"""

    if str_.find(replace * 2) == -1:

        return str_

    else:

        str_ = str_.replace(replace * 2, replace)

        return recursive_replace(str_, replace)

def repo_name_slug(value):

    """

    Return slug of name of repository

    This function is called on each creation/modification

    of repository to prevent bad names in repo

    """

    slug = remove_formatting(value)

    slug = strip_tags(slug)

    for c in """`?=[]\;'"<>,/~!@#$%^&*()+{}|: """:

        slug = slug.replace(c, '-')

    slug = recursive_replace(slug, '-')

    slug = collapse(slug, '-')

    return slug

#==============================================================================

# PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS

#==============================================================================

def get_repo_slug(request):

    _repo = request.environ['pylons.routes_dict'].get('repo_name')

    if _repo:

        _repo = _repo.rstrip('/')

    return _repo

def get_repo_group_slug(request):

    _group = request.environ['pylons.routes_dict'].get('group_name')

    if _group:

        _group = _group.rstrip('/')

    return _group

def get_user_group_slug(request):

    _group = request.environ['pylons.routes_dict'].get('id')

    _group = UserGroup.get(_group)

    if _group:

        return _group.users_group_name

    return None

def _extract_id_from_repo_name(repo_name):

    if repo_name.startswith('/'):

        repo_name = repo_name.lstrip('/')

    by_id_match = re.match(r'^_(\d{1,})', repo_name)

    if by_id_match:

        return by_id_match.groups()[0]

def get_repo_by_id(repo_name):

    """

    Extracts repo_name by id from special urls. Example url is _11/repo_name

    :param repo_name:

    :return: repo_name if matched else None

    """

    _repo_id = _extract_id_from_repo_name(repo_name)

    if _repo_id:

        from kallithea.model.db import Repository

        repo = Repository.get(_repo_id)

        if repo:

            # TODO: return repo instead of reponame? or would that be a layering violation?

            return repo.repo_name

    return None

def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):

    """

    Action logger for various actions made by users

    :param user: user that made this action, can be a unique username string or

        object containing user_id attribute

    :param action: action to log, should be on of predefined unique actions for

        easy translations

    :param repo: string name of repository or object containing repo_id,

        that action was made on

    :param ipaddr: optional IP address from what the action was made

    :param sa: optional sqlalchemy session

    """

    if not sa:

        sa = meta.Session()

    # if we don't get explicit IP address try to get one from registered user

    # in tmpl context var

    if not ipaddr:

        ipaddr = getattr(get_current_authuser(), 'ip_addr', '')

    if getattr(user, 'user_id', None):

        user_obj = User.get(user.user_id)

    elif isinstance(user, basestring):

        user_obj = User.get_by_username(user)

    else:

        raise Exception('You have to provide a user object or a username')

    if getattr(repo, 'repo_id', None):

        repo_obj = Repository.get(repo.repo_id)

        repo_name = repo_obj.repo_name

    elif isinstance(repo, basestring):

        repo_name = repo.lstrip('/')

        repo_obj = Repository.get_by_repo_name(repo_name)

    else:

        repo_obj = None

        repo_name = ''

    user_log = UserLog()

    user_log.user_id = user_obj.user_id

    user_log.username = user_obj.username

    user_log.action = safe_unicode(action)

    user_log.repository = repo_obj

    user_log.repository_name = repo_name

    user_log.action_date = datetime.datetime.now()

    user_log.user_ip = ipaddr

    sa.add(user_log)

    log.info('Logging action:%s on %s by user:%s ip:%s',

             action, safe_unicode(repo), user_obj, ipaddr)

    if commit:

        sa.commit()

def get_filesystem_repos(path):

    """

    Scans given path for repos and return (name,(type,path)) tuple

    :param path: path to scan for repositories

    :param recursive: recursive search and return names with subdirs in front

    """

    # remove ending slash for better results

    path = safe_str(path.rstrip(os.sep))

    log.debug('now scanning in %s', path)

    def isdir(*n):

        return os.path.isdir(os.path.join(*n))

    for root, dirs, _files in os.walk(path):

        recurse_dirs = []

        for subdir in dirs:

            # skip removed repos

            if REMOVED_REPO_PAT.match(subdir):

                continue

            #skip .<something> dirs TODO: rly? then we should prevent creating them ...

            if subdir.startswith('.'):

                continue

            cur_path = os.path.join(root, subdir)

            if isdir(cur_path, '.git'):

                log.warning('ignoring non-bare Git repo: %s', cur_path)

                continue

            if (isdir(cur_path, '.hg') or

                isdir(cur_path, '.svn') or

                isdir(cur_path, 'objects') and (isdir(cur_path, 'refs') or

                                                os.path.isfile(os.path.join(cur_path, 'packed-refs')))):

                if not os.access(cur_path, os.R_OK) or not os.access(cur_path, os.X_OK):

                    log.warning('ignoring repo path without access: %s', cur_path)

                    continue

                if not os.access(cur_path, os.W_OK):

                    log.warning('repo path without write access: %s', cur_path)

                try:

                    scm_info = get_scm(cur_path)

                    assert cur_path.startswith(path)

                    repo_path = cur_path[len(path) + 1:]

                    yield repo_path, scm_info

                    continue # no recursion

                except VCSError:

                    # We should perhaps ignore such broken repos, but especially

                    # the bare git detection is unreliable so we dive into it

                    pass

            recurse_dirs.append(subdir)

        dirs[:] = recurse_dirs

def is_valid_repo(repo_name, base_path, scm=None):

    """

    Returns True if given path is a valid repository False otherwise.

    If scm param is given also compare if given scm is the same as expected

    from scm parameter

    :param repo_name:

    :param base_path:

    :param scm:

    :return True: if given path is a valid repository

    """

    full_path = os.path.join(safe_str(base_path), safe_str(repo_name))

    try:

        scm_ = get_scm(full_path)

        if scm:

            return scm_[0] == scm

        return True

    except VCSError:

        return False

def is_valid_repo_group(repo_group_name, base_path, skip_path_check=False):

    """

    Returns True if given path is a repository group False otherwise

    :param repo_name:

    :param base_path:

    """

    full_path = os.path.join(safe_str(base_path), safe_str(repo_group_name))

    # check if it's not a repo

    if is_valid_repo(repo_group_name, base_path):

        return False

    try:

        # we need to check bare git repos at higher level

        # since we might match branches/hooks/info/objects or possible

        # other things inside bare git repo

        get_scm(os.path.dirname(full_path))

        return False

    except VCSError:

        pass

    # check if it's a valid path

    if skip_path_check or os.path.isdir(full_path):

        return True

    return False

def ask_ok(prompt, retries=4, complaint='Yes or no please!'):

    while True:

        ok = raw_input(prompt)

        if ok in ('y', 'ye', 'yes'):

            return True

        if ok in ('n', 'no', 'nop', 'nope'):

            return False

        retries = retries - 1

        if retries < 0:

            raise IOError

        print complaint

#propagated from mercurial documentation

ui_sections = ['alias', 'auth',

                'decode/encode', 'defaults',

                'diff', 'email',

                'extensions', 'format',

                'merge-patterns', 'merge-tools',

                'hooks', 'http_proxy',

                'smtp', 'patch',

                'paths', 'profiling',

                'server', 'trusted',

                'ui', 'web', ]

def make_ui(read_from='file', path=None, checkpaths=True, clear_session=True):

    """

    A function that will read python rc files or database

    and make an mercurial ui object from read options

    :param path: path to mercurial config file

    :param checkpaths: check the path

    :param read_from: read from 'file' or 'db'

    """

    baseui = ui.ui()

    # clean the baseui object

    baseui._ocfg = config.config()

    baseui._ucfg = config.config()

    baseui._tcfg = config.config()

    if read_from == 'file':

        if not os.path.isfile(path):

            log.debug('hgrc file is not present at %s, skipping...', path)

            return False

        log.debug('reading hgrc from %s', path)

        cfg = config.config()

        cfg.read(path)

        for section in ui_sections:

            for k, v in cfg.items(section):

                log.debug('settings ui from file: [%s] %s=%s', section, k, v)

                baseui.setconfig(safe_str(section), safe_str(k), safe_str(v))

    elif read_from == 'db':

        sa = meta.Session()

        ret = sa.query(Ui).all()

        hg_ui = ret

        for ui_ in hg_ui:

            if ui_.ui_active:

                ui_val = safe_str(ui_.ui_value)

                if ui_.ui_section == 'hooks' and BRAND != 'kallithea' and ui_val.startswith('python:' + BRAND + '.lib.hooks.'):

                    ui_val = ui_val.replace('python:' + BRAND + '.lib.hooks.', 'python:kallithea.lib.hooks.')

                log.debug('settings ui from db: [%s] %s=%s', ui_.ui_section,

                          ui_.ui_key, ui_val)

                baseui.setconfig(safe_str(ui_.ui_section), safe_str(ui_.ui_key),

                                 ui_val)

            if ui_.ui_key == 'push_ssl':

                # force set push_ssl requirement to False, kallithea

                # handles that

                baseui.setconfig(safe_str(ui_.ui_section), safe_str(ui_.ui_key),

                                 False)

        if clear_session:

            meta.Session.remove()

        # prevent interactive questions for ssh password / passphrase

        ssh = baseui.config('ui', 'ssh', default='ssh')

        baseui.setconfig('ui', 'ssh', '%s -oBatchMode=yes -oIdentitiesOnly=yes' % ssh)

    return baseui

def set_app_settings(config):

    """

    Updates pylons config with new settings from database

    :param config:

    """

    hgsettings = Setting.get_app_settings()

    for k, v in hgsettings.items():

        config[k] = v

def set_vcs_config(config):

    """

    Patch VCS config with some Kallithea specific stuff

    :param config: kallithea.CONFIG

    """

    from kallithea.lib.vcs import conf

    from kallithea.lib.utils2 import aslist

    conf.settings.BACKENDS = {

        'hg': 'kallithea.lib.vcs.backends.hg.MercurialRepository',

        'git': 'kallithea.lib.vcs.backends.git.GitRepository',

    }

    conf.settings.GIT_EXECUTABLE_PATH = config.get('git_path', 'git')

    conf.settings.GIT_REV_FILTER = config.get('git_rev_filter', '--all').strip()

    conf.settings.DEFAULT_ENCODINGS = aslist(config.get('default_encoding',

                                                        'utf8'), sep=',')

def map_groups(path):

    """

    Given a full path to a repository, create all nested groups that this

    repo is inside. This function creates parent-child relationships between

    groups and creates default perms for all new groups.

    :param paths: full path to repository

    """

    sa = meta.Session()

    groups = path.split(Repository.url_sep())

    parent = None

    group = None

    # last element is repo in nested groups structure

    groups = groups[:-1]

    rgm = RepoGroupModel(sa)

    owner = User.get_first_admin()

    for lvl, group_name in enumerate(groups):

        group_name = '/'.join(groups[:lvl] + [group_name])

        group = RepoGroup.get_by_group_name(group_name)

        desc = '%s group' % group_name

        # skip folders that are now removed repos

        if REMOVED_REPO_PAT.match(group_name):

            break

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Set of generic validators

"""

import os

import re

import formencode

import logging

from collections import defaultdict

from pylons.i18n.translation import _

from webhelpers.pylonslib.secure_form import authentication_token

import sqlalchemy

from formencode.validators import (

    UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set,

    NotEmpty, IPAddress, CIDR, String, FancyValidator

)

from kallithea.lib.compat import OrderedSet

from kallithea.lib import ipaddr

from kallithea.lib.utils2 import str2bool, aslist

from kallithea.model.db import RepoGroup, Repository, UserGroup, User

from kallithea.lib.exceptions import LdapImportError

from kallithea.config.routing import ADMIN_PREFIX

from kallithea.lib.auth import HasRepoGroupPermissionAny, HasPermissionAny

# silence warnings and pylint

UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \

    NotEmpty, IPAddress, CIDR, String, FancyValidator

log = logging.getLogger(__name__)

class StateObj(object):

    """

    this is needed to translate the messages using _() in validators

    """

    _ = staticmethod(_)

def M(self, key, state=None, **kwargs):

    """

    returns string from self.message based on given key,

    passed kw params are used to substitute %(named)s params inside

    translated strings

    :param msg:

    :param state:

    """

    if state is None:

        state = StateObj()

    else:

        state._ = staticmethod(_)

    #inject validator into state object

    return self.message(key, state, **kwargs)

def UniqueListFromString():

    class _UniqueListFromString(formencode.FancyValidator):

        """

        Split value on ',' and make unique while preserving order

        """

        messages = dict(

            empty=_('Value cannot be an empty list'),

            missing_value=_('Value cannot be an empty list'),

        )

        def _to_python(self, value, state):

            value = aslist(value, ',')

            seen = set()

            return [c for c in value if not (c in seen or seen.add(c))]

        def empty_value(self, value):

            return []

    return _UniqueListFromString

def ValidUsername(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'username_exists': _('Username "%(username)s" already exists'),

            'system_invalid_username':

                _('Username "%(username)s" cannot be used'),

            'invalid_username':

                _('Username may only contain alphanumeric characters '

                  'underscores, periods or dashes and must begin with an '

                  'alphanumeric character or underscore')

        }

        def validate_python(self, value, state):

            if value in ['default', 'new_user']:

                msg = M(self, 'system_invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state)

            #check if user is unique

            old_un = None

            if edit:

                old_un = User.get(old_data.get('user_id')).username

            if old_un != value or not edit:

                if User.get_by_username(value, case_insensitive=True):

                    msg = M(self, 'username_exists', state, username=value)

                    raise formencode.Invalid(msg, value, state)

            if re.match(r'^[a-zA-Z0-9\_]{1}[a-zA-Z0-9\-\_\.]*$', value) is None:

                msg = M(self, 'invalid_username', state)

                raise formencode.Invalid(msg, value, state)

    return _validator

def ValidRegex(msg=None):

    class _validator(formencode.validators.Regex):

        messages = dict(invalid=msg or _('The input is not valid'))

    return _validator

def ValidRepoUser():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_username': _('Username %(username)s is not valid')

        }

        def validate_python(self, value, state):

            try:

                User.query().filter(User.active == True)\

                    .filter(User.username == value).one()

            except sqlalchemy.exc.InvalidRequestError: # NoResultFound/MultipleResultsFound

                msg = M(self, 'invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(username=msg)

                )

    return _validator

def ValidUserGroup(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_group': _('Invalid user group name'),

            'group_exist': _('User group "%(usergroup)s" already exists'),

            'invalid_usergroup_name':

                _('user group name may only contain alphanumeric '

                  'characters underscores, periods or dashes and must begin '

                  'with alphanumeric character')

        }

        def validate_python(self, value, state):

            if value in ['default']:

                msg = M(self, 'invalid_group', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(users_group_name=msg)

                )

            #check if group is unique

            old_ugname = None

            if edit:

                old_id = old_data.get('users_group_id')

                old_ugname = UserGroup.get(old_id).users_group_name

            if old_ugname != value or not edit:

                is_existing_group = UserGroup.get_by_group_name(value,

                                                        case_insensitive=True)

                if is_existing_group:

                    msg = M(self, 'group_exist', state, usergroup=value)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(users_group_name=msg)

                    )

            if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:

                msg = M(self, 'invalid_usergroup_name', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(users_group_name=msg)

                )

    return _validator

def ValidRepoGroup(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'group_parent_id': _('Cannot assign this group as parent'),

            'group_exists': _('Group "%(group_name)s" already exists'),

            'repo_exists':

                _('Repository with name "%(group_name)s" already exists')

        }

        def validate_python(self, value, state):

            # TODO WRITE VALIDATIONS

            group_name = value.get('group_name')

            group_parent_id = value.get('group_parent_id')

            # slugify repo group just in case :)

            slug = repo_name_slug(group_name)

            # check for parent of self

            parent_of_self = lambda: (

                old_data['group_id'] == group_parent_id

                if group_parent_id else False

            )

            if edit and parent_of_self():

                msg = M(self, 'group_parent_id', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(group_parent_id=msg)

                )

            old_gname = None

            if edit:

                old_gname = RepoGroup.get(old_data.get('group_id')).group_name

            if old_gname != group_name or not edit:

                # check group

                gr = RepoGroup.query()\

                    raise formencode.Invalid(msg, value, state,

                            error_dict=dict(group_name=msg)

                    )

    return _validator

def ValidPassword():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_password':

                _('Invalid characters (non-ascii) in password')

        }

        def validate_python(self, value, state):

            try:

                (value or '').decode('ascii')

            except UnicodeError:

                msg = M(self, 'invalid_password', state)

                raise formencode.Invalid(msg, value, state,)

    return _validator

def ValidOldPassword(username):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_password': _('Invalid old password')

        }

        def validate_python(self, value, state):

            from kallithea.lib import auth_modules

            if auth_modules.authenticate(username, value, '') is None:

                msg = M(self, 'invalid_password', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(current_password=msg)

                )

    return _validator

def ValidPasswordsMatch(password_field, password_confirmation_field):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'password_mismatch': _('Passwords do not match'),

        }

        def validate_python(self, value, state):

            if value.get(password_field) != value[password_confirmation_field]:

                msg = M(self, 'password_mismatch', state)

                raise formencode.Invalid(msg, value, state,

                     error_dict={password_field:msg, password_confirmation_field: msg}

                )

    return _validator

def ValidAuth():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_auth': _(u'Invalid username or password'),

        }

        def validate_python(self, value, state):

            from kallithea.lib import auth_modules

            password = value['password']

            username = value['username']

            # authenticate returns unused dict but has called

            # plugin._authenticate which has create_or_update'ed the username user in db

            if auth_modules.authenticate(username, password) is None:

                user = User.get_by_username(username)

                if user and not user.active:

                    log.warning('user %s is disabled', username)

                    msg = M(self, 'invalid_auth', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=' ', password=msg)

                    )

                else:

                    log.warning('user %s failed to authenticate', username)

                    msg = M(self, 'invalid_auth', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=' ', password=msg)

                    )

    return _validator

def ValidAuthToken():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_token': _('Token mismatch')

        }

        def validate_python(self, value, state):

            if value != authentication_token():

                msg = M(self, 'invalid_token', state)

                raise formencode.Invalid(msg, value, state)

    return _validator

def ValidRepoName(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_repo_name':

                _('Repository name %(repo)s is not allowed'),

            'repository_exists':

                _('Repository named %(repo)s already exists'),

            'repository_in_group_exists': _('Repository "%(repo)s" already '

                                            'exists in group "%(group)s"'),

            'same_group_exists': _('Repository group with name "%(repo)s" '

                                   'already exists')

        }

        def _to_python(self, value, state):

            repo_name = repo_name_slug(value.get('repo_name', ''))

            repo_group = value.get('repo_group')

            if repo_group:

                gr = RepoGroup.get(repo_group)

                group_path = gr.full_path

                group_name = gr.group_name

                # value needs to be aware of group name in order to check

                # db key This is an actual just the name to store in the

                # database

                repo_name_full = group_path + RepoGroup.url_sep() + repo_name

            else:

                group_name = group_path = ''

                repo_name_full = repo_name

            value['repo_name'] = repo_name

            value['repo_name_full'] = repo_name_full

            value['group_path'] = group_path

            value['group_name'] = group_name

            return value

        def validate_python(self, value, state):

            repo_name = value.get('repo_name')

            repo_name_full = value.get('repo_name_full')

            group_path = value.get('group_path')

            group_name = value.get('group_name')

            if repo_name in [ADMIN_PREFIX, '']:

                msg = M(self, 'invalid_repo_name', state, repo=repo_name)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(repo_name=msg)

                )

            rename = old_data.get('repo_name') != repo_name_full

            create = not edit

            if rename or create:

                if group_path != '':

                    if Repository.get_by_repo_name(repo_name_full):

                        msg = M(self, 'repository_in_group_exists', state,

                                repo=repo_name, group=group_name)

                        raise formencode.Invalid(msg, value, state,

                            error_dict=dict(repo_name=msg)

                        )

                elif RepoGroup.get_by_group_name(repo_name_full):

                        msg = M(self, 'same_group_exists', state,

                                repo=repo_name)

                        raise formencode.Invalid(msg, value, state,

                            error_dict=dict(repo_name=msg)

                        )

                elif Repository.get_by_repo_name(repo_name_full):

                        msg = M(self, 'repository_exists', state,

                                repo=repo_name)

                        raise formencode.Invalid(msg, value, state,

                            error_dict=dict(repo_name=msg)

                        )

            return value

    return _validator

def ValidForkName(*args, **kwargs):

    return ValidRepoName(*args, **kwargs)

def SlugifyName():

    class _validator(formencode.validators.FancyValidator):

        def _to_python(self, value, state):

            return repo_name_slug(value)

        def validate_python(self, value, state):

            pass

    return _validator

def ValidCloneUri():

    from kallithea.lib.utils import make_ui

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'clone_uri': _('Invalid repository URL'),

            'invalid_clone_uri': _('Invalid repository URL. It must be a '

                                   'valid http, https, ssh, svn+http or svn+https URL'),

        }

        def validate_python(self, value, state):

            repo_type = value.get('repo_type')

            url = value.get('clone_uri')

            if url and url != value.get('clone_uri_hidden'):