Exemplo n.º 1
    def create(self, request, login_id, login_cookie, *args, **kwargs):
        """Authenticate a user using a bugzilla cookie."""
        # The bugzilla auth backend must be enabled to use this
        # resource, so check if it is.
        auth_backend_cls = get_registered_auth_backend('bugzilla')
        if not auth_backend_cls:
            return SERVICE_NOT_CONFIGURED

        bugzilla_backend = auth_backend_cls()
        user = bugzilla_backend.authenticate(login_id, login_cookie,

        if user is None:
            return LOGIN_FAILED

        user.backend = 'rbbz.auth.BugzillaBackend'

        # Authentication succeeded, persist the returned user for
        # the session.
        login(request, user)

        # It might make sense to return more data about the result of a
        # successful login but for now we'll just return the email address
        # of the user.
        return 201, {
            self.item_result_key: {
                'email': user.email,
Exemplo n.º 2
    def create(self, request, username, api_key, *args, **kwargs):
        """Authenticate a user from a username and API key."""
        backend_cls = get_registered_auth_backend('bugzilla')
        if not backend_cls:
            return SERVICE_NOT_CONFIGURED

        backend = backend_cls()

            user = backend.authenticate_api_key(username, api_key)
            if user is None:
                return LOGIN_FAILED

        # The user will need to visit Bugzilla to obtain an API key.
        except BugzillaAPIKeyNeededError as e:
            return WebAPIResponseError(request, LOGIN_FAILED, extra_params={
                'bugzilla_api_key_needed': True,
                'bugzilla_api_key_url': e.url,

        # The user hasn't logged in via the HTML interface yet. This
        # error response should be interpretted by clients to direct
        # them to log in to the web site.
        except WebLoginNeededError:
            protocol = SiteConfiguration.objects.get_current().get(
            domain = Site.objects.get_current().domain
            login_url = '%s://%s%saccount/login' % (
                    protocol, domain, settings.SITE_ROOT)

            extra = {
                'web_login_needed': True,
                'login_url': login_url,
            return WebAPIResponseError(request, LOGIN_FAILED,

        # Django housekeeping.
        user.backend = 'rbbz.auth.BugzillaBackend'

        # Authentication succeeded. Persist the returned user for the
        # session.
        login(request, user)

        return 201, {
            self.item_result_key: {
                'email': user.email,
def auth_api_key(request, username, api_key):
    """Attempt to authenticate an API key.

    Will return either the User associated with the API key
    or a WebAPIResponseError which should be sent to the
    backend_cls = get_registered_auth_backend('bugzilla')
    if not backend_cls:

    backend = backend_cls()

        user = backend.authenticate_api_key(username, api_key)
        if user is None:
            return LOGIN_FAILED

    # The user will need to visit Bugzilla to obtain an API key.
    except BugzillaAPIKeyNeededError as e:
        return WebAPIResponseError(request,
                                       'bugzilla_api_key_needed': True,
                                       'bugzilla_api_key_url': e.url,

    # The user hasn't logged in via the HTML interface yet. This
    # error response should be interpreted by clients to direct
    # them to log in to the web site.
    except WebLoginNeededError:
        protocol = SiteConfiguration.objects.get_current().get(
        domain = Site.objects.get_current().domain
        login_url = '%s://%s%saccount/login' % (protocol, domain,

        extra = {
            'web_login_needed': True,
            'login_url': login_url,
        return WebAPIResponseError(request, LOGIN_FAILED, extra_params=extra)

    # Django housekeeping.
    user.backend = 'mozreview.bugzilla.auth.BugzillaBackend'
    return user
def auth_api_key(request, username, api_key):
    """Attempt to authenticate an API key.

    Will return either the User associated with the API key
    or a WebAPIResponseError which should be sent to the
    backend_cls = get_registered_auth_backend('bugzilla')
    if not backend_cls:

    backend = backend_cls()

        user = backend.authenticate_api_key(username, api_key)
        if user is None:
            return LOGIN_FAILED

    # The user will need to visit Bugzilla to obtain an API key.
    except BugzillaAPIKeyNeededError as e:
        return WebAPIResponseError(request, LOGIN_FAILED, extra_params={
            'bugzilla_api_key_needed': True,
            'bugzilla_api_key_url': e.url,

    # The user hasn't logged in via the HTML interface yet. This
    # error response should be interpreted by clients to direct
    # them to log in to the web site.
    except WebLoginNeededError:
        protocol = SiteConfiguration.objects.get_current().get(
        domain = Site.objects.get_current().domain
        login_url = '%s://%s%saccount/login' % (
                protocol, domain, settings.SITE_ROOT)

        extra = {
            'web_login_needed': True,
            'login_url': login_url,
        return WebAPIResponseError(request, LOGIN_FAILED,

    # Django housekeeping.
    user.backend = 'rbbz.auth.BugzillaBackend'
    return user
Exemplo n.º 5
def load_site_config(full_reload=False):
    Loads any stored site configuration settings and populates the Django
    settings object with any that need to be there.
    def apply_setting(settings_key, db_key, default=None):
        db_value = siteconfig.settings.get(db_key)

        if db_value:
            setattr(settings, settings_key, db_value)
        elif default:
            setattr(settings, settings_key, default)

    def update_haystack_settings():
        """Updates the haystack settings with settings in site config."""
            "HAYSTACK_CONNECTIONS", None, {
                'default': {
                    'PATH': (siteconfig.get('search_index_file')
                             or defaults['search_index_file']),

        # Re-initialize Haystack's connection information to use the updated
        # settings.
        connections.connections_info = settings.HAYSTACK_CONNECTIONS
        connections._connections = {}

    # If siteconfig needs to be saved back to the DB, set dirty=true
    dirty = False
        siteconfig = SiteConfiguration.objects.get_current()
    except SiteConfiguration.DoesNotExist:
        raise ImproperlyConfigured(
            "The site configuration entry does not exist in the database. "
            "Re-run `./manage.py` syncdb to fix this.")
    except Exception as e:
        # We got something else. Likely, this doesn't exist yet and we're
        # doing a syncdb or something, so silently ignore.
        logging.error('Could not load siteconfig: %s' % e)

    # Populate defaults if they weren't already set.
    if not siteconfig.get_defaults():

    # The default value for DEFAULT_EMAIL_FROM (webmaster@localhost)
    # is less than good, so use a better one if it's set to that or if
    # we haven't yet set this value in siteconfig.
    mail_default_from = \

    if (not mail_default_from
            or mail_default_from == global_settings.DEFAULT_FROM_EMAIL):
        domain = siteconfig.site.domain.split(':')[0]
        siteconfig.set('mail_default_from', 'noreply@' + domain)

    # STATIC_* and MEDIA_* must be different paths, and differ in meaning.
    # If site_static_* is empty or equal to media_static_*, we're probably
    # migrating from an earlier Review Board install.
    site_static_root = siteconfig.settings.get('site_static_root', '')
    site_media_root = siteconfig.settings.get('site_media_root')

    if site_static_root == '' or site_static_root == site_media_root:
        siteconfig.set('site_static_root', settings.STATIC_ROOT)

    site_static_url = siteconfig.settings.get('site_static_url', '')
    site_media_url = siteconfig.settings.get('site_media_url')

    if site_static_url == '' or site_static_url == site_media_url:
        siteconfig.set('site_static_url', settings.STATIC_URL)

    # Populate the settings object with anything relevant from the siteconfig.
    apply_django_settings(siteconfig, settings_map)

    if full_reload and not getattr(settings, 'RUNNING_TEST', False):
        # Logging may have changed, so restart logging.

    # Now for some more complicated stuff...


    # Site administrator settings
    apply_setting("ADMINS", None, ((siteconfig.get(
        "site_admin_name", ""), siteconfig.get("site_admin_email", "")), ))

    apply_setting("MANAGERS", None, settings.ADMINS)

    # Explicitly base this off the STATIC_URL
    apply_setting("ADMIN_MEDIA_PREFIX", None, settings.STATIC_URL + "admin/")

    # Set the auth backends
    auth_backend_id = siteconfig.settings.get("auth_backend", "builtin")
    builtin_backend_obj = get_registered_auth_backend('builtin')
    builtin_backend = "%s.%s" % (builtin_backend_obj.__module__,

    if auth_backend_id == "custom":
        custom_backends = siteconfig.settings.get("auth_custom_backends")

        if isinstance(custom_backends, six.string_types):
            custom_backends = (custom_backends, )
        elif isinstance(custom_backends, list):
            custom_backends = tuple(custom_backends)

        settings.AUTHENTICATION_BACKENDS = custom_backends

        if builtin_backend not in custom_backends:
            settings.AUTHENTICATION_BACKENDS += (builtin_backend, )
        backend = get_registered_auth_backend(auth_backend_id)

        if backend and backend is not builtin_backend_obj:
            settings.AUTHENTICATION_BACKENDS = \
                ("%s.%s" % (backend.__module__, backend.__name__),
            settings.AUTHENTICATION_BACKENDS = (builtin_backend, )

        # If we're upgrading from a 1.x LDAP configuration, populate
        # ldap_uid and clear ldap_uid_mask
        if auth_backend_id == "ldap":
            if not hasattr(settings, 'LDAP_UID'):
                if hasattr(settings, 'LDAP_UID_MASK'):
                    # Get the username attribute from the old UID mask
                    # LDAP attributes can contain only alphanumeric
                    # characters and the hyphen and must lead with an
                    # alphabetic character. This is not dependent upon
                    # locale.
                    m = re.search("([a-zA-Z][a-zA-Z0-9-]+)=%s",
                    if m:
                        # Assign LDAP_UID the value of the retrieved attribute
                        settings.LDAP_UID = m.group(1)
                        # Couldn't match the old value?
                        # This should be impossible, but in this case, let's
                        # just guess a sane default and hope for the best.
                        settings.LDAP_UID = 'uid'

                    # Neither the old nor new value?
                    # This should be impossible, but in this case, let's just
                    # guess a sane default and hope for the best.
                    settings.LDAP_UID = 'uid'

                # Remove the LDAP_UID_MASK value
                settings.LDAP_UID_MASK = None

                siteconfig.set('auth_ldap_uid', settings.LDAP_UID)
                siteconfig.set('auth_ldap_uid_mask', settings.LDAP_UID_MASK)
                # Set the dirty flag so we save this back
                dirty = True

    # Add APITokenBackend to the list of auth backends. This one is always
    # present, and is used only for API requests.
        'reviewboard.webapi.auth_backends.TokenAuthBackend', )

    # Set the storage backend
    storage_backend = siteconfig.settings.get('storage_backend', 'builtin')

    if storage_backend in storage_backend_map:
        settings.DEFAULT_FILE_STORAGE = storage_backend_map[storage_backend]
        settings.DEFAULT_FILE_STORAGE = storage_backend_map['builtin']

    # These blow up if they're not the perfectly right types
    settings.AWS_QUERYSTRING_AUTH = siteconfig.get('aws_querystring_auth')
    settings.AWS_ACCESS_KEY_ID = six.text_type(
    settings.AWS_SECRET_ACCESS_KEY = six.text_type(
    settings.AWS_STORAGE_BUCKET_NAME = six.text_type(
        settings.AWS_CALLING_FORMAT = int(siteconfig.get('aws_calling_format'))
    except ValueError:
        settings.AWS_CALLING_FORMAT = 0

    if siteconfig.settings.get('site_domain_method', 'http') == 'https':
        os.environ['HTTPS'] = 'on'
        os.environ['HTTPS'] = 'off'

    # Save back changes if they have been made
    if dirty:


    return siteconfig
Exemplo n.º 6
def load_site_config(full_reload=False):
    """Load stored site configuration settings.

    This populates the Django settings object with any keys that need to be
    def apply_setting(settings_key, db_key, default=None):
        """Apply the given siteconfig value to the Django settings object."""
        db_value = siteconfig.settings.get(db_key)

        if db_value:
            setattr(settings, settings_key, db_value)
        elif default:
            setattr(settings, settings_key, default)

    def update_haystack_settings():
        """Update the haystack settings with settings in site config."""
        search_engine = (siteconfig.get('search_engine') or

        if search_engine == search_engines.WHOOSH:
            search_engine_settings = {
                'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine',
                'PATH': (siteconfig.get('search_index_file') or
        elif search_engine == search_engines.ELASTICSEARCH:
            search_engine_settings = {
                'ENGINE': 'haystack.backends.elasticsearch_backend.'
                'URL': (siteconfig.get('elasticsearch_url') or
                'INDEX_NAME': (siteconfig.get('elasticsearch_index_name') or
            raise ImproperlyConfigured(
                'Search engine choice ("%s") is unavailable.'
                % (search_engine,))

        apply_setting('HAYSTACK_CONNECTIONS', None, {
            'default': search_engine_settings,

        # Re-initialize Haystack's connection information to use the updated
        # settings.
        connections.connections_info = settings.HAYSTACK_CONNECTIONS
        connections._connections = {}

    # If siteconfig needs to be saved back to the DB, set dirty=true
    dirty = False
        siteconfig = SiteConfiguration.objects.get_current()
    except SiteConfiguration.DoesNotExist:
        raise ImproperlyConfigured(
            "The site configuration entry does not exist in the database. "
            "Re-run `./manage.py` syncdb to fix this.")
    except Exception as e:
        # We got something else. Likely, this doesn't exist yet and we're
        # doing a syncdb or something, so silently ignore.
        logging.error('Could not load siteconfig: %s' % e)

    # Populate defaults if they weren't already set.
    if not siteconfig.get_defaults():

    # The default value for DEFAULT_EMAIL_FROM (webmaster@localhost)
    # is less than good, so use a better one if it's set to that or if
    # we haven't yet set this value in siteconfig.
    mail_default_from = \

    if (not mail_default_from or
            mail_default_from == global_settings.DEFAULT_FROM_EMAIL):
        domain = siteconfig.site.domain.split(':')[0]
        siteconfig.set('mail_default_from', 'noreply@' + domain)

    # STATIC_* and MEDIA_* must be different paths, and differ in meaning.
    # If site_static_* is empty or equal to media_static_*, we're probably
    # migrating from an earlier Review Board install.
    site_static_root = siteconfig.settings.get('site_static_root', '')
    site_media_root = siteconfig.settings.get('site_media_root')

    if site_static_root == '' or site_static_root == site_media_root:
        siteconfig.set('site_static_root', settings.STATIC_ROOT)

    site_static_url = siteconfig.settings.get('site_static_url', '')
    site_media_url = siteconfig.settings.get('site_media_url')

    if site_static_url == '' or site_static_url == site_media_url:
        siteconfig.set('site_static_url', settings.STATIC_URL)

    # Populate the settings object with anything relevant from the siteconfig.
    apply_django_settings(siteconfig, settings_map)

    if full_reload and not getattr(settings, 'RUNNING_TEST', False):
        # Logging may have changed, so restart logging.

    # Now for some more complicated stuff...


    # Site administrator settings
    apply_setting("ADMINS", None, (
        (siteconfig.get("site_admin_name", ""),
         siteconfig.get("site_admin_email", "")),

    apply_setting("MANAGERS", None, settings.ADMINS)

    # Explicitly base this off the STATIC_URL
    apply_setting("ADMIN_MEDIA_PREFIX", None, settings.STATIC_URL + "admin/")

    # Set the auth backends
    auth_backend_id = siteconfig.settings.get("auth_backend", "builtin")
    builtin_backend_obj = get_registered_auth_backend('builtin')
    builtin_backend = "%s.%s" % (builtin_backend_obj.__module__,

    if auth_backend_id == "custom":
        custom_backends = siteconfig.settings.get("auth_custom_backends")

        if isinstance(custom_backends, six.string_types):
            custom_backends = (custom_backends,)
        elif isinstance(custom_backends, list):
            custom_backends = tuple(custom_backends)

        settings.AUTHENTICATION_BACKENDS = custom_backends

        if builtin_backend not in custom_backends:
            settings.AUTHENTICATION_BACKENDS += (builtin_backend,)
        backend = get_registered_auth_backend(auth_backend_id)

        if backend and backend is not builtin_backend_obj:
            settings.AUTHENTICATION_BACKENDS = \
                ("%s.%s" % (backend.__module__, backend.__name__),
            settings.AUTHENTICATION_BACKENDS = (builtin_backend,)

        # If we're upgrading from a 1.x LDAP configuration, populate
        # ldap_uid and clear ldap_uid_mask
        if auth_backend_id == "ldap":
            if not hasattr(settings, 'LDAP_UID'):
                if hasattr(settings, 'LDAP_UID_MASK'):
                    # Get the username attribute from the old UID mask
                    # LDAP attributes can contain only alphanumeric
                    # characters and the hyphen and must lead with an
                    # alphabetic character. This is not dependent upon
                    # locale.
                    m = re.search("([a-zA-Z][a-zA-Z0-9-]+)=%s",
                    if m:
                        # Assign LDAP_UID the value of the retrieved attribute
                        settings.LDAP_UID = m.group(1)
                        # Couldn't match the old value?
                        # This should be impossible, but in this case, let's
                        # just guess a sane default and hope for the best.
                        settings.LDAP_UID = 'uid'

                    # Neither the old nor new value?
                    # This should be impossible, but in this case, let's just
                    # guess a sane default and hope for the best.
                    settings.LDAP_UID = 'uid'

                # Remove the LDAP_UID_MASK value
                settings.LDAP_UID_MASK = None

                siteconfig.set('auth_ldap_uid', settings.LDAP_UID)
                siteconfig.set('auth_ldap_uid_mask', settings.LDAP_UID_MASK)
                # Set the dirty flag so we save this back
                dirty = True

    # Add APITokenBackend to the list of auth backends. This one is always
    # present, and is used only for API requests.

    # Set the storage backend
    storage_backend = siteconfig.settings.get('storage_backend', 'builtin')

    if storage_backend in storage_backend_map:
        settings.DEFAULT_FILE_STORAGE = storage_backend_map[storage_backend]
        settings.DEFAULT_FILE_STORAGE = storage_backend_map['builtin']

    # These blow up if they're not the perfectly right types
    settings.AWS_QUERYSTRING_AUTH = siteconfig.get('aws_querystring_auth')
    settings.AWS_ACCESS_KEY_ID = six.text_type(
    settings.AWS_SECRET_ACCESS_KEY = six.text_type(
    settings.AWS_STORAGE_BUCKET_NAME = six.text_type(
        settings.AWS_CALLING_FORMAT = int(siteconfig.get('aws_calling_format'))
    except ValueError:
        settings.AWS_CALLING_FORMAT = 0

    settings.SWIFT_AUTH_URL = six.text_type(
    settings.SWIFT_USERNAME = six.text_type(
    settings.SWIFT_KEY = six.text_type(
        settings.SWIFT_AUTH_VERSION = int(siteconfig.get('swift_auth_version'))
        settings.SWIFT_AUTH_VERSION = 1
    settings.SWIFT_CONTAINER_NAME = six.text_type(

    if siteconfig.settings.get('site_domain_method', 'http') == 'https':
        os.environ[b'HTTPS'] = b'on'
        os.environ[b'HTTPS'] = b'off'

    # Save back changes if they have been made
    if dirty:


    return siteconfig
Exemplo n.º 7
def load_site_config():
    Loads any stored site configuration settings and populates the Django
    settings object with any that need to be there.
    def apply_setting(settings_key, db_key, default=None):
        db_value = siteconfig.settings.get(db_key)

        if db_value:
            setattr(settings, settings_key, db_value)
        elif default:
            setattr(settings, settings_key, default)

    def update_haystack_settings():
        """Updates the haystack settings with settings in site config."""
        apply_setting("HAYSTACK_CONNECTIONS", None, {
            'default': {
                'ENGINE': settings.HAYSTACK_CONNECTIONS['default']['ENGINE'],
                'PATH': (siteconfig.get('search_index_file') or

        # Re-initialize Haystack's connection information to use the updated
        # settings.
        connections.connections_info = settings.HAYSTACK_CONNECTIONS
        connections._connections = {}

        siteconfig = SiteConfiguration.objects.get_current()
    except SiteConfiguration.DoesNotExist:
        raise ImproperlyConfigured(
            "The site configuration entry does not exist in the database. "
            "Re-run `./manage.py` syncdb to fix this.")
        # We got something else. Likely, this doesn't exist yet and we're
        # doing a syncdb or something, so silently ignore.

    # Populate defaults if they weren't already set.
    if not siteconfig.get_defaults():

    # The default value for DEFAULT_EMAIL_FROM (webmaster@localhost)
    # is less than good, so use a better one if it's set to that or if
    # we haven't yet set this value in siteconfig.
    mail_default_from = \

    if (not mail_default_from or
            mail_default_from == global_settings.DEFAULT_FROM_EMAIL):
        domain = siteconfig.site.domain.split(':')[0]
        siteconfig.set('mail_default_from', 'noreply@' + domain)

    # STATIC_* and MEDIA_* must be different paths, and differ in meaning.
    # If site_static_* is empty or equal to media_static_*, we're probably
    # migrating from an earlier Review Board install.
    site_static_root = siteconfig.settings.get('site_static_root', '')
    site_media_root = siteconfig.settings.get('site_media_root')

    if site_static_root == '' or site_static_root == site_media_root:
        siteconfig.set('site_static_root', settings.STATIC_ROOT)

    site_static_url = siteconfig.settings.get('site_static_url', '')
    site_media_url = siteconfig.settings.get('site_media_url')

    if site_static_url == '' or site_static_url == site_media_url:
        siteconfig.set('site_static_url', settings.STATIC_URL)

    # Populate the settings object with anything relevant from the siteconfig.
    apply_django_settings(siteconfig, settings_map)

    # Now for some more complicated stuff...


    # Do some dependency checks and disable things if we don't support them.
    if not get_can_enable_syntax_highlighting()[0]:
        siteconfig.set('diffviewer_syntax_highlighting', False)

    # Site administrator settings
    apply_setting("ADMINS", None, (
        (siteconfig.get("site_admin_name", ""),
         siteconfig.get("site_admin_email", "")),

    apply_setting("MANAGERS", None, settings.ADMINS)

    # Explicitly base this off the STATIC_URL
    apply_setting("ADMIN_MEDIA_PREFIX", None, settings.STATIC_URL + "admin/")

    # Set the auth backends
    auth_backend_id = siteconfig.settings.get("auth_backend", "builtin")
    builtin_backend_obj = get_registered_auth_backend('builtin')
    builtin_backend = "%s.%s" % (builtin_backend_obj.__module__,

    if auth_backend_id == "custom":
        custom_backends = siteconfig.settings.get("auth_custom_backends")

        if isinstance(custom_backends, six.string_types):
            custom_backends = (custom_backends,)
        elif isinstance(custom_backends, list):
            custom_backends = tuple(custom_backends)

        settings.AUTHENTICATION_BACKENDS = custom_backends

        if builtin_backend not in custom_backends:
            settings.AUTHENTICATION_BACKENDS += (builtin_backend,)
        backend = get_registered_auth_backend(auth_backend_id)

        if backend and backend is not builtin_backend_obj:
            settings.AUTHENTICATION_BACKENDS = \
                ("%s.%s" % (backend.__module__, backend.__name__),
            settings.AUTHENTICATION_BACKENDS = (builtin_backend,)

    # Set the storage backend
    storage_backend = siteconfig.settings.get('storage_backend', 'builtin')

    if storage_backend in storage_backend_map:
        settings.DEFAULT_FILE_STORAGE = storage_backend_map[storage_backend]
        settings.DEFAULT_FILE_STORAGE = storage_backend_map['builtin']

    # These blow up if they're not the perfectly right types
    settings.AWS_QUERYSTRING_AUTH = siteconfig.get('aws_querystring_auth')
    settings.AWS_ACCESS_KEY_ID = six.text_type(siteconfig.get('aws_access_key_id'))
    settings.AWS_SECRET_ACCESS_KEY = six.text_type(siteconfig.get('aws_secret_access_key'))
    settings.AWS_STORAGE_BUCKET_NAME = six.text_type(siteconfig.get('aws_s3_bucket_name'))
        settings.AWS_CALLING_FORMAT = int(siteconfig.get('aws_calling_format'))
    except ValueError:
        settings.AWS_CALLING_FORMAT = 0

    if siteconfig.settings.get('site_domain_method', 'http') == 'https':
        os.environ['HTTPS'] = 'on'
        os.environ['HTTPS'] = 'off'


    return siteconfig
Exemplo n.º 8
def load_site_config():
    Loads any stored site configuration settings and populates the Django
    settings object with any that need to be there.

    def apply_setting(settings_key, db_key, default=None):
        db_value = siteconfig.settings.get(db_key)

        if db_value:
            setattr(settings, settings_key, db_value)
        elif default:
            setattr(settings, settings_key, default)

    def update_haystack_settings():
        """Updates the haystack settings with settings in site config."""
                "default": {
                    "ENGINE": settings.HAYSTACK_CONNECTIONS["default"]["ENGINE"],
                    "PATH": (siteconfig.get("search_index_file") or defaults["search_index_file"]),

        # Re-initialize Haystack's connection information to use the updated
        # settings.
        connections.connections_info = settings.HAYSTACK_CONNECTIONS
        connections._connections = {}

    # If siteconfig needs to be saved back to the DB, set dirty=true
    dirty = False
        siteconfig = SiteConfiguration.objects.get_current()
    except SiteConfiguration.DoesNotExist:
        raise ImproperlyConfigured(
            "The site configuration entry does not exist in the database. " "Re-run `./manage.py` syncdb to fix this."
    except Exception as e:
        # We got something else. Likely, this doesn't exist yet and we're
        # doing a syncdb or something, so silently ignore.
        logging.error("Could not load siteconfig: %s" % e)

    # Populate defaults if they weren't already set.
    if not siteconfig.get_defaults():

    # The default value for DEFAULT_EMAIL_FROM (webmaster@localhost)
    # is less than good, so use a better one if it's set to that or if
    # we haven't yet set this value in siteconfig.
    mail_default_from = siteconfig.settings.get("mail_default_from", global_settings.DEFAULT_FROM_EMAIL)

    if not mail_default_from or mail_default_from == global_settings.DEFAULT_FROM_EMAIL:
        domain = siteconfig.site.domain.split(":")[0]
        siteconfig.set("mail_default_from", "noreply@" + domain)

    # STATIC_* and MEDIA_* must be different paths, and differ in meaning.
    # If site_static_* is empty or equal to media_static_*, we're probably
    # migrating from an earlier Review Board install.
    site_static_root = siteconfig.settings.get("site_static_root", "")
    site_media_root = siteconfig.settings.get("site_media_root")

    if site_static_root == "" or site_static_root == site_media_root:
        siteconfig.set("site_static_root", settings.STATIC_ROOT)

    site_static_url = siteconfig.settings.get("site_static_url", "")
    site_media_url = siteconfig.settings.get("site_media_url")

    if site_static_url == "" or site_static_url == site_media_url:
        siteconfig.set("site_static_url", settings.STATIC_URL)

    # Populate the settings object with anything relevant from the siteconfig.
    apply_django_settings(siteconfig, settings_map)

    # Now for some more complicated stuff...


    # Do some dependency checks and disable things if we don't support them.
    if not get_can_enable_syntax_highlighting()[0]:
        siteconfig.set("diffviewer_syntax_highlighting", False)

    # Site administrator settings
    apply_setting("ADMINS", None, ((siteconfig.get("site_admin_name", ""), siteconfig.get("site_admin_email", "")),))

    apply_setting("MANAGERS", None, settings.ADMINS)

    # Explicitly base this off the STATIC_URL
    apply_setting("ADMIN_MEDIA_PREFIX", None, settings.STATIC_URL + "admin/")

    # Set the auth backends
    auth_backend_id = siteconfig.settings.get("auth_backend", "builtin")
    builtin_backend_obj = get_registered_auth_backend("builtin")
    builtin_backend = "%s.%s" % (builtin_backend_obj.__module__, builtin_backend_obj.__name__)

    if auth_backend_id == "custom":
        custom_backends = siteconfig.settings.get("auth_custom_backends")

        if isinstance(custom_backends, six.string_types):
            custom_backends = (custom_backends,)
        elif isinstance(custom_backends, list):
            custom_backends = tuple(custom_backends)

        settings.AUTHENTICATION_BACKENDS = custom_backends

        if builtin_backend not in custom_backends:
            settings.AUTHENTICATION_BACKENDS += (builtin_backend,)
        backend = get_registered_auth_backend(auth_backend_id)

        if backend and backend is not builtin_backend_obj:
            settings.AUTHENTICATION_BACKENDS = ("%s.%s" % (backend.__module__, backend.__name__), builtin_backend)
            settings.AUTHENTICATION_BACKENDS = (builtin_backend,)

        # If we're upgrading from a 1.x LDAP configuration, populate
        # ldap_uid and clear ldap_uid_mask
        if auth_backend_id == "ldap":
            if not hasattr(settings, "LDAP_UID"):
                if hasattr(settings, "LDAP_UID_MASK"):
                    # Get the username attribute from the old UID mask
                    # LDAP attributes can contain only alphanumeric
                    # characters and the hyphen and must lead with an
                    # alphabetic character. This is not dependent upon
                    # locale.
                    m = re.search("([a-zA-Z][a-zA-Z0-9-]+)=%s", settings.LDAP_UID_MASK)
                    if m:
                        # Assign LDAP_UID the value of the retrieved attribute
                        settings.LDAP_UID = m.group(1)
                        # Couldn't match the old value?
                        # This should be impossible, but in this case, let's
                        # just guess a sane default and hope for the best.
                        settings.LDAP_UID = "uid"

                    # Neither the old nor new value?
                    # This should be impossible, but in this case, let's just
                    # guess a sane default and hope for the best.
                    settings.LDAP_UID = "uid"

                # Remove the LDAP_UID_MASK value
                settings.LDAP_UID_MASK = None

                siteconfig.set("auth_ldap_uid", settings.LDAP_UID)
                siteconfig.set("auth_ldap_uid_mask", settings.LDAP_UID_MASK)
                # Set the dirty flag so we save this back
                dirty = True

    # Set the storage backend
    storage_backend = siteconfig.settings.get("storage_backend", "builtin")

    if storage_backend in storage_backend_map:
        settings.DEFAULT_FILE_STORAGE = storage_backend_map[storage_backend]
        settings.DEFAULT_FILE_STORAGE = storage_backend_map["builtin"]

    # These blow up if they're not the perfectly right types
    settings.AWS_QUERYSTRING_AUTH = siteconfig.get("aws_querystring_auth")
    settings.AWS_ACCESS_KEY_ID = six.text_type(siteconfig.get("aws_access_key_id"))
    settings.AWS_SECRET_ACCESS_KEY = six.text_type(siteconfig.get("aws_secret_access_key"))
    settings.AWS_STORAGE_BUCKET_NAME = six.text_type(siteconfig.get("aws_s3_bucket_name"))
        settings.AWS_CALLING_FORMAT = int(siteconfig.get("aws_calling_format"))
    except ValueError:
        settings.AWS_CALLING_FORMAT = 0

    if siteconfig.settings.get("site_domain_method", "http") == "https":
        os.environ["HTTPS"] = "on"
        os.environ["HTTPS"] = "off"

    # Save back changes if they have been made
    if dirty:


    return siteconfig