def _finish_login_pipeline(self, identity):
        """
        The login flow executes both with anonymous and authenticated users.

        Upon completion a few branches exist:

        If the identity is already linked, the user should be logged in
        and redirected immediately.

        Otherwise, the user is presented with a confirmation window. That window
        will show them the new account that will be created, and if they're
        already authenticated an optional button to associate the identity with
        their account.
        """
        auth_provider = self.auth_provider
        user_id = identity['id']

        lock = locks.get(
            'sso:auth:{}:{}'.format(
                auth_provider.id,
                md5_text(user_id).hexdigest(),
            ),
            duration=5,
        )
        with TimedRetryPolicy(5)(lock.acquire):
            try:
                auth_identity = AuthIdentity.objects.select_related('user').get(
                    auth_provider=auth_provider,
                    ident=user_id,
                )
            except AuthIdentity.DoesNotExist:
                auth_identity = None

            # Handle migration of identity keys
            if not auth_identity and isinstance(user_id, MigratingIdentityId):
                try:
                    auth_identity = AuthIdentity.objects.select_related('user').get(
                        auth_provider=auth_provider,
                        ident=user_id.legacy_id,
                    )
                    auth_identity.update(ident=user_id.id)
                except AuthIdentity.DoesNotExist:
                    auth_identity = None

            if not auth_identity:
                return self._handle_unknown_identity(identity)

            # If the User attached to this AuthIdentity is not active,
            # we want to clobber the old account and take it over, rather than
            # getting logged into the inactive account.
            if not auth_identity.user.is_active:

                # Current user is also not logged in, so we have to
                # assume unknown.
                if not self.request.user.is_authenticated():
                    return self._handle_unknown_identity(identity)

                auth_identity = self._handle_attach_identity(identity)

            return self._handle_existing_identity(auth_identity, identity)

    def _ensure_blob(self, orm, file):
        from sentry.app import locks
        from sentry.utils.retries import TimedRetryPolicy

        File = orm['sentry.File']
        FileBlob = orm['sentry.FileBlob']

        lock = locks.get('fileblob:convert:{}'.format(file.checksum), duration=60)
        with TimedRetryPolicy(60 * 5)(lock.acquire):
            if not file.storage:
                return

            try:
                blob = FileBlob.objects.get(checksum=file.checksum)
            except FileBlob.DoesNotExist:
                blob = FileBlob.objects.create(
                    checksum=file.checksum,
                    storage=file.storage,
                    storage_options=file.storage_options,
                    path=file.path,
                    size=file.size,
                    timestamp=file.timestamp,
                )

            File.objects.filter(
                id=file.id,
            ).update(blob=blob)
            file.blob = blob

    def _finish_login_pipeline(self, identity):
        """
        The login flow executes both with anonymous and authenticated users.

        Upon completion a few branches exist:

        If the identity is already linked, the user should be logged in
        and redirected immediately.

        Otherwise, the user is presented with a confirmation window. That window
        will show them the new account that will be created, and if they're
        already authenticated an optional button to associate the identity with
        their account.
        """
        auth_provider = self.auth_provider
        lock = locks.get(
            'sso:auth:{}:{}'.format(
                auth_provider.id,
                md5(unicode(identity['id'])).hexdigest(),
            ),
            duration=5,
        )
        with TimedRetryPolicy(5)(lock.acquire):
            try:
                auth_identity = AuthIdentity.objects.get(
                    auth_provider=auth_provider,
                    ident=identity['id'],
                )
            except AuthIdentity.DoesNotExist:
                return self._handle_unknown_identity(identity)
            return self._handle_existing_identity(auth_identity, identity)

    def start_release(self, version, **values):
        values.setdefault('date_started', timezone.now())

        affected = Release.objects.filter(
            version=version,
            organization_id=self.project.organization_id,
            projects=self.project,
        ).update(**values)
        if not affected:
            release = Release.objects.filter(
                version=version,
                organization_id=self.project.organization_id,
            ).first()
            if release:
                release.update(**values)
            else:
                lock_key = Release.get_lock_key(self.project.organization_id, version)
                lock = locks.get(lock_key, duration=5)
                with TimedRetryPolicy(10)(lock.acquire):
                    try:
                        release = Release.objects.get(
                            version=version,
                            organization_id=self.project.organization_id
                        )
                    except Release.DoesNotExist:
                        release = Release.objects.create(
                            version=version,
                            organization_id=self.project.organization_id,
                            **values
                        )

            release.add_project(self.project)

 def get_security_token(self):
     lock = locks.get(self.get_lock_key(), duration=5)
     with TimedRetryPolicy(10)(lock.acquire):
         security_token = self.get_option('sentry:token', None)
         if security_token is None:
             security_token = uuid1().hex
             self.update_option('sentry:token', security_token)
         return security_token

 def save(self, *args, **kwargs):
     if not self.slug:
         lock = locks.get('slug:organization', duration=5)
         with TimedRetryPolicy(10)(lock.acquire):
             slugify_instance(self, self.name, reserved=RESERVED_ORGANIZATION_SLUGS)
         super(Organization, self).save(*args, **kwargs)
     else:
         super(Organization, self).save(*args, **kwargs)

 def save(self, *args, **kwargs):
     if not self.slug:
         lock = locks.get('slug:project', duration=5)
         with TimedRetryPolicy(10)(lock.acquire):
             slugify_instance(self, self.name, organization=self.organization)
         super(Project, self).save(*args, **kwargs)
     else:
         super(Project, self).save(*args, **kwargs)

def delete_file(path, checksum, **kwargs):
    from sentry.models.file import get_storage, FileBlob
    from sentry.app import locks
    from sentry.utils.retries import TimedRetryPolicy

    lock = locks.get(u'fileblob:upload:{}'.format(checksum), duration=60 * 10)
    with TimedRetryPolicy(60)(lock.acquire):
        if not FileBlob.objects.filter(checksum=checksum).exists():
            get_storage().delete(path)

    def notify_if_ready(cls, deploy_id, fetch_complete=False):
        """
        create activity and send deploy notifications
        if they haven't been sent
        """
        from sentry.models import Activity, Environment, ReleaseCommit, ReleaseHeadCommit

        lock_key = cls.get_lock_key(deploy_id)
        lock = locks.get(lock_key, duration=30)
        with TimedRetryPolicy(10)(lock.acquire):
            deploy = cls.objects.filter(
                id=deploy_id,
            ).select_related('release').get()
            if deploy.notified:
                return

            release = deploy.release
            environment = Environment.objects.get(
                organization_id=deploy.organization_id,
                id=deploy.environment_id,
            )

            if not fetch_complete:
                release_has_commits = ReleaseCommit.objects.filter(
                    organization_id=release.organization_id,
                    release=release,
                ).exists()

                if not release_has_commits:
                    # check if we have head commits, which
                    # would indicate that we're waiting for
                    # fetch_commits to complete
                    if ReleaseHeadCommit.objects.filter(
                        organization_id=release.organization_id,
                        release=release,
                    ).exists():
                        return

            activity = None
            for project in deploy.release.projects.all():
                activity = Activity.objects.create(
                    type=Activity.DEPLOY,
                    project=project,
                    ident=release.version,
                    data={
                        'version': release.version,
                        'deploy_id': deploy.id,
                        'environment': environment.name,
                    },
                    datetime=deploy.date_finished,
                )
            # Somewhat hacky, only send notification for one
            # Deploy Activity record because it will cover all projects
            if activity is not None:
                activity.send_notification()
                deploy.update(notified=True)

    def get_or_create(cls, project, release, environment, datetime, **kwargs):
        cache_key = cls.get_cache_key(project.id, release.id, environment.id)

        instance = cache.get(cache_key)
        if instance is None:
            release_envs = list(cls.objects.filter(
                release_id=release.id,
                organization_id=project.organization_id,
                environment_id=environment.id,
            ))
            if release_envs:
                instance = release_envs[0]
                for re in release_envs:
                    if re.project_id == project.id:
                        instance = re
                created = False
            else:
                lock_key = cls.get_lock_key(project.organization_id, release.id, environment.id)
                lock = locks.get(lock_key, duration=5)
                with TimedRetryPolicy(10)(lock.acquire):
                    try:
                        instance, created = cls.objects.get(
                            release_id=release.id,
                            organization_id=project.organization_id,
                            environment_id=environment.id,
                        ), False
                    except cls.DoesNotExist:
                        instance, created = cls.objects.create(
                            release_id=release.id,
                            project_id=project.id,
                            organization_id=project.organization_id,
                            environment_id=environment.id,
                            first_seen=datetime,
                            last_seen=datetime,
                        ), True
            cache.set(cache_key, instance, 3600)
        else:
            created = False

        # TODO(dcramer): this would be good to buffer, but until then we minimize
        # updates to once a minute, and allow Postgres to optimistically skip
        # it even if we can't
        if not created and instance.last_seen < datetime - timedelta(seconds=60):
            cls.objects.filter(
                id=instance.id,
                last_seen__lt=datetime - timedelta(seconds=60),
            ).update(
                last_seen=datetime,
            )
            instance.last_seen = datetime
            cache.set(cache_key, instance, 3600)
        return instance

def process_pending():
    """
    Process pending buffers.
    """
    from sentry import buffer
    from sentry.app import locks

    lock = locks.get('buffer:process_pending', duration=60)
    try:
        with lock.acquire():
            buffer.process_pending()
    except UnableToAcquireLock as error:
        logger.warning('process_pending.fail', extra={'error': error})

 def save(self, *args, **kwargs):
     if not self.slug:
         lock = locks.get('slug:project', duration=5)
         with TimedRetryPolicy(10)(lock.acquire):
             slugify_instance(
                 self,
                 self.name,
                 organization=self.organization,
                 reserved=RESERVED_PROJECT_SLUGS)
         super(Project, self).save(*args, **kwargs)
     else:
         super(Project, self).save(*args, **kwargs)
     self.update_rev_for_option()

def upgrade(ctx, verbosity, traceback, noinput, lock, no_repair):
    "Perform any pending database migrations and upgrades."

    if lock:
        from sentry.app import locks
        from sentry.utils.locking import UnableToAcquireLock
        lock = locks.get('upgrade', duration=0)
        try:
            with lock.acquire():
                _upgrade(not noinput, traceback, verbosity, not no_repair)
        except UnableToAcquireLock:
            raise click.ClickException('Unable to acquire `upgrade` lock.')
    else:
        _upgrade(not noinput, traceback, verbosity, not no_repair)

def enqueue_scheduled_jobs(**kwargs):
    from sentry.celery import app

    with locks.get('scheduler.process', duration=60).acquire():
        job_list = list(ScheduledJob.objects.filter(
            date_scheduled__lte=timezone.now(),
        )[:101])

        if len(job_list) > 100:
            logger.debug('More than 100 ScheduledJobs found.')

        for job in job_list:
            logger.debug('Sending scheduled job %s with payload %r', job.name, job.payload)
            app.send_task(job.name, kwargs=job.payload)
            job.delete()

 def get_webhook_secret(self, organization):
     lock = locks.get('bitbucket:webhook-secret:{}'.format(organization.id), duration=60)
     with lock.acquire():
         secret = OrganizationOption.objects.get_value(
             organization=organization,
             key='bitbucket:webhook_secret',
         )
         if secret is None:
             secret = uuid4().hex + uuid4().hex
             OrganizationOption.objects.set_value(
                 organization=organization,
                 key='bitbucket:webhook_secret',
                 value=secret,
             )
     return secret

 def get_webhook_secret(self, organization):
     # TODO(LB): Revisit whether Integrations V3 should be using OrganizationOption for storage
     lock = locks.get(u'bitbucket:webhook-secret:{}'.format(organization.id), duration=60)
     with lock.acquire():
         secret = OrganizationOption.objects.get_value(
             organization=organization,
             key='bitbucket:webhook_secret',
         )
         if secret is None:
             secret = generate_token()
             OrganizationOption.objects.set_value(
                 organization=organization,
                 key='bitbucket:webhook_secret',
                 value=secret,
             )
     return secret

def process_pending(partition=None):
    """
    Process pending buffers.
    """
    from sentry import buffer
    from sentry.app import locks

    if partition is None:
        lock_key = 'buffer:process_pending'
    else:
        lock_key = 'buffer:process_pending:%d' % partition

    lock = locks.get(lock_key, duration=60)

    try:
        with lock.acquire():
            buffer.process_pending(partition=partition)
    except UnableToAcquireLock as error:
        logger.warning('process_pending.fail', extra={'error': error, 'partition': partition})

    def from_file(cls, fileobj):
        """
        Retrieve a list of FileBlobIndex instances for the given file.

        If not already present, this will cause it to be stored.

        >>> blobs = FileBlob.from_file(fileobj)
        """
        size = 0

        checksum = sha1(b'')
        for chunk in fileobj:
            size += len(chunk)
            checksum.update(chunk)
        checksum = checksum.hexdigest()

        # TODO(dcramer): the database here is safe, but if this lock expires
        # and duplicate files are uploaded then we need to prune one
        lock = locks.get(u'fileblob:upload:{}'.format(checksum), duration=60 * 10)
        with TimedRetryPolicy(60)(lock.acquire):
            # test for presence
            try:
                existing = FileBlob.objects.get(checksum=checksum)
            except FileBlob.DoesNotExist:
                pass
            else:
                return existing

            blob = cls(
                size=size,
                checksum=checksum,
            )

            blob.path = cls.generate_unique_path(blob.timestamp)

            storage = get_storage()
            storage.save(blob.path, fileobj)
            blob.save()

        metrics.timing('filestore.blob-size', size)
        return blob

    def finish_release(self, version, **values):
        values.setdefault('date_released', timezone.now())
        affected = Release.objects.filter(
            version=version,
            organization_id=self.project.organization_id,
            projects=self.project,
        ).update(**values)
        if not affected:
            release = Release.objects.filter(
                version=version,
                organization_id=self.project.organization_id,
            ).first()
            if release:
                release.update(**values)
            else:
                lock_key = Release.get_lock_key(self.project.organization_id, version)
                lock = locks.get(lock_key, duration=5)
                with TimedRetryPolicy(10)(lock.acquire):
                    try:
                        release = Release.objects.get(
                            version=version,
                            organization_id=self.project.organization_id,
                        )
                    except Release.DoesNotExist:
                        release = Release.objects.create(
                            version=version,
                            organization_id=self.project.organization_id,
                            **values
                        )
            release.add_project(self.project)

        activity = Activity.objects.create(
            type=Activity.RELEASE,
            project=self.project,
            ident=version,
            data={'version': version},
            datetime=values['date_released'],
        )
        activity.send_notification()

    def get_or_create(cls, project, name):
        name = name or ''

        cache_key = cls.get_cache_key(project.id, name)

        env = cache.get(cache_key)
        if env is None:
            try:
                env = cls.objects.get(
                    projects=project,
                    organization_id=project.organization_id,
                    name=name,
                )
            except cls.DoesNotExist:
                env = cls.objects.filter(
                    organization_id=project.organization_id,
                    name=name,
                ).order_by('date_added').first()
                if not env:
                    lock_key = cls.get_lock_key(project.organization_id, name)
                    lock = locks.get(lock_key, duration=5)
                    with TimedRetryPolicy(10)(lock.acquire):
                        try:
                            env = cls.objects.get(
                                organization_id=project.organization_id,
                                name=name,
                            )
                        except cls.DoesNotExist:
                            env = cls.objects.create(
                                project_id=project.id,
                                name=name,
                                organization_id=project.organization_id
                            )
                env.add_project(project)

            cache.set(cache_key, env, 3600)

        return env