u/pc/rhodecode-enterprise-ce-fork-pc Commit - r2833:920dbf8a

hooks: made the callback host configurable....

marcink -

r2833:920dbf8a default

parent child

configs/development.ini

0 +4 0

             ################################################################################
             ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
             # The %(here)s variable will be replaced with the parent directory of this file#
             ################################################################################
             [DEFAULT]
             debug = true
             ################################################################################
             ##                            EMAIL CONFIGURATION                             ##
             ## Uncomment and replace with the email address which should receive          ##
             ## any error reports after an application crash                               ##
             ## Additionally these settings will be used by the RhodeCode mailing system   ##
             ################################################################################
             ## prefix all emails subjects with given prefix, helps filtering out emails
             #email_prefix = [RhodeCode]
             ## email FROM address all mails will be sent
             #app_email_from = rhodecode-noreply@localhost
             ## Uncomment and replace with the address which should receive any error report
             ## note: using appenlight for error handling doesn't need this to be uncommented
             #email_to = admin@localhost
             ## in case of Application errors, sent an error email form
             #error_email_from = rhodecode_error@localhost
             ## additional error message to be send in case of server crash
             #error_message =
             #smtp_server = mail.server.com
             #smtp_username =
             #smtp_password =
             #smtp_port =
             #smtp_use_tls = false
             #smtp_use_ssl = true
             ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
             #smtp_auth =
             [server:main]
             ## COMMON ##
             host = 127.0.0.1
             port = 5000
             ##################################
             ##     WAITRESS WSGI SERVER     ##
             ## Recommended for Development  ##
             ##################################
             use = egg:waitress#main
             ## number of worker threads
             threads = 5
             ## MAX BODY SIZE 100GB
             max_request_body_size = 107374182400
             ## Use poll instead of select, fixes file descriptors limits problems.
             ## May not work on old windows systems.
             asyncore_use_poll = true
             ##########################
             ## GUNICORN WSGI SERVER ##
             ##########################
             ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
             #use = egg:gunicorn#main
             ## Sets the number of process workers. You must set `instance_id = *`
             ## when this option is set to more than one worker, recommended
             ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
             ## The `instance_id = *` must be set in the [app:main] section below
             #workers = 2
             ## number of threads for each of the worker, must be set to 1 for gevent
             ## generally recommended to be at 1
             #threads = 1
             ## process name
             #proc_name = rhodecode
             ## type of worker class, one of sync, gevent
             ## recommended for bigger setup is using of of other than sync one
             #worker_class = gevent
             ## The maximum number of simultaneous clients. Valid only for Gevent
             #worker_connections = 10
             ## max number of requests that worker will handle before being gracefully
             ## restarted, could prevent memory leaks
             #max_requests = 1000
             #max_requests_jitter = 30
             ## amount of time a worker can spend with handling a request before it
             ## gets killed and restarted. Set to 6hrs
             #timeout = 21600
             ## prefix middleware for RhodeCode.
             ## recommended when using proxy setup.
             ## allows to set RhodeCode under a prefix in server.
             ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
             ## And set your prefix like: `prefix = /custom_prefix`
             ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
             ## to make your cookies only work on prefix url
             [filter:proxy-prefix]
             use = egg:PasteDeploy#prefix
             prefix = /
             [app:main]
             use = egg:rhodecode-enterprise-ce
             ## enable proxy prefix middleware, defined above
             #filter-with = proxy-prefix
             # During development the we want to have the debug toolbar enabled
             pyramid.includes =
                 pyramid_debugtoolbar
                 rhodecode.lib.middleware.request_wrapper
             pyramid.reload_templates = true
             debugtoolbar.hosts = 0.0.0.0/0
             debugtoolbar.exclude_prefixes =
                 /css
                 /fonts
                 /images
                 /js
             ## RHODECODE PLUGINS ##
             rhodecode.includes =
                 rhodecode.api
             # api prefix url
             rhodecode.api.url = /_admin/api
             ## END RHODECODE PLUGINS ##
             ## encryption key used to encrypt social plugin tokens,
             ## remote_urls with credentials etc, if not set it defaults to
             ## `beaker.session.secret`
             #rhodecode.encrypted_values.secret =
             ## decryption strict mode (enabled by default). It controls if decryption raises
             ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
             #rhodecode.encrypted_values.strict = false
             ## return gzipped responses from Rhodecode (static files/application)
             gzip_responses = false
             ## autogenerate javascript routes file on startup
             generate_js_files = false
             ## Optional Languages
             ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
             lang = en
             ## perform a full repository scan on each server start, this should be
             ## set to false after first startup, to allow faster server restarts.
             startup.import_repos = false
             ## Uncomment and set this path to use archive download cache.
             ## Once enabled, generated archives will be cached at this location
             ## and served from the cache during subsequent requests for the same archive of
             ## the repository.
             #archive_cache_dir = /tmp/tarballcache
             ## URL at which the application is running. This is used for bootstraping
             ## requests in context when no web request is available. Used in ishell, or
             ## SSH calls. Set this for events to receive proper url for SSH calls.
             app.base_url = http://rhodecode.local
             ## change this to unique ID for security
             app_instance_uuid = rc-production
             ## cut off limit for large diffs (size in bytes). If overall diff size on
             ## commit, or pull request exceeds this limit this diff will be displayed
             ## partially. E.g 512000 == 512Kb
             cut_off_limit_diff = 512000
             ## cut off limit for large files inside diffs (size in bytes). Each individual
             ## file inside diff which exceeds this limit will be displayed partially.
             ##  E.g 128000 == 128Kb
             cut_off_limit_file = 128000
             ## use cache version of scm repo everywhere
             vcs_full_cache = true
             ## force https in RhodeCode, fixes https redirects, assumes it's always https
             ## Normally this is controlled by proper http flags sent from http server
             force_https = false
             ## use Strict-Transport-Security headers
             use_htsts = false
             ## git rev filter option, --all is the default filter, if you need to
             ## hide all refs in changelog switch this to --branches --tags
             git_rev_filter = --branches --tags
             # Set to true if your repos are exposed using the dumb protocol
             git_update_server_info = false
             ## RSS/ATOM feed options
             rss_cut_off_limit = 256000
             rss_items_per_page = 10
             rss_include_diff = false
             ## gist URL alias, used to create nicer urls for gist. This should be an
             ## url that does rewrites to _admin/gists/{gistid}.
             ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
             ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
             gist_alias_url =
             ## List of views (using glob pattern syntax) that AUTH TOKENS could be
             ## used for access.
             ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
             ## came from the the logged in user who own this authentication token.
             ## Additionally @TOKEN syntaxt can be used to bound the view to specific
             ## authentication token. Such view would be only accessible when used together
             ## with this authentication token
             ##
             ## list of all views can be found under `/_admin/permissions/auth_token_access`
             ## The list should be "," separated and on a single line.
             ##
             ## Most common views to enable:
             #    RepoCommitsView:repo_commit_download
             #    RepoCommitsView:repo_commit_patch
             #    RepoCommitsView:repo_commit_raw
             #    RepoCommitsView:repo_commit_raw@TOKEN
             #    RepoFilesView:repo_files_diff
             #    RepoFilesView:repo_archivefile
             #    RepoFilesView:repo_file_raw
             #    GistView:*
             api_access_controllers_whitelist =
             ## default encoding used to convert from and to unicode
             ## can be also a comma separated list of encoding in case of mixed encodings
             default_encoding = UTF-8
             ## instance-id prefix
             ## a prefix key for this instance used for cache invalidation when running
             ## multiple instances of rhodecode, make sure it's globally unique for
             ## all running rhodecode instances. Leave empty if you don't use it
             instance_id =
             ## Fallback authentication plugin. Set this to a plugin ID to force the usage
             ## of an authentication plugin also if it is disabled by it's settings.
             ## This could be useful if you are unable to log in to the system due to broken
             ## authentication settings. Then you can enable e.g. the internal rhodecode auth
             ## module to log in again and fix the settings.
             ##
             ## Available builtin plugin IDs (hash is part of the ID):
             ## egg:rhodecode-enterprise-ce#rhodecode
             ## egg:rhodecode-enterprise-ce#pam
             ## egg:rhodecode-enterprise-ce#ldap
             ## egg:rhodecode-enterprise-ce#jasig_cas
             ## egg:rhodecode-enterprise-ce#headers
             ## egg:rhodecode-enterprise-ce#crowd
             #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
             ## alternative return HTTP header for failed authentication. Default HTTP
             ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
             ## handling that causing a series of failed authentication calls.
             ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
             ## This will be served instead of default 401 on bad authnetication
             auth_ret_code =
             ## use special detection method when serving auth_ret_code, instead of serving
             ## ret_code directly, use 401 initially (Which triggers credentials prompt)
             ## and then serve auth_ret_code to clients
             auth_ret_code_detection = false
             ## locking return code. When repository is locked return this HTTP code. 2XX
             ## codes don't break the transactions while 4XX codes do
             lock_ret_code = 423
             ## allows to change the repository location in settings page
             allow_repo_location_change = true
             ## allows to setup custom hooks in settings page
             allow_custom_hooks_settings = true
             ## generated license token, goto license page in RhodeCode settings to obtain
             ## new token
             license_token =
             ## supervisor connection uri, for managing supervisor and logs.
             supervisor.uri =
             ## supervisord group name/id we only want this RC instance to handle
             supervisor.group_id = dev
             ## Display extended labs settings
             labs_settings_active = true
             ####################################
             ###        CELERY CONFIG        ####
             ####################################
             ## run: /path/to/celery worker \
             ##     -E --beat --app rhodecode.lib.celerylib.loader \
             ##     --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
             ##     --loglevel DEBUG --ini /path/to/rhodecode.ini
             use_celery = false
             ## connection url to the message broker (default rabbitmq)
             celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
             ## maximum tasks to execute before worker restart
             celery.max_tasks_per_child = 100
             ## tasks will never be sent to the queue, but executed locally instead.
             celery.task_always_eager = false
             ####################################
             ###         BEAKER CACHE        ####
             ####################################
             # default cache dir for templates.  Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk
             cache_dir = %(here)s/data
             ## locking and default file storage for Beaker. Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
             beaker.cache.data_dir = %(here)s/data/cache/beaker_data
             beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
             beaker.cache.regions = short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
             # used for caching user permissions
             beaker.cache.short_term.type = file
             beaker.cache.short_term.expire = 0
             beaker.cache.short_term.key_length = 256
             beaker.cache.long_term.type = memory
             beaker.cache.long_term.expire = 36000
             beaker.cache.long_term.key_length = 256
             beaker.cache.sql_cache_short.type = memory
             beaker.cache.sql_cache_short.expire = 10
             beaker.cache.sql_cache_short.key_length = 256
             ## default is memory cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.auth_plugins.type = ext:database
             #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
             #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.cache.auth_plugins.sa.pool_recycle = 3600
             #beaker.cache.auth_plugins.sa.pool_size = 10
             #beaker.cache.auth_plugins.sa.max_overflow = 0
             beaker.cache.repo_cache_long.type = memorylru_base
             beaker.cache.repo_cache_long.max_items = 4096
             beaker.cache.repo_cache_long.expire = 2592000
             ## default is memorylru_base cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.repo_cache_long.type = ext:memcached
             #beaker.cache.repo_cache_long.url = localhost:11211
             #beaker.cache.repo_cache_long.expire = 1209600
             #beaker.cache.repo_cache_long.key_length = 256
             ####################################
             ###       BEAKER SESSION        ####
             ####################################
             ## .session.type is type of storage options for the session, current allowed
             ## types are file, ext:memcached, ext:database, and memory (default).
             beaker.session.type = file
             beaker.session.data_dir = %(here)s/data/sessions/data
             ## db based session, fast, and allows easy management over logged in users
             #beaker.session.type = ext:database
             #beaker.session.table_name = db_session
             #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.session.sa.pool_recycle = 3600
             #beaker.session.sa.echo = false
             beaker.session.key = rhodecode
             beaker.session.secret = develop-rc-uytcxaz
             beaker.session.lock_dir = %(here)s/data/sessions/lock
             ## Secure encrypted cookie. Requires AES and AES python libraries
             ## you must disable beaker.session.secret to use this
             #beaker.session.encrypt_key = key_for_encryption
             #beaker.session.validate_key = validation_key
             ## sets session as invalid(also logging out user) if it haven not been
             ## accessed for given amount of time in seconds
             beaker.session.timeout = 2592000
             beaker.session.httponly = true
             ## Path to use for the cookie. Set to prefix if you use prefix middleware
             #beaker.session.cookie_path = /custom_prefix
             ## uncomment for https secure cookie
             beaker.session.secure = false
             ## auto save the session to not to use .save()
             beaker.session.auto = false
             ## default cookie expiration time in seconds, set to `true` to set expire
             ## at browser close
             #beaker.session.cookie_expires = 3600
             ###################################
             ## SEARCH INDEXING CONFIGURATION ##
             ###################################
             ## Full text search indexer is available in rhodecode-tools under
             ## `rhodecode-tools index` command
             ## WHOOSH Backend, doesn't require additional services to run
             ## it works good with few dozen repos
             search.module = rhodecode.lib.index.whoosh
             search.location = %(here)s/data/index
             ########################################
             ###    CHANNELSTREAM CONFIG         ####
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             channelstream.server = 127.0.0.1:9800
             ## location of the channelstream server from outside world
             ## use ws:// for http or wss:// for https. This address needs to be handled
             ## by external HTTP server such as Nginx or Apache
             ## see nginx/apache configuration examples in our docs
             channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
             channelstream.secret = secret
             channelstream.history.location = %(here)s/channelstream_history
             ## Internal application path that Javascript uses to connect into.
             ## If you use proxy-prefix the prefix should be added before /_channelstream
             channelstream.proxy_path = /_channelstream
             ###################################
             ##       APPENLIGHT CONFIG       ##
             ###################################
             ## Appenlight is tailored to work with RhodeCode, see
             ## http://appenlight.com for details how to obtain an account
             ## appenlight integration enabled
             appenlight = false
             appenlight.server_url = https://api.appenlight.com
             appenlight.api_key = YOUR_API_KEY
             #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
             # used for JS client
             appenlight.api_public_key = YOUR_API_PUBLIC_KEY
             ## TWEAK AMOUNT OF INFO SENT HERE
             ## enables 404 error logging (default False)
             appenlight.report_404 = false
             ## time in seconds after request is considered being slow (default 1)
             appenlight.slow_request_time = 1
             ## record slow requests in application
             ## (needs to be enabled for slow datastore recording and time tracking)
             appenlight.slow_requests = true
             ## enable hooking to application loggers
             appenlight.logging = true
             ## minimum log level for log capture
             appenlight.logging.level = WARNING
             ## send logs only from erroneous/slow requests
             ## (saves API quota for intensive logging)
             appenlight.logging_on_error = false
             ## list of additonal keywords that should be grabbed from environ object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always send following info:
             ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
             ## start with HTTP* this list be extended with additional keywords here
             appenlight.environ_keys_whitelist =
             ## list of keywords that should be blanked from request object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always blank keys that contain following words
             ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
             ## this list be extended with additional keywords set here
             appenlight.request_keys_blacklist =
             ## list of namespaces that should be ignores when gathering log entries
             ## can be string with comma separated list of namespaces
             ## (by default the client ignores own entries: appenlight_client.client)
             appenlight.log_namespace_blacklist =
             ################################################################################
             ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
             ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
             ## execute malicious code after an exception is raised.                       ##
             ################################################################################
             #set debug = false
             ##############
             ## STYLING  ##
             ##############
             debug_style = true
             ###########################################
             ###   MAIN RHODECODE DATABASE CONFIG    ###
             ###########################################
             #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
             #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
             #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
             sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
             # see sqlalchemy docs for other advanced settings
             ## print the sql statements to output
             sqlalchemy.db1.echo = false
             ## recycle the connections after this amount of seconds
             sqlalchemy.db1.pool_recycle = 3600
             sqlalchemy.db1.convert_unicode = true
             ## the number of connections to keep open inside the connection pool.
             ## 0 indicates no limit
             #sqlalchemy.db1.pool_size = 5
             ## the number of connections to allow in connection pool "overflow", that is
             ## connections that can be opened above and beyond the pool_size setting,
             ## which defaults to five.
             #sqlalchemy.db1.max_overflow = 10
             ##################
             ### VCS CONFIG ###
             ##################
             vcs.server.enable = true
             vcs.server = localhost:9900
             ## Web server connectivity protocol, responsible for web based VCS operatations
             ## Available protocols are:
             ## `http` - use http-rpc backend (default)
             vcs.server.protocol = http
             ## Push/Pull operations protocol, available options are:
             ## `http` - use http-rpc backend (default)
             ##
             vcs.scm_app_implementation = http
             ## Push/Pull operations hooks protocol, available options are:
             ## `http` - use http-rpc backend (default)
             vcs.hooks.protocol = http
+            ## Host on which this instance is listening for hooks. If vcsserver is in other location
+            ## this should be adjusted.
+            vcs.hooks.host = 127.0.0.1
             vcs.server.log_level = debug
             ## Start VCSServer with this instance as a subprocess, usefull for development
             vcs.start_server = false
             ## List of enabled VCS backends, available options are:
             ## `hg`  - mercurial
             ## `git` - git
             ## `svn` - subversion
             vcs.backends = hg, git, svn
             vcs.connection_timeout = 3600
             ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
             ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
             #vcs.svn.compatible_version = pre-1.8-compatible
             ############################################################
             ### Subversion proxy support (mod_dav_svn)               ###
             ### Maps RhodeCode repo groups into SVN paths for Apache ###
             ############################################################
             ## Enable or disable the config file generation.
             svn.proxy.generate_config = false
             ## Generate config file with `SVNListParentPath` set to `On`.
             svn.proxy.list_parent_path = true
             ## Set location and file name of generated config file.
             svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
             ## alternative mod_dav config template. This needs to be a mako template
             #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
             ## Used as a prefix to the `Location` block in the generated config file.
             ## In most cases it should be set to `/`.
             svn.proxy.location_root = /
             ## Command to reload the mod dav svn configuration on change.
             ## Example: `/etc/init.d/apache2 reload`
             #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
             ## If the timeout expires before the reload command finishes, the command will
             ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
             #svn.proxy.reload_timeout = 10
             ############################################################
             ### SSH Support Settings                                 ###
             ############################################################
             ## Defines if a custom authorized_keys file should be created and written on
             ## any change user ssh keys. Setting this to false also disables posibility
             ## of adding SSH keys by users from web interface. Super admins can still
             ## manage SSH Keys.
             ssh.generate_authorized_keyfile = false
             ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
             # ssh.authorized_keys_ssh_opts =
             ## Path to the authrozied_keys file where the generate entries are placed.
             ## It is possible to have multiple key files specified in `sshd_config` e.g.
             ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
             ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
             ## Command to execute the SSH wrapper. The binary is available in the
             ## rhodecode installation directory.
             ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
             ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
             ## Allow shell when executing the ssh-wrapper command
             ssh.wrapper_cmd_allow_shell = false
             ## Enables logging, and detailed output send back to the client during SSH
             ## operations. Usefull for debugging, shouldn't be used in production.
             ssh.enable_debug_logging = true
             ## Paths to binary executable, by default they are the names, but we can
             ## override them if we want to use a custom one
             ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
             ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
             ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
             ## Dummy marker to add new entries after.
             ## Add any custom entries below. Please don't remove.
             custom.conf = 1
             ################################
             ### LOGGING CONFIGURATION   ####
             ################################
             [loggers]
             keys = root, sqlalchemy, beaker, rhodecode, ssh_wrapper, celery
             [handlers]
             keys = console, console_sql
             [formatters]
             keys = generic, color_formatter, color_formatter_sql
             #############
             ## LOGGERS ##
             #############
             [logger_root]
             level = NOTSET
             handlers = console
             [logger_sqlalchemy]
             level = INFO
             handlers = console_sql
             qualname = sqlalchemy.engine
             propagate = 0
             [logger_beaker]
             level = DEBUG
             handlers =
             qualname = beaker.container
             propagate = 1
             [logger_rhodecode]
             level = DEBUG
             handlers =
             qualname = rhodecode
             propagate = 1
             [logger_ssh_wrapper]
             level = DEBUG
             handlers =
             qualname = ssh_wrapper
             propagate = 1
             [logger_celery]
             level = DEBUG
             handlers =
             qualname = celery
             ##############
             ## HANDLERS ##
             ##############
             [handler_console]
             class = StreamHandler
             args = (sys.stderr, )
             level = DEBUG
             formatter = color_formatter
             [handler_console_sql]
             class = StreamHandler
             args = (sys.stderr, )
             level = DEBUG
             formatter = color_formatter_sql
             ################
             ## FORMATTERS ##
             ################
             [formatter_generic]
             class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
             format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter]
             class = rhodecode.lib.logging_formatter.ColorFormatter
             format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter_sql]
             class = rhodecode.lib.logging_formatter.ColorFormatterSql
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S

configs/production.ini

0 +3 0

             ################################################################################
             ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
             # The %(here)s variable will be replaced with the parent directory of this file#
             ################################################################################
             [DEFAULT]
             debug = true
             ################################################################################
             ##                            EMAIL CONFIGURATION                             ##
             ## Uncomment and replace with the email address which should receive          ##
             ## any error reports after an application crash                               ##
             ## Additionally these settings will be used by the RhodeCode mailing system   ##
             ################################################################################
             ## prefix all emails subjects with given prefix, helps filtering out emails
             #email_prefix = [RhodeCode]
             ## email FROM address all mails will be sent
             #app_email_from = rhodecode-noreply@localhost
             ## Uncomment and replace with the address which should receive any error report
             ## note: using appenlight for error handling doesn't need this to be uncommented
             #email_to = admin@localhost
             ## in case of Application errors, sent an error email form
             #error_email_from = rhodecode_error@localhost
             ## additional error message to be send in case of server crash
             #error_message =
             #smtp_server = mail.server.com
             #smtp_username =
             #smtp_password =
             #smtp_port =
             #smtp_use_tls = false
             #smtp_use_ssl = true
             ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
             #smtp_auth =
             [server:main]
             ## COMMON ##
             host = 127.0.0.1
             port = 5000
             ##################################
             ##     WAITRESS WSGI SERVER     ##
             ## Recommended for Development  ##
             ##################################
             #use = egg:waitress#main
             ## number of worker threads
             #threads = 5
             ## MAX BODY SIZE 100GB
             #max_request_body_size = 107374182400
             ## Use poll instead of select, fixes file descriptors limits problems.
             ## May not work on old windows systems.
             #asyncore_use_poll = true
             ##########################
             ## GUNICORN WSGI SERVER ##
             ##########################
             ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
             use = egg:gunicorn#main
             ## Sets the number of process workers. You must set `instance_id = *`
             ## when this option is set to more than one worker, recommended
             ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
             ## The `instance_id = *` must be set in the [app:main] section below
             workers = 2
             ## number of threads for each of the worker, must be set to 1 for gevent
             ## generally recommended to be at 1
             #threads = 1
             ## process name
             proc_name = rhodecode
             ## type of worker class, one of sync, gevent
             ## recommended for bigger setup is using of of other than sync one
             worker_class = gevent
             ## The maximum number of simultaneous clients. Valid only for Gevent
             #worker_connections = 10
             ## max number of requests that worker will handle before being gracefully
             ## restarted, could prevent memory leaks
             max_requests = 1000
             max_requests_jitter = 30
             ## amount of time a worker can spend with handling a request before it
             ## gets killed and restarted. Set to 6hrs
             timeout = 21600
             ## prefix middleware for RhodeCode.
             ## recommended when using proxy setup.
             ## allows to set RhodeCode under a prefix in server.
             ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
             ## And set your prefix like: `prefix = /custom_prefix`
             ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
             ## to make your cookies only work on prefix url
             [filter:proxy-prefix]
             use = egg:PasteDeploy#prefix
             prefix = /
             [app:main]
             use = egg:rhodecode-enterprise-ce
             ## enable proxy prefix middleware, defined above
             #filter-with = proxy-prefix
             ## encryption key used to encrypt social plugin tokens,
             ## remote_urls with credentials etc, if not set it defaults to
             ## `beaker.session.secret`
             #rhodecode.encrypted_values.secret =
             ## decryption strict mode (enabled by default). It controls if decryption raises
             ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
             #rhodecode.encrypted_values.strict = false
             ## return gzipped responses from Rhodecode (static files/application)
             gzip_responses = false
             ## autogenerate javascript routes file on startup
             generate_js_files = false
             ## Optional Languages
             ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
             lang = en
             ## perform a full repository scan on each server start, this should be
             ## set to false after first startup, to allow faster server restarts.
             startup.import_repos = false
             ## Uncomment and set this path to use archive download cache.
             ## Once enabled, generated archives will be cached at this location
             ## and served from the cache during subsequent requests for the same archive of
             ## the repository.
             #archive_cache_dir = /tmp/tarballcache
             ## URL at which the application is running. This is used for bootstraping
             ## requests in context when no web request is available. Used in ishell, or
             ## SSH calls. Set this for events to receive proper url for SSH calls.
             app.base_url = http://rhodecode.local
             ## change this to unique ID for security
             app_instance_uuid = rc-production
             ## cut off limit for large diffs (size in bytes). If overall diff size on
             ## commit, or pull request exceeds this limit this diff will be displayed
             ## partially. E.g 512000 == 512Kb
             cut_off_limit_diff = 512000
             ## cut off limit for large files inside diffs (size in bytes). Each individual
             ## file inside diff which exceeds this limit will be displayed partially.
             ##  E.g 128000 == 128Kb
             cut_off_limit_file = 128000
             ## use cache version of scm repo everywhere
             vcs_full_cache = true
             ## force https in RhodeCode, fixes https redirects, assumes it's always https
             ## Normally this is controlled by proper http flags sent from http server
             force_https = false
             ## use Strict-Transport-Security headers
             use_htsts = false
             ## git rev filter option, --all is the default filter, if you need to
             ## hide all refs in changelog switch this to --branches --tags
             git_rev_filter = --branches --tags
             # Set to true if your repos are exposed using the dumb protocol
             git_update_server_info = false
             ## RSS/ATOM feed options
             rss_cut_off_limit = 256000
             rss_items_per_page = 10
             rss_include_diff = false
             ## gist URL alias, used to create nicer urls for gist. This should be an
             ## url that does rewrites to _admin/gists/{gistid}.
             ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
             ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
             gist_alias_url =
             ## List of views (using glob pattern syntax) that AUTH TOKENS could be
             ## used for access.
             ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
             ## came from the the logged in user who own this authentication token.
             ## Additionally @TOKEN syntaxt can be used to bound the view to specific
             ## authentication token. Such view would be only accessible when used together
             ## with this authentication token
             ##
             ## list of all views can be found under `/_admin/permissions/auth_token_access`
             ## The list should be "," separated and on a single line.
             ##
             ## Most common views to enable:
             #    RepoCommitsView:repo_commit_download
             #    RepoCommitsView:repo_commit_patch
             #    RepoCommitsView:repo_commit_raw
             #    RepoCommitsView:repo_commit_raw@TOKEN
             #    RepoFilesView:repo_files_diff
             #    RepoFilesView:repo_archivefile
             #    RepoFilesView:repo_file_raw
             #    GistView:*
             api_access_controllers_whitelist =
             ## default encoding used to convert from and to unicode
             ## can be also a comma separated list of encoding in case of mixed encodings
             default_encoding = UTF-8
             ## instance-id prefix
             ## a prefix key for this instance used for cache invalidation when running
             ## multiple instances of rhodecode, make sure it's globally unique for
             ## all running rhodecode instances. Leave empty if you don't use it
             instance_id =
             ## Fallback authentication plugin. Set this to a plugin ID to force the usage
             ## of an authentication plugin also if it is disabled by it's settings.
             ## This could be useful if you are unable to log in to the system due to broken
             ## authentication settings. Then you can enable e.g. the internal rhodecode auth
             ## module to log in again and fix the settings.
             ##
             ## Available builtin plugin IDs (hash is part of the ID):
             ## egg:rhodecode-enterprise-ce#rhodecode
             ## egg:rhodecode-enterprise-ce#pam
             ## egg:rhodecode-enterprise-ce#ldap
             ## egg:rhodecode-enterprise-ce#jasig_cas
             ## egg:rhodecode-enterprise-ce#headers
             ## egg:rhodecode-enterprise-ce#crowd
             #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
             ## alternative return HTTP header for failed authentication. Default HTTP
             ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
             ## handling that causing a series of failed authentication calls.
             ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
             ## This will be served instead of default 401 on bad authnetication
             auth_ret_code =
             ## use special detection method when serving auth_ret_code, instead of serving
             ## ret_code directly, use 401 initially (Which triggers credentials prompt)
             ## and then serve auth_ret_code to clients
             auth_ret_code_detection = false
             ## locking return code. When repository is locked return this HTTP code. 2XX
             ## codes don't break the transactions while 4XX codes do
             lock_ret_code = 423
             ## allows to change the repository location in settings page
             allow_repo_location_change = true
             ## allows to setup custom hooks in settings page
             allow_custom_hooks_settings = true
             ## generated license token, goto license page in RhodeCode settings to obtain
             ## new token
             license_token =
             ## supervisor connection uri, for managing supervisor and logs.
             supervisor.uri =
             ## supervisord group name/id we only want this RC instance to handle
             supervisor.group_id = prod
             ## Display extended labs settings
             labs_settings_active = true
             ####################################
             ###        CELERY CONFIG        ####
             ####################################
             ## run: /path/to/celery worker \
             ##     -E --beat --app rhodecode.lib.celerylib.loader \
             ##     --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
             ##     --loglevel DEBUG --ini /path/to/rhodecode.ini
             use_celery = false
             ## connection url to the message broker (default rabbitmq)
             celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
             ## maximum tasks to execute before worker restart
             celery.max_tasks_per_child = 100
             ## tasks will never be sent to the queue, but executed locally instead.
             celery.task_always_eager = false
             ####################################
             ###         BEAKER CACHE        ####
             ####################################
             # default cache dir for templates.  Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk
             cache_dir = %(here)s/data
             ## locking and default file storage for Beaker. Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
             beaker.cache.data_dir = %(here)s/data/cache/beaker_data
             beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
             beaker.cache.regions = short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
             # used for caching user permissions
             beaker.cache.short_term.type = file
             beaker.cache.short_term.expire = 0
             beaker.cache.short_term.key_length = 256
             beaker.cache.long_term.type = memory
             beaker.cache.long_term.expire = 36000
             beaker.cache.long_term.key_length = 256
             beaker.cache.sql_cache_short.type = memory
             beaker.cache.sql_cache_short.expire = 10
             beaker.cache.sql_cache_short.key_length = 256
             ## default is memory cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.auth_plugins.type = ext:database
             #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
             #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.cache.auth_plugins.sa.pool_recycle = 3600
             #beaker.cache.auth_plugins.sa.pool_size = 10
             #beaker.cache.auth_plugins.sa.max_overflow = 0
             beaker.cache.repo_cache_long.type = memorylru_base
             beaker.cache.repo_cache_long.max_items = 4096
             beaker.cache.repo_cache_long.expire = 2592000
             ## default is memorylru_base cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.repo_cache_long.type = ext:memcached
             #beaker.cache.repo_cache_long.url = localhost:11211
             #beaker.cache.repo_cache_long.expire = 1209600
             #beaker.cache.repo_cache_long.key_length = 256
             ####################################
             ###       BEAKER SESSION        ####
             ####################################
             ## .session.type is type of storage options for the session, current allowed
             ## types are file, ext:memcached, ext:database, and memory (default).
             beaker.session.type = file
             beaker.session.data_dir = %(here)s/data/sessions/data
             ## db based session, fast, and allows easy management over logged in users
             #beaker.session.type = ext:database
             #beaker.session.table_name = db_session
             #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.session.sa.pool_recycle = 3600
             #beaker.session.sa.echo = false
             beaker.session.key = rhodecode
             beaker.session.secret = production-rc-uytcxaz
             beaker.session.lock_dir = %(here)s/data/sessions/lock
             ## Secure encrypted cookie. Requires AES and AES python libraries
             ## you must disable beaker.session.secret to use this
             #beaker.session.encrypt_key = key_for_encryption
             #beaker.session.validate_key = validation_key
             ## sets session as invalid(also logging out user) if it haven not been
             ## accessed for given amount of time in seconds
             beaker.session.timeout = 2592000
             beaker.session.httponly = true
             ## Path to use for the cookie. Set to prefix if you use prefix middleware
             #beaker.session.cookie_path = /custom_prefix
             ## uncomment for https secure cookie
             beaker.session.secure = false
             ## auto save the session to not to use .save()
             beaker.session.auto = false
             ## default cookie expiration time in seconds, set to `true` to set expire
             ## at browser close
             #beaker.session.cookie_expires = 3600
             ###################################
             ## SEARCH INDEXING CONFIGURATION ##
             ###################################
             ## Full text search indexer is available in rhodecode-tools under
             ## `rhodecode-tools index` command
             ## WHOOSH Backend, doesn't require additional services to run
             ## it works good with few dozen repos
             search.module = rhodecode.lib.index.whoosh
             search.location = %(here)s/data/index
             ########################################
             ###    CHANNELSTREAM CONFIG         ####
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             channelstream.server = 127.0.0.1:9800
             ## location of the channelstream server from outside world
             ## use ws:// for http or wss:// for https. This address needs to be handled
             ## by external HTTP server such as Nginx or Apache
             ## see nginx/apache configuration examples in our docs
             channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
             channelstream.secret = secret
             channelstream.history.location = %(here)s/channelstream_history
             ## Internal application path that Javascript uses to connect into.
             ## If you use proxy-prefix the prefix should be added before /_channelstream
             channelstream.proxy_path = /_channelstream
             ###################################
             ##       APPENLIGHT CONFIG       ##
             ###################################
             ## Appenlight is tailored to work with RhodeCode, see
             ## http://appenlight.com for details how to obtain an account
             ## appenlight integration enabled
             appenlight = false
             appenlight.server_url = https://api.appenlight.com
             appenlight.api_key = YOUR_API_KEY
             #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
             # used for JS client
             appenlight.api_public_key = YOUR_API_PUBLIC_KEY
             ## TWEAK AMOUNT OF INFO SENT HERE
             ## enables 404 error logging (default False)
             appenlight.report_404 = false
             ## time in seconds after request is considered being slow (default 1)
             appenlight.slow_request_time = 1
             ## record slow requests in application
             ## (needs to be enabled for slow datastore recording and time tracking)
             appenlight.slow_requests = true
             ## enable hooking to application loggers
             appenlight.logging = true
             ## minimum log level for log capture
             appenlight.logging.level = WARNING
             ## send logs only from erroneous/slow requests
             ## (saves API quota for intensive logging)
             appenlight.logging_on_error = false
             ## list of additonal keywords that should be grabbed from environ object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always send following info:
             ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
             ## start with HTTP* this list be extended with additional keywords here
             appenlight.environ_keys_whitelist =
             ## list of keywords that should be blanked from request object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always blank keys that contain following words
             ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
             ## this list be extended with additional keywords set here
             appenlight.request_keys_blacklist =
             ## list of namespaces that should be ignores when gathering log entries
             ## can be string with comma separated list of namespaces
             ## (by default the client ignores own entries: appenlight_client.client)
             appenlight.log_namespace_blacklist =
             ################################################################################
             ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
             ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
             ## execute malicious code after an exception is raised.                       ##
             ################################################################################
             set debug = false
             ###########################################
             ###   MAIN RHODECODE DATABASE CONFIG    ###
             ###########################################
             #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
             #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
             #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
             sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
             # see sqlalchemy docs for other advanced settings
             ## print the sql statements to output
             sqlalchemy.db1.echo = false
             ## recycle the connections after this amount of seconds
             sqlalchemy.db1.pool_recycle = 3600
             sqlalchemy.db1.convert_unicode = true
             ## the number of connections to keep open inside the connection pool.
             ## 0 indicates no limit
             #sqlalchemy.db1.pool_size = 5
             ## the number of connections to allow in connection pool "overflow", that is
             ## connections that can be opened above and beyond the pool_size setting,
             ## which defaults to five.
             #sqlalchemy.db1.max_overflow = 10
             ##################
             ### VCS CONFIG ###
             ##################
             vcs.server.enable = true
             vcs.server = localhost:9900
             ## Web server connectivity protocol, responsible for web based VCS operatations
             ## Available protocols are:
             ## `http` - use http-rpc backend (default)
             vcs.server.protocol = http
             ## Push/Pull operations protocol, available options are:
             ## `http` - use http-rpc backend (default)
             ##
             vcs.scm_app_implementation = http
             ## Push/Pull operations hooks protocol, available options are:
             ## `http` - use http-rpc backend (default)
             vcs.hooks.protocol = http
+            ## Host on which this instance is listening for hooks. If vcsserver is in other location
+            ## this should be adjusted.
+            vcs.hooks.host = 127.0.0.1
             vcs.server.log_level = info
             ## Start VCSServer with this instance as a subprocess, usefull for development
             vcs.start_server = false
             ## List of enabled VCS backends, available options are:
             ## `hg`  - mercurial
             ## `git` - git
             ## `svn` - subversion
             vcs.backends = hg, git, svn
             vcs.connection_timeout = 3600
             ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
             ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
             #vcs.svn.compatible_version = pre-1.8-compatible
             ############################################################
             ### Subversion proxy support (mod_dav_svn)               ###
             ### Maps RhodeCode repo groups into SVN paths for Apache ###
             ############################################################
             ## Enable or disable the config file generation.
             svn.proxy.generate_config = false
             ## Generate config file with `SVNListParentPath` set to `On`.
             svn.proxy.list_parent_path = true
             ## Set location and file name of generated config file.
             svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
             ## alternative mod_dav config template. This needs to be a mako template
             #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
             ## Used as a prefix to the `Location` block in the generated config file.
             ## In most cases it should be set to `/`.
             svn.proxy.location_root = /
             ## Command to reload the mod dav svn configuration on change.
             ## Example: `/etc/init.d/apache2 reload`
             #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
             ## If the timeout expires before the reload command finishes, the command will
             ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
             #svn.proxy.reload_timeout = 10
             ############################################################
             ### SSH Support Settings                                 ###
             ############################################################
             ## Defines if a custom authorized_keys file should be created and written on
             ## any change user ssh keys. Setting this to false also disables posibility
             ## of adding SSH keys by users from web interface. Super admins can still
             ## manage SSH Keys.
             ssh.generate_authorized_keyfile = false
             ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
             # ssh.authorized_keys_ssh_opts =
             ## Path to the authrozied_keys file where the generate entries are placed.
             ## It is possible to have multiple key files specified in `sshd_config` e.g.
             ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
             ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
             ## Command to execute the SSH wrapper. The binary is available in the
             ## rhodecode installation directory.
             ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
             ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
             ## Allow shell when executing the ssh-wrapper command
             ssh.wrapper_cmd_allow_shell = false
             ## Enables logging, and detailed output send back to the client during SSH
             ## operations. Usefull for debugging, shouldn't be used in production.
             ssh.enable_debug_logging = false
             ## Paths to binary executable, by default they are the names, but we can
             ## override them if we want to use a custom one
             ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
             ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
             ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
             ## Dummy marker to add new entries after.
             ## Add any custom entries below. Please don't remove.
             custom.conf = 1
             ################################
             ### LOGGING CONFIGURATION   ####
             ################################
             [loggers]
             keys = root, sqlalchemy, beaker, rhodecode, ssh_wrapper, celery
             [handlers]
             keys = console, console_sql
             [formatters]
             keys = generic, color_formatter, color_formatter_sql
             #############
             ## LOGGERS ##
             #############
             [logger_root]
             level = NOTSET
             handlers = console
             [logger_sqlalchemy]
             level = INFO
             handlers = console_sql
             qualname = sqlalchemy.engine
             propagate = 0
             [logger_beaker]
             level = DEBUG
             handlers =
             qualname = beaker.container
             propagate = 1
             [logger_rhodecode]
             level = DEBUG
             handlers =
             qualname = rhodecode
             propagate = 1
             [logger_ssh_wrapper]
             level = DEBUG
             handlers =
             qualname = ssh_wrapper
             propagate = 1
             [logger_celery]
             level = DEBUG
             handlers =
             qualname = celery
             ##############
             ## HANDLERS ##
             ##############
             [handler_console]
             class = StreamHandler
             args = (sys.stderr, )
             level = INFO
             formatter = generic
             [handler_console_sql]
             class = StreamHandler
             args = (sys.stderr, )
             level = WARN
             formatter = generic
             ################
             ## FORMATTERS ##
             ################
             [formatter_generic]
             class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
             format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter]
             class = rhodecode.lib.logging_formatter.ColorFormatter
             format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter_sql]
             class = rhodecode.lib.logging_formatter.ColorFormatterSql
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S

rhodecode/apps/ssh_support/lib/backends/base.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import sys
             import json
             import logging
             from rhodecode.lib.hooks_daemon import prepare_callback_daemon
             from rhodecode.lib.vcs.conf import settings as vcs_settings
             from rhodecode.model.scm import ScmModel
             log = logging.getLogger(__name__)
             class VcsServer(object):
                 _path = None  # set executable path for hg/git/svn binary
                 backend = None  # set in child classes
                 tunnel = None  # subprocess handling tunnel
                 write_perms = ['repository.admin', 'repository.write']
                 read_perms = ['repository.read', 'repository.admin', 'repository.write']
                 def __init__(self, user, user_permissions, config, env):
                     self.user = user
                     self.user_permissions = user_permissions
                     self.config = config
                     self.env = env
                     self.stdin = sys.stdin
                     self.repo_name = None
                     self.repo_mode = None
                     self.store = ''
                     self.ini_path = ''
                 def _invalidate_cache(self, repo_name):
                     """
                     Set's cache for this repository for invalidation on next access
                     :param repo_name: full repo name, also a cache key
                     """
                     ScmModel().mark_for_invalidation(repo_name)
                 def has_write_perm(self):
                     permission = self.user_permissions.get(self.repo_name)
                     if permission in ['repository.write', 'repository.admin']:
                         return True
                     return False
                 def _check_permissions(self, action):
                     permission = self.user_permissions.get(self.repo_name)
                     log.debug(
                         'permission for %s on %s are: %s',
                         self.user, self.repo_name, permission)
                     if action == 'pull':
                         if permission in self.read_perms:
                             log.info(
                                 'READ Permissions for User "%s" detected to repo "%s"!',
                                 self.user, self.repo_name)
                             return 0
                     else:
                         if permission in self.write_perms:
                             log.info(
                                 'WRITE+ Permissions for User "%s" detected to repo "%s"!',
                                 self.user, self.repo_name)
                             return 0
                     log.error('Cannot properly fetch or allow user %s permissions. '
                               'Return value is: %s, req action: %s',
                               self.user, permission, action)
                     return -2
                 def update_environment(self, action, extras=None):
                     scm_data = {
                         'ip': os.environ['SSH_CLIENT'].split()[0],
                         'username': self.user.username,
                         'user_id': self.user.user_id,
                         'action': action,
                         'repository': self.repo_name,
                         'scm': self.backend,
                         'config': self.ini_path,
                         'make_lock': None,
                         'locked_by': [None, None],
                         'server_url': None,
                         'is_shadow_repo': False,
                         'hooks_module': 'rhodecode.lib.hooks_daemon',
                         'hooks': ['push', 'pull'],
                         'SSH': True,
                         'SSH_PERMISSIONS': self.user_permissions.get(self.repo_name)
                     }
                     if extras:
                         scm_data.update(extras)
                     os.putenv("RC_SCM_DATA", json.dumps(scm_data))
                 def get_root_store(self):
                     root_store = self.store
                     if not root_store.endswith('/'):
                         # always append trailing slash
                         root_store = root_store + '/'
                     return root_store
                 def _handle_tunnel(self, extras):
                     # pre-auth
                     action = 'pull'
                     exit_code = self._check_permissions(action)
                     if exit_code:
                         return exit_code, False
                     req = self.env['request']
                     server_url = req.host_url + req.script_name
                     extras['server_url'] = server_url
                     log.debug('Using %s binaries from path %s', self.backend, self._path)
                     exit_code = self.tunnel.run(extras)
                     return exit_code, action == "push"
                 def run(self):
                     extras = {}
                     callback_daemon, extras = prepare_callback_daemon(
                         extras, protocol=vcs_settings.HOOKS_PROTOCOL,
+                        host=vcs_settings.HOOKS_HOST,
                         use_direct_calls=False)
                     with callback_daemon:
                         try:
                             return self._handle_tunnel(extras)
                         finally:
                             log.debug('Running cleanup with cache invalidation')
                             if self.repo_name:
                                 self._invalidate_cache(self.repo_name)

rhodecode/config/middleware.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import logging
             import traceback
             import collections
             from paste.gzipper import make_gzip_middleware
             from pyramid.wsgi import wsgiapp
             from pyramid.authorization import ACLAuthorizationPolicy
             from pyramid.config import Configurator
             from pyramid.settings import asbool, aslist
             from pyramid.httpexceptions import (
                 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
             from pyramid.events import ApplicationCreated
             from pyramid.renderers import render_to_response
             from rhodecode.model import meta
             from rhodecode.config import patches
             from rhodecode.config import utils as config_utils
             from rhodecode.config.environment import load_pyramid_environment
             from rhodecode.lib.middleware.vcs import VCSMiddleware
             from rhodecode.lib.request import Request
             from rhodecode.lib.vcs import VCSCommunicationError
             from rhodecode.lib.exceptions import VCSServerUnavailable
             from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
             from rhodecode.lib.middleware.https_fixup import HttpsFixup
             from rhodecode.lib.celerylib.loader import configure_celery
             from rhodecode.lib.plugins.utils import register_rhodecode_plugin
             from rhodecode.lib.utils2 import aslist as rhodecode_aslist, AttributeDict
             from rhodecode.subscribers import (
                 scan_repositories_if_enabled, write_js_routes_if_enabled,
                 write_metadata_if_needed, inject_app_settings)
             log = logging.getLogger(__name__)
             def is_http_error(response):
                 # error which should have traceback
                 return response.status_code > 499
             def make_pyramid_app(global_config, **settings):
                 """
                 Constructs the WSGI application based on Pyramid.
                 Specials:
                 * The application can also be integrated like a plugin via the call to
                   `includeme`. This is accompanied with the other utility functions which
                   are called. Changing this should be done with great care to not break
                   cases when these fragments are assembled from another place.
                 """
                 # Allows to use format style "{ENV_NAME}" placeholders in the configuration. It
                 # will be replaced by the value of the environment variable "NAME" in this case.
                 environ = {
                     'ENV_{}'.format(key): value for key, value in os.environ.items()}
                 global_config = _substitute_values(global_config, environ)
                 settings = _substitute_values(settings, environ)
                 sanitize_settings_and_apply_defaults(settings)
                 config = Configurator(settings=settings)
                 # Apply compatibility patches
                 patches.inspect_getargspec()
                 load_pyramid_environment(global_config, settings)
                 # Static file view comes first
                 includeme_first(config)
                 includeme(config)
                 pyramid_app = config.make_wsgi_app()
                 pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config)
                 pyramid_app.config = config
                 config.configure_celery(global_config['__file__'])
                 # creating the app uses a connection - return it after we are done
                 meta.Session.remove()
                 log.info('Pyramid app %s created and configured.', pyramid_app)
                 return pyramid_app
             def not_found_view(request):
                 """
                 This creates the view which should be registered as not-found-view to
                 pyramid.
                 """
                 if not getattr(request, 'vcs_call', None):
                     # handle like regular case with our error_handler
                     return error_handler(HTTPNotFound(), request)
                 # handle not found view as a vcs call
                 settings = request.registry.settings
                 ae_client = getattr(request, 'ae_client', None)
                 vcs_app = VCSMiddleware(
                     HTTPNotFound(), request.registry, settings,
                     appenlight_client=ae_client)
                 return wsgiapp(vcs_app)(None, request)
             def error_handler(exception, request):
                 import rhodecode
                 from rhodecode.lib import helpers
                 rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode'
                 base_response = HTTPInternalServerError()
                 # prefer original exception for the response since it may have headers set
                 if isinstance(exception, HTTPException):
                     base_response = exception
                 elif isinstance(exception, VCSCommunicationError):
                     base_response = VCSServerUnavailable()
                 if is_http_error(base_response):
                     log.exception(
                         'error occurred handling this request for path: %s', request.path)
                 error_explanation = base_response.explanation or str(base_response)
                 if base_response.status_code == 404:
                     error_explanation += " Or you don't have permission to access it."
                 c = AttributeDict()
                 c.error_message = base_response.status
                 c.error_explanation = error_explanation
                 c.visual = AttributeDict()
                 c.visual.rhodecode_support_url = (
                     request.registry.settings.get('rhodecode_support_url') or
                     request.route_url('rhodecode_support')
                 )
                 c.redirect_time = 0
                 c.rhodecode_name = rhodecode_title
                 if not c.rhodecode_name:
                     c.rhodecode_name = 'Rhodecode'
                 c.causes = []
                 if is_http_error(base_response):
                     c.causes.append('Server is overloaded.')
                     c.causes.append('Server database connection is lost.')
                     c.causes.append('Server expected unhandled error.')
                 if hasattr(base_response, 'causes'):
                     c.causes = base_response.causes
                 c.messages = helpers.flash.pop_messages(request=request)
                 c.traceback = traceback.format_exc()
                 response = render_to_response(
                     '/errors/error_document.mako', {'c': c, 'h': helpers}, request=request,
                     response=base_response)
                 return response
             def includeme_first(config):
                 # redirect automatic browser favicon.ico requests to correct place
                 def favicon_redirect(context, request):
                     return HTTPFound(
                         request.static_path('rhodecode:public/images/favicon.ico'))
                 config.add_view(favicon_redirect, route_name='favicon')
                 config.add_route('favicon', '/favicon.ico')
                 def robots_redirect(context, request):
                     return HTTPFound(
                         request.static_path('rhodecode:public/robots.txt'))
                 config.add_view(robots_redirect, route_name='robots')
                 config.add_route('robots', '/robots.txt')
                 config.add_static_view(
                     '_static/deform', 'deform:static')
                 config.add_static_view(
                     '_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24)
             def includeme(config):
                 settings = config.registry.settings
                 config.set_request_factory(Request)
                 # plugin information
                 config.registry.rhodecode_plugins = collections.OrderedDict()
                 config.add_directive(
                     'register_rhodecode_plugin', register_rhodecode_plugin)
                 config.add_directive('configure_celery', configure_celery)
                 if asbool(settings.get('appenlight', 'false')):
                     config.include('appenlight_client.ext.pyramid_tween')
                 # Includes which are required. The application would fail without them.
                 config.include('pyramid_mako')
                 config.include('pyramid_beaker')
                 config.include('rhodecode.lib.caches')
                 config.include('rhodecode.authentication')
                 config.include('rhodecode.integrations')
                 # apps
                 config.include('rhodecode.apps._base')
                 config.include('rhodecode.apps.ops')
                 config.include('rhodecode.apps.admin')
                 config.include('rhodecode.apps.channelstream')
                 config.include('rhodecode.apps.login')
                 config.include('rhodecode.apps.home')
                 config.include('rhodecode.apps.journal')
                 config.include('rhodecode.apps.repository')
                 config.include('rhodecode.apps.repo_group')
                 config.include('rhodecode.apps.user_group')
                 config.include('rhodecode.apps.search')
                 config.include('rhodecode.apps.user_profile')
                 config.include('rhodecode.apps.user_group_profile')
                 config.include('rhodecode.apps.my_account')
                 config.include('rhodecode.apps.svn_support')
                 config.include('rhodecode.apps.ssh_support')
                 config.include('rhodecode.apps.gist')
                 config.include('rhodecode.apps.debug_style')
                 config.include('rhodecode.tweens')
                 config.include('rhodecode.api')
                 config.add_route(
                     'rhodecode_support', 'https://rhodecode.com/help/', static=True)
                 config.add_translation_dirs('rhodecode:i18n/')
                 settings['default_locale_name'] = settings.get('lang', 'en')
                 # Add subscribers.
                 config.add_subscriber(inject_app_settings, ApplicationCreated)
                 config.add_subscriber(scan_repositories_if_enabled, ApplicationCreated)
                 config.add_subscriber(write_metadata_if_needed, ApplicationCreated)
                 config.add_subscriber(write_js_routes_if_enabled, ApplicationCreated)
                 # events
                 # TODO(marcink): this should be done when pyramid migration is finished
                 # config.add_subscriber(
                 #     'rhodecode.integrations.integrations_event_handler',
                 #     'rhodecode.events.RhodecodeEvent')
                 # request custom methods
                 config.add_request_method(
                     'rhodecode.lib.partial_renderer.get_partial_renderer',
                     'get_partial_renderer')
                 # Set the authorization policy.
                 authz_policy = ACLAuthorizationPolicy()
                 config.set_authorization_policy(authz_policy)
                 # Set the default renderer for HTML templates to mako.
                 config.add_mako_renderer('.html')
                 config.add_renderer(
                     name='json_ext',
                     factory='rhodecode.lib.ext_json_renderer.pyramid_ext_json')
                 # include RhodeCode plugins
                 includes = aslist(settings.get('rhodecode.includes', []))
                 for inc in includes:
                     config.include(inc)
                 # custom not found view, if our pyramid app doesn't know how to handle
                 # the request pass it to potential VCS handling ap
                 config.add_notfound_view(not_found_view)
                 if not settings.get('debugtoolbar.enabled', False):
                     # disabled debugtoolbar handle all exceptions via the error_handlers
                     config.add_view(error_handler, context=Exception)
                 # all errors including 403/404/50X
                 config.add_view(error_handler, context=HTTPError)
             def wrap_app_in_wsgi_middlewares(pyramid_app, config):
                 """
                 Apply outer WSGI middlewares around the application.
                 """
                 settings = config.registry.settings
                 # enable https redirects based on HTTP_X_URL_SCHEME set by proxy
                 pyramid_app = HttpsFixup(pyramid_app, settings)
                 pyramid_app, _ae_client = wrap_in_appenlight_if_enabled(
                     pyramid_app, settings)
                 config.registry.ae_client = _ae_client
                 if settings['gzip_responses']:
                     pyramid_app = make_gzip_middleware(
                         pyramid_app, settings, compress_level=1)
                 # this should be the outer most middleware in the wsgi stack since
                 # middleware like Routes make database calls
                 def pyramid_app_with_cleanup(environ, start_response):
                     try:
                         return pyramid_app(environ, start_response)
                     finally:
                         # Dispose current database session and rollback uncommitted
                         # transactions.
                         meta.Session.remove()
                         # In a single threaded mode server, on non sqlite db we should have
                         # '0 Current Checked out connections' at the end of a request,
                         # if not, then something, somewhere is leaving a connection open
                         pool = meta.Base.metadata.bind.engine.pool
                         log.debug('sa pool status: %s', pool.status())
                 return pyramid_app_with_cleanup
             def sanitize_settings_and_apply_defaults(settings):
                 """
                 Applies settings defaults and does all type conversion.
                 We would move all settings parsing and preparation into this place, so that
                 we have only one place left which deals with this part. The remaining parts
                 of the application would start to rely fully on well prepared settings.
                 This piece would later be split up per topic to avoid a big fat monster
                 function.
                 """
                 settings.setdefault('rhodecode.edition', 'Community Edition')
                 if 'mako.default_filters' not in settings:
                     # set custom default filters if we don't have it defined
                     settings['mako.imports'] = 'from rhodecode.lib.base import h_filter'
                     settings['mako.default_filters'] = 'h_filter'
                 if 'mako.directories' not in settings:
                     mako_directories = settings.setdefault('mako.directories', [
                         # Base templates of the original application
                         'rhodecode:templates',
                     ])
                     log.debug(
                         "Using the following Mako template directories: %s",
                         mako_directories)
                 # Default includes, possible to change as a user
                 pyramid_includes = settings.setdefault('pyramid.includes', [
                     'rhodecode.lib.middleware.request_wrapper',
                 ])
                 log.debug(
                     "Using the following pyramid.includes: %s",
                     pyramid_includes)
                 # TODO: johbo: Re-think this, usually the call to config.include
                 # should allow to pass in a prefix.
                 settings.setdefault('rhodecode.api.url', '/_admin/api')
                 # Sanitize generic settings.
                 _list_setting(settings, 'default_encoding', 'UTF-8')
                 _bool_setting(settings, 'is_test', 'false')
                 _bool_setting(settings, 'gzip_responses', 'false')
                 # Call split out functions that sanitize settings for each topic.
                 _sanitize_appenlight_settings(settings)
                 _sanitize_vcs_settings(settings)
                 # configure instance id
                 config_utils.set_instance_id(settings)
                 return settings
             def _sanitize_appenlight_settings(settings):
                 _bool_setting(settings, 'appenlight', 'false')
             def _sanitize_vcs_settings(settings):
                 """
                 Applies settings defaults and does type conversion for all VCS related
                 settings.
                 """
                 _string_setting(settings, 'vcs.svn.compatible_version', '')
                 _string_setting(settings, 'git_rev_filter', '--all')
                 _string_setting(settings, 'vcs.hooks.protocol', 'http')
+                _string_setting(settings, 'vcs.hooks.host', '127.0.0.1')
                 _string_setting(settings, 'vcs.scm_app_implementation', 'http')
                 _string_setting(settings, 'vcs.server', '')
                 _string_setting(settings, 'vcs.server.log_level', 'debug')
                 _string_setting(settings, 'vcs.server.protocol', 'http')
                 _bool_setting(settings, 'startup.import_repos', 'false')
                 _bool_setting(settings, 'vcs.hooks.direct_calls', 'false')
                 _bool_setting(settings, 'vcs.server.enable', 'true')
                 _bool_setting(settings, 'vcs.start_server', 'false')
                 _list_setting(settings, 'vcs.backends', 'hg, git, svn')
                 _int_setting(settings, 'vcs.connection_timeout', 3600)
                 # Support legacy values of vcs.scm_app_implementation. Legacy
                 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http'
                 # which is now mapped to 'http'.
                 scm_app_impl = settings['vcs.scm_app_implementation']
                 if scm_app_impl == 'rhodecode.lib.middleware.utils.scm_app_http':
                     settings['vcs.scm_app_implementation'] = 'http'
             def _int_setting(settings, name, default):
                 settings[name] = int(settings.get(name, default))
             def _bool_setting(settings, name, default):
                 input_val = settings.get(name, default)
                 if isinstance(input_val, unicode):
                     input_val = input_val.encode('utf8')
                 settings[name] = asbool(input_val)
             def _list_setting(settings, name, default):
                 raw_value = settings.get(name, default)
                 old_separator = ','
                 if old_separator in raw_value:
                     # If we get a comma separated list, pass it to our own function.
                     settings[name] = rhodecode_aslist(raw_value, sep=old_separator)
                 else:
                     # Otherwise we assume it uses pyramids space/newline separation.
                     settings[name] = aslist(raw_value)
             def _string_setting(settings, name, default, lower=True):
                 value = settings.get(name, default)
                 if lower:
                     value = value.lower()
                 settings[name] = value
             def _substitute_values(mapping, substitutions):
                 result = {
                     # Note: Cannot use regular replacements, since they would clash
                     # with the implementation of ConfigParser. Using "format" instead.
                     key: value.format(**substitutions)
                     for key, value in mapping.items()
                 }
                 return result

rhodecode/config/utils.py

0 +3 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import shlex
             import platform
             from rhodecode.model import init_model
             def configure_vcs(config):
                 """
                 Patch VCS config with some RhodeCode specific stuff
                 """
                 from rhodecode.lib.vcs import conf
+                import rhodecode.lib.vcs.conf.settings
                 conf.settings.BACKENDS = {
                     'hg': 'rhodecode.lib.vcs.backends.hg.MercurialRepository',
                     'git': 'rhodecode.lib.vcs.backends.git.GitRepository',
                     'svn': 'rhodecode.lib.vcs.backends.svn.SubversionRepository',
                 }
                 conf.settings.HOOKS_PROTOCOL = config['vcs.hooks.protocol']
+                conf.settings.HOOKS_HOST = config['vcs.hooks.host']
                 conf.settings.HOOKS_DIRECT_CALLS = config['vcs.hooks.direct_calls']
                 conf.settings.GIT_REV_FILTER = shlex.split(config['git_rev_filter'])
                 conf.settings.DEFAULT_ENCODINGS = config['default_encoding']
                 conf.settings.ALIASES[:] = config['vcs.backends']
                 conf.settings.SVN_COMPATIBLE_VERSION = config['vcs.svn.compatible_version']
             def initialize_database(config):
                 from rhodecode.lib.utils2 import engine_from_config, get_encryption_key
                 engine = engine_from_config(config, 'sqlalchemy.db1.')
                 init_model(engine, encryption_key=get_encryption_key(config))
             def initialize_test_environment(settings, test_env=None):
                 if test_env is None:
                     test_env = not int(os.environ.get('RC_NO_TMP_PATH', 0))
                 from rhodecode.lib.utils import (
                     create_test_directory, create_test_database, create_test_repositories,
                     create_test_index)
                 from rhodecode.tests import TESTS_TMP_PATH
                 from rhodecode.lib.vcs.backends.hg import largefiles_store
                 from rhodecode.lib.vcs.backends.git import lfs_store
                 # test repos
                 if test_env:
                     create_test_directory(TESTS_TMP_PATH)
                     # large object stores
                     create_test_directory(largefiles_store(TESTS_TMP_PATH))
                     create_test_directory(lfs_store(TESTS_TMP_PATH))
                     create_test_database(TESTS_TMP_PATH, settings)
                     create_test_repositories(TESTS_TMP_PATH, settings)
                     create_test_index(TESTS_TMP_PATH, settings)
             def get_vcs_server_protocol(config):
                 return config['vcs.server.protocol']
             def set_instance_id(config):
                 """ Sets a dynamic generated config['instance_id'] if missing or '*' """
                 config['instance_id'] = config.get('instance_id') or ''
                 if config['instance_id'] == '*' or not config['instance_id']:
                     _platform_id = platform.uname()[1] or 'instance'
                     config['instance_id'] = '%s-%s' % (_platform_id, os.getpid())

rhodecode/lib/hooks_daemon.py

0 +10 -10

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import time
             import logging
             import tempfile
             import traceback
             import threading
             from BaseHTTPServer import BaseHTTPRequestHandler
             from SocketServer import TCPServer
             import rhodecode
             from rhodecode.model import meta
             from rhodecode.lib.base import bootstrap_request, bootstrap_config
             from rhodecode.lib import hooks_base
             from rhodecode.lib.utils2 import AttributeDict
             from rhodecode.lib.ext_json import json
             log = logging.getLogger(__name__)
             class HooksHttpHandler(BaseHTTPRequestHandler):
                 def do_POST(self):
                     method, extras = self._read_request()
                     txn_id = getattr(self.server, 'txn_id', None)
                     if txn_id:
                         from rhodecode.lib.caches import compute_key_from_params
                         log.debug('Computing TXN_ID based on `%s`:`%s`',
                                   extras['repository'], extras['txn_id'])
                         computed_txn_id = compute_key_from_params(
                             extras['repository'], extras['txn_id'])
                         if txn_id != computed_txn_id:
                             raise Exception(
                                 'TXN ID fail: expected {} got {} instead'.format(
                                     txn_id, computed_txn_id))
                     try:
                         result = self._call_hook(method, extras)
                     except Exception as e:
                         exc_tb = traceback.format_exc()
                         result = {
                             'exception': e.__class__.__name__,
                             'exception_traceback': exc_tb,
                             'exception_args': e.args
                         }
                     self._write_response(result)
                 def _read_request(self):
                     length = int(self.headers['Content-Length'])
                     body = self.rfile.read(length).decode('utf-8')
                     data = json.loads(body)
                     return data['method'], data['extras']
                 def _write_response(self, result):
                     self.send_response(200)
                     self.send_header("Content-type", "text/json")
                     self.end_headers()
                     self.wfile.write(json.dumps(result))
                 def _call_hook(self, method, extras):
                     hooks = Hooks()
                     try:
                         result = getattr(hooks, method)(extras)
                     finally:
                         meta.Session.remove()
                     return result
                 def log_message(self, format, *args):
                     """
                     This is an overridden method of BaseHTTPRequestHandler which logs using
                     logging library instead of writing directly to stderr.
                     """
                     message = format % args
                     log.debug(
                         "%s - - [%s] %s", self.client_address[0],
                         self.log_date_time_string(), message)
             class DummyHooksCallbackDaemon(object):
                 hooks_uri = ''
                 def __init__(self):
                     self.hooks_module = Hooks.__module__
                 def __enter__(self):
                     log.debug('Running dummy hooks callback daemon')
                     return self
                 def __exit__(self, exc_type, exc_val, exc_tb):
                     log.debug('Exiting dummy hooks callback daemon')
             class ThreadedHookCallbackDaemon(object):
                 _callback_thread = None
                 _daemon = None
                 _done = False
-                def __init__(self, txn_id=None, port=None):
+                def __init__(self, txn_id=None, host=None, port=None):
-                    self._prepare(txn_id=txn_id, port=port)
+                    self._prepare(txn_id=txn_id, host=None, port=port)
                 def __enter__(self):
                     self._run()
                     return self
                 def __exit__(self, exc_type, exc_val, exc_tb):
                     log.debug('Callback daemon exiting now...')
                     self._stop()
-                def _prepare(self, txn_id=None, port=None):
+                def _prepare(self, txn_id=None, host=None, port=None):
                     raise NotImplementedError()
                 def _run(self):
                     raise NotImplementedError()
                 def _stop(self):
                     raise NotImplementedError()
             class HttpHooksCallbackDaemon(ThreadedHookCallbackDaemon):
                 """
                 Context manager which will run a callback daemon in a background thread.
                 """
                 hooks_uri = None
-                IP_ADDRESS = '127.0.0.1'
                 # From Python docs: Polling reduces our responsiveness to a shutdown
                 # request and wastes cpu at all other times.
                 POLL_INTERVAL = 0.01
-                def _prepare(self, txn_id=None, port=None):
+                def _prepare(self, txn_id=None, host=None, port=None):
+                    host = host or '127.0.0.1'
                     self._done = False
-                    self._daemon = TCPServer((self.IP_ADDRESS, port or 0), HooksHttpHandler)
+                    self._daemon = TCPServer((host, port or 0), HooksHttpHandler)
                     _, port = self._daemon.server_address
-                    self.hooks_uri = '{}:{}'.format(self.IP_ADDRESS, port)
+                    self.hooks_uri = '{}:{}'.format(host, port)
                     self.txn_id = txn_id
                     # inject transaction_id for later verification
                     self._daemon.txn_id = self.txn_id
                     log.debug(
                         "Preparing HTTP callback daemon at `%s` and registering hook object",
                         self.hooks_uri)
                 def _run(self):
                     log.debug("Running event loop of callback daemon in background thread")
                     callback_thread = threading.Thread(
                         target=self._daemon.serve_forever,
                         kwargs={'poll_interval': self.POLL_INTERVAL})
                     callback_thread.daemon = True
                     callback_thread.start()
                     self._callback_thread = callback_thread
                 def _stop(self):
                     log.debug("Waiting for background thread to finish.")
                     self._daemon.shutdown()
                     self._callback_thread.join()
                     self._daemon = None
                     self._callback_thread = None
                     if self.txn_id:
                         txn_id_file = get_txn_id_data_path(self.txn_id)
                         log.debug('Cleaning up TXN ID %s', txn_id_file)
                         if os.path.isfile(txn_id_file):
                             os.remove(txn_id_file)
                     log.debug("Background thread done.")
             def get_txn_id_data_path(txn_id):
                 root = tempfile.gettempdir()
                 return os.path.join(root, 'rc_txn_id_{}'.format(txn_id))
             def store_txn_id_data(txn_id, data_dict):
                 if not txn_id:
                     log.warning('Cannot store txn_id because it is empty')
                     return
                 path = get_txn_id_data_path(txn_id)
                 try:
                     with open(path, 'wb') as f:
                         f.write(json.dumps(data_dict))
                 except Exception:
                     log.exception('Failed to write txn_id metadata')
             def get_txn_id_from_store(txn_id):
                 """
                 Reads txn_id from store and if present returns the data for callback manager
                 """
                 path = get_txn_id_data_path(txn_id)
                 try:
                     with open(path, 'rb') as f:
                         return json.loads(f.read())
                 except Exception:
                     return {}
-            def prepare_callback_daemon(extras, protocol, use_direct_calls, txn_id=None):
+            def prepare_callback_daemon(extras, protocol, host, use_direct_calls, txn_id=None):
                 txn_details = get_txn_id_from_store(txn_id)
                 port = txn_details.get('port', 0)
                 if use_direct_calls:
                     callback_daemon = DummyHooksCallbackDaemon()
                     extras['hooks_module'] = callback_daemon.hooks_module
                 else:
                     if protocol == 'http':
-                        callback_daemon = HttpHooksCallbackDaemon(txn_id=txn_id, port=port)
+                        callback_daemon = HttpHooksCallbackDaemon(
+                            txn_id=txn_id, host=host, port=port)
                     else:
                         log.error('Unsupported callback daemon protocol "%s"', protocol)
                         raise Exception('Unsupported callback daemon protocol.')
                 extras['hooks_uri'] = callback_daemon.hooks_uri
                 extras['hooks_protocol'] = protocol
                 extras['time'] = time.time()
                 # register txn_id
                 extras['txn_id'] = txn_id
                 log.debug('Prepared a callback daemon: %s at url `%s`',
                           callback_daemon.__class__.__name__, callback_daemon.hooks_uri)
                 return callback_daemon, extras
             class Hooks(object):
                 """
                 Exposes the hooks for remote call backs
                 """
                 def repo_size(self, extras):
                     log.debug("Called repo_size of %s object", self)
                     return self._call_hook(hooks_base.repo_size, extras)
                 def pre_pull(self, extras):
                     log.debug("Called pre_pull of %s object", self)
                     return self._call_hook(hooks_base.pre_pull, extras)
                 def post_pull(self, extras):
                     log.debug("Called post_pull of %s object", self)
                     return self._call_hook(hooks_base.post_pull, extras)
                 def pre_push(self, extras):
                     log.debug("Called pre_push of %s object", self)
                     return self._call_hook(hooks_base.pre_push, extras)
                 def post_push(self, extras):
                     log.debug("Called post_push of %s object", self)
                     return self._call_hook(hooks_base.post_push, extras)
                 def _call_hook(self, hook, extras):
                     extras = AttributeDict(extras)
                     server_url = extras['server_url']
                     request = bootstrap_request(application_url=server_url)
                     bootstrap_config(request)  # inject routes and other interfaces
                     # inject the user for usage in hooks
                     request.user = AttributeDict({'username': extras.username,
                                                   'ip_addr': extras.ip,
                                                   'user_id': extras.user_id})
                     extras.request = request
                     try:
                         result = hook(extras)
                     except Exception as error:
                         exc_tb = traceback.format_exc()
                         log.exception('Exception when handling hook %s', hook)
                         error_args = error.args
                         return {
                             'status': 128,
                             'output': '',
                             'exception': type(error).__name__,
                             'exception_traceback': exc_tb,
                             'exception_args': error_args,
                         }
                     finally:
                         meta.Session.remove()
                     log.debug('Got hook call response %s', result)
                     return {
                         'status': result.status,
                         'output': result.output,
                     }
                 def __enter__(self):
                     return self
                 def __exit__(self, exc_type, exc_val, exc_tb):
                     pass

rhodecode/lib/middleware/simplevcs.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             SimpleVCS middleware for handling protocol request (push/clone etc.)
             It's implemented with basic auth function
             """
             import os
             import re
             import logging
             import importlib
             from functools import wraps
             from StringIO import StringIO
             from lxml import etree
             import time
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from pyramid.httpexceptions import (
                 HTTPNotFound, HTTPForbidden, HTTPNotAcceptable, HTTPInternalServerError)
             from zope.cachedescriptors.property import Lazy as LazyProperty
             import rhodecode
             from rhodecode.authentication.base import (
                 authenticate, get_perms_cache_manager, VCS_TYPE, loadplugin)
             from rhodecode.lib import caches
             from rhodecode.lib.auth import AuthUser, HasPermissionAnyMiddleware
             from rhodecode.lib.base import (
                 BasicAuth, get_ip_addr, get_user_agent, vcs_operation_context)
             from rhodecode.lib.exceptions import (UserCreationError, NotAllowedToCreateUserError)
             from rhodecode.lib.hooks_daemon import prepare_callback_daemon
             from rhodecode.lib.middleware import appenlight
             from rhodecode.lib.middleware.utils import scm_app_http
             from rhodecode.lib.utils import is_valid_repo, SLUG_RE
             from rhodecode.lib.utils2 import safe_str, fix_PATH, str2bool, safe_unicode
             from rhodecode.lib.vcs.conf import settings as vcs_settings
             from rhodecode.lib.vcs.backends import base
             from rhodecode.model import meta
             from rhodecode.model.db import User, Repository, PullRequest
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.pull_request import PullRequestModel
             from rhodecode.model.settings import SettingsModel, VcsSettingsModel
             log = logging.getLogger(__name__)
             def extract_svn_txn_id(acl_repo_name, data):
                 """
                 Helper method for extraction of svn txn_id from submited XML data during
                 POST operations
                 """
                 try:
                     root = etree.fromstring(data)
                     pat = re.compile(r'/txn/(?P<txn_id>.*)')
                     for el in root:
                         if el.tag == '{DAV:}source':
                             for sub_el in el:
                                 if sub_el.tag == '{DAV:}href':
                                     match = pat.search(sub_el.text)
                                     if match:
                                         svn_tx_id = match.groupdict()['txn_id']
                                         txn_id = caches.compute_key_from_params(
                                             acl_repo_name, svn_tx_id)
                                         return txn_id
                 except Exception:
                     log.exception('Failed to extract txn_id')
             def initialize_generator(factory):
                 """
                 Initializes the returned generator by draining its first element.
                 This can be used to give a generator an initializer, which is the code
                 up to the first yield statement. This decorator enforces that the first
                 produced element has the value ``"__init__"`` to make its special
                 purpose very explicit in the using code.
                 """
                 @wraps(factory)
                 def wrapper(*args, **kwargs):
                     gen = factory(*args, **kwargs)
                     try:
                         init = gen.next()
                     except StopIteration:
                         raise ValueError('Generator must yield at least one element.')
                     if init != "__init__":
                         raise ValueError('First yielded element must be "__init__".')
                     return gen
                 return wrapper
             class SimpleVCS(object):
                 """Common functionality for SCM HTTP handlers."""
                 SCM = 'unknown'
                 acl_repo_name = None
                 url_repo_name = None
                 vcs_repo_name = None
                 rc_extras = {}
                 # We have to handle requests to shadow repositories different than requests
                 # to normal repositories. Therefore we have to distinguish them. To do this
                 # we use this regex which will match only on URLs pointing to shadow
                 # repositories.
                 shadow_repo_re = re.compile(
                     '(?P<groups>(?:{slug_pat}/)*)'  # repo groups
                     '(?P<target>{slug_pat})/'       # target repo
                     'pull-request/(?P<pr_id>\d+)/'  # pull request
                     'repository$'                   # shadow repo
                     .format(slug_pat=SLUG_RE.pattern))
                 def __init__(self, config, registry):
                     self.registry = registry
                     self.config = config
                     # re-populated by specialized middleware
                     self.repo_vcs_config = base.Config()
                     self.rhodecode_settings = SettingsModel().get_all_settings(cache=True)
                     registry.rhodecode_settings = self.rhodecode_settings
                     # authenticate this VCS request using authfunc
                     auth_ret_code_detection = \
                         str2bool(self.config.get('auth_ret_code_detection', False))
                     self.authenticate = BasicAuth(
                         '', authenticate, registry, config.get('auth_ret_code'),
                         auth_ret_code_detection)
                     self.ip_addr = '0.0.0.0'
                 @LazyProperty
                 def global_vcs_config(self):
                     try:
                         return VcsSettingsModel().get_ui_settings_as_config_obj()
                     except Exception:
                         return base.Config()
                 @property
                 def base_path(self):
                     settings_path = self.repo_vcs_config.get(
                         *VcsSettingsModel.PATH_SETTING)
                     if not settings_path:
                         settings_path = self.global_vcs_config.get(
                         *VcsSettingsModel.PATH_SETTING)
                     if not settings_path:
                         # try, maybe we passed in explicitly as config option
                         settings_path = self.config.get('base_path')
                     if not settings_path:
                         raise ValueError('FATAL: base_path is empty')
                     return settings_path
                 def set_repo_names(self, environ):
                     """
                     This will populate the attributes acl_repo_name, url_repo_name,
                     vcs_repo_name and is_shadow_repo. In case of requests to normal (non
                     shadow) repositories all names are equal. In case of requests to a
                     shadow repository the acl-name points to the target repo of the pull
                     request and the vcs-name points to the shadow repo file system path.
                     The url-name is always the URL used by the vcs client program.
                     Example in case of a shadow repo:
                         acl_repo_name = RepoGroup/MyRepo
                         url_repo_name = RepoGroup/MyRepo/pull-request/3/repository
                         vcs_repo_name = /repo/base/path/RepoGroup/.__shadow_MyRepo_pr-3'
                     """
                     # First we set the repo name from URL for all attributes. This is the
                     # default if handling normal (non shadow) repo requests.
                     self.url_repo_name = self._get_repository_name(environ)
                     self.acl_repo_name = self.vcs_repo_name = self.url_repo_name
                     self.is_shadow_repo = False
                     # Check if this is a request to a shadow repository.
                     match = self.shadow_repo_re.match(self.url_repo_name)
                     if match:
                         match_dict = match.groupdict()
                         # Build acl repo name from regex match.
                         acl_repo_name = safe_unicode('{groups}{target}'.format(
                             groups=match_dict['groups'] or '',
                             target=match_dict['target']))
                         # Retrieve pull request instance by ID from regex match.
                         pull_request = PullRequest.get(match_dict['pr_id'])
                         # Only proceed if we got a pull request and if acl repo name from
                         # URL equals the target repo name of the pull request.
                         if pull_request and \
                                 (acl_repo_name == pull_request.target_repo.repo_name):
                             repo_id = pull_request.target_repo.repo_id
                             # Get file system path to shadow repository.
                             workspace_id = PullRequestModel()._workspace_id(pull_request)
                             target_vcs = pull_request.target_repo.scm_instance()
                             vcs_repo_name = target_vcs._get_shadow_repository_path(
                                 repo_id, workspace_id)
                             # Store names for later usage.
                             self.vcs_repo_name = vcs_repo_name
                             self.acl_repo_name = acl_repo_name
                             self.is_shadow_repo = True
                     log.debug('Setting all VCS repository names: %s', {
                         'acl_repo_name': self.acl_repo_name,
                         'url_repo_name': self.url_repo_name,
                         'vcs_repo_name': self.vcs_repo_name,
                     })
                 @property
                 def scm_app(self):
                     custom_implementation = self.config['vcs.scm_app_implementation']
                     if custom_implementation == 'http':
                         log.info('Using HTTP implementation of scm app.')
                         scm_app_impl = scm_app_http
                     else:
                         log.info('Using custom implementation of scm_app: "{}"'.format(
                             custom_implementation))
                         scm_app_impl = importlib.import_module(custom_implementation)
                     return scm_app_impl
                 def _get_by_id(self, repo_name):
                     """
                     Gets a special pattern _<ID> from clone url and tries to replace it
                     with a repository_name for support of _<ID> non changeable urls
                     """
                     data = repo_name.split('/')
                     if len(data) >= 2:
                         from rhodecode.model.repo import RepoModel
                         by_id_match = RepoModel().get_repo_by_id(repo_name)
                         if by_id_match:
                             data[1] = by_id_match.repo_name
                     return safe_str('/'.join(data))
                 def _invalidate_cache(self, repo_name):
                     """
                     Set's cache for this repository for invalidation on next access
                     :param repo_name: full repo name, also a cache key
                     """
                     ScmModel().mark_for_invalidation(repo_name)
                 def is_valid_and_existing_repo(self, repo_name, base_path, scm_type):
                     db_repo = Repository.get_by_repo_name(repo_name)
                     if not db_repo:
                         log.debug('Repository `%s` not found inside the database.',
                                   repo_name)
                         return False
                     if db_repo.repo_type != scm_type:
                         log.warning(
                             'Repository `%s` have incorrect scm_type, expected %s got %s',
                             repo_name, db_repo.repo_type, scm_type)
                         return False
                     config = db_repo._config
                     config.set('extensions', 'largefiles', '')
                     return is_valid_repo(
                         repo_name, base_path,
                         explicit_scm=scm_type, expect_scm=scm_type, config=config)
                 def valid_and_active_user(self, user):
                     """
                     Checks if that user is not empty, and if it's actually object it checks
                     if he's active.
                     :param user: user object or None
                     :return: boolean
                     """
                     if user is None:
                         return False
                     elif user.active:
                         return True
                     return False
                 @property
                 def is_shadow_repo_dir(self):
                     return os.path.isdir(self.vcs_repo_name)
                 def _check_permission(self, action, user, repo_name, ip_addr=None,
                                       plugin_id='', plugin_cache_active=False, cache_ttl=0):
                     """
                     Checks permissions using action (push/pull) user and repository
                     name. If plugin_cache and ttl is set it will use the plugin which
                     authenticated the user to store the cached permissions result for N
                     amount of seconds as in cache_ttl
                     :param action: push or pull action
                     :param user: user instance
                     :param repo_name: repository name
                     """
                     # get instance of cache manager configured for a namespace
                     cache_manager = get_perms_cache_manager(
                         custom_ttl=cache_ttl, suffix=user.user_id)
                     log.debug('AUTH_CACHE_TTL for permissions `%s` active: %s (TTL: %s)',
                               plugin_id, plugin_cache_active, cache_ttl)
                     # for environ based password can be empty, but then the validation is
                     # on the server that fills in the env data needed for authentication
                     _perm_calc_hash = caches.compute_key_from_params(
                         plugin_id, action, user.user_id, repo_name, ip_addr)
                     # _authenticate is a wrapper for .auth() method of plugin.
                     # it checks if .auth() sends proper data.
                     # For RhodeCodeExternalAuthPlugin it also maps users to
                     # Database and maps the attributes returned from .auth()
                     # to RhodeCode database. If this function returns data
                     # then auth is correct.
                     start = time.time()
                     log.debug('Running plugin `%s` permissions check', plugin_id)
                     def perm_func():
                         """
                         This function is used internally in Cache of Beaker to calculate
                         Results
                         """
                         log.debug('auth: calculating permission access now...')
                         # check IP
                         inherit = user.inherit_default_permissions
                         ip_allowed = AuthUser.check_ip_allowed(
                             user.user_id, ip_addr, inherit_from_default=inherit)
                         if ip_allowed:
                             log.info('Access for IP:%s allowed', ip_addr)
                         else:
                             return False
                         if action == 'push':
                             perms = ('repository.write', 'repository.admin')
                             if not HasPermissionAnyMiddleware(*perms)(user, repo_name):
                                 return False
                         else:
                             # any other action need at least read permission
                             perms = (
                                 'repository.read', 'repository.write', 'repository.admin')
                             if not HasPermissionAnyMiddleware(*perms)(user, repo_name):
                                 return False
                         return True
                     if plugin_cache_active:
                         log.debug('Trying to fetch cached perms by %s', _perm_calc_hash[:6])
                         perm_result = cache_manager.get(
                             _perm_calc_hash, createfunc=perm_func)
                     else:
                         perm_result = perm_func()
                     auth_time = time.time() - start
                     log.debug('Permissions for plugin `%s` completed in %.3fs, '
                               'expiration time of fetched cache %.1fs.',
                               plugin_id, auth_time, cache_ttl)
                     return perm_result
                 def _check_ssl(self, environ, start_response):
                     """
                     Checks the SSL check flag and returns False if SSL is not present
                     and required True otherwise
                     """
                     org_proto = environ['wsgi._org_proto']
                     # check if we have SSL required  ! if not it's a bad request !
                     require_ssl = str2bool(self.repo_vcs_config.get('web', 'push_ssl'))
                     if require_ssl and org_proto == 'http':
                         log.debug(
                             'Bad request: detected protocol is `%s` and '
                             'SSL/HTTPS is required.', org_proto)
                         return False
                     return True
                 def _get_default_cache_ttl(self):
                     # take AUTH_CACHE_TTL from the `rhodecode` auth plugin
                     plugin = loadplugin('egg:rhodecode-enterprise-ce#rhodecode')
                     plugin_settings = plugin.get_settings()
                     plugin_cache_active, cache_ttl = plugin.get_ttl_cache(
                         plugin_settings) or (False, 0)
                     return plugin_cache_active, cache_ttl
                 def __call__(self, environ, start_response):
                     try:
                         return self._handle_request(environ, start_response)
                     except Exception:
                         log.exception("Exception while handling request")
                         appenlight.track_exception(environ)
                         return HTTPInternalServerError()(environ, start_response)
                     finally:
                         meta.Session.remove()
                 def _handle_request(self, environ, start_response):
                     if not self._check_ssl(environ, start_response):
                         reason = ('SSL required, while RhodeCode was unable '
                                   'to detect this as SSL request')
                         log.debug('User not allowed to proceed, %s', reason)
                         return HTTPNotAcceptable(reason)(environ, start_response)
                     if not self.url_repo_name:
                         log.warning('Repository name is empty: %s', self.url_repo_name)
                         # failed to get repo name, we fail now
                         return HTTPNotFound()(environ, start_response)
                     log.debug('Extracted repo name is %s', self.url_repo_name)
                     ip_addr = get_ip_addr(environ)
                     user_agent = get_user_agent(environ)
                     username = None
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     # ======================================================================
                     # GET ACTION PULL or PUSH
                     # ======================================================================
                     action = self._get_action(environ)
                     # ======================================================================
                     # Check if this is a request to a shadow repository of a pull request.
                     # In this case only pull action is allowed.
                     # ======================================================================
                     if self.is_shadow_repo and action != 'pull':
                         reason = 'Only pull action is allowed for shadow repositories.'
                         log.debug('User not allowed to proceed, %s', reason)
                         return HTTPNotAcceptable(reason)(environ, start_response)
                     # Check if the shadow repo actually exists, in case someone refers
                     # to it, and it has been deleted because of successful merge.
                     if self.is_shadow_repo and not self.is_shadow_repo_dir:
                         log.debug(
                             'Shadow repo detected, and shadow repo dir `%s` is missing',
                             self.is_shadow_repo_dir)
                         return HTTPNotFound()(environ, start_response)
                     # ======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     # ======================================================================
                     if action in ['pull', 'push']:
                         anonymous_user = User.get_default_user()
                         username = anonymous_user.username
                         if anonymous_user.active:
                             plugin_cache_active, cache_ttl = self._get_default_cache_ttl()
                             # ONLY check permissions if the user is activated
                             anonymous_perm = self._check_permission(
                                 action, anonymous_user, self.acl_repo_name, ip_addr,
                                 plugin_id='anonymous_access',
                                 plugin_cache_active=plugin_cache_active,
                                 cache_ttl=cache_ttl,
                             )
                         else:
                             anonymous_perm = False
                         if not anonymous_user.active or not anonymous_perm:
                             if not anonymous_user.active:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             if not anonymous_perm:
                                 log.debug('Not enough credentials to access this '
                                           'repository as anonymous user')
                             username = None
                             # ==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             # ==============================================================
                             # try to auth based on environ, container auth methods
                             log.debug('Running PRE-AUTH for container based authentication')
                             pre_auth = authenticate(
                                 '', '', environ, VCS_TYPE, registry=self.registry,
                                 acl_repo_name=self.acl_repo_name)
                             if pre_auth and pre_auth.get('username'):
                                 username = pre_auth['username']
                             log.debug('PRE-AUTH got %s as username', username)
                             if pre_auth:
                                 log.debug('PRE-AUTH successful from %s',
                                           pre_auth.get('auth_data', {}).get('_plugin'))
                             # If not authenticated by the container, running basic auth
                             # before inject the calling repo_name for special scope checks
                             self.authenticate.acl_repo_name = self.acl_repo_name
                             plugin_cache_active, cache_ttl = False, 0
                             plugin = None
                             if not username:
                                 self.authenticate.realm = self.authenticate.get_rc_realm()
                                 try:
                                     auth_result = self.authenticate(environ)
                                 except (UserCreationError, NotAllowedToCreateUserError) as e:
                                     log.error(e)
                                     reason = safe_str(e)
                                     return HTTPNotAcceptable(reason)(environ, start_response)
                                 if isinstance(auth_result, dict):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, auth_result['username'])
                                     username = auth_result['username']
                                     plugin = auth_result.get('auth_data', {}).get('_plugin')
                                     log.info(
                                         'MAIN-AUTH successful for user `%s` from %s plugin',
                                         username, plugin)
                                     plugin_cache_active, cache_ttl = auth_result.get(
                                         'auth_data', {}).get('_ttl_cache') or (False, 0)
                                 else:
                                     return auth_result.wsgi_application(
                                         environ, start_response)
                             # ==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             # ==============================================================
                             user = User.get_by_username(username)
                             if not self.valid_and_active_user(user):
                                 return HTTPForbidden()(environ, start_response)
                             username = user.username
                             user.update_lastactivity()
                             meta.Session().commit()
                             # check user attributes for password change flag
                             user_obj = user
                             if user_obj and user_obj.username != User.DEFAULT_USER and \
                                     user_obj.user_data.get('force_password_change'):
                                 reason = 'password change required'
                                 log.debug('User not allowed to authenticate, %s', reason)
                                 return HTTPNotAcceptable(reason)(environ, start_response)
                             # check permissions for this repository
                             perm = self._check_permission(
                                 action, user, self.acl_repo_name, ip_addr,
                                 plugin, plugin_cache_active, cache_ttl)
                             if not perm:
                                 return HTTPForbidden()(environ, start_response)
                     # extras are injected into UI object and later available
                     # in hooks executed by RhodeCode
                     check_locking = _should_check_locking(environ.get('QUERY_STRING'))
                     extras = vcs_operation_context(
                         environ, repo_name=self.acl_repo_name, username=username,
                         action=action, scm=self.SCM, check_locking=check_locking,
                         is_shadow_repo=self.is_shadow_repo
                     )
                     # ======================================================================
                     # REQUEST HANDLING
                     # ======================================================================
                     repo_path = os.path.join(
                         safe_str(self.base_path), safe_str(self.vcs_repo_name))
                     log.debug('Repository path is %s', repo_path)
                     fix_PATH()
                     log.info(
                         '%s action on %s repo "%s" by "%s" from %s %s',
                         action, self.SCM, safe_str(self.url_repo_name),
                         safe_str(username), ip_addr, user_agent)
                     return self._generate_vcs_response(
                         environ, start_response, repo_path, extras, action)
                 @initialize_generator
                 def _generate_vcs_response(
                         self, environ, start_response, repo_path, extras, action):
                     """
                     Returns a generator for the response content.
                     This method is implemented as a generator, so that it can trigger
                     the cache validation after all content sent back to the client. It
                     also handles the locking exceptions which will be triggered when
                     the first chunk is produced by the underlying WSGI application.
                     """
                     txn_id = ''
                     if 'CONTENT_LENGTH' in environ and environ['REQUEST_METHOD'] == 'MERGE':
                         # case for SVN, we want to re-use the callback daemon port
                         # so we use the txn_id, for this we peek the body, and still save
                         # it as wsgi.input
                         data = environ['wsgi.input'].read()
                         environ['wsgi.input'] = StringIO(data)
                         txn_id = extract_svn_txn_id(self.acl_repo_name, data)
                     callback_daemon, extras = self._prepare_callback_daemon(
                         extras, environ, action, txn_id=txn_id)
                     log.debug('HOOKS extras is %s', extras)
                     config = self._create_config(extras, self.acl_repo_name)
                     app = self._create_wsgi_app(repo_path, self.url_repo_name, config)
                     with callback_daemon:
                         app.rc_extras = extras
                         try:
                             response = app(environ, start_response)
                         finally:
                             # This statement works together with the decorator
                             # "initialize_generator" above. The decorator ensures that
                             # we hit the first yield statement before the generator is
                             # returned back to the WSGI server. This is needed to
                             # ensure that the call to "app" above triggers the
                             # needed callback to "start_response" before the
                             # generator is actually used.
                             yield "__init__"
                         # iter content
                         for chunk in response:
                             yield chunk
                         try:
                             # invalidate cache on push
                             if action == 'push':
                                 self._invalidate_cache(self.url_repo_name)
                         finally:
                             meta.Session.remove()
                 def _get_repository_name(self, environ):
                     """Get repository name out of the environmnent
                     :param environ: WSGI environment
                     """
                     raise NotImplementedError()
                 def _get_action(self, environ):
                     """Map request commands into a pull or push command.
                     :param environ: WSGI environment
                     """
                     raise NotImplementedError()
                 def _create_wsgi_app(self, repo_path, repo_name, config):
                     """Return the WSGI app that will finally handle the request."""
                     raise NotImplementedError()
                 def _create_config(self, extras, repo_name):
                     """Create a safe config representation."""
                     raise NotImplementedError()
                 def _should_use_callback_daemon(self, extras, environ, action):
                     return True
                 def _prepare_callback_daemon(self, extras, environ, action, txn_id=None):
                     direct_calls = vcs_settings.HOOKS_DIRECT_CALLS
                     if not self._should_use_callback_daemon(extras, environ, action):
                         # disable callback daemon for actions that don't require it
                         direct_calls = True
                     return prepare_callback_daemon(
                         extras, protocol=vcs_settings.HOOKS_PROTOCOL,
-                        use_direct_calls=direct_calls, txn_id=txn_id)
+                        host=vcs_settings.HOOKS_HOST, use_direct_calls=direct_calls, txn_id=txn_id)
             def _should_check_locking(query_string):
                 # this is kind of hacky, but due to how mercurial handles client-server
                 # server see all operation on commit; bookmarks, phases and
                 # obsolescence marker in different transaction, we don't want to check
                 # locking on those
                 return query_string not in ['cmd=listkeys']

rhodecode/lib/vcs/conf/settings.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Internal settings for vcs-lib
             """
             # list of default encoding used in safe_unicode/safe_str methods
             DEFAULT_ENCODINGS = ['utf8']
             # Optional arguments to rev-filter, it has to be a list
             # It can also be ['--branches', '--tags']
             GIT_REV_FILTER = ['--all']
             # Compatibility version when creating SVN repositories. None means newest.
             # Other available options are: pre-1.4-compatible, pre-1.5-compatible,
             # pre-1.6-compatible, pre-1.8-compatible
             SVN_COMPATIBLE_VERSION = None
             ALIASES = ['hg', 'git', 'svn']
             BACKENDS = {
                 'hg': 'rhodecode.lib.vcs.backends.hg.MercurialRepository',
                 'git': 'rhodecode.lib.vcs.backends.git.GitRepository',
                 'svn': 'rhodecode.lib.vcs.backends.svn.SubversionRepository',
             }
             # TODO: Remove once controllers/files.py is adjusted
             ARCHIVE_SPECS = {
                 'tbz2': ('application/x-bzip2', '.tar.bz2'),
                 'tgz': ('application/x-gzip', '.tar.gz'),
                 'zip': ('application/zip', '.zip'),
             }
             HOOKS_PROTOCOL = None
             HOOKS_DIRECT_CALLS = False
+            HOOKS_HOST = '127.0.0.1'
             def available_aliases():
                 """
                 Mercurial is required for the system to work, so in case vcs.backends does
                 not include it, we make sure it will be available internally
                 TODO: anderson: refactor vcs.backends so it won't be necessary, VCS server
                 should be responsible to dictate available backends.
                 """
                 aliases = ALIASES[:]
                 if 'hg' not in aliases:
                     aliases += ['hg']
                 return aliases

rhodecode/model/pull_request.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2012-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             pull request model for RhodeCode
             """
             import json
             import logging
             import datetime
             import urllib
             import collections
             from pyramid.threadlocal import get_current_request
             from rhodecode import events
             from rhodecode.translation import lazy_ugettext#, _
             from rhodecode.lib import helpers as h, hooks_utils, diffs
             from rhodecode.lib import audit_logger
             from rhodecode.lib.compat import OrderedDict
             from rhodecode.lib.hooks_daemon import prepare_callback_daemon
             from rhodecode.lib.markup_renderer import (
                 DEFAULT_COMMENTS_RENDERER, RstTemplateRenderer)
             from rhodecode.lib.utils2 import safe_unicode, safe_str, md5_safe
             from rhodecode.lib.vcs.backends.base import (
                 Reference, MergeResponse, MergeFailureReason, UpdateFailureReason)
             from rhodecode.lib.vcs.conf import settings as vcs_settings
             from rhodecode.lib.vcs.exceptions import (
                 CommitDoesNotExistError, EmptyRepositoryError)
             from rhodecode.model import BaseModel
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (
                 or_, PullRequest, PullRequestReviewers, ChangesetStatus,
                 PullRequestVersion, ChangesetComment, Repository, RepoReviewRule)
             from rhodecode.model.meta import Session
             from rhodecode.model.notification import NotificationModel, \
                 EmailNotificationModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.settings import VcsSettingsModel
             log = logging.getLogger(__name__)
             # Data structure to hold the response data when updating commits during a pull
             # request update.
             UpdateResponse = collections.namedtuple('UpdateResponse', [
                 'executed', 'reason', 'new', 'old', 'changes',
                 'source_changed', 'target_changed'])
             class PullRequestModel(BaseModel):
                 cls = PullRequest
                 DIFF_CONTEXT = 3
                 MERGE_STATUS_MESSAGES = {
                     MergeFailureReason.NONE: lazy_ugettext(
                         'This pull request can be automatically merged.'),
                     MergeFailureReason.UNKNOWN: lazy_ugettext(
                         'This pull request cannot be merged because of an unhandled'
                         ' exception.'),
                     MergeFailureReason.MERGE_FAILED: lazy_ugettext(
                         'This pull request cannot be merged because of merge conflicts.'),
                     MergeFailureReason.PUSH_FAILED: lazy_ugettext(
                         'This pull request could not be merged because push to target'
                         ' failed.'),
                     MergeFailureReason.TARGET_IS_NOT_HEAD: lazy_ugettext(
                         'This pull request cannot be merged because the target is not a'
                         ' head.'),
                     MergeFailureReason.HG_SOURCE_HAS_MORE_BRANCHES: lazy_ugettext(
                         'This pull request cannot be merged because the source contains'
                         ' more branches than the target.'),
                     MergeFailureReason.HG_TARGET_HAS_MULTIPLE_HEADS: lazy_ugettext(
                         'This pull request cannot be merged because the target has'
                         ' multiple heads.'),
                     MergeFailureReason.TARGET_IS_LOCKED: lazy_ugettext(
                         'This pull request cannot be merged because the target repository'
                         ' is locked.'),
                     MergeFailureReason._DEPRECATED_MISSING_COMMIT: lazy_ugettext(
                         'This pull request cannot be merged because the target or the '
                         'source reference is missing.'),
                     MergeFailureReason.MISSING_TARGET_REF: lazy_ugettext(
                         'This pull request cannot be merged because the target '
                         'reference is missing.'),
                     MergeFailureReason.MISSING_SOURCE_REF: lazy_ugettext(
                         'This pull request cannot be merged because the source '
                         'reference is missing.'),
                     MergeFailureReason.SUBREPO_MERGE_FAILED: lazy_ugettext(
                         'This pull request cannot be merged because of conflicts related '
                         'to sub repositories.'),
                 }
                 UPDATE_STATUS_MESSAGES = {
                     UpdateFailureReason.NONE: lazy_ugettext(
                         'Pull request update successful.'),
                     UpdateFailureReason.UNKNOWN: lazy_ugettext(
                         'Pull request update failed because of an unknown error.'),
                     UpdateFailureReason.NO_CHANGE: lazy_ugettext(
                         'No update needed because the source and target have not changed.'),
                     UpdateFailureReason.WRONG_REF_TYPE: lazy_ugettext(
                         'Pull request cannot be updated because the reference type is '
                         'not supported for an update. Only Branch, Tag or Bookmark is allowed.'),
                     UpdateFailureReason.MISSING_TARGET_REF: lazy_ugettext(
                         'This pull request cannot be updated because the target '
                         'reference is missing.'),
                     UpdateFailureReason.MISSING_SOURCE_REF: lazy_ugettext(
                         'This pull request cannot be updated because the source '
                         'reference is missing.'),
                 }
                 def __get_pull_request(self, pull_request):
                     return self._get_instance((
                         PullRequest, PullRequestVersion), pull_request)
                 def _check_perms(self, perms, pull_request, user, api=False):
                     if not api:
                         return h.HasRepoPermissionAny(*perms)(
                             user=user, repo_name=pull_request.target_repo.repo_name)
                     else:
                         return h.HasRepoPermissionAnyApi(*perms)(
                             user=user, repo_name=pull_request.target_repo.repo_name)
                 def check_user_read(self, pull_request, user, api=False):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     return self._check_perms(_perms, pull_request, user, api)
                 def check_user_merge(self, pull_request, user, api=False):
                     _perms = ('repository.admin', 'repository.write', 'hg.admin',)
                     return self._check_perms(_perms, pull_request, user, api)
                 def check_user_update(self, pull_request, user, api=False):
                     owner = user.user_id == pull_request.user_id
                     return self.check_user_merge(pull_request, user, api) or owner
                 def check_user_delete(self, pull_request, user):
                     owner = user.user_id == pull_request.user_id
                     _perms = ('repository.admin',)
                     return self._check_perms(_perms, pull_request, user) or owner
                 def check_user_change_status(self, pull_request, user, api=False):
                     reviewer = user.user_id in [x.user_id for x in
                                                 pull_request.reviewers]
                     return self.check_user_update(pull_request, user, api) or reviewer
                 def check_user_comment(self, pull_request, user):
                     owner = user.user_id == pull_request.user_id
                     return self.check_user_read(pull_request, user) or owner
                 def get(self, pull_request):
                     return self.__get_pull_request(pull_request)
                 def _prepare_get_all_query(self, repo_name, source=False, statuses=None,
                                            opened_by=None, order_by=None,
                                            order_dir='desc'):
                     repo = None
                     if repo_name:
                         repo = self._get_repo(repo_name)
                     q = PullRequest.query()
                     # source or target
                     if repo and source:
                         q = q.filter(PullRequest.source_repo == repo)
                     elif repo:
                         q = q.filter(PullRequest.target_repo == repo)
                     # closed,opened
                     if statuses:
                         q = q.filter(PullRequest.status.in_(statuses))
                     # opened by filter
                     if opened_by:
                         q = q.filter(PullRequest.user_id.in_(opened_by))
                     if order_by:
                         order_map = {
                             'name_raw': PullRequest.pull_request_id,
                             'title': PullRequest.title,
                             'updated_on_raw': PullRequest.updated_on,
                             'target_repo': PullRequest.target_repo_id
                         }
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_all(self, repo_name, source=False, statuses=None,
                               opened_by=None):
                     """
                     Count the number of pull requests for a specific repository.
                     :param repo_name: target or source repo
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :returns: int number of pull requests
                     """
                     q = self._prepare_get_all_query(
                         repo_name, source=source, statuses=statuses, opened_by=opened_by)
                     return q.count()
                 def get_all(self, repo_name, source=False, statuses=None, opened_by=None,
                             offset=0, length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository.
                     :param repo_name: target or source repo
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     q = self._prepare_get_all_query(
                         repo_name, source=source, statuses=statuses, opened_by=opened_by,
                         order_by=order_by, order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def count_awaiting_review(self, repo_name, source=False, statuses=None,
                                           opened_by=None):
                     """
                     Count the number of pull requests for a specific repository that are
                     awaiting review.
                     :param repo_name: target or source repo
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :returns: int number of pull requests
                     """
                     pull_requests = self.get_awaiting_review(
                         repo_name, source=source, statuses=statuses, opened_by=opened_by)
                     return len(pull_requests)
                 def get_awaiting_review(self, repo_name, source=False, statuses=None,
                                         opened_by=None, offset=0, length=None,
                                         order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository that are awaiting
                     review.
                     :param repo_name: target or source repo
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     pull_requests = self.get_all(
                         repo_name, source=source, statuses=statuses, opened_by=opened_by,
                         order_by=order_by, order_dir=order_dir)
                     _filtered_pull_requests = []
                     for pr in pull_requests:
                         status = pr.calculated_review_status()
                         if status in [ChangesetStatus.STATUS_NOT_REVIEWED,
                                       ChangesetStatus.STATUS_UNDER_REVIEW]:
                             _filtered_pull_requests.append(pr)
                     if length:
                         return _filtered_pull_requests[offset:offset+length]
                     else:
                         return _filtered_pull_requests
                 def count_awaiting_my_review(self, repo_name, source=False, statuses=None,
                                              opened_by=None, user_id=None):
                     """
                     Count the number of pull requests for a specific repository that are
                     awaiting review from a specific user.
                     :param repo_name: target or source repo
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param user_id: reviewer user of the pull request
                     :returns: int number of pull requests
                     """
                     pull_requests = self.get_awaiting_my_review(
                         repo_name, source=source, statuses=statuses, opened_by=opened_by,
                         user_id=user_id)
                     return len(pull_requests)
                 def get_awaiting_my_review(self, repo_name, source=False, statuses=None,
                                            opened_by=None, user_id=None, offset=0,
                                            length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository that are awaiting
                     review from a specific user.
                     :param repo_name: target or source repo
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param user_id: reviewer user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     pull_requests = self.get_all(
                         repo_name, source=source, statuses=statuses, opened_by=opened_by,
                         order_by=order_by, order_dir=order_dir)
                     _my = PullRequestModel().get_not_reviewed(user_id)
                     my_participation = []
                     for pr in pull_requests:
                         if pr in _my:
                             my_participation.append(pr)
                     _filtered_pull_requests = my_participation
                     if length:
                         return _filtered_pull_requests[offset:offset+length]
                     else:
                         return _filtered_pull_requests
                 def get_not_reviewed(self, user_id):
                     return [
                         x.pull_request for x in PullRequestReviewers.query().filter(
                             PullRequestReviewers.user_id == user_id).all()
                     ]
                 def _prepare_participating_query(self, user_id=None, statuses=None,
                                                  order_by=None, order_dir='desc'):
                     q = PullRequest.query()
                     if user_id:
                         reviewers_subquery = Session().query(
                             PullRequestReviewers.pull_request_id).filter(
                             PullRequestReviewers.user_id == user_id).subquery()
                         user_filter = or_(
                             PullRequest.user_id == user_id,
                             PullRequest.pull_request_id.in_(reviewers_subquery)
                         )
                         q = PullRequest.query().filter(user_filter)
                     # closed,opened
                     if statuses:
                         q = q.filter(PullRequest.status.in_(statuses))
                     if order_by:
                         order_map = {
                             'name_raw': PullRequest.pull_request_id,
                             'title': PullRequest.title,
                             'updated_on_raw': PullRequest.updated_on,
                             'target_repo': PullRequest.target_repo_id
                         }
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_im_participating_in(self, user_id=None, statuses=None):
                     q = self._prepare_participating_query(user_id, statuses=statuses)
                     return q.count()
                 def get_im_participating_in(
                         self, user_id=None, statuses=None, offset=0,
                         length=None, order_by=None, order_dir='desc'):
                     """
                     Get all Pull requests that i'm participating in, or i have opened
                     """
                     q = self._prepare_participating_query(
                         user_id, statuses=statuses, order_by=order_by,
                         order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def get_versions(self, pull_request):
                     """
                     returns version of pull request sorted by ID descending
                     """
                     return PullRequestVersion.query()\
                         .filter(PullRequestVersion.pull_request == pull_request)\
                         .order_by(PullRequestVersion.pull_request_version_id.asc())\
                         .all()
                 def get_pr_version(self, pull_request_id, version=None):
                     at_version = None
                     if version and version == 'latest':
                         pull_request_ver = PullRequest.get(pull_request_id)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_obj
                         at_version = 'latest'
                     elif version:
                         pull_request_ver = PullRequestVersion.get_or_404(version)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_ver.pull_request
                         at_version = pull_request_ver.pull_request_version_id
                     else:
                         _org_pull_request_obj = pull_request_obj = PullRequest.get_or_404(
                             pull_request_id)
                     pull_request_display_obj = PullRequest.get_pr_display_object(
                         pull_request_obj, _org_pull_request_obj)
                     return _org_pull_request_obj, pull_request_obj, \
                            pull_request_display_obj, at_version
                 def create(self, created_by, source_repo, source_ref, target_repo,
                            target_ref, revisions, reviewers, title, description=None,
                            reviewer_data=None, translator=None, auth_user=None):
                     translator = translator or get_current_request().translate
                     created_by_user = self._get_user(created_by)
                     auth_user = auth_user or created_by_user
                     source_repo = self._get_repo(source_repo)
                     target_repo = self._get_repo(target_repo)
                     pull_request = PullRequest()
                     pull_request.source_repo = source_repo
                     pull_request.source_ref = source_ref
                     pull_request.target_repo = target_repo
                     pull_request.target_ref = target_ref
                     pull_request.revisions = revisions
                     pull_request.title = title
                     pull_request.description = description
                     pull_request.author = created_by_user
                     pull_request.reviewer_data = reviewer_data
                     Session().add(pull_request)
                     Session().flush()
                     reviewer_ids = set()
                     # members / reviewers
                     for reviewer_object in reviewers:
                         user_id, reasons, mandatory, rules = reviewer_object
                         user = self._get_user(user_id)
                         # skip duplicates
                         if user.user_id in reviewer_ids:
                             continue
                         reviewer_ids.add(user.user_id)
                         reviewer = PullRequestReviewers()
                         reviewer.user = user
                         reviewer.pull_request = pull_request
                         reviewer.reasons = reasons
                         reviewer.mandatory = mandatory
                         # NOTE(marcink): pick only first rule for now
                         rule_id = rules[0] if rules else None
                         rule = RepoReviewRule.get(rule_id) if rule_id else None
                         if rule:
                             review_group = rule.user_group_vote_rule()
                             if review_group:
                                 # NOTE(marcink):
                                 # again, can be that user is member of more,
                                 # but we pick the first same, as default reviewers algo
                                 review_group = review_group[0]
                                 rule_data = {
                                     'rule_name':
                                         rule.review_rule_name,
                                     'rule_user_group_entry_id':
                                         review_group.repo_review_rule_users_group_id,
                                     'rule_user_group_name':
                                         review_group.users_group.users_group_name,
                                     'rule_user_group_members':
                                         [x.user.username for x in review_group.users_group.members],
                                 }
                                 # e.g {'vote_rule': -1, 'mandatory': True}
                                 rule_data.update(review_group.rule_data())
                                 reviewer.rule_data = rule_data
                         Session().add(reviewer)
                         Session().flush()
                     # Set approval status to "Under Review" for all commits which are
                     # part of this pull request.
                     ChangesetStatusModel().set_status(
                         repo=target_repo,
                         status=ChangesetStatus.STATUS_UNDER_REVIEW,
                         user=created_by_user,
                         pull_request=pull_request
                     )
                     # we commit early at this point. This has to do with a fact
                     # that before queries do some row-locking. And because of that
                     # we need to commit and finish transation before below validate call
                     # that for large repos could be long resulting in long row locks
                     Session().commit()
                     # prepare workspace, and run initial merge simulation
                     MergeCheck.validate(
                         pull_request, user=created_by_user, translator=translator)
                     self.notify_reviewers(pull_request, reviewer_ids)
                     self._trigger_pull_request_hook(
                         pull_request, created_by_user, 'create')
                     creation_data = pull_request.get_api_data(with_merge_state=False)
                     self._log_audit_action(
                         'repo.pull_request.create', {'data': creation_data},
                         auth_user, pull_request)
                     return pull_request
                 def _trigger_pull_request_hook(self, pull_request, user, action):
                     pull_request = self.__get_pull_request(pull_request)
                     target_scm = pull_request.target_repo.scm_instance()
                     if action == 'create':
                         trigger_hook = hooks_utils.trigger_log_create_pull_request_hook
                     elif action == 'merge':
                         trigger_hook = hooks_utils.trigger_log_merge_pull_request_hook
                     elif action == 'close':
                         trigger_hook = hooks_utils.trigger_log_close_pull_request_hook
                     elif action == 'review_status_change':
                         trigger_hook = hooks_utils.trigger_log_review_pull_request_hook
                     elif action == 'update':
                         trigger_hook = hooks_utils.trigger_log_update_pull_request_hook
                     else:
                         return
                     trigger_hook(
                         username=user.username,
                         repo_name=pull_request.target_repo.repo_name,
                         repo_alias=target_scm.alias,
                         pull_request=pull_request)
                 def _get_commit_ids(self, pull_request):
                     """
                     Return the commit ids of the merged pull request.
                     This method is not dealing correctly yet with the lack of autoupdates
                     nor with the implicit target updates.
                     For example: if a commit in the source repo is already in the target it
                     will be reported anyways.
                     """
                     merge_rev = pull_request.merge_rev
                     if merge_rev is None:
                         raise ValueError('This pull request was not merged yet')
                     commit_ids = list(pull_request.revisions)
                     if merge_rev not in commit_ids:
                         commit_ids.append(merge_rev)
                     return commit_ids
                 def merge_repo(self, pull_request, user, extras):
                     log.debug("Merging pull request %s", pull_request.pull_request_id)
                     merge_state = self._merge_pull_request(pull_request, user, extras)
                     if merge_state.executed:
                         log.debug(
                             "Merge was successful, updating the pull request comments.")
                         self._comment_and_close_pr(pull_request, user, merge_state)
                         self._log_audit_action(
                             'repo.pull_request.merge',
                             {'merge_state': merge_state.__dict__},
                             user, pull_request)
                     else:
                         log.warn("Merge failed, not updating the pull request.")
                     return merge_state
                 def _merge_pull_request(self, pull_request, user, extras, merge_msg=None):
                     target_vcs = pull_request.target_repo.scm_instance()
                     source_vcs = pull_request.source_repo.scm_instance()
                     target_ref = self._refresh_reference(
                         pull_request.target_ref_parts, target_vcs)
                     message = merge_msg or (
                         'Merge pull request #%(pr_id)s from '
                         '%(source_repo)s %(source_ref_name)s\n\n %(pr_title)s') % {
                             'pr_id': pull_request.pull_request_id,
                             'source_repo': source_vcs.name,
                             'source_ref_name': pull_request.source_ref_parts.name,
                             'pr_title': pull_request.title
                         }
                     workspace_id = self._workspace_id(pull_request)
                     repo_id = pull_request.target_repo.repo_id
                     use_rebase = self._use_rebase_for_merging(pull_request)
                     close_branch = self._close_branch_before_merging(pull_request)
                     callback_daemon, extras = prepare_callback_daemon(
                         extras, protocol=vcs_settings.HOOKS_PROTOCOL,
+                        host=vcs_settings.HOOKS_HOST,
                         use_direct_calls=vcs_settings.HOOKS_DIRECT_CALLS)
                     with callback_daemon:
                         # TODO: johbo: Implement a clean way to run a config_override
                         # for a single call.
                         target_vcs.config.set(
                             'rhodecode', 'RC_SCM_DATA', json.dumps(extras))
                         merge_state = target_vcs.merge(
                             repo_id, workspace_id, target_ref, source_vcs,
                             pull_request.source_ref_parts,
                             user_name=user.username, user_email=user.email,
                             message=message, use_rebase=use_rebase,
                             close_branch=close_branch)
                     return merge_state
                 def _comment_and_close_pr(self, pull_request, user, merge_state, close_msg=None):
                     pull_request.merge_rev = merge_state.merge_ref.commit_id
                     pull_request.updated_on = datetime.datetime.now()
                     close_msg = close_msg or 'Pull request merged and closed'
                     CommentsModel().create(
                         text=safe_unicode(close_msg),
                         repo=pull_request.target_repo.repo_id,
                         user=user.user_id,
                         pull_request=pull_request.pull_request_id,
                         f_path=None,
                         line_no=None,
                         closing_pr=True
                     )
                     Session().add(pull_request)
                     Session().flush()
                     # TODO: paris: replace invalidation with less radical solution
                     ScmModel().mark_for_invalidation(
                         pull_request.target_repo.repo_name)
                     self._trigger_pull_request_hook(pull_request, user, 'merge')
                 def has_valid_update_type(self, pull_request):
                     source_ref_type = pull_request.source_ref_parts.type
                     return source_ref_type in ['book', 'branch', 'tag']
                 def update_commits(self, pull_request):
                     """
                     Get the updated list of commits for the pull request
                     and return the new pull request version and the list
                     of commits processed by this update action
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     source_ref_type = pull_request.source_ref_parts.type
                     source_ref_name = pull_request.source_ref_parts.name
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_type = pull_request.target_ref_parts.type
                     target_ref_name = pull_request.target_ref_parts.name
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     if not self.has_valid_update_type(pull_request):
                         log.debug(
                             "Skipping update of pull request %s due to ref type: %s",
                             pull_request, source_ref_type)
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.WRONG_REF_TYPE,
                             old=pull_request, new=None, changes=None,
                             source_changed=False, target_changed=False)
                     # source repo
                     source_repo = pull_request.source_repo.scm_instance()
                     try:
                         source_commit = source_repo.get_commit(commit_id=source_ref_name)
                     except CommitDoesNotExistError:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_SOURCE_REF,
                             old=pull_request, new=None, changes=None,
                             source_changed=False, target_changed=False)
                     source_changed = source_ref_id != source_commit.raw_id
                     # target repo
                     target_repo = pull_request.target_repo.scm_instance()
                     try:
                         target_commit = target_repo.get_commit(commit_id=target_ref_name)
                     except CommitDoesNotExistError:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_TARGET_REF,
                             old=pull_request, new=None, changes=None,
                             source_changed=False, target_changed=False)
                     target_changed = target_ref_id != target_commit.raw_id
                     if not (source_changed or target_changed):
                         log.debug("Nothing changed in pull request %s", pull_request)
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.NO_CHANGE,
                             old=pull_request, new=None, changes=None,
                             source_changed=target_changed, target_changed=source_changed)
                     change_in_found = 'target repo' if target_changed else 'source repo'
                     log.debug('Updating pull request because of change in %s detected',
                               change_in_found)
                     # Finally there is a need for an update, in case of source change
                     # we create a new version, else just an update
                     if source_changed:
                         pull_request_version = self._create_version_from_snapshot(pull_request)
                         self._link_comments_to_version(pull_request_version)
                     else:
                         try:
                             ver = pull_request.versions[-1]
                         except IndexError:
                             ver = None
                         pull_request.pull_request_version_id = \
                             ver.pull_request_version_id if ver else None
                         pull_request_version = pull_request
                     try:
                         if target_ref_type in ('tag', 'branch', 'book'):
                             target_commit = target_repo.get_commit(target_ref_name)
                         else:
                             target_commit = target_repo.get_commit(target_ref_id)
                     except CommitDoesNotExistError:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_TARGET_REF,
                             old=pull_request, new=None, changes=None,
                             source_changed=source_changed, target_changed=target_changed)
                     # re-compute commit ids
                     old_commit_ids = pull_request.revisions
                     pre_load = ["author", "branch", "date", "message"]
                     commit_ranges = target_repo.compare(
                         target_commit.raw_id, source_commit.raw_id, source_repo, merge=True,
                         pre_load=pre_load)
                     ancestor = target_repo.get_common_ancestor(
                         target_commit.raw_id, source_commit.raw_id, source_repo)
                     pull_request.source_ref = '%s:%s:%s' % (
                         source_ref_type, source_ref_name, source_commit.raw_id)
                     pull_request.target_ref = '%s:%s:%s' % (
                         target_ref_type, target_ref_name, ancestor)
                     pull_request.revisions = [
                         commit.raw_id for commit in reversed(commit_ranges)]
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     new_commit_ids = pull_request.revisions
                     old_diff_data, new_diff_data = self._generate_update_diffs(
                         pull_request, pull_request_version)
                     # calculate commit and file changes
                     changes = self._calculate_commit_id_changes(
                         old_commit_ids, new_commit_ids)
                     file_changes = self._calculate_file_changes(
                         old_diff_data, new_diff_data)
                     # set comments as outdated if DIFFS changed
                     CommentsModel().outdate_comments(
                         pull_request, old_diff_data=old_diff_data,
                         new_diff_data=new_diff_data)
                     commit_changes = (changes.added or changes.removed)
                     file_node_changes = (
                         file_changes.added or file_changes.modified or file_changes.removed)
                     pr_has_changes = commit_changes or file_node_changes
                     # Add an automatic comment to the pull request, in case
                     # anything has changed
                     if pr_has_changes:
                         update_comment = CommentsModel().create(
                             text=self._render_update_message(changes, file_changes),
                             repo=pull_request.target_repo,
                             user=pull_request.author,
                             pull_request=pull_request,
                             send_email=False, renderer=DEFAULT_COMMENTS_RENDERER)
                         # Update status to "Under Review" for added commits
                         for commit_id in changes.added:
                             ChangesetStatusModel().set_status(
                                 repo=pull_request.source_repo,
                                 status=ChangesetStatus.STATUS_UNDER_REVIEW,
                                 comment=update_comment,
                                 user=pull_request.author,
                                 pull_request=pull_request,
                                 revision=commit_id)
                     log.debug(
                         'Updated pull request %s, added_ids: %s, common_ids: %s, '
                         'removed_ids: %s', pull_request.pull_request_id,
                         changes.added, changes.common, changes.removed)
                     log.debug(
                         'Updated pull request with the following file changes: %s',
                         file_changes)
                     log.info(
                         "Updated pull request %s from commit %s to commit %s, "
                         "stored new version %s of this pull request.",
                         pull_request.pull_request_id, source_ref_id,
                         pull_request.source_ref_parts.commit_id,
                         pull_request_version.pull_request_version_id)
                     Session().commit()
                     self._trigger_pull_request_hook(
                         pull_request, pull_request.author, 'update')
                     return UpdateResponse(
                         executed=True, reason=UpdateFailureReason.NONE,
                         old=pull_request, new=pull_request_version, changes=changes,
                         source_changed=source_changed, target_changed=target_changed)
                 def _create_version_from_snapshot(self, pull_request):
                     version = PullRequestVersion()
                     version.title = pull_request.title
                     version.description = pull_request.description
                     version.status = pull_request.status
                     version.created_on = datetime.datetime.now()
                     version.updated_on = pull_request.updated_on
                     version.user_id = pull_request.user_id
                     version.source_repo = pull_request.source_repo
                     version.source_ref = pull_request.source_ref
                     version.target_repo = pull_request.target_repo
                     version.target_ref = pull_request.target_ref
                     version._last_merge_source_rev = pull_request._last_merge_source_rev
                     version._last_merge_target_rev = pull_request._last_merge_target_rev
                     version.last_merge_status = pull_request.last_merge_status
                     version.shadow_merge_ref = pull_request.shadow_merge_ref
                     version.merge_rev = pull_request.merge_rev
                     version.reviewer_data = pull_request.reviewer_data
                     version.revisions = pull_request.revisions
                     version.pull_request = pull_request
                     Session().add(version)
                     Session().flush()
                     return version
                 def _generate_update_diffs(self, pull_request, pull_request_version):
                     diff_context = (
                         self.DIFF_CONTEXT +
                         CommentsModel.needed_extra_diff_context())
                     source_repo = pull_request_version.source_repo
                     source_ref_id = pull_request_version.source_ref_parts.commit_id
                     target_ref_id = pull_request_version.target_ref_parts.commit_id
                     old_diff = self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id, context=diff_context)
                     source_repo = pull_request.source_repo
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     new_diff = self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id, context=diff_context)
                     old_diff_data = diffs.DiffProcessor(old_diff)
                     old_diff_data.prepare()
                     new_diff_data = diffs.DiffProcessor(new_diff)
                     new_diff_data.prepare()
                     return old_diff_data, new_diff_data
                 def _link_comments_to_version(self, pull_request_version):
                     """
                     Link all unlinked comments of this pull request to the given version.
                     :param pull_request_version: The `PullRequestVersion` to which
                         the comments shall be linked.
                     """
                     pull_request = pull_request_version.pull_request
                     comments = ChangesetComment.query()\
                         .filter(
                             # TODO: johbo: Should we query for the repo at all here?
                             # Pending decision on how comments of PRs are to be related
                             # to either the source repo, the target repo or no repo at all.
                             ChangesetComment.repo_id == pull_request.target_repo.repo_id,
                             ChangesetComment.pull_request == pull_request,
                             ChangesetComment.pull_request_version == None)\
                         .order_by(ChangesetComment.comment_id.asc())
                     # TODO: johbo: Find out why this breaks if it is done in a bulk
                     # operation.
                     for comment in comments:
                         comment.pull_request_version_id = (
                             pull_request_version.pull_request_version_id)
                         Session().add(comment)
                 def _calculate_commit_id_changes(self, old_ids, new_ids):
                     added = [x for x in new_ids if x not in old_ids]
                     common = [x for x in new_ids if x in old_ids]
                     removed = [x for x in old_ids if x not in new_ids]
                     total = new_ids
                     return ChangeTuple(added, common, removed, total)
                 def _calculate_file_changes(self, old_diff_data, new_diff_data):
                     old_files = OrderedDict()
                     for diff_data in old_diff_data.parsed_diff:
                         old_files[diff_data['filename']] = md5_safe(diff_data['raw_diff'])
                     added_files = []
                     modified_files = []
                     removed_files = []
                     for diff_data in new_diff_data.parsed_diff:
                         new_filename = diff_data['filename']
                         new_hash = md5_safe(diff_data['raw_diff'])
                         old_hash = old_files.get(new_filename)
                         if not old_hash:
                             # file is not present in old diff, means it's added
                             added_files.append(new_filename)
                         else:
                             if new_hash != old_hash:
                                 modified_files.append(new_filename)
                             # now remove a file from old, since we have seen it already
                             del old_files[new_filename]
                     # removed files is when there are present in old, but not in NEW,
                     # since we remove old files that are present in new diff, left-overs
                     # if any should be the removed files
                     removed_files.extend(old_files.keys())
                     return FileChangeTuple(added_files, modified_files, removed_files)
                 def _render_update_message(self, changes, file_changes):
                     """
                     render the message using DEFAULT_COMMENTS_RENDERER (RST renderer),
                     so it's always looking the same disregarding on which default
                     renderer system is using.
                     :param changes: changes named tuple
                     :param file_changes: file changes named tuple
                     """
                     new_status = ChangesetStatus.get_status_lbl(
                         ChangesetStatus.STATUS_UNDER_REVIEW)
                     changed_files = (
                         file_changes.added + file_changes.modified + file_changes.removed)
                     params = {
                         'under_review_label': new_status,
                         'added_commits': changes.added,
                         'removed_commits': changes.removed,
                         'changed_files': changed_files,
                         'added_files': file_changes.added,
                         'modified_files': file_changes.modified,
                         'removed_files': file_changes.removed,
                     }
                     renderer = RstTemplateRenderer()
                     return renderer.render('pull_request_update.mako', **params)
                 def edit(self, pull_request, title, description, user):
                     pull_request = self.__get_pull_request(pull_request)
                     old_data = pull_request.get_api_data(with_merge_state=False)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     if title:
                         pull_request.title = title
                     pull_request.description = description
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     self._log_audit_action(
                         'repo.pull_request.edit', {'old_data': old_data},
                         user, pull_request)
                 def update_reviewers(self, pull_request, reviewer_data, user):
                     """
                     Update the reviewers in the pull request
                     :param pull_request: the pr to update
                     :param reviewer_data: list of tuples
                         [(user, ['reason1', 'reason2'], mandatory_flag, [rules])]
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     reviewers = {}
                     for user_id, reasons, mandatory, rules in reviewer_data:
                         if isinstance(user_id, (int, basestring)):
                             user_id = self._get_user(user_id).user_id
                         reviewers[user_id] = {
                             'reasons': reasons, 'mandatory': mandatory}
                     reviewers_ids = set(reviewers.keys())
                     current_reviewers = PullRequestReviewers.query()\
                         .filter(PullRequestReviewers.pull_request ==
                                 pull_request).all()
                     current_reviewers_ids = set([x.user.user_id for x in current_reviewers])
                     ids_to_add = reviewers_ids.difference(current_reviewers_ids)
                     ids_to_remove = current_reviewers_ids.difference(reviewers_ids)
                     log.debug("Adding %s reviewers", ids_to_add)
                     log.debug("Removing %s reviewers", ids_to_remove)
                     changed = False
                     for uid in ids_to_add:
                         changed = True
                         _usr = self._get_user(uid)
                         reviewer = PullRequestReviewers()
                         reviewer.user = _usr
                         reviewer.pull_request = pull_request
                         reviewer.reasons = reviewers[uid]['reasons']
                         # NOTE(marcink): mandatory shouldn't be changed now
                         # reviewer.mandatory = reviewers[uid]['reasons']
                         Session().add(reviewer)
                         self._log_audit_action(
                             'repo.pull_request.reviewer.add', {'data': reviewer.get_dict()},
                             user, pull_request)
                     for uid in ids_to_remove:
                         changed = True
                         reviewers = PullRequestReviewers.query()\
                             .filter(PullRequestReviewers.user_id == uid,
                                     PullRequestReviewers.pull_request == pull_request)\
                             .all()
                         # use .all() in case we accidentally added the same person twice
                         # this CAN happen due to the lack of DB checks
                         for obj in reviewers:
                             old_data = obj.get_dict()
                             Session().delete(obj)
                             self._log_audit_action(
                                 'repo.pull_request.reviewer.delete',
                                 {'old_data': old_data}, user, pull_request)
                     if changed:
                         pull_request.updated_on = datetime.datetime.now()
                         Session().add(pull_request)
                     self.notify_reviewers(pull_request, ids_to_add)
                     return ids_to_add, ids_to_remove
                 def get_url(self, pull_request, request=None, permalink=False):
                     if not request:
                         request = get_current_request()
                     if permalink:
                         return request.route_url(
                             'pull_requests_global',
                             pull_request_id=pull_request.pull_request_id,)
                     else:
                         return request.route_url('pullrequest_show',
                             repo_name=safe_str(pull_request.target_repo.repo_name),
                             pull_request_id=pull_request.pull_request_id,)
                 def get_shadow_clone_url(self, pull_request, request=None):
                     """
                     Returns qualified url pointing to the shadow repository. If this pull
                     request is closed there is no shadow repository and ``None`` will be
                     returned.
                     """
                     if pull_request.is_closed():
                         return None
                     else:
                         pr_url = urllib.unquote(self.get_url(pull_request, request=request))
                         return safe_unicode('{pr_url}/repository'.format(pr_url=pr_url))
                 def notify_reviewers(self, pull_request, reviewers_ids):
                     # notification to reviewers
                     if not reviewers_ids:
                         return
                     pull_request_obj = pull_request
                     # get the current participants of this pull request
                     recipients = reviewers_ids
                     notification_type = EmailNotificationModel.TYPE_PULL_REQUEST
                     pr_source_repo = pull_request_obj.source_repo
                     pr_target_repo = pull_request_obj.target_repo
                     pr_url = h.route_url('pullrequest_show',
                         repo_name=pr_target_repo.repo_name,
                         pull_request_id=pull_request_obj.pull_request_id,)
                     # set some variables for email notification
                     pr_target_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_target_repo.repo_name)
                     pr_source_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_source_repo.repo_name)
                     # pull request specifics
                     pull_request_commits = [
                         (x.raw_id, x.message)
                         for x in map(pr_source_repo.get_commit, pull_request.revisions)]
                     kwargs = {
                         'user': pull_request.author,
                         'pull_request': pull_request_obj,
                         'pull_request_commits': pull_request_commits,
                         'pull_request_target_repo': pr_target_repo,
                         'pull_request_target_repo_url': pr_target_repo_url,
                         'pull_request_source_repo': pr_source_repo,
                         'pull_request_source_repo_url': pr_source_repo_url,
                         'pull_request_url': pr_url,
                     }
                     # pre-generate the subject for notification itself
                     (subject,
                      _h, _e,  # we don't care about those
                      body_plaintext) = EmailNotificationModel().render_email(
                         notification_type, **kwargs)
                     # create notification objects, and emails
                     NotificationModel().create(
                         created_by=pull_request.author,
                         notification_subject=subject,
                         notification_body=body_plaintext,
                         notification_type=notification_type,
                         recipients=recipients,
                         email_kwargs=kwargs,
                     )
                 def delete(self, pull_request, user):
                     pull_request = self.__get_pull_request(pull_request)
                     old_data = pull_request.get_api_data(with_merge_state=False)
                     self._cleanup_merge_workspace(pull_request)
                     self._log_audit_action(
                         'repo.pull_request.delete', {'old_data': old_data},
                         user, pull_request)
                     Session().delete(pull_request)
                 def close_pull_request(self, pull_request, user):
                     pull_request = self.__get_pull_request(pull_request)
                     self._cleanup_merge_workspace(pull_request)
                     pull_request.status = PullRequest.STATUS_CLOSED
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     self._trigger_pull_request_hook(
                         pull_request, pull_request.author, 'close')
                     pr_data = pull_request.get_api_data(with_merge_state=False)
                     self._log_audit_action(
                         'repo.pull_request.close', {'data': pr_data}, user, pull_request)
                 def close_pull_request_with_comment(
                         self, pull_request, user, repo, message=None):
                     pull_request_review_status = pull_request.calculated_review_status()
                     if pull_request_review_status == ChangesetStatus.STATUS_APPROVED:
                         # approved only if we have voting consent
                         status = ChangesetStatus.STATUS_APPROVED
                     else:
                         status = ChangesetStatus.STATUS_REJECTED
                     status_lbl = ChangesetStatus.get_status_lbl(status)
                     default_message = (
                         'Closing with status change {transition_icon} {status}.'
                     ).format(transition_icon='>', status=status_lbl)
                     text = message or default_message
                     # create a comment, and link it to new status
                     comment = CommentsModel().create(
                         text=text,
                         repo=repo.repo_id,
                         user=user.user_id,
                         pull_request=pull_request.pull_request_id,
                         status_change=status_lbl,
                         status_change_type=status,
                         closing_pr=True
                     )
                     # calculate old status before we change it
                     old_calculated_status = pull_request.calculated_review_status()
                     ChangesetStatusModel().set_status(
                         repo.repo_id,
                         status,
                         user.user_id,
                         comment=comment,
                         pull_request=pull_request.pull_request_id
                     )
                     Session().flush()
                     events.trigger(events.PullRequestCommentEvent(pull_request, comment))
                     # we now calculate the status of pull request again, and based on that
                     # calculation trigger status change. This might happen in cases
                     # that non-reviewer admin closes a pr, which means his vote doesn't
                     # change the status, while if he's a reviewer this might change it.
                     calculated_status = pull_request.calculated_review_status()
                     if old_calculated_status != calculated_status:
                         self._trigger_pull_request_hook(
                             pull_request, user, 'review_status_change')
                     # finally close the PR
                     PullRequestModel().close_pull_request(
                         pull_request.pull_request_id, user)
                     return comment, status
                 def merge_status(self, pull_request, translator=None,
                                  force_shadow_repo_refresh=False):
                     _ = translator or get_current_request().translate
                     if not self._is_merge_enabled(pull_request):
                         return False, _('Server-side pull request merging is disabled.')
                     if pull_request.is_closed():
                         return False, _('This pull request is closed.')
                     merge_possible, msg = self._check_repo_requirements(
                         target=pull_request.target_repo, source=pull_request.source_repo,
                         translator=_)
                     if not merge_possible:
                         return merge_possible, msg
                     try:
                         resp = self._try_merge(
                             pull_request,
                             force_shadow_repo_refresh=force_shadow_repo_refresh)
                         log.debug("Merge response: %s", resp)
                         status = resp.possible, self.merge_status_message(
                             resp.failure_reason)
                     except NotImplementedError:
                         status = False, _('Pull request merging is not supported.')
                     return status
                 def _check_repo_requirements(self, target, source, translator):
                     """
                     Check if `target` and `source` have compatible requirements.
                     Currently this is just checking for largefiles.
                     """
                     _ = translator
                     target_has_largefiles = self._has_largefiles(target)
                     source_has_largefiles = self._has_largefiles(source)
                     merge_possible = True
                     message = u''
                     if target_has_largefiles != source_has_largefiles:
                         merge_possible = False
                         if source_has_largefiles:
                             message = _(
                                 'Target repository large files support is disabled.')
                         else:
                             message = _(
                                 'Source repository large files support is disabled.')
                     return merge_possible, message
                 def _has_largefiles(self, repo):
                     largefiles_ui = VcsSettingsModel(repo=repo).get_ui_settings(
                         'extensions', 'largefiles')
                     return largefiles_ui and largefiles_ui[0].active
                 def _try_merge(self, pull_request, force_shadow_repo_refresh=False):
                     """
                     Try to merge the pull request and return the merge status.
                     """
                     log.debug(
                         "Trying out if the pull request %s can be merged. Force_refresh=%s",
                         pull_request.pull_request_id, force_shadow_repo_refresh)
                     target_vcs = pull_request.target_repo.scm_instance()
                     # Refresh the target reference.
                     try:
                         target_ref = self._refresh_reference(
                             pull_request.target_ref_parts, target_vcs)
                     except CommitDoesNotExistError:
                         merge_state = MergeResponse(
                             False, False, None, MergeFailureReason.MISSING_TARGET_REF)
                         return merge_state
                     target_locked = pull_request.target_repo.locked
                     if target_locked and target_locked[0]:
                         log.debug("The target repository is locked.")
                         merge_state = MergeResponse(
                             False, False, None, MergeFailureReason.TARGET_IS_LOCKED)
                     elif force_shadow_repo_refresh or self._needs_merge_state_refresh(
                             pull_request, target_ref):
                         log.debug("Refreshing the merge status of the repository.")
                         merge_state = self._refresh_merge_state(
                             pull_request, target_vcs, target_ref)
                     else:
                         possible = pull_request.\
                             last_merge_status == MergeFailureReason.NONE
                         merge_state = MergeResponse(
                             possible, False, None, pull_request.last_merge_status)
                     return merge_state
                 def _refresh_reference(self, reference, vcs_repository):
                     if reference.type in ('branch', 'book'):
                         name_or_id = reference.name
                     else:
                         name_or_id = reference.commit_id
                     refreshed_commit = vcs_repository.get_commit(name_or_id)
                     refreshed_reference = Reference(
                         reference.type, reference.name, refreshed_commit.raw_id)
                     return refreshed_reference
                 def _needs_merge_state_refresh(self, pull_request, target_reference):
                     return not(
                         pull_request.revisions and
                         pull_request.revisions[0] == pull_request._last_merge_source_rev and
                         target_reference.commit_id == pull_request._last_merge_target_rev)
                 def _refresh_merge_state(self, pull_request, target_vcs, target_reference):
                     workspace_id = self._workspace_id(pull_request)
                     source_vcs = pull_request.source_repo.scm_instance()
                     repo_id = pull_request.target_repo.repo_id
                     use_rebase = self._use_rebase_for_merging(pull_request)
                     close_branch = self._close_branch_before_merging(pull_request)
                     merge_state = target_vcs.merge(
                         repo_id, workspace_id,
                         target_reference, source_vcs, pull_request.source_ref_parts,
                         dry_run=True, use_rebase=use_rebase,
                         close_branch=close_branch)
                     # Do not store the response if there was an unknown error.
                     if merge_state.failure_reason != MergeFailureReason.UNKNOWN:
                         pull_request._last_merge_source_rev = \
                             pull_request.source_ref_parts.commit_id
                         pull_request._last_merge_target_rev = target_reference.commit_id
                         pull_request.last_merge_status = merge_state.failure_reason
                         pull_request.shadow_merge_ref = merge_state.merge_ref
                         Session().add(pull_request)
                         Session().commit()
                     return merge_state
                 def _workspace_id(self, pull_request):
                     workspace_id = 'pr-%s' % pull_request.pull_request_id
                     return workspace_id
                 def merge_status_message(self, status_code):
                     """
                     Return a human friendly error message for the given merge status code.
                     """
                     return self.MERGE_STATUS_MESSAGES[status_code]
                 def generate_repo_data(self, repo, commit_id=None, branch=None,
                                        bookmark=None, translator=None):
                     from rhodecode.model.repo import RepoModel
                     all_refs, selected_ref = \
                         self._get_repo_pullrequest_sources(
                             repo.scm_instance(), commit_id=commit_id,
                             branch=branch, bookmark=bookmark, translator=translator)
                     refs_select2 = []
                     for element in all_refs:
                         children = [{'id': x[0], 'text': x[1]} for x in element[0]]
                         refs_select2.append({'text': element[1], 'children': children})
                     return {
                         'user': {
                             'user_id': repo.user.user_id,
                             'username': repo.user.username,
                             'firstname': repo.user.first_name,
                             'lastname': repo.user.last_name,
                             'gravatar_link': h.gravatar_url(repo.user.email, 14),
                         },
                         'name': repo.repo_name,
                         'link': RepoModel().get_url(repo),
                         'description': h.chop_at_smart(repo.description_safe, '\n'),
                         'refs': {
                             'all_refs': all_refs,
                             'selected_ref': selected_ref,
                             'select2_refs': refs_select2
                         }
                     }
                 def generate_pullrequest_title(self, source, source_ref, target):
                     return u'{source}#{at_ref} to {target}'.format(
                         source=source,
                         at_ref=source_ref,
                         target=target,
                     )
                 def _cleanup_merge_workspace(self, pull_request):
                     # Merging related cleanup
                     repo_id = pull_request.target_repo.repo_id
                     target_scm = pull_request.target_repo.scm_instance()
                     workspace_id = self._workspace_id(pull_request)
                     try:
                         target_scm.cleanup_merge_workspace(repo_id, workspace_id)
                     except NotImplementedError:
                         pass
                 def _get_repo_pullrequest_sources(
                         self, repo, commit_id=None, branch=None, bookmark=None,
                         translator=None):
                     """
                     Return a structure with repo's interesting commits, suitable for
                     the selectors in pullrequest controller
                     :param commit_id: a commit that must be in the list somehow
                         and selected by default
                     :param branch: a branch that must be in the list and selected
                         by default - even if closed
                     :param bookmark: a bookmark that must be in the list and selected
                     """
                     _ = translator or get_current_request().translate
                     commit_id = safe_str(commit_id) if commit_id else None
                     branch = safe_str(branch) if branch else None
                     bookmark = safe_str(bookmark) if bookmark else None
                     selected = None
                     # order matters: first source that has commit_id in it will be selected
                     sources = []
                     sources.append(('book', repo.bookmarks.items(), _('Bookmarks'), bookmark))
                     sources.append(('branch', repo.branches.items(), _('Branches'), branch))
                     if commit_id:
                         ref_commit = (h.short_id(commit_id), commit_id)
                         sources.append(('rev', [ref_commit], _('Commit IDs'), commit_id))
                     sources.append(
                         ('branch', repo.branches_closed.items(), _('Closed Branches'), branch),
                     )
                     groups = []
                     for group_key, ref_list, group_name, match in sources:
                         group_refs = []
                         for ref_name, ref_id in ref_list:
                             ref_key = '%s:%s:%s' % (group_key, ref_name, ref_id)
                             group_refs.append((ref_key, ref_name))
                             if not selected:
                                 if set([commit_id, match]) & set([ref_id, ref_name]):
                                     selected = ref_key
                         if group_refs:
                             groups.append((group_refs, group_name))
                     if not selected:
                         ref = commit_id or branch or bookmark
                         if ref:
                             raise CommitDoesNotExistError(
                                 'No commit refs could be found matching: %s' % ref)
                         elif repo.DEFAULT_BRANCH_NAME in repo.branches:
                             selected = 'branch:%s:%s' % (
                                 repo.DEFAULT_BRANCH_NAME,
                                 repo.branches[repo.DEFAULT_BRANCH_NAME]
                             )
                         elif repo.commit_ids:
                             # make the user select in this case
                             selected = None
                         else:
                             raise EmptyRepositoryError()
                     return groups, selected
                 def get_diff(self, source_repo, source_ref_id, target_ref_id, context=DIFF_CONTEXT):
                     return self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id, context=context)
                 def _get_diff_from_pr_or_version(
                         self, source_repo, source_ref_id, target_ref_id, context):
                     target_commit = source_repo.get_commit(
                         commit_id=safe_str(target_ref_id))
                     source_commit = source_repo.get_commit(
                         commit_id=safe_str(source_ref_id))
                     if isinstance(source_repo, Repository):
                         vcs_repo = source_repo.scm_instance()
                     else:
                         vcs_repo = source_repo
                     # TODO: johbo: In the context of an update, we cannot reach
                     # the old commit anymore with our normal mechanisms. It needs
                     # some sort of special support in the vcs layer to avoid this
                     # workaround.
                     if (source_commit.raw_id == vcs_repo.EMPTY_COMMIT_ID and
                             vcs_repo.alias == 'git'):
                         source_commit.raw_id = safe_str(source_ref_id)
                     log.debug('calculating diff between '
                               'source_ref:%s and target_ref:%s for repo `%s`',
                               target_ref_id, source_ref_id,
                               safe_unicode(vcs_repo.path))
                     vcs_diff = vcs_repo.get_diff(
                         commit1=target_commit, commit2=source_commit, context=context)
                     return vcs_diff
                 def _is_merge_enabled(self, pull_request):
                     return self._get_general_setting(
                         pull_request, 'rhodecode_pr_merge_enabled')
                 def _use_rebase_for_merging(self, pull_request):
                     repo_type = pull_request.target_repo.repo_type
                     if repo_type == 'hg':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_hg_use_rebase_for_merging')
                     elif repo_type == 'git':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_git_use_rebase_for_merging')
                     return False
                 def _close_branch_before_merging(self, pull_request):
                     repo_type = pull_request.target_repo.repo_type
                     if repo_type == 'hg':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_hg_close_branch_before_merging')
                     elif repo_type == 'git':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_git_close_branch_before_merging')
                     return False
                 def _get_general_setting(self, pull_request, settings_key, default=False):
                     settings_model = VcsSettingsModel(repo=pull_request.target_repo)
                     settings = settings_model.get_general_settings()
                     return settings.get(settings_key, default)
                 def _log_audit_action(self, action, action_data, user, pull_request):
                     audit_logger.store(
                         action=action,
                         action_data=action_data,
                         user=user,
                         repo=pull_request.target_repo)
                 def get_reviewer_functions(self):
                     """
                     Fetches functions for validation and fetching default reviewers.
                     If available we use the EE package, else we fallback to CE
                     package functions
                     """
                     try:
                         from rc_reviewers.utils import get_default_reviewers_data
                         from rc_reviewers.utils import validate_default_reviewers
                     except ImportError:
                         from rhodecode.apps.repository.utils import \
                             get_default_reviewers_data
                         from rhodecode.apps.repository.utils import \
                             validate_default_reviewers
                     return get_default_reviewers_data, validate_default_reviewers
             class MergeCheck(object):
                 """
                 Perform Merge Checks and returns a check object which stores information
                 about merge errors, and merge conditions
                 """
                 TODO_CHECK = 'todo'
                 PERM_CHECK = 'perm'
                 REVIEW_CHECK = 'review'
                 MERGE_CHECK = 'merge'
                 def __init__(self):
                     self.review_status = None
                     self.merge_possible = None
                     self.merge_msg = ''
                     self.failed = None
                     self.errors = []
                     self.error_details = OrderedDict()
                 def push_error(self, error_type, message, error_key, details):
                     self.failed = True
                     self.errors.append([error_type, message])
                     self.error_details[error_key] = dict(
                         details=details,
                         error_type=error_type,
                         message=message
                     )
                 @classmethod
                 def validate(cls, pull_request, user, translator, fail_early=False,
                              force_shadow_repo_refresh=False):
                     _ = translator
                     merge_check = cls()
                     # permissions to merge
                     user_allowed_to_merge = PullRequestModel().check_user_merge(
                         pull_request, user)
                     if not user_allowed_to_merge:
                         log.debug("MergeCheck: cannot merge, approval is pending.")
                         msg = _('User `{}` not allowed to perform merge.').format(user.username)
                         merge_check.push_error('error', msg, cls.PERM_CHECK, user.username)
                         if fail_early:
                             return merge_check
                     # review status, must be always present
                     review_status = pull_request.calculated_review_status()
                     merge_check.review_status = review_status
                     status_approved = review_status == ChangesetStatus.STATUS_APPROVED
                     if not status_approved:
                         log.debug("MergeCheck: cannot merge, approval is pending.")
                         msg = _('Pull request reviewer approval is pending.')
                         merge_check.push_error(
                             'warning', msg, cls.REVIEW_CHECK, review_status)
                         if fail_early:
                             return merge_check
                     # left over TODOs
                     todos = CommentsModel().get_unresolved_todos(pull_request)
                     if todos:
                         log.debug("MergeCheck: cannot merge, {} "
                                   "unresolved todos left.".format(len(todos)))
                         if len(todos) == 1:
                             msg = _('Cannot merge, {} TODO still not resolved.').format(
                                 len(todos))
                         else:
                             msg = _('Cannot merge, {} TODOs still not resolved.').format(
                                 len(todos))
                         merge_check.push_error('warning', msg, cls.TODO_CHECK, todos)
                         if fail_early:
                             return merge_check
                     # merge possible, here is the filesystem simulation + shadow repo
                     merge_status, msg = PullRequestModel().merge_status(
                         pull_request, translator=translator,
                         force_shadow_repo_refresh=force_shadow_repo_refresh)
                     merge_check.merge_possible = merge_status
                     merge_check.merge_msg = msg
                     if not merge_status:
                         log.debug(
                             "MergeCheck: cannot merge, pull request merge not possible.")
                         merge_check.push_error('warning', msg, cls.MERGE_CHECK, None)
                         if fail_early:
                             return merge_check
                     log.debug('MergeCheck: is failed: %s', merge_check.failed)
                     return merge_check
                 @classmethod
                 def get_merge_conditions(cls, pull_request, translator):
                     _ = translator
                     merge_details = {}
                     model = PullRequestModel()
                     use_rebase = model._use_rebase_for_merging(pull_request)
                     if use_rebase:
                         merge_details['merge_strategy'] = dict(
                             details={},
                             message=_('Merge strategy: rebase')
                         )
                     else:
                         merge_details['merge_strategy'] = dict(
                             details={},
                             message=_('Merge strategy: explicit merge commit')
                         )
                     close_branch = model._close_branch_before_merging(pull_request)
                     if close_branch:
                         repo_type = pull_request.target_repo.repo_type
                         if repo_type == 'hg':
                             close_msg = _('Source branch will be closed after merge.')
                         elif repo_type == 'git':
                             close_msg = _('Source branch will be deleted after merge.')
                         merge_details['close_branch'] = dict(
                             details={},
                             message=close_msg
                         )
                     return merge_details
             ChangeTuple = collections.namedtuple(
                 'ChangeTuple', ['added', 'common', 'removed', 'total'])
             FileChangeTuple = collections.namedtuple(
                 'FileChangeTuple', ['added', 'modified', 'removed'])

rhodecode/tests/config/test_sanitize_settings.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import pytest
             from rhodecode.tests import no_newline_id_generator
             from rhodecode.config.middleware import (
                 _sanitize_vcs_settings, _bool_setting, _string_setting, _list_setting,
                 _int_setting)
             class TestHelperFunctions(object):
                 @pytest.mark.parametrize('raw, expected', [
                     ('true', True), (u'true', True),
                     ('yes', True), (u'yes', True),
                     ('on', True), (u'on', True),
                     ('false', False), (u'false', False),
                     ('no', False), (u'no', False),
                     ('off', False), (u'off', False),
                     ('invalid-bool-value', False),
                     ('invalid-∫øø@-√å@¨€', False),
                     (u'invalid-∫øø@-√å@¨€', False),
                 ])
                 def test_bool_setting_helper(self, raw, expected):
                     key = 'dummy-key'
                     settings = {key: raw}
                     _bool_setting(settings, key, None)
                     assert settings[key] is expected
                 @pytest.mark.parametrize('raw, expected', [
                     ('', ''),
                     ('test-string', 'test-string'),
                     ('CaSe-TeSt', 'case-test'),
                     ('test-string-çƒ©€', 'test-string-çƒ©€'),
                     (u'test-string-çƒ©€', u'test-string-çƒ©€'),
                 ])
                 def test_string_setting_helper(self, raw, expected):
                     key = 'dummy-key'
                     settings = {key: raw}
                     _string_setting(settings, key, None)
                     assert settings[key] == expected
                 @pytest.mark.parametrize('raw, expected', [
                     ('', []),
                     ('test', ['test']),
                     ('CaSe-TeSt', ['CaSe-TeSt']),
                     ('test-string-çƒ©€', ['test-string-çƒ©€']),
                     (u'test-string-çƒ©€', [u'test-string-çƒ©€']),
                     ('hg git svn', ['hg', 'git', 'svn']),
                     ('hg,git,svn', ['hg', 'git', 'svn']),
                     ('hg, git, svn', ['hg', 'git', 'svn']),
                     ('hg\ngit\nsvn', ['hg', 'git', 'svn']),
                     (' hg\n git\n svn ', ['hg', 'git', 'svn']),
                     (', hg , git , svn , ', ['', 'hg', 'git', 'svn', '']),
                     ('cheese,free node,other', ['cheese', 'free node', 'other']),
                 ], ids=no_newline_id_generator)
                 def test_list_setting_helper(self, raw, expected):
                     key = 'dummy-key'
                     settings = {key: raw}
                     _list_setting(settings, key, None)
                     assert settings[key] == expected
                 @pytest.mark.parametrize('raw, expected', [
                     ('0', 0),
                     ('-0', 0),
                     ('12345', 12345),
                     ('-12345', -12345),
                     (u'-12345', -12345),
                 ])
                 def test_int_setting_helper(self, raw, expected):
                     key = 'dummy-key'
                     settings = {key: raw}
                     _int_setting(settings, key, None)
                     assert settings[key] == expected
                 @pytest.mark.parametrize('raw', [
                     ('0xff'),
                     (''),
                     ('invalid-int'),
                     ('invalid-⁄~†'),
                     (u'invalid-⁄~†'),
                 ])
                 def test_int_setting_helper_invalid_input(self, raw):
                     key = 'dummy-key'
                     settings = {key: raw}
                     with pytest.raises(Exception):
                         _int_setting(settings, key, None)
             class TestSanitizeVcsSettings(object):
                 _bool_settings = [
                     ('vcs.hooks.direct_calls', False),
                     ('vcs.server.enable', True),
                     ('vcs.start_server', False),
                     ('startup.import_repos', False),
                 ]
                 _string_settings = [
                     ('vcs.svn.compatible_version', ''),
                     ('git_rev_filter', '--all'),
                     ('vcs.hooks.protocol', 'http'),
+                    ('vcs.hooks.host', '127.0.0.1'),
                     ('vcs.scm_app_implementation', 'http'),
                     ('vcs.server', ''),
                     ('vcs.server.log_level', 'debug'),
                     ('vcs.server.protocol', 'http'),
                 ]
                 _list_settings = [
                     ('vcs.backends', 'hg git'),
                 ]
                 @pytest.mark.parametrize('key, default', _list_settings)
                 def test_list_setting_spacesep_list(self, key, default):
                     test_list = ['test', 'list', 'values', 'for', key]
                     input_value = ' '.join(test_list)
                     settings = {key: input_value}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == test_list
                 @pytest.mark.parametrize('key, default', _list_settings)
                 def test_list_setting_newlinesep_list(self, key, default):
                     test_list = ['test', 'list', 'values', 'for', key]
                     input_value = '\n'.join(test_list)
                     settings = {key: input_value}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == test_list
                 @pytest.mark.parametrize('key, default', _list_settings)
                 def test_list_setting_commasep_list(self, key, default):
                     test_list = ['test', 'list', 'values', 'for', key]
                     input_value = ','.join(test_list)
                     settings = {key: input_value}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == test_list
                 @pytest.mark.parametrize('key, default', _list_settings)
                 def test_list_setting_comma_and_space_sep_list(self, key, default):
                     test_list = ['test', 'list', 'values', 'for', key]
                     input_value = ', '.join(test_list)
                     settings = {key: input_value}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == test_list
                 @pytest.mark.parametrize('key, default', _string_settings)
                 def test_string_setting_string(self, key, default):
                     test_value = 'test-string-for-{}'.format(key)
                     settings = {key: test_value}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == test_value
                 @pytest.mark.parametrize('key, default', _string_settings)
                 def test_string_setting_default(self, key, default):
                     settings = {}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == default
                 @pytest.mark.parametrize('key, default', _string_settings)
                 def test_string_setting_lowercase(self, key, default):
                     test_value = 'Test-String-For-{}'.format(key)
                     settings = {key: test_value}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] == test_value.lower()
                 @pytest.mark.parametrize('key, default', _bool_settings)
                 def test_bool_setting_true(self, key, default):
                     settings = {key: 'true'}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] is True
                 @pytest.mark.parametrize('key, default', _bool_settings)
                 def test_bool_setting_false(self, key, default):
                     settings = {key: 'false'}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] is False
                 @pytest.mark.parametrize('key, default', _bool_settings)
                 def test_bool_setting_invalid_string(self, key, default):
                     settings = {key: 'no-bool-val-string'}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] is False
                 @pytest.mark.parametrize('key, default', _bool_settings)
                 def test_bool_setting_default(self, key, default):
                     settings = {}
                     _sanitize_vcs_settings(settings)
                     assert settings[key] is default

rhodecode/tests/lib/middleware/test_simplevcs.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import base64
             import mock
             import pytest
             from rhodecode.lib.utils2 import AttributeDict
             from rhodecode.tests.utils import CustomTestApp
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.lib.hooks_daemon import DummyHooksCallbackDaemon
             from rhodecode.lib.middleware import simplevcs
             from rhodecode.lib.middleware.https_fixup import HttpsFixup
             from rhodecode.lib.middleware.utils import scm_app_http
             from rhodecode.model.db import User, _hash_key
             from rhodecode.model.meta import Session
             from rhodecode.tests import (
                 HG_REPO, TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS)
             from rhodecode.tests.lib.middleware import mock_scm_app
             class StubVCSController(simplevcs.SimpleVCS):
                 SCM = 'hg'
                 stub_response_body = tuple()
                 def __init__(self, *args, **kwargs):
                     super(StubVCSController, self).__init__(*args, **kwargs)
                     self._action = 'pull'
                     self._is_shadow_repo_dir = True
                     self._name = HG_REPO
                     self.set_repo_names(None)
                 @property
                 def is_shadow_repo_dir(self):
                     return self._is_shadow_repo_dir
                 def _get_repository_name(self, environ):
                     return self._name
                 def _get_action(self, environ):
                     return self._action
                 def _create_wsgi_app(self, repo_path, repo_name, config):
                     def fake_app(environ, start_response):
                         headers = [
                             ('Http-Accept', 'application/mercurial')
                         ]
                         start_response('200 OK', headers)
                         return self.stub_response_body
                     return fake_app
                 def _create_config(self, extras, repo_name):
                     return None
             @pytest.fixture
             def vcscontroller(baseapp, config_stub, request_stub):
                 config_stub.testing_securitypolicy()
                 config_stub.include('rhodecode.authentication')
                 controller = StubVCSController(
                     baseapp.config.get_settings(), request_stub.registry)
                 app = HttpsFixup(controller, baseapp.config.get_settings())
                 app = CustomTestApp(app)
                 _remove_default_user_from_query_cache()
                 # Sanity checks that things are set up correctly
                 app.get('/' + HG_REPO, status=200)
                 app.controller = controller
                 return app
             def _remove_default_user_from_query_cache():
                 user = User.get_default_user(cache=True)
                 query = Session().query(User).filter(User.username == user.username)
                 query = query.options(
                     FromCache("sql_cache_short", "get_user_%s" % _hash_key(user.username)))
                 query.invalidate()
                 Session().expire(user)
             def test_handles_exceptions_during_permissions_checks(
                     vcscontroller, disable_anonymous_user):
                 user_and_pass = '%s:%s' % (TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS)
                 auth_password = base64.encodestring(user_and_pass).strip()
                 extra_environ = {
                     'AUTH_TYPE': 'Basic',
                     'HTTP_AUTHORIZATION': 'Basic %s' % auth_password,
                     'REMOTE_USER': TEST_USER_ADMIN_LOGIN,
                 }
                 # Verify that things are hooked up correctly
                 vcscontroller.get('/', status=200, extra_environ=extra_environ)
                 # Simulate trouble during permission checks
                 with mock.patch('rhodecode.model.db.User.get_by_username',
                                 side_effect=Exception) as get_user:
                     # Verify that a correct 500 is returned and check that the expected
                     # code path was hit.
                     vcscontroller.get('/', status=500, extra_environ=extra_environ)
                     assert get_user.called
             def test_returns_forbidden_if_no_anonymous_access(
                     vcscontroller, disable_anonymous_user):
                 vcscontroller.get('/', status=401)
             class StubFailVCSController(simplevcs.SimpleVCS):
                 def _handle_request(self, environ, start_response):
                     raise Exception("BOOM")
             @pytest.fixture(scope='module')
             def fail_controller(baseapp):
                 controller = StubFailVCSController(
                     baseapp.config.get_settings(), baseapp.config)
                 controller = HttpsFixup(controller, baseapp.config.get_settings())
                 controller = CustomTestApp(controller)
                 return controller
             def test_handles_exceptions_as_internal_server_error(fail_controller):
                 fail_controller.get('/', status=500)
             def test_provides_traceback_for_appenlight(fail_controller):
                 response = fail_controller.get(
                     '/', status=500, extra_environ={'appenlight.client': 'fake'})
                 assert 'appenlight.__traceback' in response.request.environ
             def test_provides_utils_scm_app_as_scm_app_by_default(baseapp, request_stub):
                 controller = StubVCSController(baseapp.config.get_settings(), request_stub.registry)
                 assert controller.scm_app is scm_app_http
             def test_allows_to_override_scm_app_via_config(baseapp, request_stub):
                 config = baseapp.config.get_settings().copy()
                 config['vcs.scm_app_implementation'] = (
                     'rhodecode.tests.lib.middleware.mock_scm_app')
                 controller = StubVCSController(config, request_stub.registry)
                 assert controller.scm_app is mock_scm_app
             @pytest.mark.parametrize('query_string, expected', [
                 ('cmd=stub_command', True),
                 ('cmd=listkeys', False),
             ])
             def test_should_check_locking(query_string, expected):
                 result = simplevcs._should_check_locking(query_string)
                 assert result == expected
             class TestShadowRepoRegularExpression(object):
                 pr_segment = 'pull-request'
                 shadow_segment = 'repository'
                 @pytest.mark.parametrize('url, expected', [
                     # repo with/without groups
                     ('My-Repo/{pr_segment}/1/{shadow_segment}', True),
                     ('Group/My-Repo/{pr_segment}/2/{shadow_segment}', True),
                     ('Group/Sub-Group/My-Repo/{pr_segment}/3/{shadow_segment}', True),
                     ('Group/Sub-Group1/Sub-Group2/My-Repo/{pr_segment}/3/{shadow_segment}', True),
                     # pull request ID
                     ('MyRepo/{pr_segment}/1/{shadow_segment}', True),
                     ('MyRepo/{pr_segment}/1234567890/{shadow_segment}', True),
                     ('MyRepo/{pr_segment}/-1/{shadow_segment}', False),
                     ('MyRepo/{pr_segment}/invalid/{shadow_segment}', False),
                     # unicode
                     (u'Sp€çîál-Repö/{pr_segment}/1/{shadow_segment}', True),
                     (u'Sp€çîál-Gröüp/Sp€çîál-Repö/{pr_segment}/1/{shadow_segment}', True),
                     # trailing/leading slash
                     ('/My-Repo/{pr_segment}/1/{shadow_segment}', False),
                     ('My-Repo/{pr_segment}/1/{shadow_segment}/', False),
                     ('/My-Repo/{pr_segment}/1/{shadow_segment}/', False),
                     # misc
                     ('My-Repo/{pr_segment}/1/{shadow_segment}/extra', False),
                     ('My-Repo/{pr_segment}/1/{shadow_segment}extra', False),
                 ])
                 def test_shadow_repo_regular_expression(self, url, expected):
                     from rhodecode.lib.middleware.simplevcs import SimpleVCS
                     url = url.format(
                         pr_segment=self.pr_segment,
                         shadow_segment=self.shadow_segment)
                     match_obj = SimpleVCS.shadow_repo_re.match(url)
                     assert (match_obj is not None) == expected
             @pytest.mark.backends('git', 'hg')
             class TestShadowRepoExposure(object):
                 def test_pull_on_shadow_repo_propagates_to_wsgi_app(
                         self, baseapp, request_stub):
                     """
                     Check that a pull action to a shadow repo is propagated to the
                     underlying wsgi app.
                     """
                     controller = StubVCSController(
                         baseapp.config.get_settings(), request_stub.registry)
                     controller._check_ssl = mock.Mock()
                     controller.is_shadow_repo = True
                     controller._action = 'pull'
                     controller._is_shadow_repo_dir = True
                     controller.stub_response_body = 'dummy body value'
                     controller._get_default_cache_ttl = mock.Mock(
                         return_value=(False, 0))
                     environ_stub = {
                         'HTTP_HOST': 'test.example.com',
                         'HTTP_ACCEPT': 'application/mercurial',
                         'REQUEST_METHOD': 'GET',
                         'wsgi.url_scheme': 'http',
                     }
                     response = controller(environ_stub, mock.Mock())
                     response_body = ''.join(response)
                     # Assert that we got the response from the wsgi app.
                     assert response_body == controller.stub_response_body
                 def test_pull_on_shadow_repo_that_is_missing(self, baseapp, request_stub):
                     """
                     Check that a pull action to a shadow repo is propagated to the
                     underlying wsgi app.
                     """
                     controller = StubVCSController(
                         baseapp.config.get_settings(), request_stub.registry)
                     controller._check_ssl = mock.Mock()
                     controller.is_shadow_repo = True
                     controller._action = 'pull'
                     controller._is_shadow_repo_dir = False
                     controller.stub_response_body = 'dummy body value'
                     environ_stub = {
                         'HTTP_HOST': 'test.example.com',
                         'HTTP_ACCEPT': 'application/mercurial',
                         'REQUEST_METHOD': 'GET',
                         'wsgi.url_scheme': 'http',
                     }
                     response = controller(environ_stub, mock.Mock())
                     response_body = ''.join(response)
                     # Assert that we got the response from the wsgi app.
                     assert '404 Not Found' in response_body
                 def test_push_on_shadow_repo_raises(self, baseapp, request_stub):
                     """
                     Check that a push action to a shadow repo is aborted.
                     """
                     controller = StubVCSController(
                         baseapp.config.get_settings(), request_stub.registry)
                     controller._check_ssl = mock.Mock()
                     controller.is_shadow_repo = True
                     controller._action = 'push'
                     controller.stub_response_body = 'dummy body value'
                     environ_stub = {
                         'HTTP_HOST': 'test.example.com',
                         'HTTP_ACCEPT': 'application/mercurial',
                         'REQUEST_METHOD': 'GET',
                         'wsgi.url_scheme': 'http',
                     }
                     response = controller(environ_stub, mock.Mock())
                     response_body = ''.join(response)
                     assert response_body != controller.stub_response_body
                     # Assert that a 406 error is returned.
                     assert '406 Not Acceptable' in response_body
                 def test_set_repo_names_no_shadow(self, baseapp, request_stub):
                     """
                     Check that the set_repo_names method sets all names to the one returned
                     by the _get_repository_name method on a request to a non shadow repo.
                     """
                     environ_stub = {}
                     controller = StubVCSController(
                         baseapp.config.get_settings(), request_stub.registry)
                     controller._name = 'RepoGroup/MyRepo'
                     controller.set_repo_names(environ_stub)
                     assert not controller.is_shadow_repo
                     assert (controller.url_repo_name ==
                             controller.acl_repo_name ==
                             controller.vcs_repo_name ==
                             controller._get_repository_name(environ_stub))
                 def test_set_repo_names_with_shadow(
                         self, baseapp, pr_util, config_stub, request_stub):
                     """
                     Check that the set_repo_names method sets correct names on a request
                     to a shadow repo.
                     """
                     from rhodecode.model.pull_request import PullRequestModel
                     pull_request = pr_util.create_pull_request()
                     shadow_url = '{target}/{pr_segment}/{pr_id}/{shadow_segment}'.format(
                         target=pull_request.target_repo.repo_name,
                         pr_id=pull_request.pull_request_id,
                         pr_segment=TestShadowRepoRegularExpression.pr_segment,
                         shadow_segment=TestShadowRepoRegularExpression.shadow_segment)
                     controller = StubVCSController(
                         baseapp.config.get_settings(), request_stub.registry)
                     controller._name = shadow_url
                     controller.set_repo_names({})
                     # Get file system path to shadow repo for assertions.
                     workspace_id = PullRequestModel()._workspace_id(pull_request)
                     target_vcs = pull_request.target_repo.scm_instance()
                     vcs_repo_name = target_vcs._get_shadow_repository_path(
                         pull_request.target_repo.repo_id, workspace_id)
                     assert controller.vcs_repo_name == vcs_repo_name
                     assert controller.url_repo_name == shadow_url
                     assert controller.acl_repo_name == pull_request.target_repo.repo_name
                     assert controller.is_shadow_repo
                 def test_set_repo_names_with_shadow_but_missing_pr(
                         self, baseapp, pr_util, config_stub, request_stub):
                     """
                     Checks that the set_repo_names method enforces matching target repos
                     and pull request IDs.
                     """
                     pull_request = pr_util.create_pull_request()
                     shadow_url = '{target}/{pr_segment}/{pr_id}/{shadow_segment}'.format(
                         target=pull_request.target_repo.repo_name,
                         pr_id=999999999,
                         pr_segment=TestShadowRepoRegularExpression.pr_segment,
                         shadow_segment=TestShadowRepoRegularExpression.shadow_segment)
                     controller = StubVCSController(
                         baseapp.config.get_settings(), request_stub.registry)
                     controller._name = shadow_url
                     controller.set_repo_names({})
                     assert not controller.is_shadow_repo
                     assert (controller.url_repo_name ==
                             controller.acl_repo_name ==
                             controller.vcs_repo_name)
             @pytest.mark.usefixtures('baseapp')
             class TestGenerateVcsResponse(object):
                 def test_ensures_that_start_response_is_called_early_enough(self):
                     self.call_controller_with_response_body(iter(['a', 'b']))
                     assert self.start_response.called
                 def test_invalidates_cache_after_body_is_consumed(self):
                     result = self.call_controller_with_response_body(iter(['a', 'b']))
                     assert not self.was_cache_invalidated()
                     # Consume the result
                     list(result)
                     assert self.was_cache_invalidated()
                 def test_raises_unknown_exceptions(self):
                     result = self.call_controller_with_response_body(
                         self.raise_result_iter(vcs_kind='unknown'))
                     with pytest.raises(Exception):
                         list(result)
                 def test_prepare_callback_daemon_is_called(self):
                     def side_effect(extras, environ, action, txn_id=None):
                         return DummyHooksCallbackDaemon(), extras
                     prepare_patcher = mock.patch.object(
                         StubVCSController, '_prepare_callback_daemon')
                     with prepare_patcher as prepare_mock:
                         prepare_mock.side_effect = side_effect
                         self.call_controller_with_response_body(iter(['a', 'b']))
                     assert prepare_mock.called
                     assert prepare_mock.call_count == 1
                 def call_controller_with_response_body(self, response_body):
                     settings = {
                         'base_path': 'fake_base_path',
                         'vcs.hooks.protocol': 'http',
                         'vcs.hooks.direct_calls': False,
                     }
                     registry = AttributeDict()
                     controller = StubVCSController(settings, registry)
                     controller._invalidate_cache = mock.Mock()
                     controller.stub_response_body = response_body
                     self.start_response = mock.Mock()
                     result = controller._generate_vcs_response(
                         environ={}, start_response=self.start_response,
                         repo_path='fake_repo_path',
                         extras={}, action='push')
                     self.controller = controller
                     return result
                 def raise_result_iter(self, vcs_kind='repo_locked'):
                     """
                     Simulates an exception due to a vcs raised exception if kind vcs_kind
                     """
                     raise self.vcs_exception(vcs_kind=vcs_kind)
                     yield "never_reached"
                 def vcs_exception(self, vcs_kind='repo_locked'):
                     locked_exception = Exception('TEST_MESSAGE')
                     locked_exception._vcs_kind = vcs_kind
                     return locked_exception
                 def was_cache_invalidated(self):
                     return self.controller._invalidate_cache.called
             class TestInitializeGenerator(object):
                 def test_drains_first_element(self):
                     gen = self.factory(['__init__', 1, 2])
                     result = list(gen)
                     assert result == [1, 2]
                 @pytest.mark.parametrize('values', [
                     [],
                     [1, 2],
                 ])
                 def test_raises_value_error(self, values):
                     with pytest.raises(ValueError):
                         self.factory(values)
                 @simplevcs.initialize_generator
                 def factory(self, iterable):
                     for elem in iterable:
                         yield elem
             class TestPrepareHooksDaemon(object):
                 def test_calls_imported_prepare_callback_daemon(self, app_settings, request_stub):
                     expected_extras = {'extra1': 'value1'}
                     daemon = DummyHooksCallbackDaemon()
                     controller = StubVCSController(app_settings, request_stub.registry)
                     prepare_patcher = mock.patch.object(
                         simplevcs, 'prepare_callback_daemon',
                         return_value=(daemon, expected_extras))
                     with prepare_patcher as prepare_mock:
                         callback_daemon, extras = controller._prepare_callback_daemon(
                             expected_extras.copy(), {}, 'push')
                     prepare_mock.assert_called_once_with(
                         expected_extras,
                         protocol=app_settings['vcs.hooks.protocol'],
+                        host=app_settings['vcs.hooks.host'],
                         txn_id=None,
                         use_direct_calls=app_settings['vcs.hooks.direct_calls'])
                     assert callback_daemon == daemon
                     assert extras == extras

rhodecode/tests/lib/test_hooks_daemon.py

0 +7 -5

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import json
             import logging
             from StringIO import StringIO
             import mock
             import pytest
             from rhodecode.lib import hooks_daemon
             from rhodecode.tests.utils import assert_message_in_log
             class TestDummyHooksCallbackDaemon(object):
                 def test_hooks_module_path_set_properly(self):
                     daemon = hooks_daemon.DummyHooksCallbackDaemon()
                     assert daemon.hooks_module == 'rhodecode.lib.hooks_daemon'
                 def test_logs_entering_the_hook(self):
                     daemon = hooks_daemon.DummyHooksCallbackDaemon()
                     with mock.patch.object(hooks_daemon.log, 'debug') as log_mock:
                         with daemon as return_value:
                             log_mock.assert_called_once_with(
                                 'Running dummy hooks callback daemon')
                     assert return_value == daemon
                 def test_logs_exiting_the_hook(self):
                     daemon = hooks_daemon.DummyHooksCallbackDaemon()
                     with mock.patch.object(hooks_daemon.log, 'debug') as log_mock:
                         with daemon:
                             pass
                     log_mock.assert_called_with('Exiting dummy hooks callback daemon')
             class TestHooks(object):
                 def test_hooks_can_be_used_as_a_context_processor(self):
                     hooks = hooks_daemon.Hooks()
                     with hooks as return_value:
                         pass
                     assert hooks == return_value
             class TestHooksHttpHandler(object):
                 def test_read_request_parses_method_name_and_arguments(self):
                     data = {
                         'method': 'test',
                         'extras': {
                             'param1': 1,
                             'param2': 'a'
                         }
                     }
                     request = self._generate_post_request(data)
                     hooks_patcher = mock.patch.object(
                         hooks_daemon.Hooks, data['method'], create=True, return_value=1)
                     with hooks_patcher as hooks_mock:
                         MockServer(hooks_daemon.HooksHttpHandler, request)
                     hooks_mock.assert_called_once_with(data['extras'])
                 def test_hooks_serialized_result_is_returned(self):
                     request = self._generate_post_request({})
                     rpc_method = 'test'
                     hook_result = {
                         'first': 'one',
                         'second': 2
                     }
                     read_patcher = mock.patch.object(
                         hooks_daemon.HooksHttpHandler, '_read_request',
                         return_value=(rpc_method, {}))
                     hooks_patcher = mock.patch.object(
                         hooks_daemon.Hooks, rpc_method, create=True,
                         return_value=hook_result)
                     with read_patcher, hooks_patcher:
                         server = MockServer(hooks_daemon.HooksHttpHandler, request)
                     expected_result = json.dumps(hook_result)
                     assert server.request.output_stream.buflist[-1] == expected_result
                 def test_exception_is_returned_in_response(self):
                     request = self._generate_post_request({})
                     rpc_method = 'test'
                     read_patcher = mock.patch.object(
                         hooks_daemon.HooksHttpHandler, '_read_request',
                         return_value=(rpc_method, {}))
                     hooks_patcher = mock.patch.object(
                         hooks_daemon.Hooks, rpc_method, create=True,
                         side_effect=Exception('Test exception'))
                     with read_patcher, hooks_patcher:
                         server = MockServer(hooks_daemon.HooksHttpHandler, request)
                     org_exc = json.loads(server.request.output_stream.buflist[-1])
                     expected_result = {
                         'exception': 'Exception',
                         'exception_traceback': org_exc['exception_traceback'],
                         'exception_args': ['Test exception']
                     }
                     assert org_exc == expected_result
                 def test_log_message_writes_to_debug_log(self, caplog):
                     ip_port = ('0.0.0.0', 8888)
                     handler = hooks_daemon.HooksHttpHandler(
                         MockRequest('POST /'), ip_port, mock.Mock())
                     fake_date = '1/Nov/2015 00:00:00'
                     date_patcher = mock.patch.object(
                         handler, 'log_date_time_string', return_value=fake_date)
                     with date_patcher, caplog.at_level(logging.DEBUG):
                         handler.log_message('Some message %d, %s', 123, 'string')
                     expected_message = '{} - - [{}] Some message 123, string'.format(
                         ip_port[0], fake_date)
                     assert_message_in_log(
                         caplog.records, expected_message,
                         levelno=logging.DEBUG, module='hooks_daemon')
                 def _generate_post_request(self, data):
                     payload = json.dumps(data)
                     return 'POST / HTTP/1.0\nContent-Length: {}\n\n{}'.format(
                         len(payload), payload)
             class ThreadedHookCallbackDaemon(object):
                 def test_constructor_calls_prepare(self):
                     prepare_daemon_patcher = mock.patch.object(
                         hooks_daemon.ThreadedHookCallbackDaemon, '_prepare')
                     with prepare_daemon_patcher as prepare_daemon_mock:
                         hooks_daemon.ThreadedHookCallbackDaemon()
                     prepare_daemon_mock.assert_called_once_with()
                 def test_run_is_called_on_context_start(self):
                     patchers = mock.patch.multiple(
                         hooks_daemon.ThreadedHookCallbackDaemon,
                         _run=mock.DEFAULT, _prepare=mock.DEFAULT, __exit__=mock.DEFAULT)
                     with patchers as mocks:
                         daemon = hooks_daemon.ThreadedHookCallbackDaemon()
                         with daemon as daemon_context:
                             pass
                         mocks['_run'].assert_called_once_with()
                     assert daemon_context == daemon
                 def test_stop_is_called_on_context_exit(self):
                     patchers = mock.patch.multiple(
                         hooks_daemon.ThreadedHookCallbackDaemon,
                         _run=mock.DEFAULT, _prepare=mock.DEFAULT, _stop=mock.DEFAULT)
                     with patchers as mocks:
                         daemon = hooks_daemon.ThreadedHookCallbackDaemon()
                         with daemon as daemon_context:
                             assert mocks['_stop'].call_count == 0
                         mocks['_stop'].assert_called_once_with()
                     assert daemon_context == daemon
             class TestHttpHooksCallbackDaemon(object):
                 def test_prepare_inits_daemon_variable(self, tcp_server, caplog):
                     with self._tcp_patcher(tcp_server), caplog.at_level(logging.DEBUG):
                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
                     assert daemon._daemon == tcp_server
                     _, port = tcp_server.server_address
-                    expected_uri = '{}:{}'.format(daemon.IP_ADDRESS, port)
+                    expected_uri = '{}:{}'.format('127.0.0.1', port)
                     msg = 'Preparing HTTP callback daemon at `{}` and ' \
                           'registering hook object'.format(expected_uri)
                     assert_message_in_log(
                         caplog.records, msg, levelno=logging.DEBUG, module='hooks_daemon')
                 def test_prepare_inits_hooks_uri_and_logs_it(
                         self, tcp_server, caplog):
                     with self._tcp_patcher(tcp_server), caplog.at_level(logging.DEBUG):
                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
                     _, port = tcp_server.server_address
-                    expected_uri = '{}:{}'.format(daemon.IP_ADDRESS, port)
+                    expected_uri = '{}:{}'.format('127.0.0.1', port)
                     assert daemon.hooks_uri == expected_uri
                     msg = 'Preparing HTTP callback daemon at `{}` and ' \
                           'registering hook object'.format(expected_uri)
                     assert_message_in_log(
                         caplog.records, msg,
                         levelno=logging.DEBUG, module='hooks_daemon')
                 def test_run_creates_a_thread(self, tcp_server):
                     thread = mock.Mock()
                     with self._tcp_patcher(tcp_server):
                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
                     with self._thread_patcher(thread) as thread_mock:
                         daemon._run()
                     thread_mock.assert_called_once_with(
                         target=tcp_server.serve_forever,
                         kwargs={'poll_interval': daemon.POLL_INTERVAL})
                     assert thread.daemon is True
                     thread.start.assert_called_once_with()
                 def test_run_logs(self, tcp_server, caplog):
                     with self._tcp_patcher(tcp_server):
                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
                     with self._thread_patcher(mock.Mock()), caplog.at_level(logging.DEBUG):
                         daemon._run()
                     assert_message_in_log(
                         caplog.records,
                         'Running event loop of callback daemon in background thread',
                         levelno=logging.DEBUG, module='hooks_daemon')
                 def test_stop_cleans_up_the_connection(self, tcp_server, caplog):
                     thread = mock.Mock()
                     with self._tcp_patcher(tcp_server):
                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
                     with self._thread_patcher(thread), caplog.at_level(logging.DEBUG):
                         with daemon:
                             assert daemon._daemon == tcp_server
                             assert daemon._callback_thread == thread
                     assert daemon._daemon is None
                     assert daemon._callback_thread is None
                     tcp_server.shutdown.assert_called_with()
                     thread.join.assert_called_once_with()
                     assert_message_in_log(
                         caplog.records, 'Waiting for background thread to finish.',
                         levelno=logging.DEBUG, module='hooks_daemon')
                 def _tcp_patcher(self, tcp_server):
                     return mock.patch.object(
                         hooks_daemon, 'TCPServer', return_value=tcp_server)
                 def _thread_patcher(self, thread):
                     return mock.patch.object(
                         hooks_daemon.threading, 'Thread', return_value=thread)
             class TestPrepareHooksDaemon(object):
                 @pytest.mark.parametrize('protocol', ('http',))
                 def test_returns_dummy_hooks_callback_daemon_when_using_direct_calls(
                         self, protocol):
                     expected_extras = {'extra1': 'value1'}
                     callback, extras = hooks_daemon.prepare_callback_daemon(
-                        expected_extras.copy(), protocol=protocol, use_direct_calls=True)
+                        expected_extras.copy(), protocol=protocol,
+                        host='127.0.0.1', use_direct_calls=True)
                     assert isinstance(callback, hooks_daemon.DummyHooksCallbackDaemon)
                     expected_extras['hooks_module'] = 'rhodecode.lib.hooks_daemon'
                     expected_extras['time'] = extras['time']
                     assert 'extra1' in extras
                 @pytest.mark.parametrize('protocol, expected_class', (
                     ('http', hooks_daemon.HttpHooksCallbackDaemon),
                 ))
                 def test_returns_real_hooks_callback_daemon_when_protocol_is_specified(
                         self, protocol, expected_class):
                     expected_extras = {
                         'extra1': 'value1',
                         'txn_id': 'txnid2',
                         'hooks_protocol': protocol.lower()
                     }
                     callback, extras = hooks_daemon.prepare_callback_daemon(
-                        expected_extras.copy(), protocol=protocol, use_direct_calls=False,
+                        expected_extras.copy(), protocol=protocol, host='127.0.0.1',
+                        use_direct_calls=False,
                         txn_id='txnid2')
                     assert isinstance(callback, expected_class)
                     extras.pop('hooks_uri')
                     expected_extras['time'] = extras['time']
                     assert extras == expected_extras
                 @pytest.mark.parametrize('protocol', (
                     'invalid',
                     'Http',
                     'HTTP',
                 ))
                 def test_raises_on_invalid_protocol(self, protocol):
                     expected_extras = {
                         'extra1': 'value1',
                         'hooks_protocol': protocol.lower()
                     }
                     with pytest.raises(Exception):
                         callback, extras = hooks_daemon.prepare_callback_daemon(
                             expected_extras.copy(),
-                            protocol=protocol,
+                            protocol=protocol, host='127.0.0.1',
                             use_direct_calls=False)
             class MockRequest(object):
                 def __init__(self, request):
                     self.request = request
                     self.input_stream = StringIO(b'{}'.format(self.request))
                     self.output_stream = StringIO()
                 def makefile(self, mode, *args, **kwargs):
                     return self.output_stream if mode == 'wb' else self.input_stream
             class MockServer(object):
                 def __init__(self, Handler, request):
                     ip_port = ('0.0.0.0', 8888)
                     self.request = MockRequest(request)
                     self.handler = Handler(self.request, ip_port, self)
             @pytest.fixture
             def tcp_server():
                 server = mock.Mock()
                 server.server_address = ('127.0.0.1', 8881)
                 return server

rhodecode/tests/pylons_plugin.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import json
             import platform
             import socket
             import pytest
             from rhodecode.lib.pyramid_utils import get_app_config
             from rhodecode.tests.fixture import TestINI
             from rhodecode.tests.server_utils import RcVCSServer
             def _parse_json(value):
                 return json.loads(value) if value else None
             def pytest_addoption(parser):
                 parser.addoption(
                     '--test-loglevel', dest='test_loglevel',
                     help="Set default Logging level for tests, warn (default), info, debug")
                 group = parser.getgroup('pylons')
                 group.addoption(
                     '--with-pylons', dest='pyramid_config',
                     help="Set up a Pylons environment with the specified config file.")
                 group.addoption(
                     '--ini-config-override', action='store', type=_parse_json,
                     default=None, dest='pyramid_config_override', help=(
                         "Overrides the .ini file settings. Should be specified in JSON"
                         " format, e.g. '{\"section\": {\"parameter\": \"value\", ...}}'"
                     )
                 )
                 parser.addini(
                     'pyramid_config',
                     "Set up a Pyramid environment with the specified config file.")
                 vcsgroup = parser.getgroup('vcs')
                 vcsgroup.addoption(
                     '--without-vcsserver', dest='with_vcsserver', action='store_false',
                     help="Do not start the VCSServer in a background process.")
                 vcsgroup.addoption(
                     '--with-vcsserver-http', dest='vcsserver_config_http',
                     help="Start the HTTP VCSServer with the specified config file.")
                 vcsgroup.addoption(
                     '--vcsserver-protocol', dest='vcsserver_protocol',
                     help="Start the VCSServer with HTTP protocol support.")
                 vcsgroup.addoption(
                     '--vcsserver-config-override', action='store', type=_parse_json,
                     default=None, dest='vcsserver_config_override', help=(
                         "Overrides the .ini file settings for the VCSServer. "
                         "Should be specified in JSON "
                         "format, e.g. '{\"section\": {\"parameter\": \"value\", ...}}'"
                     )
                 )
                 vcsgroup.addoption(
                     '--vcsserver-port', action='store', type=int,
                     default=None, help=(
                         "Allows to set the port of the vcsserver. Useful when testing "
                         "against an already running server and random ports cause "
                         "trouble."))
                 parser.addini(
                     'vcsserver_config_http',
                     "Start the HTTP VCSServer with the specified config file.")
                 parser.addini(
                     'vcsserver_protocol',
                     "Start the VCSServer with HTTP protocol support.")
             @pytest.fixture(scope='session')
             def vcsserver(request, vcsserver_port, vcsserver_factory):
                 """
                 Session scope VCSServer.
                 Tests wich need the VCSServer have to rely on this fixture in order
                 to ensure it will be running.
                 For specific needs, the fixture vcsserver_factory can be used. It allows to
                 adjust the configuration file for the test run.
                 Command line args:
                 --without-vcsserver: Allows to switch this fixture off. You have to
                 manually start the server.
                 --vcsserver-port: Will expect the VCSServer to listen on this port.
                 """
                 if not request.config.getoption('with_vcsserver'):
                     return None
                 return vcsserver_factory(
                     request, vcsserver_port=vcsserver_port)
             @pytest.fixture(scope='session')
             def vcsserver_factory(tmpdir_factory):
                 """
                 Use this if you need a running vcsserver with a special configuration.
                 """
                 def factory(request, overrides=(), vcsserver_port=None,
                             log_file=None):
                     if vcsserver_port is None:
                         vcsserver_port = get_available_port()
                     overrides = list(overrides)
                     overrides.append({'server:main': {'port': vcsserver_port}})
                     if is_cygwin():
                         platform_override = {'DEFAULT': {
                             'beaker.cache.repo_object.type': 'nocache'}}
                         overrides.append(platform_override)
                     option_name = 'vcsserver_config_http'
                     override_option_name = 'vcsserver_config_override'
                     config_file = get_config(
                         request.config, option_name=option_name,
                         override_option_name=override_option_name, overrides=overrides,
                         basetemp=tmpdir_factory.getbasetemp().strpath,
                         prefix='test_vcs_')
                     server = RcVCSServer(config_file, log_file)
                     server.start()
                     @request.addfinalizer
                     def cleanup():
                         server.shutdown()
                     server.wait_until_ready()
                     return server
                 return factory
             def is_cygwin():
                 return 'cygwin' in platform.system().lower()
             def _use_log_level(config):
                 level = config.getoption('test_loglevel') or 'warn'
                 return level.upper()
             @pytest.fixture(scope='session')
             def ini_config(request, tmpdir_factory, rcserver_port, vcsserver_port):
                 option_name = 'pyramid_config'
                 log_level = _use_log_level(request.config)
                 overrides = [
                     {'server:main': {'port': rcserver_port}},
                     {'app:main': {
                         'vcs.server': 'localhost:%s' % vcsserver_port,
                         # johbo: We will always start the VCSServer on our own based on the
                         # fixtures of the test cases. For the test run it must always be
                         # off in the INI file.
                         'vcs.start_server': 'false',
                         'vcs.server.protocol': 'http',
                         'vcs.scm_app_implementation': 'http',
                         'vcs.hooks.protocol': 'http',
+                        'vcs.hooks.host': '127.0.0.1',
                     }},
                     {'handler_console': {
                         'class ': 'StreamHandler',
                         'args ': '(sys.stderr,)',
                         'level': log_level,
                     }},
                 ]
                 filename = get_config(
                     request.config, option_name=option_name,
                     override_option_name='{}_override'.format(option_name),
                     overrides=overrides,
                     basetemp=tmpdir_factory.getbasetemp().strpath,
                     prefix='test_rce_')
                 return filename
             @pytest.fixture(scope='session')
             def ini_settings(ini_config):
                 ini_path = ini_config
                 return get_app_config(ini_path)
             def get_available_port():
                 family = socket.AF_INET
                 socktype = socket.SOCK_STREAM
                 host = '127.0.0.1'
                 mysocket = socket.socket(family, socktype)
                 mysocket.bind((host, 0))
                 port = mysocket.getsockname()[1]
                 mysocket.close()
                 del mysocket
                 return port
             @pytest.fixture(scope='session')
             def rcserver_port(request):
                 port = get_available_port()
                 print('Using rcserver port {}'.format(port))
                 return port
             @pytest.fixture(scope='session')
             def vcsserver_port(request):
                 port = request.config.getoption('--vcsserver-port')
                 if port is None:
                     port = get_available_port()
                     print('Using vcsserver port {}'.format(port))
                 return port
             @pytest.fixture(scope='session')
             def available_port_factory():
                 """
                 Returns a callable which returns free port numbers.
                 """
                 return get_available_port
             @pytest.fixture
             def available_port(available_port_factory):
                 """
                 Gives you one free port for the current test.
                 Uses "available_port_factory" to retrieve the port.
                 """
                 return available_port_factory()
             @pytest.fixture(scope='session')
             def testini_factory(tmpdir_factory, ini_config):
                 """
                 Factory to create an INI file based on TestINI.
                 It will make sure to place the INI file in the correct directory.
                 """
                 basetemp = tmpdir_factory.getbasetemp().strpath
                 return TestIniFactory(basetemp, ini_config)
             class TestIniFactory(object):
                 def __init__(self, basetemp, template_ini):
                     self._basetemp = basetemp
                     self._template_ini = template_ini
                 def __call__(self, ini_params, new_file_prefix='test'):
                     ini_file = TestINI(
                         self._template_ini, ini_params=ini_params,
                         new_file_prefix=new_file_prefix, dir=self._basetemp)
                     result = ini_file.create()
                     return result
             def get_config(
                     config, option_name, override_option_name, overrides=None,
                     basetemp=None, prefix='test'):
                 """
                 Find a configuration file and apply overrides for the given `prefix`.
                 """
                 config_file = (
                     config.getoption(option_name) or config.getini(option_name))
                 if not config_file:
                     pytest.exit(
                         "Configuration error, could not extract {}.".format(option_name))
                 overrides = overrides or []
                 config_override = config.getoption(override_option_name)
                 if config_override:
                     overrides.append(config_override)
                 temp_ini_file = TestINI(
                     config_file, ini_params=overrides, new_file_prefix=prefix,
                     dir=basetemp)
                 return temp_ini_file.create()

rhodecode/tests/rhodecode.ini

0 +1 0

             ################################################################################
             ##                 RHODECODE COMMUNITY EDITION CONFIGURATION                  ##
             # The %(here)s variable will be replaced with the parent directory of this file#
             ################################################################################
             [DEFAULT]
             debug = true
             ################################################################################
             ##                            EMAIL CONFIGURATION                             ##
             ## Uncomment and replace with the email address which should receive          ##
             ## any error reports after an application crash                               ##
             ## Additionally these settings will be used by the RhodeCode mailing system   ##
             ################################################################################
             ## prefix all emails subjects with given prefix, helps filtering out emails
             #email_prefix = [RhodeCode]
             ## email FROM address all mails will be sent
             #app_email_from = rhodecode-noreply@localhost
             ## Uncomment and replace with the address which should receive any error report
             ## note: using appenlight for error handling doesn't need this to be uncommented
             #email_to = admin@localhost
             ## in case of Application errors, sent an error email form
             #error_email_from = rhodecode_error@localhost
             ## additional error message to be send in case of server crash
             #error_message =
             #smtp_server = mail.server.com
             #smtp_username =
             #smtp_password =
             #smtp_port =
             #smtp_use_tls = false
             #smtp_use_ssl = true
             ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
             #smtp_auth =
             [server:main]
             ## COMMON ##
             host = 0.0.0.0
             port = 5000
             ##########################
             ## GUNICORN WSGI SERVER ##
             ##########################
             ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
             use = egg:gunicorn#main
             ## Sets the number of process workers. You must set `instance_id = *`
             ## when this option is set to more than one worker, recommended
             ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
             ## The `instance_id = *` must be set in the [app:main] section below
             #workers = 2
             ## number of threads for each of the worker, must be set to 1 for gevent
             ## generally recommened to be at 1
             #threads = 1
             ## process name
             #proc_name = rhodecode
             ## type of worker class, one of sync, gevent
             ## recommended for bigger setup is using of of other than sync one
             #worker_class = sync
             ## The maximum number of simultaneous clients. Valid only for Gevent
             #worker_connections = 10
             ## max number of requests that worker will handle before being gracefully
             ## restarted, could prevent memory leaks
             #max_requests = 1000
             #max_requests_jitter = 30
             ## amount of time a worker can spend with handling a request before it
             ## gets killed and restarted. Set to 6hrs
             #timeout = 21600
             ## prefix middleware for RhodeCode.
             ## recommended when using proxy setup.
             ## allows to set RhodeCode under a prefix in server.
             ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
             ## And set your prefix like: `prefix = /custom_prefix`
             ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
             ## to make your cookies only work on prefix url
             [filter:proxy-prefix]
             use = egg:PasteDeploy#prefix
             prefix = /
             [app:main]
             is_test = True
             use = egg:rhodecode-enterprise-ce
             ## enable proxy prefix middleware, defined above
             #filter-with = proxy-prefix
             ## RHODECODE PLUGINS ##
             rhodecode.includes = rhodecode.api
             # api prefix url
             rhodecode.api.url = /_admin/api
             ## END RHODECODE PLUGINS ##
             ## encryption key used to encrypt social plugin tokens,
             ## remote_urls with credentials etc, if not set it defaults to
             ## `beaker.session.secret`
             #rhodecode.encrypted_values.secret =
             ## decryption strict mode (enabled by default). It controls if decryption raises
             ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
             #rhodecode.encrypted_values.strict = false
             ## return gzipped responses from Rhodecode (static files/application)
             gzip_responses = false
             ## autogenerate javascript routes file on startup
             generate_js_files = false
             ## Optional Languages
             ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
             lang = en
             ## perform a full repository scan on each server start, this should be
             ## set to false after first startup, to allow faster server restarts.
             startup.import_repos = true
             ## Uncomment and set this path to use archive download cache.
             ## Once enabled, generated archives will be cached at this location
             ## and served from the cache during subsequent requests for the same archive of
             ## the repository.
             #archive_cache_dir = /tmp/tarballcache
             ## URL at which the application is running. This is used for bootstraping
             ## requests in context when no web request is available. Used in ishell, or
             ## SSH calls. Set this for events to receive proper url for SSH calls.
             app.base_url = http://rhodecode.local
             ## change this to unique ID for security
             app_instance_uuid = rc-production
             ## cut off limit for large diffs (size in bytes)
             cut_off_limit_diff = 1024000
             cut_off_limit_file = 256000
             ## use cache version of scm repo everywhere
             vcs_full_cache = false
             ## force https in RhodeCode, fixes https redirects, assumes it's always https
             ## Normally this is controlled by proper http flags sent from http server
             force_https = false
             ## use Strict-Transport-Security headers
             use_htsts = false
             ## git rev filter option, --all is the default filter, if you need to
             ## hide all refs in changelog switch this to --branches --tags
             git_rev_filter = --all
             # Set to true if your repos are exposed using the dumb protocol
             git_update_server_info = false
             ## RSS/ATOM feed options
             rss_cut_off_limit = 256000
             rss_items_per_page = 10
             rss_include_diff = false
             ## gist URL alias, used to create nicer urls for gist. This should be an
             ## url that does rewrites to _admin/gists/{gistid}.
             ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
             ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
             gist_alias_url =
             ## List of views (using glob pattern syntax) that AUTH TOKENS could be
             ## used for access.
             ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
             ## came from the the logged in user who own this authentication token.
             ## Additionally @TOKEN syntaxt can be used to bound the view to specific
             ## authentication token. Such view would be only accessible when used together
             ## with this authentication token
             ##
             ## list of all views can be found under `/_admin/permissions/auth_token_access`
             ## The list should be "," separated and on a single line.
             ##
             ## Most common views to enable:
             #    RepoCommitsView:repo_commit_download
             #    RepoCommitsView:repo_commit_patch
             #    RepoCommitsView:repo_commit_raw
             #    RepoCommitsView:repo_commit_raw@TOKEN
             #    RepoFilesView:repo_files_diff
             #    RepoFilesView:repo_archivefile
             #    RepoFilesView:repo_file_raw
             #    GistView:*
             api_access_controllers_whitelist =
             ## default encoding used to convert from and to unicode
             ## can be also a comma separated list of encoding in case of mixed encodings
             default_encoding = UTF-8
             ## instance-id prefix
             ## a prefix key for this instance used for cache invalidation when running
             ## multiple instances of rhodecode, make sure it's globally unique for
             ## all running rhodecode instances. Leave empty if you don't use it
             instance_id =
             ## Fallback authentication plugin. Set this to a plugin ID to force the usage
             ## of an authentication plugin also if it is disabled by it's settings.
             ## This could be useful if you are unable to log in to the system due to broken
             ## authentication settings. Then you can enable e.g. the internal rhodecode auth
             ## module to log in again and fix the settings.
             ##
             ## Available builtin plugin IDs (hash is part of the ID):
             ## egg:rhodecode-enterprise-ce#rhodecode
             ## egg:rhodecode-enterprise-ce#pam
             ## egg:rhodecode-enterprise-ce#ldap
             ## egg:rhodecode-enterprise-ce#jasig_cas
             ## egg:rhodecode-enterprise-ce#headers
             ## egg:rhodecode-enterprise-ce#crowd
             #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
             ## alternative return HTTP header for failed authentication. Default HTTP
             ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
             ## handling that causing a series of failed authentication calls.
             ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
             ## This will be served instead of default 401 on bad authnetication
             auth_ret_code =
             ## use special detection method when serving auth_ret_code, instead of serving
             ## ret_code directly, use 401 initially (Which triggers credentials prompt)
             ## and then serve auth_ret_code to clients
             auth_ret_code_detection = false
             ## locking return code. When repository is locked return this HTTP code. 2XX
             ## codes don't break the transactions while 4XX codes do
             lock_ret_code = 423
             ## allows to change the repository location in settings page
             allow_repo_location_change = true
             ## allows to setup custom hooks in settings page
             allow_custom_hooks_settings = true
             ## generated license token, goto license page in RhodeCode settings to obtain
             ## new token
             license_token = abra-cada-bra1-rce3
             ## supervisor connection uri, for managing supervisor and logs.
             supervisor.uri =
             ## supervisord group name/id we only want this RC instance to handle
             supervisor.group_id = dev
             ## Display extended labs settings
             labs_settings_active = true
             ####################################
             ###        CELERY CONFIG        ####
             ####################################
             use_celery = false
             broker.host = localhost
             broker.vhost = rabbitmqhost
             broker.port = 5672
             broker.user = rabbitmq
             broker.password = qweqwe
             celery.imports = rhodecode.lib.celerylib.tasks
             celery.result.backend = amqp
             celery.result.dburi = amqp://
             celery.result.serialier = json
             #celery.send.task.error.emails = true
             #celery.amqp.task.result.expires = 18000
             celeryd.concurrency = 2
             #celeryd.log.file = celeryd.log
             celeryd.log.level = debug
             celeryd.max.tasks.per.child = 1
             ## tasks will never be sent to the queue, but executed locally instead.
             celery.always.eager = false
             ####################################
             ###         BEAKER CACHE        ####
             ####################################
             # default cache dir for templates.  Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk
             cache_dir = %(here)s/data
             ## locking and default file storage for Beaker. Putting this into a ramdisk
             ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
             beaker.cache.data_dir = %(here)s/rc/data/cache/beaker_data
             beaker.cache.lock_dir = %(here)s/rc/data/cache/beaker_lock
             beaker.cache.regions = short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
             beaker.cache.short_term.type = file
             beaker.cache.short_term.expire = 0
             beaker.cache.short_term.key_length = 256
             beaker.cache.long_term.type = memory
             beaker.cache.long_term.expire = 36000
             beaker.cache.long_term.key_length = 256
             beaker.cache.sql_cache_short.type = memory
             beaker.cache.sql_cache_short.expire = 1
             beaker.cache.sql_cache_short.key_length = 256
             ## default is memory cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.auth_plugins.type = memory
             #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
             #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.cache.auth_plugins.sa.pool_recycle = 3600
             #beaker.cache.auth_plugins.sa.pool_size = 10
             #beaker.cache.auth_plugins.sa.max_overflow = 0
             beaker.cache.repo_cache_long.type = memorylru_base
             beaker.cache.repo_cache_long.max_items = 4096
             beaker.cache.repo_cache_long.expire = 2592000
             ## default is memorylru_base cache, configure only if required
             ## using multi-node or multi-worker setup
             #beaker.cache.repo_cache_long.type = ext:memcached
             #beaker.cache.repo_cache_long.url = localhost:11211
             #beaker.cache.repo_cache_long.expire = 1209600
             #beaker.cache.repo_cache_long.key_length = 256
             ####################################
             ###       BEAKER SESSION        ####
             ####################################
             ## .session.type is type of storage options for the session, current allowed
             ## types are file, ext:memcached, ext:database, and memory (default).
             beaker.session.type = file
             beaker.session.data_dir = %(here)s/rc/data/sessions/data
             ## db based session, fast, and allows easy management over logged in users
             #beaker.session.type = ext:database
             #beaker.session.table_name = db_session
             #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
             #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
             #beaker.session.sa.pool_recycle = 3600
             #beaker.session.sa.echo = false
             beaker.session.key = rhodecode
             beaker.session.secret = test-rc-uytcxaz
             beaker.session.lock_dir = %(here)s/rc/data/sessions/lock
             ## Secure encrypted cookie. Requires AES and AES python libraries
             ## you must disable beaker.session.secret to use this
             #beaker.session.encrypt_key = key_for_encryption
             #beaker.session.validate_key = validation_key
             ## sets session as invalid(also logging out user) if it haven not been
             ## accessed for given amount of time in seconds
             beaker.session.timeout = 2592000
             beaker.session.httponly = true
             ## Path to use for the cookie. Set to prefix if you use prefix middleware
             #beaker.session.cookie_path = /custom_prefix
             ## uncomment for https secure cookie
             beaker.session.secure = false
             ## auto save the session to not to use .save()
             beaker.session.auto = false
             ## default cookie expiration time in seconds, set to `true` to set expire
             ## at browser close
             #beaker.session.cookie_expires = 3600
             ###################################
             ## SEARCH INDEXING CONFIGURATION ##
             ###################################
             ## Full text search indexer is available in rhodecode-tools under
             ## `rhodecode-tools index` command
             ## WHOOSH Backend, doesn't require additional services to run
             ## it works good with few dozen repos
             search.module = rhodecode.lib.index.whoosh
             search.location = %(here)s/data/index
             ########################################
             ###    CHANNELSTREAM CONFIG         ####
             ########################################
             ## channelstream enables persistent connections and live notification
             ## in the system. It's also used by the chat system
             channelstream.enabled = false
             ## server address for channelstream server on the backend
             channelstream.server = 127.0.0.1:9800
             ## location of the channelstream server from outside world
             ## use ws:// for http or wss:// for https. This address needs to be handled
             ## by external HTTP server such as Nginx or Apache
             ## see nginx/apache configuration examples in our docs
             channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
             channelstream.secret = secret
             channelstream.history.location = %(here)s/channelstream_history
             ## Internal application path that Javascript uses to connect into.
             ## If you use proxy-prefix the prefix should be added before /_channelstream
             channelstream.proxy_path = /_channelstream
             ###################################
             ##       APPENLIGHT CONFIG       ##
             ###################################
             ## Appenlight is tailored to work with RhodeCode, see
             ## http://appenlight.com for details how to obtain an account
             ## appenlight integration enabled
             appenlight = false
             appenlight.server_url = https://api.appenlight.com
             appenlight.api_key = YOUR_API_KEY
             #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
             # used for JS client
             appenlight.api_public_key = YOUR_API_PUBLIC_KEY
             ## TWEAK AMOUNT OF INFO SENT HERE
             ## enables 404 error logging (default False)
             appenlight.report_404 = false
             ## time in seconds after request is considered being slow (default 1)
             appenlight.slow_request_time = 1
             ## record slow requests in application
             ## (needs to be enabled for slow datastore recording and time tracking)
             appenlight.slow_requests = true
             ## enable hooking to application loggers
             appenlight.logging = true
             ## minimum log level for log capture
             appenlight.logging.level = WARNING
             ## send logs only from erroneous/slow requests
             ## (saves API quota for intensive logging)
             appenlight.logging_on_error = false
             ## list of additonal keywords that should be grabbed from environ object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always send following info:
             ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
             ## start with HTTP* this list be extended with additional keywords here
             appenlight.environ_keys_whitelist =
             ## list of keywords that should be blanked from request object
             ## can be string with comma separated list of words in lowercase
             ## (by default client will always blank keys that contain following words
             ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
             ## this list be extended with additional keywords set here
             appenlight.request_keys_blacklist =
             ## list of namespaces that should be ignores when gathering log entries
             ## can be string with comma separated list of namespaces
             ## (by default the client ignores own entries: appenlight_client.client)
             appenlight.log_namespace_blacklist =
             ################################################################################
             ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
             ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
             ## execute malicious code after an exception is raised.                       ##
             ################################################################################
             set debug = false
             ##############
             ## STYLING  ##
             ##############
             debug_style = false
             ###########################################
             ###   MAIN RHODECODE DATABASE CONFIG    ###
             ###########################################
             #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
             #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode_test
             #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode_test
             sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
             # see sqlalchemy docs for other advanced settings
             ## print the sql statements to output
             sqlalchemy.db1.echo = false
             ## recycle the connections after this amount of seconds
             sqlalchemy.db1.pool_recycle = 3600
             sqlalchemy.db1.convert_unicode = true
             ## the number of connections to keep open inside the connection pool.
             ## 0 indicates no limit
             #sqlalchemy.db1.pool_size = 5
             ## the number of connections to allow in connection pool "overflow", that is
             ## connections that can be opened above and beyond the pool_size setting,
             ## which defaults to five.
             #sqlalchemy.db1.max_overflow = 10
             ##################
             ### VCS CONFIG ###
             ##################
             vcs.server.enable = true
             vcs.server = localhost:9901
             ## Web server connectivity protocol, responsible for web based VCS operatations
             ## Available protocols are:
             ## `http` - use http-rpc backend (default)
             vcs.server.protocol = http
             ## Push/Pull operations protocol, available options are:
             ## `http` - use http-rpc backend (default)
             ## `vcsserver.scm_app` - internal app (EE only)
             vcs.scm_app_implementation = http
             ## Push/Pull operations hooks protocol, available options are:
             ## `http` - use http-rpc backend (default)
             vcs.hooks.protocol = http
+            vcs.hooks.host = 127.0.0.1
             vcs.server.log_level = debug
             ## Start VCSServer with this instance as a subprocess, usefull for development
             vcs.start_server = false
             ## List of enabled VCS backends, available options are:
             ## `hg`  - mercurial
             ## `git` - git
             ## `svn` - subversion
             vcs.backends = hg, git, svn
             vcs.connection_timeout = 3600
             ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
             ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
             #vcs.svn.compatible_version = pre-1.8-compatible
             ############################################################
             ### Subversion proxy support (mod_dav_svn)               ###
             ### Maps RhodeCode repo groups into SVN paths for Apache ###
             ############################################################
             ## Enable or disable the config file generation.
             svn.proxy.generate_config = false
             ## Generate config file with `SVNListParentPath` set to `On`.
             svn.proxy.list_parent_path = true
             ## Set location and file name of generated config file.
             svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
             ## Used as a prefix to the `Location` block in the generated config file.
             ## In most cases it should be set to `/`.
             svn.proxy.location_root = /
             ## Command to reload the mod dav svn configuration on change.
             ## Example: `/etc/init.d/apache2 reload`
             #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
             ## If the timeout expires before the reload command finishes, the command will
             ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
             #svn.proxy.reload_timeout = 10
             ############################################################
             ### SSH Support Settings                                 ###
             ############################################################
             ## Defines if the authorized_keys file should be written on any change of
             ## user ssh keys, setting this to false also disables posibility of adding
             ## ssh keys for users from web interface.
             ssh.generate_authorized_keyfile = true
             ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
             # ssh.authorized_keys_ssh_opts =
             ## File to generate the authorized keys together with options
             ## It is possible to have multiple key files specified in `sshd_config` e.g.
             ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
             ssh.authorized_keys_file_path = %(here)s/rc/authorized_keys_rhodecode
             ## Command to execute the SSH wrapper. The binary is available in the
             ## rhodecode installation directory.
             ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
             ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
             ## Allow shell when executing the ssh-wrapper command
             ssh.wrapper_cmd_allow_shell = false
             ## Enables logging, and detailed output send back to the client. Usefull for
             ## debugging, shouldn't be used in production.
             ssh.enable_debug_logging = false
             ## Paths to binary executrables, by default they are the names, but we can
             ## override them if we want to use a custom one
             ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
             ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
             ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
             ## Dummy marker to add new entries after.
             ## Add any custom entries below. Please don't remove.
             custom.conf = 1
             ################################
             ### LOGGING CONFIGURATION   ####
             ################################
             [loggers]
             keys = root, sqlalchemy, beaker, rhodecode, ssh_wrapper
             [handlers]
             keys = console, console_sql
             [formatters]
             keys = generic, color_formatter, color_formatter_sql
             #############
             ## LOGGERS ##
             #############
             [logger_root]
             level = NOTSET
             handlers = console
             [logger_routes]
             level = DEBUG
             handlers =
             qualname = routes.middleware
             ## "level = DEBUG" logs the route matched and routing variables.
             propagate = 1
             [logger_beaker]
             level = DEBUG
             handlers =
             qualname = beaker.container
             propagate = 1
             [logger_rhodecode]
             level = DEBUG
             handlers =
             qualname = rhodecode
             propagate = 1
             [logger_sqlalchemy]
             level = ERROR
             handlers = console_sql
             qualname = sqlalchemy.engine
             propagate = 0
             [logger_ssh_wrapper]
             level = DEBUG
             handlers =
             qualname = ssh_wrapper
             propagate = 1
             ##############
             ## HANDLERS ##
             ##############
             [handler_console]
             class = StreamHandler
             args = (sys.stderr,)
             level = DEBUG
             formatter = generic
             [handler_console_sql]
             class = StreamHandler
             args = (sys.stderr,)
             level = WARN
             formatter = generic
             ################
             ## FORMATTERS ##
             ################
             [formatter_generic]
             class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter]
             class = rhodecode.lib.logging_formatter.ColorFormatter
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter_sql]
             class = rhodecode.lib.logging_formatter.ColorFormatterSql
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages