+                dummy = '00000000-0000-0000-0000-000000000000'
+                req_id = 'req_id:%-36s' % (getattr(req, 'req_id', dummy))
                 record.req_id = req_id

rhodecode/lib/markdown_ext.py

0 +1 -30

@@ -22,36 +22,7 b' import re'
22		22
23	import markdown	23	import markdown
24		24
25	from mdx_gfm import GithubFlavoredMarkdownExtension # ~~noqa~~	25	from mdx_gfm import GithubFlavoredMarkdownExtension # pragma: no cover
26
27
28	class FlavoredCheckboxExtension(markdown.Extension):
29
30	def extendMarkdown(self, md, md_globals):
31	md.preprocessors.add('checklist',
32	FlavoredCheckboxPreprocessor(md), '<reference')
33	md.postprocessors.add('checklist',
34	FlavoredCheckboxPostprocessor(md), '>unescape')
35
36
37	class FlavoredCheckboxPreprocessor(markdown.preprocessors.Preprocessor):
38	"""
39	Replaces occurrences of [ ] or [x] to checkbox input
40	"""
41
42	pattern = re.compile(r'^([*-]) \[([ x])\]')
43
44	def run(self, lines):
45	return [self._transform_line(line) for line in lines]
46
47	def _transform_line(self, line):
48	return self.pattern.sub(self._replacer, line)
49
50	def _replacer(self, match):
51	list_prefix, state = match.groups()
52	checked = '' if state == ' ' else ' checked="checked"'
53	return '%s <input type="checkbox" disabled="disabled"%s>' % (list_prefix,
54	checked)
55		26
56		27
57	class FlavoredCheckboxPostprocessor(markdown.postprocessors.Postprocessor):	28	class FlavoredCheckboxPostprocessor(markdown.postprocessors.Postprocessor):

rhodecode/lib/markup_renderer.py

0 +37 -14

             import markdown
             from rhodecode.lib.markdown_ext import GithubFlavoredMarkdownExtension
-            from rhodecode.lib.utils2 import (
+            from rhodecode.lib.utils2 import (safe_unicode, md5_safe, MENTIONS_REGEX)
-                safe_str, safe_unicode, md5_safe, MENTIONS_REGEX)
             log = logging.getLogger(__name__)
                 return u'/' + final_path
+            _cached_markdown_renderer = None
+            def get_markdown_renderer(extensions, output_format):
+                global _cached_markdown_renderer
+                if _cached_markdown_renderer is None:
+                    _cached_markdown_renderer = markdown.Markdown(
+                        extensions=extensions,
+                        enable_attributes=False, output_format=output_format)
+                return _cached_markdown_renderer
+            _cached_markdown_renderer_flavored = None
+            def get_markdown_renderer_flavored(extensions, output_format):
+                global _cached_markdown_renderer_flavored
+                if _cached_markdown_renderer_flavored is None:
+                    _cached_markdown_renderer_flavored = markdown.Markdown(
+                        extensions=extensions + [GithubFlavoredMarkdownExtension()],
+                        enable_attributes=False, output_format=output_format)
+                return _cached_markdown_renderer_flavored
             class MarkupRenderer(object):
                 RESTRUCTUREDTEXT_DISALLOWED_DIRECTIVES = ['include', 'meta', 'raw']
                 URL_PAT = re.compile(r'(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]'
                                      r'|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)')
-                extensions = ['codehilite', 'extra', 'def_list', 'sane_lists']
+                extensions = ['markdown.extensions.codehilite', 'markdown.extensions.extra',
+                              'markdown.extensions.def_list', 'markdown.extensions.sane_lists']
                 output_format = 'html4'
-                markdown_renderer = markdown.Markdown(
-                    extensions, enable_attributes=False, output_format=output_format)
-                markdown_renderer_flavored = markdown.Markdown(
-                    extensions + [GithubFlavoredMarkdownExtension()],
-                    enable_attributes=False, output_format=output_format)
                 # extension together with weights. Lower is first means we control how
                 # extensions are attached to readme names with those.
                     """
                     if flavored:
-                        markdown_renderer = cls.markdown_renderer_flavored
+                        markdown_renderer = get_markdown_renderer_flavored(
+                            cls.extensions, cls.output_format)
                     else:
-                        markdown_renderer = cls.markdown_renderer
+                        markdown_renderer = get_markdown_renderer(
+                            cls.extensions, cls.output_format)
                     if mentions:
                         mention_pat = re.compile(MENTIONS_REGEX)
                             return nb, resources
-                    def _sanitize_resources(resources):
+                    def _sanitize_resources(input_resources):
                         """
                         Skip/sanitize some of the CSS generated and included in jupyter
                         so it doesn't messes up UI so much
                         # _default_template_path_default, to achieve that
                         # strip the reset CSS
-                        resources[0] = resources[0][resources[0].find('/*! Source'):]
+                        input_resources[0] = input_resources[0][input_resources[0].find('/*! Source'):]
-                        return resources
+                        return input_resources
                     def as_html(notebook):
                         conf = Config()

rhodecode/lib/middleware/simplehg.py

0 +5 0

                     'statlfile': 'pull',
                     'lheads': 'pull',
+                    # evolve
+                    'evoext_obshashrange_v1': 'pull',
+                    'evoext_obshash': 'pull',
+                    'evoext_obshash1': 'pull',
                     'unbundle': 'push',
                     'pushkey': 'push',
                 }

rhodecode/lib/pyramid_utils.py

0 +19 -2

             import os
             from pyramid.compat import configparser
-            from pyramid.paster import bootstrap as pyramid_bootstrap, setup_logging  # noqa
+            from pyramid.paster import bootstrap as pyramid_bootstrap, setup_logging  # pragma: no cover
             from pyramid.scripting import prepare
             from rhodecode.lib.request import Request
                 return appconfig('config:{}'.format(ini_path), relative_to=os.getcwd())
+            class BootstrappedRequest(Request):
+                """
+                Special version of Request Which has some available methods like in pyramid.
+                Some code (used for template rendering) requires this, and we unsure it's present.
+                """
+                def translate(self, msg):
+                    return msg
+                def plularize(self, singular, plural, n):
+                    return singular
+                def get_partial_renderer(self, tmpl_name):
+                    from rhodecode.lib.partial_renderer import get_partial_renderer
+                    return get_partial_renderer(request=self, tmpl_name=tmpl_name)
             def bootstrap(config_uri, request=None, options=None, env=None):
                 if env:
                     os.environ.update(env)
                 except (configparser.NoSectionError, configparser.NoOptionError):
                     pass
-                request = request or Request.blank('/', base_url=base_url)
+                request = request or BootstrappedRequest.blank('/', base_url=base_url)
                 return pyramid_bootstrap(config_uri, request=request, options=options)

rhodecode/lib/vcs/backends/base.py

0 +10 -10

             log = logging.getLogger(__name__)
-            FILEMODE_DEFAULT = 0100644
+            FILEMODE_DEFAULT = 0o100644
-            FILEMODE_EXECUTABLE = 0100755
+            FILEMODE_EXECUTABLE = 0o100755
             Reference = collections.namedtuple('Reference', ('type', 'name', 'commit_id'))
             MergeResponse = collections.namedtuple(
                 def get_create_shadow_cache_pr_path(self, db_repo):
                     path = db_repo.cached_diffs_dir
                     if not os.path.exists(path):
-                        os.makedirs(path, 0755)
+                        os.makedirs(path, 0o755)
                     return path
                 @classmethod
                     """
                     raise NotImplementedError
-                def get_file_commit(self, path, pre_load=None):
+                def get_path_commit(self, path, pre_load=None):
                     """
                     Returns last commit of the file at the given `path`.
                     :param pre_load: Optional. List of commit attributes to load.
                     """
-                    commits = self.get_file_history(path, limit=1, pre_load=pre_load)
+                    commits = self.get_path_history(path, limit=1, pre_load=pre_load)
                     if not commits:
                         raise RepositoryError(
                             'Failed to fetch history for path {}. '
                                 path))
                     return commits[0]
-                def get_file_history(self, path, limit=None, pre_load=None):
+                def get_path_history(self, path, limit=None, pre_load=None):
                     """
                     Returns history of file as reversed list of :class:`BaseCommit`
                     objects for which file at given `path` has been modified.
                             ('tags', ','.join(self.tags)),
                         ]
                         meta = ["%s:%s" % (f_name, value) for f_name, value in metadata]
-                        file_info.append(('.archival.txt', 0644, False, '\n'.join(meta)))
+                        file_info.append(('.archival.txt', 0o644, False, '\n'.join(meta)))
                     connection.Hg.archive_repo(file_path, mtime, file_info, kind)
                     self.idx = value
                 def get_file_changeset(self, path):
-                    warnings.warn("Use get_file_commit instead", DeprecationWarning)
+                    warnings.warn("Use get_path_commit instead", DeprecationWarning)
-                    return self.get_file_commit(path)
+                    return self.get_path_commit(path)
             class BaseChangesetClass(type):
                 def id(self):
                     return self.raw_id
-                def get_file_commit(self, path):
+                def get_path_commit(self, path):
                     return self
                 def get_file_content(self, path):

rhodecode/lib/vcs/backends/git/commit.py

0 +1 -16

                     id_, _ = self._get_id_for_path(path)
                     return self._remote.blob_raw_length(id_)
-                def get_file_history(self, path, limit=None, pre_load=None):
+                def get_path_history(self, path, limit=None, pre_load=None):
                     """
                     Returns history of file as reversed list of `GitCommit` objects for
                     which file at given `path` has been modified.
                         self.repository.get_commit(commit_id=commit_id, pre_load=pre_load)
                         for commit_id in commit_ids]
-                # TODO: unused for now potential replacement for subprocess
-                def get_file_history_2(self, path, limit=None, pre_load=None):
-                    """
-                    Returns history of file as reversed list of `Commit` objects for
-                    which file at given `path` has been modified.
-                    """
-                    self._get_filectx(path)
-                    f_path = safe_str(path)
-                    commit_ids = self._remote.get_file_history(f_path, self.id, limit)
-                    return [
-                        self.repository.get_commit(commit_id=commit_id, pre_load=pre_load)
-                        for commit_id in commit_ids]
                 def get_file_annotate(self, path, pre_load=None):
                     """
                     Returns a generator of four element tuples with

rhodecode/lib/vcs/backends/git/repository.py

0 +1 -1

                             GitRepository.check_url(src_url, self.config)
                         if create:
-                            os.makedirs(self.path, mode=0755)
+                            os.makedirs(self.path, mode=0o755)
                             if bare:
                                 self._remote.init_bare()

rhodecode/lib/vcs/backends/hg/commit.py

0 +2 -2

                     path = self._get_filectx(path)
                     return self._remote.fctx_size(self.idx, path)
-                def get_file_history(self, path, limit=None, pre_load=None):
+                def get_path_history(self, path, limit=None, pre_load=None):
                     """
                     Returns history of file as reversed list of `MercurialCommit` objects
                     for which file at given ``path`` has been modified.
                     """
                     path = self._get_filectx(path)
-                    hist = self._remote.file_history(self.idx, path, limit)
+                    hist = self._remote.node_history(self.idx, path, limit)
                     return [
                         self.repository.get_commit(commit_id=commit_id, pre_load=pre_load)
                         for commit_id in hist]

rhodecode/lib/vcs/backends/hg/repository.py

0 +1 -1

                         create = False
                     if create:
-                        os.makedirs(self.path, mode=0755)
+                        os.makedirs(self.path, mode=0o755)
                     self._remote.localrepository(create)

rhodecode/lib/vcs/backends/svn/commit.py

0 +1 -1

                     path = self._fix_path(path)
                     return self._remote.get_file_size(safe_str(path), self._svn_rev)
-                def get_file_history(self, path, limit=None, pre_load=None):
+                def get_path_history(self, path, limit=None, pre_load=None):
                     path = safe_str(self._fix_path(path))
                     history = self._remote.node_history(path, self._svn_rev, limit)
                     return [

rhodecode/lib/vcs/geventcurl.py

0 +1 -1

             # Import everything from pycurl.
             # This allows us to use this module as a drop in replacement of pycurl.
-            from pycurl import *  # noqa
+            from pycurl import *  # pragma: no cover
             from gevent import core
             from gevent.hub import Waiter

rhodecode/lib/vcs/nodes.py

0 +11 -2

                 def last_commit(self):
                     if self.commit:
                         pre_load = ["author", "date", "message"]
-                        return self.commit.get_file_commit(self.path, pre_load=pre_load)
+                        return self.commit.get_path_commit(self.path, pre_load=pre_load)
                     raise NodeError(
                         "Cannot retrieve last commit of the file without "
                         "related commit attribute")
                     """
                     if self.commit is None:
                         raise NodeError('Unable to get commit for this FileNode')
-                    return self.commit.get_file_history(self.path)
+                    return self.commit.get_path_history(self.path)
                 @LazyProperty
                 def annotate(self):
                     return size
+                @LazyProperty
+                def last_commit(self):
+                    if self.commit:
+                        pre_load = ["author", "date", "message"]
+                        return self.commit.get_path_commit(self.path, pre_load=pre_load)
+                    raise NodeError(
+                        "Cannot retrieve last commit of the file without "
+                        "related commit attribute")
                 def __repr__(self):
                     return '<%s %r @ %s>' % (self.__class__.__name__, self.path,
                                              getattr(self.commit, 'short_id', ''))

rhodecode/model/__init__.py

0 +2 -1

             import logging
+            import rhodecode
             from rhodecode.model import meta, db
             from rhodecode.lib.utils2 import obfuscate_url_pw, get_encryption_key
                 :param engine: engine to bind to
                 """
                 engine_str = obfuscate_url_pw(str(engine.url))
-                log.info("initializing db for %s", engine_str)
+                log.info("RhodeCode %s initializing db for %s", rhodecode.__version__, engine_str)
                 meta.Base.metadata.bind = engine
                 db.ENCRYPTION_KEY = encryption_key

rhodecode/model/db.py

0 +19 -10

                 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
                 Text, Float, PickleType)
             from sqlalchemy.sql.expression import true, false
-            from sqlalchemy.sql.functions import coalesce, count  # noqa
+            from sqlalchemy.sql.functions import coalesce, count  # pragma: no cover
             from sqlalchemy.orm import (
                 relationship, joinedload, class_mapper, validates, aliased)
             from sqlalchemy.ext.declarative import declared_attr
             from sqlalchemy.ext.hybrid import hybrid_property
-            from sqlalchemy.exc import IntegrityError  # noqa
+            from sqlalchemy.exc import IntegrityError  # pragma: no cover
             from sqlalchemy.dialects.mysql import LONGTEXT
             from zope.cachedescriptors.property import Lazy as LazyProperty
                                         % (self.SETTINGS_TYPES.keys(), val))
                     self._app_settings_type = val
+                @classmethod
+                def get_by_prefix(cls, prefix):
+                    return RhodeCodeSetting.query()\
+                        .filter(RhodeCodeSetting.app_settings_name.startswith(prefix))\
+                        .all()
                 def __unicode__(self):
                     return u"<%s('%s:%s[%s]')>" % (
                         self.__class__.__name__,
                     base_table_args
                 )
-                external_id = Column('external_id', Unicode(255), default=u'',
+                external_id = Column('external_id', Unicode(255), default=u'', primary_key=True)
-                                     primary_key=True)
                 external_username = Column('external_username', Unicode(1024), default=u'')
-                local_user_id = Column('local_user_id', Integer(),
+                local_user_id = Column('local_user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
-                                       ForeignKey('users.user_id'), primary_key=True)
+                provider_name = Column('provider_name', Unicode(255), default=u'', primary_key=True)
-                provider_name = Column('provider_name', Unicode(255), default=u'',
-                                       primary_key=True)
                 access_token = Column('access_token', String(1024), default=u'')
                 alt_token = Column('alt_token', String(1024), default=u'')
                 token_secret = Column('token_secret', String(1024), default=u'')
                 @classmethod
-                def by_external_id_and_provider(cls, external_id, provider_name,
+                def by_external_id_and_provider(cls, external_id, provider_name, local_user_id=None):
-                                                local_user_id=None):
                     """
                     Returns ExternalIdentity instance based on search params
                     query = query.filter(cls.local_user_id == local_user_id)
                     return query
+                @classmethod
+                def load_provider_plugin(cls, plugin_id):
+                    from rhodecode.authentication.base import loadplugin
+                    _plugin_id = 'egg:rhodecode-enterprise-ee#{}'.format(plugin_id)
+                    auth_plugin = loadplugin(_plugin_id)
+                    return auth_plugin
             class Integration(Base, BaseModel):
                 __tablename__ = 'integrations'

rhodecode/model/notification.py

0 +3 -4

                         log.debug('sending notifications %s to admins: %s',
                                   notification_type, recipients_objs)
                     else:
-                        recipients_objs = []
+                        recipients_objs = set()
                         for u in recipients:
                             obj = self._get_user(u)
                             if obj:
-                                recipients_objs.append(obj)
+                                recipients_objs.add(obj)
                             else:  # we didn't find this user, log the error and carry on
                                 log.error('cannot notify unknown user %r', u)
-                        recipients_objs = set(recipients_objs)
                         if not recipients_objs:
                             raise Exception('no valid recipients specified')
                         return notification
                     # don't send email to person who created this comment
-                    rec_objs = set(recipients_objs).difference(set([created_by_obj]))
+                    rec_objs = set(recipients_objs).difference({created_by_obj})
                     # now notify all recipients in question

rhodecode/model/pull_request.py

0 +2 -4

                         from rc_reviewers.utils import get_default_reviewers_data
                         from rc_reviewers.utils import validate_default_reviewers
                     except ImportError:
-                        from rhodecode.apps.repository.utils import \
+                        from rhodecode.apps.repository.utils import get_default_reviewers_data
-                            get_default_reviewers_data
+                        from rhodecode.apps.repository.utils import validate_default_reviewers
-                        from rhodecode.apps.repository.utils import \
-                            validate_default_reviewers
                     return get_default_reviewers_data, validate_default_reviewers

rhodecode/model/repo_group.py

0 +1 -1

                     self.check_exist_filesystem(group_name)
                     create_path = os.path.join(self.repos_path, group_name)
                     log.debug('creating new group in %s', create_path)
-                    os.makedirs(create_path, mode=0755)
+                    os.makedirs(create_path, mode=0o755)
                     log.debug('created group in %s', create_path)
                 def _rename_group(self, old, new):

rhodecode/model/settings.py

0 0 -1

                     self._create_or_update_ui(
                         self.repo_settings, *phases, value=safe_str(data[phases_key]))
                 def create_or_update_global_hg_settings(self, data):
                     largefiles, largefiles_store, phases, hgsubversion, evolve \
                         = self.GLOBAL_HG_SETTINGS

rhodecode/model/user.py

0 +6 -5

                     new_user.is_new_user = not edit
                     # for users that didn's specify auth type, we use RhodeCode built in
                     from rhodecode.authentication.plugins import auth_rhodecode
-                    extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
+                    extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.uid
-                    extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
+                    extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.uid
                     try:
                         new_user.username = username
                         log.error(traceback.format_exc())
                         raise
-                def create_registration(self, form_data):
+                def create_registration(self, form_data,
+                                        extern_name='rhodecode', extern_type='rhodecode'):
                     from rhodecode.model.notification import NotificationModel
                     from rhodecode.model.notification import EmailNotificationModel
                     try:
                         form_data['admin'] = False
-                        form_data['extern_name'] = 'rhodecode'
+                        form_data['extern_name'] = extern_name
-                        form_data['extern_type'] = 'rhodecode'
+                        form_data['extern_type'] = extern_type
                         new_user = self.create(form_data)
                         self.sa.add(new_user)

rhodecode/model/validation_schema/__init__.py

0 +1 -1

@@ -20,5 +20,5 b''
20		20
21	import colander	21	import colander
22		22
23	from colander import Invalid # ~~noqa, don't remove this~~	23	from colander import Invalid # pragma: no cover
24		24

rhodecode/public/502.html

0 +4 -5

                         padding-left: 10px;
                     }
                     li {
-                        list-style-type: none;
+                        list-style-type: disc;
-                    li:before {
-                        content: "\2014\00A0";
                     }
                     .error_message {
                         font-weight: normal;
                     </div>
                     <div class="main">
                         <h1>
-Bad Gateway | <span class="error_message">Backend server is unreachable</span>
+Bad Gateway
+                            <br/>
+                            <span class="error_message">Backend server is unreachable</span>
                         </h1>
                         <div class="inner-column">
                             <h4>Possible Causes</h4>

rhodecode/public/css/buttons.less

0 +1 -1

             .btn-social {
                 &:extend(.btn-default);
                 margin: 5px 5px 5px 0px;
-                min-width: 150px;
+                min-width: 160px;
             }
             // TODO: johbo: check these exceptions

rhodecode/public/css/code-block.less

0 +10 -2

             .code { display: block; border:0px !important; }
             .code-highlight, /* TODO: dan: merge codehilite into code-highlight */
+            /* This can be generated with `pygmentize -S default -f html` */
             .codehilite {
                 .hll { background-color: #ffffcc }
                 .c { color: #408080; font-style: italic } /* Comment */
                 .err, .codehilite .err { border: none } /* Error */
                 .k { color: #008000; font-weight: bold } /* Keyword */
                 .o { color: #666666 } /* Operator */
+                .ch { color: #408080; font-style: italic } /* Comment.Hashbang */
                 .cm { color: #408080; font-style: italic } /* Comment.Multiline */
                 .cp { color: #BC7A00 } /* Comment.Preproc */
+                .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */
                 .c1 { color: #408080; font-style: italic } /* Comment.Single */
                 .cs { color: #408080; font-style: italic } /* Comment.Special */
                 .gd { color: #A00000 } /* Generic.Deleted */
                 .gr { color: #FF0000 } /* Generic.Error */
                 .gh { color: #000080; font-weight: bold } /* Generic.Heading */
                 .gi { color: #00A000 } /* Generic.Inserted */
-                .go { color: #808080 } /* Generic.Output */
+                .go { color: #888888 } /* Generic.Output */
                 .gp { color: #000080; font-weight: bold } /* Generic.Prompt */
                 .gs { font-weight: bold } /* Generic.Strong */
                 .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
-                .gt { color: #0040D0 } /* Generic.Traceback */
+                .gt { color: #0044DD } /* Generic.Traceback */
                 .kc { color: #008000; font-weight: bold } /* Keyword.Constant */
                 .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */
                 .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */
                 .nv { color: #19177C } /* Name.Variable */
                 .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */
                 .w { color: #bbbbbb } /* Text.Whitespace */
+                .mb { color: #666666 } /* Literal.Number.Bin */
                 .mf { color: #666666 } /* Literal.Number.Float */
                 .mh { color: #666666 } /* Literal.Number.Hex */
                 .mi { color: #666666 } /* Literal.Number.Integer */
                 .mo { color: #666666 } /* Literal.Number.Oct */
+                .sa { color: #BA2121 } /* Literal.String.Affix */
                 .sb { color: #BA2121 } /* Literal.String.Backtick */
                 .sc { color: #BA2121 } /* Literal.String.Char */
+                .dl { color: #BA2121 } /* Literal.String.Delimiter */
                 .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */
                 .s2 { color: #BA2121 } /* Literal.String.Double */
                 .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */
                 .s1 { color: #BA2121 } /* Literal.String.Single */
                 .ss { color: #19177C } /* Literal.String.Symbol */
                 .bp { color: #008000 } /* Name.Builtin.Pseudo */
+                .fm { color: #0000FF } /* Name.Function.Magic */
                 .vc { color: #19177C } /* Name.Variable.Class */
                 .vg { color: #19177C } /* Name.Variable.Global */
                 .vi { color: #19177C } /* Name.Variable.Instance */
+                .vm { color: #19177C } /* Name.Variable.Magic */
                 .il { color: #666666 } /* Literal.Number.Integer.Long */
             }

rhodecode/public/css/comments.less

0 +2 -3

             }
             .nav-links li {
                 display: inline-block;
+                list-style-type: none;
             }
-            .nav-links li:before {
-                content: "";
             .nav-links li a.disabled {
                 cursor: not-allowed;
             }

rhodecode/public/css/forms.less

0 0 -1

                     li {
                         list-style-type: none;
-                        &:before { content:none; }
                         &:after {
                             content: "";
                             float: left;

rhodecode/public/css/helpers.less

0 +3 -1

                 float: right;
                 clear: right;
-                li:before { content:none; }
+                li {
+                    list-style-type: none;
+                }
             }
             //--- DEVICE-SPECIFIC CLASSES ---------------//

rhodecode/public/css/legacy_code_styles.less

0 +11 -2

                 overflow: visible !important;
             }
+            div.markdown-block h1,
+            div.markdown-block h2 {
+                border-bottom: 1px #e6e5e5 solid !important;
+            }
             div.markdown-block h1 {
                 font-size: 32px;
                 margin: 15px 0 15px 0 !important;
             div.markdown-block h2 {
                 font-size: 24px !important;
                 margin: 34px 0 10px 0 !important;
-                border-top: 3px #e6e5e5 solid !important;
                 padding-top: 15px !important;
                 padding-bottom: 8px !important;
             }
             div.markdown-block img {
               border-style: none;
               background-color: #fff;
+              padding-right: 20px;
             }
                 margin: 1em 0 !important;
             }
+            div.rst-block  h1,
+            div.rst-block  h2 {
+                border-bottom: 1px #e6e5e5 solid !important;
+            }
             div.rst-block  h2 {
                 margin-top: 1.5em !important;
-                border-top: 4px solid #e0e0e0 !important;
                 padding-top: .5em !important;
             }

rhodecode/public/css/main-content.less

0 +10 0

@@ -196,6 +196,16 b''
196	.text-as-placeholder {	196	.text-as-placeholder {
197	padding-top: @input-padding-px + @border-thickness-inputs;	197	padding-top: @input-padding-px + @border-thickness-inputs;
198	}	198	}
		199
		200	.no-border {
		201	border: 1px;
		202	}
		203
		204	.no-horizontal-padding {
		205	padding-left: 0;
		206	padding-right: 0;
		207	}
		208
199	}	209	}
200		210
201	// TODO: johbo: Try to find a better integration of this bit.	211	// TODO: johbo: Try to find a better integration of this bit.

rhodecode/public/css/main.less

0 +4 -4

             			margin-right: @padding;
             		}
-                    &:before { content: none; }
             	}
             }
                 position: relative;
                 width: 100%;
                 padding-bottom: 8px;
+                list-style-type: none;
             }
             .reviewer_entry {
                 padding: 0px 0px;
             }
-            .pull-request-merge li:before{
+            .pull-request-merge li {
-                content:none;
+                list-style-type: none;
             }
             .pull-request-merge .pull-request-wrap {
             			font-size: @journal-fontsize;
                         line-height: 1em;
-                        &:before { content: none; }
+                        list-style-type: none;
             		}
             	}
             }

rhodecode/public/css/navigation.less

0 +5 -14

                             padding: 0 2px;
                         }
                     }
+                    list-style-type: none;
-                    &:before { content: none; }
                 }
                 > li {
                     line-height: 1em;
                     color: @grey3;
                     background-color: @grey6;
+                    list-style-type: none;
-                    &:before { content: none; }
                     a {
                         display: block;
                         line-height: 1em;
                         list-style-type: none;
-                        &:before { content: none; }
                         a {
                             display: block;
                             height: 16px;
                         line-height: 1em;
                         color: @grey6;
-                        &:before { content: none; }
                         &>.select2-result-label {
                             padding: 8px 0;
                             border-bottom: @border-thickness solid @grey3;
                         line-height: 1em;
                         font-family: @text-light;
                         color: @grey2;
+                        list-style-type: none;
-                        &:before { content: none; }
                         &:hover {
                             background-color: @grey3;
             ul#context-pages {
                 li {
                     line-height: 1em;
+                    list-style-type: none;
-                    &:before { content: none; }
                     a {
                         color: @grey3;
                         padding-bottom: @menupadding;
                         line-height: 1em;
                         color: @grey4;
+                        list-style-type: none;
                         &.active a {
                             color: @grey2;
                         a {
                             color: @grey4;
                         }
-                        &:before { content: none; }
                     }
                 }

rhodecode/public/css/readme-box.less

0 +7 -2

                 overflow: visible !important;
             }
+            div.readme_box h1,
+            div.readme_box h2 {
+                border-bottom: 1px #e6e5e5 solid !important;
+            }
             div.readme_box h1 {
                 font-size: 32px;
                 margin: 15px 0 15px 0 !important;
             div.readme_box h2 {
                 font-size: 24px !important;
                 margin: 34px 0 10px 0 !important;
-                border-top: 3px #e6e5e5 solid !important;
                 padding-top: 15px !important;
                 padding-bottom: 8px !important;
             }
             div.readme_box img {
               border-style: none;
               background-color: #fff;
+              padding-right: 20px;
             }
             div.readme_box ul li,
             div.readme_box ol li {
-                list-style: bullet !important;
+                list-style: disc !important;
                 margin: 6px !important;
                 padding: 0 !important;
             }

rhodecode/public/css/select2.less

0 0 -2

                     line-height: 1em;
                     list-style-type: none;
-                    &:before { content: none; }
                     &:hover,
                     &.select2-highlighted {
                         background-color: @rclightblue;

rhodecode/public/css/summary.less

0 +1 -5

                         padding-left: 0;
                         li {
+                            list-style-type: none;
-                            &:before {
-                                content: none;
-                                width: 0;
                         }
                     }
                 }

rhodecode/public/css/tables.less

0 +3 -1

                 .expired td {
                     background-color: @grey7;
                 }
+                .inactive td {
+                    background-color: @grey6;
+                }
                 th {
                     text-align: left;
                     font-weight: @text-semibold-weight;

rhodecode/public/css/tags.less

0 0 -2

                     margin: 0 0 @padding;
                     line-height: 1em;
                     list-style-type: none;
-                    &:before { content: none; }
                 }
             }

rhodecode/public/css/type.less

0 +7 -12

                     list-style: none;
                     text-align: right;
-                    li:before { content: none; }
+                    li {
-                    li { float: right; }
+                      float: right;
+                      list-style-type: none;
+                    }
                     a {
                         display: inline-block;
                         margin-left: @textmargin/2;
             ul li {
               position: relative;
-              display: block;
+              list-style-type: disc;
-              list-style-type: none;
-              &:before {
-                content: "\2014\00A0";
-                position: absolute;
-                top: 0;
-                left: -1.25em;
               p:first-child {
                 display:inline;
               color: @grey4;
               font-family: @text-light;
               &.pre-formatting {
-                  white-space: pre;
+                  white-space: pre-wrap;
               }
             }

rhodecode/public/css/variables.less

0 +1 -1

             @label-summary-minwidth: 80px;
             @search-form-width: 400px;
             @fields-input-m: 400px;
-            @fields-input-l: 800px;
+            @fields-input-l: 720px;
             // BUTTONS
             @button-padding: .9em;

rhodecode/public/js/rhodecode/routes.js

0 +1 -1

                 // routes registration
                 pyroutes.register('favicon', '/favicon.ico', []);
                 pyroutes.register('robots', '/robots.txt', []);
-                pyroutes.register('auth_home', '/_admin/auth*traverse', []);
                 pyroutes.register('global_integrations_new', '/_admin/integrations/new', []);
                 pyroutes.register('global_integrations_home', '/_admin/integrations', []);
                 pyroutes.register('global_integrations_list', '/_admin/integrations/%(integration)s', ['integration']);
                 pyroutes.register('repo_integrations_list', '/%(repo_name)s/settings/integrations/%(integration)s', ['repo_name', 'integration']);
                 pyroutes.register('repo_integrations_create', '/%(repo_name)s/settings/integrations/%(integration)s/new', ['repo_name', 'integration']);
                 pyroutes.register('repo_integrations_edit', '/%(repo_name)s/settings/integrations/%(integration)s/%(integration_id)s', ['repo_name', 'integration', 'integration_id']);
+                pyroutes.register('auth_home', '/_admin/auth*traverse', []);
                 pyroutes.register('ops_ping', '/_admin/ops/ping', []);
                 pyroutes.register('ops_error_test', '/_admin/ops/error', []);
                 pyroutes.register('ops_redirect_test', '/_admin/ops/redirect', []);

rhodecode/rcserver.py

0 +1 -2

                             msg = ''
                         self.out('Exiting%s (-v to see traceback)' % msg)
                 def loadapp(self, app_spec, name, relative_to, **kw):  # pragma: no cover
                     return loadapp(app_spec, name=name, relative_to=relative_to, **kw)
-                def loadserver(self, server_spec, name, relative_to, **kw):  # pragma:no cover
+                def loadserver(self, server_spec, name, relative_to, **kw):  # pragma: no cover
                     return loadserver(
                         server_spec, name=name, relative_to=relative_to, **kw)

rhodecode/templates/admin/auth/auth_settings.mako

0 +37 -29

                 <div class="main-content-full-width">
                   ${h.secure_form(request.resource_path(resource, route_name='auth_home'), request=request)}
-                  <div class="form">
                     <div class="panel panel-default">
                       <div class="panel-heading">
                         <h3 class="panel-title">${_("Enabled and Available Plugins")}</h3>
                       </div>
-                      <div class="fields panel-body">
+                      <div class="panel-body">
-                        <div class="field">
-                          <div class="label">${_("Enabled Plugins")}</div>
+                          <div class="label">${_("Ordered Activated Plugins")}</div>
                           <div class="textarea text-area editor">
-                              ${h.textarea('auth_plugins',cols=23,rows=5,class_="medium")}
+                              ${h.textarea('auth_plugins',cols=120,rows=20,class_="medium")}
                           </div>
-                          <p class="help-block pre-formatting">${_('List of plugins, separated by commas.'
+                          <div class="field">
+                            <p class="help-block pre-formatting">${_('List of plugins, separated by commas.'
                               '\nThe order of the plugins is also the order in which '
-                              'RhodeCode Enterprise will try to authenticate a user.')}</p>
+                              'RhodeCode Enterprise will try to authenticate a user.')}
-                        </div>
+                            </p>
+                          </div>
-                        <div class="field">
+                          <table class="rctable">
-                          <div class="label">${_('Available Built-in Plugins')}</div>
+                              <th>${_('Activate')}</th>
-                          <ul class="auth_plugins">
+                              <th>${_('Plugin Name')}</th>
-                          %for plugin in available_plugins:
+                              <th>${_('Documentation')}</th>
-                              <li>
+                              <th>${_('Plugin ID')}</th>
-                                <div class="auth_buttons">
+                              <th>${_('Enabled')}</th>
-                                    <span plugin_id="${plugin.get_id()}" class="toggle-plugin btn ${'btn-success' if plugin.get_id() in enabled_plugins else ''}">
+                              %for plugin in available_plugins:
-                                      ${_('enabled') if plugin.get_id() in enabled_plugins else _('disabled')}
+                                  <tr class="${'inactive' if (not plugin.is_active() and plugin.get_id() in enabled_plugins) else ''}">
-                                    </span>
+                                      <td>
-                                    ${plugin.get_display_name()} (${plugin.get_id()})
+                                        <span plugin_id="${plugin.get_id()}" class="toggle-plugin btn ${'btn-success' if plugin.get_id() in enabled_plugins else ''}">
-                                </div>
+                                          ${_('activated') if plugin.get_id() in enabled_plugins else _('not active')}
-                              </li>
+                                        </span>
-                          %endfor
+                                      </td>
-                          </ul>
+                                      <td>${plugin.get_display_name()}</td>
-                        </div>
+                                      <td>
+                                          % if plugin.docs():
+                                            <a href="${plugin.docs()}">docs</a>
+                                          % endif
+                                      </td>
+                                      <td>${plugin.get_id()}</td>
+                                      <td>${h.bool2icon(plugin.is_active(),show_at_false=False)}</td>
+                                  </tr>
+                              %endfor
+                          </table>
                         <div class="buttons">
                           ${h.submit('save',_('Save'),class_="btn")}
                         </div>
                       </div>
                     </div>
-                  </div>
                   ${h.end_form()}
                 </div>
               </div>
                   elems.splice(elems.indexOf(plugin_id), 1);
                   auth_plugins_input.val(elems.join(',\n'));
                   $(cur_button).removeClass('btn-success');
-                  cur_button.innerHTML = _gettext('disabled');
+                  cur_button.innerHTML = _gettext('not active');
                 }
                 else{
-                  if(elems.indexOf(plugin_id) == -1){
+                  if (elems.indexOf(plugin_id) === -1) {
-                    elems.push(plugin_id);
+                        elems.push(plugin_id);
                   }
                   auth_plugins_input.val(elems.join(',\n'));
                   $(cur_button).addClass('btn-success');
-                  cur_button.innerHTML = _gettext('enabled');
+                  cur_button.innerHTML = _gettext('activated');
                 }
               });
             </script>

rhodecode/templates/admin/auth/plugin_settings.mako

0 +27 -13

                             <div class="form">
                               %for node in plugin.get_settings_schema():
-                                <% label_css_class = ("label-checkbox" if (node.widget == "bool") else "") %>
+                                <%
+                                  label_to_type = {'label-checkbox': 'bool', 'label-textarea': 'textarea'}
+                                %>
                                 <div class="field">
-                                  <div class="label ${label_css_class}"><label for="${node.name}">${node.title}</label></div>
+                                  <div class="label ${label_to_type.get(node.widget)}"><label for="${node.name}">${node.title}</label></div>
                                   <div class="input">
                                     %if node.widget in ["string", "int", "unicode"]:
-                                      ${h.text(node.name, defaults.get(node.name), class_="medium")}
+                                      ${h.text(node.name, defaults.get(node.name), class_="large")}
                                     %elif node.widget == "password":
-                                      ${h.password(node.name, defaults.get(node.name), class_="medium")}
+                                      ${h.password(node.name, defaults.get(node.name), class_="large")}
                                     %elif node.widget == "bool":
                                       <div class="checkbox">${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
                                     %elif node.widget == "select":
-                                      ${h.select(node.name, defaults.get(node.name), node.validator.choices)}
+                                      ${h.select(node.name, defaults.get(node.name), node.validator.choices, class_="select2AuthSetting")}
+                                    %elif node.widget == "textarea":
+                                      <div class="textarea" style="margin-left: 0px">${h.textarea(node.name, defaults.get(node.name), rows=10)}</div>
                                     %elif node.widget == "readonly":
                                       ${node.default}
                                     %else:
                                       This field is of type ${node.typ}, which cannot be displayed. Must be one of [string|int|bool|select].
                                     %endif
                                     %if node.name in errors:
                                       <span class="error-message">${errors.get(node.name)}</span>
                                       <br />
                             ${h.end_form()}
                           </div>
                         </div>
+            % if request.GET.get('schema'):
+            ## this is for development and creation of example configurations for documentation
+            <pre>
+                % for node in plugin.get_settings_schema():
+                *option*: `${node.name}` => `${defaults.get(node.name)}`${'\n    # '.join(['']+node.description.splitlines())}
+                % endfor
+            </pre>
+            % endif
                       </div>
                     </div>
                   </div>
                 </div>
               </div>
-            ## TODO: Ugly hack to get ldap select elements to work.
-            ##       Find a solution to integrate this nicely.
             <script>
             $(document).ready(function() {
               var select2Options = {
                     dropdownCssClass: 'drop-menu-dropdown',
                     dropdownAutoWidth: true,
                     minimumResultsForSearch: -1
-                };
+              };
-                $("#tls_kind").select2(select2Options);
+              $('.select2AuthSetting').select2(select2Options);
-                $("#tls_reqcert").select2(select2Options);
-                $("#search_scope").select2(select2Options);
-                $("#group_extraction_type").select2(select2Options);
-                $("#admin_groups_sync").select2(select2Options);
             });
             </script>
             </%def>

rhodecode/templates/admin/my_account/my_account.mako

0 +4 -4

                       <li class="${'active' if c.active in ['ssh_keys', 'ssh_keys_generate'] else ''}"><a href="${h.route_path('my_account_ssh_keys')}">${_('SSH Keys')}</a></li>
                       <li class="${'active' if c.active=='user_group_membership' else ''}"><a href="${h.route_path('my_account_user_group_membership')}">${_('User Group Membership')}</a></li>
-                      ## TODO: Find a better integration of oauth views into navigation.
+                      ## TODO: Find a better integration of oauth/saml views into navigation.
-                      <% my_account_oauth_url = h.route_path_or_none('my_account_oauth') %>
+                      <% my_account_external_url = h.route_path_or_none('my_account_external_identity') %>
-                      % if my_account_oauth_url:
+                      % if my_account_external_url:
-                      <li class="${'active' if c.active=='oauth' else ''}"><a href="${my_account_oauth_url}">${_('OAuth Identities')}</a></li>
+                      <li class="${'active' if c.active=='external_identity' else ''}"><a href="${my_account_external_url}">${_('External Identities')}</a></li>
                       % endif
                       <li class="${'active' if c.active=='emails' else ''}"><a href="${h.route_path('my_account_emails')}">${_('Emails')}</a></li>
                       <li class="${'active' if c.active=='repos' else ''}"><a href="${h.route_path('my_account_repos')}">${_('Repositories')}</a></li>

rhodecode/templates/admin/permissions/permissions_auth_token_access.mako

0 +1 -3

                     % for route_name, view_fqn, view_url, active in c.view_data:
                     <tr>
                         <td class="td-x">
-                            % if active:
+                            ${h.bool2icon(active, show_at_false=False)}
-                                ${h.bool2icon(active)}
-                            % endif
                         </td>
                         <td class="td-x">${view_fqn}</td>
                         <td class="td-x" title="${route_name}">${view_url}</td>

rhodecode/templates/admin/settings/settings_global.mako

0 +31 -3

                             <option value="clicky">Clicky</option>
                             <option value="server_announce">${_('Server Announcement')}</option>
                             <option value="flash_filtering">${_('Flash message filtering')}</option>
+                            <option value="custom_logo">${_('Custom logos')}</option>
                         </select>
                     </div>
                     <div style="padding: 10px 0px"></div>
             // This can be used to send a global maintenance messages or other
             // important messages to all users of the RhodeCode Enterprise system.
-            $(document).ready(function(e){
+            $(document).ready(function(e) {
              // EDIT - put your message below
              var message = "TYPE YOUR MESSAGE HERE";
             </%text>
             </script>
+            <script id="custom_logo_tmpl" type='text/x-template'>
+            <%text filter="h">
+            <script>
+            $(document).ready(function(e) {
+                // 1) Set custom logo on login/register pages.
+                // external URL, custom company logo
+                //$('.sign-in-image').attr("src", "http://server.com/logo_path/custom_logo.png");
+                // Alternative logo from static folder
+                $('.sign-in-image').attr("src", "/_static/rhodecode/images/RhodeCode_Logo_Black.png");
+                // option to set width/height, adjust if required to make your image look good.
+                $('.sign-in-image').css({"width": "300px", "height": "345px"});
+                // 2) Header logo on top bar
+                $('.logo-wrapper').find('img').attr('src', 'http://server.com/logo_path/custom_header_logo.png')
+            });
+            </script>
+            </%text>
+            </script>
             <script>
             var pre_cm = initCodeMirror('rhodecode_pre_code', '', false);
             var pre_old = pre_cm.getValue();
             var post_cm = initCodeMirror('rhodecode_post_code', '', false);
             var post_old = post_cm.getValue();
-            var get_data = function(type, old){
+            var get_data = function(type, old) {
                 var get_tmpl = function(tmpl_name){
                     // unescape some stuff
                     return htmlEnDeCode.htmlDecode($('#'+tmpl_name+'_tmpl').html());
                     'ga': get_tmpl('ga'),
                     'clicky': get_tmpl('clicky'),
                     'server_announce': get_tmpl('server_announce'),
-                    'flash_filtering': get_tmpl('flash_filtering')
+                    'flash_filtering': get_tmpl('flash_filtering'),
+                    'custom_logo': get_tmpl('custom_logo')
                 }[type]
             };

rhodecode/templates/admin/users/user_edit_profile.mako

0 +3 -2

                         </div>
                         <div class="field">
                            <div class="label-text">
-                                ${_('Source of Record')}:
+                                ${_('Authentication type')}:
                            </div>
                            <div class="input">
                                 <p>${c.extern_type}</p>
                                 ${h.hidden('extern_type', readonly="readonly")}
+                                <p class="help-block">${_('User was created using an external source. He is bound to authentication using this method.')}</p>
                             </div>
                         </div>
                         <div class="field">
                                 ## allowed_languages is defined in the users.py
                                 ## c.language comes from base.py as a default language
                                 ${h.select('language', c.language, c.allowed_languages)}
-                                <p class="help-block">${h.literal(_('Help translate %(rc_link)s into your language.') % {'rc_link': h.link_to('RhodeCode Enterprise', h.route_url('rhodecode_translations'))})}</p>
+                                <p class="help-block">${h.literal(_('User interface language. Help translate %(rc_link)s into your language.') % {'rc_link': h.link_to('RhodeCode Enterprise', h.route_url('rhodecode_translations'))})}</p>
                             </div>
                         </div>
                         <div class="buttons">

rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako

0 +2 -1

                 </div>
                 <div class="panel-body">
                     <p>
-                        ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
+                        ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
+                        ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
                     </p>
                     <h4>${_('Private key')}</h4>
                     <pre>

rhodecode/templates/base/root.mako

0 +2 -3

             %>
             <html xmlns="http://www.w3.org/1999/xhtml">
                 <head>
-                    <script src="${h.asset('js/vendors/webcomponentsjs/custom-elements-es5-adapter.js', ver=c.rhodecode_version_hash)}"></script>
-                    <script src="${h.asset('js/vendors/webcomponentsjs/webcomponents-bundle.js', ver=c.rhodecode_version_hash)}"></script>
                     <title>${self.title()}</title>
                     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
                     </%def>
                     ${self.robots()}
                     <link rel="icon" href="${h.asset('images/favicon.ico', ver=c.rhodecode_version_hash)}" sizes="16x16 32x32" type="image/png" />
+                    <script src="${h.asset('js/vendors/webcomponentsjs/custom-elements-es5-adapter.js', ver=c.rhodecode_version_hash)}"></script>
+                    <script src="${h.asset('js/vendors/webcomponentsjs/webcomponents-bundle.js', ver=c.rhodecode_version_hash)}"></script>
                     ## CSS definitions
                     <%def name="css()">

rhodecode/templates/errors/error_document.mako

0 +7 -2

                     <title>Error - ${c.error_message}</title>
                     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
                     <meta name="robots" content="index, nofollow"/>
-                    <link rel="icon" href="${h.asset('images/favicon.ico')}" sizes="16x16 32x32" type="image/png" />
                     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
                     %if c.redirect_time:
                         <meta http-equiv="refresh" content="${c.redirect_time}; url=${c.url_redirect}"/>
                     %endif
+                    <link rel="icon" href="${h.asset('images/favicon.ico', ver=c.rhodecode_version_hash)}" sizes="16x16 32x32" type="image/png" />
+                    <script src="${h.asset('js/vendors/webcomponentsjs/custom-elements-es5-adapter.js', ver=c.rhodecode_version_hash)}"></script>
+                    <script src="${h.asset('js/vendors/webcomponentsjs/webcomponents-bundle.js', ver=c.rhodecode_version_hash)}"></script>
                     <link rel="stylesheet" type="text/css" href="${h.asset('css/style.css', ver=c.rhodecode_version_hash)}" media="screen"/>
                     <style>body { background:#eeeeee; }</style>
                     <script type="text/javascript">
                                 <span class="error-branding">
                                     ${h.branding(c.rhodecode_name)}
                                 </span><br/>
-                                ${c.error_message} | <span class="error_message">${c.error_explanation}</span>
+                                ${c.error_message}
+                                <br/>
+                                <span class="error_message">${c.error_explanation}</span>
                             </h1>
                             % if c.messages:
                                 % for message in c.messages:

rhodecode/templates/register.mako

0 +6 -4

                     <div id="register" class="right-column">
                         <!-- login -->
                         <div class="sign-in-title">
-                            % if social_auth_provider:
+                            % if external_auth_provider:
-                                <h1>${_('Create an account linked with {}').format(social_auth_provider)}</h1>
+                                <h1>${_('Create an account linked with {}').format(external_auth_provider)}</h1>
                             % else:
                                 <h1>${_('Create an account')}</h1>
                             % endif
                                   <br />
                                 %endif
-                                % if social_auth_provider:
+                                % if external_auth_provider:
+                                    ## store internal marker about external identity
+                                    ${h.hidden('external_identity', external_auth_provider)}
                                     ## hide password prompts for social auth
                                     <div style="display: none">
                                 % endif
                                   <br />
                                 %endif
-                                % if social_auth_provider:
+                                % if external_auth_provider:
                                     ## hide password prompts for social auth
                                     </div>
                                 % endif

rhodecode/tests/auth_external_test.py

0 +1 -1

                 @hybrid_property
                 def name(self):
-                    return "external_test"
+                    return u"external_test"
                 def settings(self):
                     settings = [

rhodecode/tests/lib/auth_modules/test_auth_modules.py

0 +1 -1

             class RcTestAuthPlugin(RhodeCodeAuthPluginBase):
                 def name(self):
-                    return 'stub_auth'
+                    return u'stub_auth'
             def test_authenticate_returns_from_auth(stub_auth_data):

rhodecode/tests/lib/middleware/test_simplevcs.py

0 +2 0

             def vcscontroller(baseapp, config_stub, request_stub):
                 config_stub.testing_securitypolicy()
                 config_stub.include('rhodecode.authentication')
+                config_stub.include('rhodecode.authentication.plugins.auth_rhodecode')
+                config_stub.include('rhodecode.authentication.plugins.auth_token')
                 controller = StubVCSController(
                     baseapp.config.get_settings(), request_stub.registry)

rhodecode/tests/models/test_changeset_status_group_voting.py

0 +1 -1

             class MemberMock(object):
                 def __init__(self, reviewer_def):
                     self.reviewer_def = reviewer_def
-                    self.user_id = random.randint(1, 1024)
+                    self.user_id = random.randint(1, 1024*1024)
             class Statuses(object):

rhodecode/tests/other/test_validators.py

0 +2 0

             def test_ValidAuth(localizer, config_stub):
                 config_stub.testing_securitypolicy()
                 config_stub.include('rhodecode.authentication')
+                config_stub.include('rhodecode.authentication.plugins.auth_rhodecode')
+                config_stub.include('rhodecode.authentication.plugins.auth_token')
                 validator = v.ValidAuth(localizer)
                 valid_creds = {

rhodecode/tests/vcs/test_commits.py

0 +8 -8

                     with pytest.raises(CommitDoesNotExistError):
                         commit.next()
-                def test_get_file_commit(self):
+                def test_get_path_commit(self):
                     commit = self.repo.get_commit()
-                    commit.get_file_commit('file_4.txt')
+                    commit.get_path_commit('file_4.txt')
                     assert commit.message == 'Commit 4'
                 def test_get_filenodes_generator(self):
                     assert FILEMODE_DEFAULT == commit.get_file_mode('foo/bał')
                     assert FILEMODE_DEFAULT == commit.get_file_mode(u'foo/bał')
-                def test_get_file_history(self):
+                def test_get_path_history(self):
                     commit = self.repo.get_commit()
-                    history = commit.get_file_history('foo/bar')
+                    history = commit.get_path_history('foo/bar')
                     assert len(history) == 2
-                def test_get_file_history_with_limit(self):
+                def test_get_path_history_with_limit(self):
                     commit = self.repo.get_commit()
-                    history = commit.get_file_history('foo/bar', limit=1)
+                    history = commit.get_path_history('foo/bar', limit=1)
                     assert len(history) == 1
-                def test_get_file_history_first_commit(self):
+                def test_get_path_history_first_commit(self):
                     commit = self.repo[0]
-                    history = commit.get_file_history('foo/bar')
+                    history = commit.get_path_history('foo/bar')
                     assert len(history) == 1

rhodecode/tests/vcs/test_git.py

0 +2 -2

                             'sys.exit(1)',
                         ]
                         f.write('\n'.join(script_lines))
-                    os.chmod(hook_path, 0755)
+                    os.chmod(hook_path, 0o755)
                 def test_local_push_does_not_execute_hook(self):
                     target_repo = self.get_empty_repo()
                                 FileNode('foobar/static/js/admin/base.js', content='base'),
                                 FileNode(
                                     'foobar/static/admin', content='admin',
-                                    mode=0120000),  # this is a link
+                                    mode=0o120000),  # this is a link
                                 FileNode('foo', content='foo'),
                             ],
                         },

rhodecode/tests/vcs/test_nodes.py

0 +3 -3

                     assert not mode & stat.S_IXOTH
                 def test_file_node_is_executable(self):
-                    node = FileNode('foobar', 'empty... almost', mode=0100755)
+                    node = FileNode('foobar', 'empty... almost', mode=0o100755)
                     assert node.is_executable
-                    node = FileNode('foobar', 'empty... almost', mode=0100500)
+                    node = FileNode('foobar', 'empty... almost', mode=0o100500)
                     assert node.is_executable
-                    node = FileNode('foobar', 'empty... almost', mode=0100644)
+                    node = FileNode('foobar', 'empty... almost', mode=0o100644)
                     assert not node.is_executable
                 def test_file_node_is_not_symlink(self):

rhodecode/tests/vcs/test_repository.py

0 +2 -2

                         commit_id1=original[0].raw_id,
                         commit_id2=unrelated[0].raw_id,
                         repo2=unrelated
-                    ) == None
+                    ) is None
                     assert original.get_common_ancestor(
                         commit_id1=original[-1].raw_id,
                         commit_id2=unrelated[-1].raw_id,
                         repo2=unrelated
-                    ) == None
+                    ) is None
             @pytest.mark.backends("git", "hg")

setup.py

0 0 -9

@@ -148,15 +148,6 b' setup('
148	},	148	},
149	paster_plugins=['PasteScript'],	149	paster_plugins=['PasteScript'],
150	entry_points={	150	entry_points={
151	'enterprise.plugins1': [
152	'crowd=rhodecode.authentication.plugins.auth_crowd:plugin_factory',
153	'headers=rhodecode.authentication.plugins.auth_headers:plugin_factory',
154	'jasig_cas=rhodecode.authentication.plugins.auth_jasig_cas:plugin_factory',
155	'ldap=rhodecode.authentication.plugins.auth_ldap:plugin_factory',
156	'pam=rhodecode.authentication.plugins.auth_pam:plugin_factory',
157	'rhodecode=rhodecode.authentication.plugins.auth_rhodecode:plugin_factory',
158	'token=rhodecode.authentication.plugins.auth_token:plugin_factory',
159	],
160	'paste.app_factory': [	151	'paste.app_factory': [
161	'main=rhodecode.config.middleware:make_pyramid_app',	152	'main=rhodecode.config.middleware:make_pyramid_app',
162	],	153	],

docs/images/ldap-example.png

0 removed binary 0 0

NO CONTENT: file was removed, binary diff hidden

docs/images/ldap-groups-example.png

0 removed binary 0 0

NO CONTENT: file was removed, binary diff hidden

rhodecode/config/rcextensions/examples/validate_author.py

0 removed 0 0

NO CONTENT: file was removed

rhodecode/config/rcextensions/examples/validate_commit_message.py

0 removed 0 0

NO CONTENT: file was removed

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages