# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import random

import logging

import traceback

import hashlib

from tempfile import _RandomNameSequence

from decorator import decorator

from pylons import config, url, request

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS

from rhodecode.model.meta import Session

if __platform__ in PLATFORM_WIN:

    from hashlib import sha256

if __platform__ in PLATFORM_OTHERS:

    import bcrypt

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import Permission, RhodeCodeSetting, User

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """

    This is a simple class for generating password from different sets of

    characters

    usage::

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

    """

    ALPHABETS_NUM = r'''1234567890'''

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''

    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \

        + ALPHABETS_NUM + ALPHABETS_SPECIAL

    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, length, type_=None):

        if type_ is None:

            type_ = self.ALPHABETS_FULL

        self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])

        return self.passwd

class RhodeCodeCrypto(object):

    @classmethod

    def hash_string(cls, str_):

        """

        Cryptographic function used for password hashing based on pybcrypt

        or pycrypto in windows

        :param password: password to hash

        """

        if __platform__ in PLATFORM_WIN:

            return sha256(str_).hexdigest()

        elif __platform__ in PLATFORM_OTHERS:

            return bcrypt.hashpw(str_, bcrypt.gensalt(10))

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

    @classmethod

    def hash_check(cls, password, hashed):

        """

        Checks matching password with it's hashed value, runs different

        implementation based on platform it runs on

        :param password: password

        :param hashed: password in hashed form

    try:

        return unicode(str_, from_encoding)

    except UnicodeDecodeError:

        pass

    try:

        import chardet

        encoding = chardet.detect(str_)['encoding']

        if encoding is None:

            raise Exception()

        return str_.decode(encoding)

    except (ImportError, UnicodeDecodeError, Exception):

        return unicode(str_, from_encoding, 'replace')

def safe_str(unicode_, to_encoding=None):

    """

    safe str function. Does few trick to turn unicode_ into string

    In case of UnicodeEncodeError we try to return it with encoding detected

    by chardet library if it fails fallback to string with errors replaced

    :param unicode_: unicode to encode

    :rtype: str

    :returns: str object

    """

    # if it's not basestr cast to str

    if not isinstance(unicode_, basestring):

        return str(unicode_)

    if isinstance(unicode_, str):

        return unicode_

    if not to_encoding:

        import rhodecode

        DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding','utf8')

        to_encoding = DEFAULT_ENCODING

    try:

        return unicode_.encode(to_encoding)

    except UnicodeEncodeError:

        pass

    try:

        import chardet

        encoding = chardet.detect(unicode_)['encoding']

        if encoding is None:

            raise UnicodeEncodeError()

        return unicode_.encode(encoding)

    except (ImportError, UnicodeEncodeError):

        return unicode_.encode(to_encoding, 'replace')

    return safe_str

def engine_from_config(configuration, prefix='sqlalchemy.', **kwargs):

    """

    Custom engine_from_config functions that makes sure we use NullPool for

    file based sqlite databases. This prevents errors on sqlite. This only

    applies to sqlalchemy versions < 0.7.0

    """

    import sqlalchemy

    from sqlalchemy import engine_from_config as efc

    import logging

    if int(sqlalchemy.__version__.split('.')[1]) < 7:

        # This solution should work for sqlalchemy < 0.7.0, and should use

        # proxy=TimerProxy() for execution time profiling

        from sqlalchemy.pool import NullPool

        url = configuration[prefix + 'url']

        if url.startswith('sqlite'):

            kwargs.update({'poolclass': NullPool})

        return efc(configuration, prefix, **kwargs)

    else:

        import time

        from sqlalchemy import event

        from sqlalchemy.engine import Engine

        log = logging.getLogger('sqlalchemy.engine')

        BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE = xrange(30, 38)

        engine = efc(configuration, prefix, **kwargs)

        def color_sql(sql):

            COLOR_SEQ = "\033[1;%dm"

            COLOR_SQL = YELLOW

            normal = '\x1b[0m'

            return ''.join([COLOR_SEQ % COLOR_SQL, sql, normal])

        if configuration['debug']:

    def get_file_annotate(self, path):

        """

        Returns a list of three element tuples with lineno,changeset and line

        """

        fctx = self._get_filectx(path)

        annotate = []

        for i, annotate_data in enumerate(fctx.annotate()):

            ln_no = i + 1

            annotate.append((ln_no, self.repository\

                             .get_changeset(hex(annotate_data[0].node())),

                             annotate_data[1],))

        return annotate

    def fill_archive(self, stream=None, kind='tgz', prefix=None,

                     subrepos=False):

        """

        Fills up given stream.

        :param stream: file like object.

        :param kind: one of following: ``zip``, ``tgz`` or ``tbz2``.

            Default: ``tgz``.

        :param prefix: name of root directory in archive.

            Default is repository name and changeset's raw_id joined with dash

            (``repo-tip.<KIND>``).

        :param subrepos: include subrepos in this archive.

        :raise ImproperArchiveTypeError: If given kind is wrong.

        :raise VcsError: If given stream is None

        """

        allowed_kinds = settings.ARCHIVE_SPECS.keys()

        if kind not in allowed_kinds:

            raise ImproperArchiveTypeError('Archive kind not supported use one'

                'of %s', allowed_kinds)

        if stream is None:

            raise VCSError('You need to pass in a valid stream for filling'

                           ' with archival data')

        if prefix is None:

            prefix = '%s-%s' % (self.repository.name, self.short_id)

        elif prefix.startswith('/'):

            raise VCSError("Prefix cannot start with leading slash")

        elif prefix.strip() == '':

            raise VCSError("Prefix cannot be empty")

        archival.archive(self.repository._repo, stream, self.raw_id,

                         kind, prefix=prefix, subrepos=subrepos)

        if stream.closed and hasattr(stream, 'name'):

            stream = open(stream.name, 'rb')

        elif hasattr(stream, 'mode') and 'r' not in stream.mode:

            stream = open(stream.name, 'rb')

        else:

            stream.seek(0)

    def get_nodes(self, path):

        """

        Returns combined ``DirNode`` and ``FileNode`` objects list representing

        state of changeset at the given ``path``. If node at the given ``path``

        is not instance of ``DirNode``, ChangesetError would be raised.

        """

        if self._get_kind(path) != NodeKind.DIR:

            raise ChangesetError("Directory does not exist for revision %r at "

                " %r" % (self.revision, path))

        path = self._fix_path(path)

        filenodes = [FileNode(f, changeset=self) for f in self._file_paths

            if os.path.dirname(f) == path]

        dirs = path == '' and '' or [d for d in self._dir_paths

            if d and posixpath.dirname(d) == path]

        dirnodes = [DirNode(d, changeset=self) for d in dirs

            if os.path.dirname(d) == path]

        als = self.repository.alias

        for k, vals in self._extract_submodules().iteritems():

            #vals = url,rev,type

            loc = vals[0]

            cs = vals[1]

            dirnodes.append(SubModuleNode(k, url=loc, changeset=cs,

                                          alias=als))

        nodes = dirnodes + filenodes

        # cache nodes

        for node in nodes:

            self.nodes[node.path] = node

        nodes.sort()

        return nodes

    def get_node(self, path):

        """

        Returns ``Node`` object from the given ``path``. If there is no node at

        the given ``path``, ``ChangesetError`` would be raised.

        """

        path = self._fix_path(path)

        DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding', 'utf8')

        from_encoding = DEFAULT_ENCODING

    try:

        return unicode(str_)

    except UnicodeDecodeError:

        pass

    try:

        return unicode(str_, from_encoding)

    except UnicodeDecodeError:

        pass

    try:

        import chardet

        encoding = chardet.detect(str_)['encoding']

        if encoding is None:

            raise Exception()

        return str_.decode(encoding)

    except (ImportError, UnicodeDecodeError, Exception):

        return unicode(str_, from_encoding, 'replace')

def safe_str(unicode_, to_encoding=None):

    """

    safe str function. Does few trick to turn unicode_ into string

    In case of UnicodeEncodeError we try to return it with encoding detected

    by chardet library if it fails fallback to string with errors replaced

    :param unicode_: unicode to encode

    :rtype: str

    :returns: str object

    """

    if isinstance(unicode_, str):

        return unicode_

    if not to_encoding:

        import rhodecode

        DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding', 'utf8')

        to_encoding = DEFAULT_ENCODING

    try:

        return unicode_.encode(to_encoding)

    except UnicodeEncodeError:

        pass

    try:

        import chardet

        encoding = chardet.detect(unicode_)['encoding']

        if encoding is None:

            raise UnicodeEncodeError()

        return unicode_.encode(encoding)

    except (ImportError, UnicodeEncodeError):

        return unicode_.encode(to_encoding, 'replace')

    return safe_str

def author_email(author):

    """

    returns email address of given author.

    If any of <,> sign are found, it fallbacks to regex findall()

    and returns first found result or empty string

    Regex taken from http://www.regular-expressions.info/email.html

    """

    import re

    r = author.find('>')

    l = author.find('<')

    if l == -1 or r == -1:

        # fallback to regex match of email out of a string

        email_re = re.compile(r"""[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!"""

                              r"""#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z"""

                              r"""0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]"""

                              r"""*[a-z0-9])?""", re.IGNORECASE)

        m = re.findall(email_re, author)

        return m[0] if m else ''

    return author[l + 1:r].strip()

def author_name(author):

    """

    get name of author, or else username.

    It'll try to find an email in the author string and just cut it off

    to get the username

    """

    if not '@' in author:

        return author

    else:

        return author.replace(author_email(author), '').replace('<', '')\

            .replace('>', '').strip()

         .all()

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            # overwrite permission only if it's greater than permission

            # given from other sources

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                user.permissions[RK][r_k] = p

        # REPO GROUP

        #==================================================================

        # get access for this user for repos group and override defaults

        #==================================================================

        # user explicit permissions for repository

        user_repo_groups_perms = \

         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

         .filter(UserRepoGroupToPerm.user_id == uid)\

         .all()

        for perm in user_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][rg_k]

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                user.permissions[GK][rg_k] = p

        # REPO GROUP + USER GROUP

        #==================================================================

        # check if user is part of user groups for this repo group and

        # fill in (or replace with higher) permissions

        #==================================================================

        # users group for repositories permissions

        user_repo_group_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\

         .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\

         .filter(UsersGroupMember.user_id == uid)\

         .all()

        for perm in user_repo_group_perms_from_users_groups:

            g_k = perm.UsersGroupRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][g_k]

            # overwrite permission only if it's greater than permission

            # given from other sources

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                user.permissions[GK][g_k] = p

        return user

    def has_perm(self, user, perm):

        if not isinstance(perm, Permission):

            raise Exception('perm needs to be an instance of Permission class '

                            'got %s instead' % type(perm))

        user = self.__get_user(user)

        return UserToPerm.query().filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = self.__get_user(user)

        perm = self.__get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query()\

            .filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserToPerm()

        new.user = user

        new.permission = perm

        self.sa.add(new)

    def revoke_perm(self, user, perm):

        """

        Revoke users global permissions

        :param user:

        :param perm:

        """

        user = self.__get_user(user)