# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.login

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Login controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 22, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import re

import formencode

from formencode import htmlfill

from pylons.i18n.translation import _

from pylons import request, session, tmpl_context as c

from webob.exc import HTTPFound, HTTPBadRequest

import kallithea.lib.helpers as h

from kallithea.config.routing import url

from kallithea.lib.auth import AuthUser, HasPermissionAnyDecorator

from kallithea.lib.base import BaseController, log_in_user, render

from kallithea.lib.exceptions import UserCreationError

from kallithea.lib.utils2 import safe_str

from kallithea.model.db import User, Setting

from kallithea.model.forms import \

    LoginForm, RegisterForm, PasswordResetRequestForm, PasswordResetConfirmationForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class LoginController(BaseController):

    def __before__(self):

        super(LoginController, self).__before__()

    def _validate_came_from(self, came_from,

            _re=re.compile(r"/(?!/)[-!#$%&'()*+,./:;=?@_~0-9A-Za-z]*$")):

        """Return True if came_from is valid and can and should be used.

        Determines if a URI reference is valid and relative to the origin;

        or in RFC 3986 terms, whether it matches this production:

          origin-relative-ref = path-absolute [ "?" query ] [ "#" fragment ]

        with the exception that '%' escapes are not validated and '#' is

        allowed inside the fragment part.

        """

        return _re.match(came_from) is not None

    def index(self):

        c.came_from = safe_str(request.GET.get('came_from', ''))

        if c.came_from:

            if not self._validate_came_from(c.came_from):

                log.error('Invalid came_from (not server-relative): %r', c.came_from)

                raise HTTPBadRequest()

        else:

            c.came_from = url('home')

        ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)

        # redirect if already logged in

        if self.authuser.is_authenticated and ip_allowed:

            raise HTTPFound(location=c.came_from)

        if request.POST:

            # import Login Form validator class

            try:

                c.form_result = login_form.to_python(dict(request.POST))

                # form checks for username/password, now we're authenticated

                username = c.form_result['username']

                user = User.get_by_username_or_email(username, case_insensitive=True)

            except formencode.Invalid as errors:

                defaults = errors.value

                # remove password from filling in form again

                defaults.pop('password', None)

                return htmlfill.render(

                    render('/login.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                # with user creation, explanation should be provided in

                # Exception itself

                h.flash(e, 'error')

            else:

                log_in_user(user, c.form_result['remember'],

                    is_external_auth=False)

                raise HTTPFound(location=c.came_from)

        return render('/login.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

                               'hg.register.manual_activate')

    def register(self):

        c.auto_active = 'hg.register.auto_activate' in User.get_default_user() \

            .AuthUser.permissions['global']

        settings = Setting.get_app_settings()

        captcha_private_key = settings.get('captcha_private_key')

        c.captcha_active = bool(captcha_private_key)

        c.captcha_public_key = settings.get('captcha_public_key')

        if request.POST:

            register_form = RegisterForm()()

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('recaptcha_challenge_field'),

                                      request.POST.get('recaptcha_response_field'),

                                      private_key=captcha_private_key,

                                      remoteip=self.ip_addr)

                    if c.captcha_active and not response.is_valid:

                        _value = form_result

                        _msg = _('Bad captcha')

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

                UserModel().create_registration(form_result)

                h.flash(_('You have successfully registered with %s') % (c.site_name or 'Kallithea'),

                        category='success')

                Session().commit()

                raise HTTPFound(location=url('login_home'))

            except formencode.Invalid as errors:

                return htmlfill.render(

                    render('/register.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                # with user creation, explanation should be provided in

                # Exception itself

                h.flash(e, 'error')

        return render('/register.html')

    def password_reset(self):

        settings = Setting.get_app_settings()

        captcha_private_key = settings.get('captcha_private_key')

        c.captcha_active = bool(captcha_private_key)

        c.captcha_public_key = settings.get('captcha_public_key')

        if request.POST:

            password_reset_form = PasswordResetRequestForm()()

            try:

                form_result = password_reset_form.to_python(dict(request.POST))

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('recaptcha_challenge_field'),

                                      request.POST.get('recaptcha_response_field'),

                                      private_key=captcha_private_key,

                                      remoteip=self.ip_addr)

                    if c.captcha_active and not response.is_valid:

                        _value = form_result

                        _msg = _('Bad captcha')

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

                redirect_link = UserModel().send_reset_password_email(form_result)

                h.flash(_('A password reset confirmation code has been sent'),

                            category='success')

                raise HTTPFound(location=redirect_link)

            except formencode.Invalid as errors:

                return htmlfill.render(

                    render('/password_reset.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

        return render('/password_reset.html')

    def password_reset_confirmation(self):

        # This controller handles both GET and POST requests, though we

        # only ever perform the actual password change on POST (since

        # GET requests are not allowed to have side effects, and do not

        # receive automatic CSRF protection).

        # The template needs the email address outside of the form.

        c.email = request.params.get('email')

        if not request.POST:

            return htmlfill.render(

                render('/password_reset_confirmation.html'),

                defaults=dict(request.params),

                encoding='UTF-8')

        form = PasswordResetConfirmationForm()()

        try:

            form_result = form.to_python(dict(request.POST))

        except formencode.Invalid as errors:

            return htmlfill.render(

                render('/password_reset_confirmation.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding='UTF-8')

        if not UserModel().verify_reset_password_token(

            form_result['email'],

            form_result['timestamp'],

            form_result['token'],

        ):

            return htmlfill.render(

                render('/password_reset_confirmation.html'),

                defaults=form_result,

                errors={'token': _('Invalid password reset token')},

                prefix_error=False,

                encoding='UTF-8')

        UserModel().reset_password(form_result['email'], form_result['password'])

        h.flash(_('Successfully updated password'), category='success')

        raise HTTPFound(location=url('login_home'))

    def logout(self):

        session.delete()

        log.info('Logging out and deleting session for user')

        raise HTTPFound(location=url('home'))

    def authentication_token(self):

        """Return the CSRF protection token for the session - just like it

        could have been screen scraped from a page with a form.

        Only intended for testing but might also be useful for other kinds

        of automation.

        """

        return h.authentication_token()

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

these are form validation classes

http://formencode.org/module-formencode.validators.html

for list of all available validators

we can create our own validators

The table below outlines the options which can be used in a schema in addition to the validators themselves

pre_validators          []     These validators will be applied before the schema

chained_validators      []     These validators will be applied after the schema

allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present

filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed

if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.

ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already

<name> = formencode.validators.<name of validator>

<name> must equal form name

list=[1,2,3,4,5]

for SELECT use formencode.All(OneOf(list), Int())

"""

import logging

import formencode

from formencode import All

from pylons.i18n.translation import _

from kallithea import BACKENDS

from kallithea.model import validators as v

log = logging.getLogger(__name__)

def PasswordChangeForm(username):

    class _PasswordChangeForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        current_password = v.ValidOldPassword(username)(not_empty=True)

        new_password = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))

        new_password_confirmation = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))

        chained_validators = [v.ValidPasswordsMatch('new_password',

                                                    'new_password_confirmation')]

    return _PasswordChangeForm

def UserForm(edit=False, old_data=None):

    old_data = old_data or {}

    class _UserForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                       v.ValidUsername(edit, old_data))

        if edit:

            new_password = All(

                v.ValidPassword(),

                v.UnicodeString(strip=False, min=6, not_empty=False)

            )

            password_confirmation = All(

                v.ValidPassword(),

                v.UnicodeString(strip=False, min=6, not_empty=False),

            )

            admin = v.StringBoolean(if_missing=False)

            chained_validators = [v.ValidPasswordsMatch('new_password',

                                                        'password_confirmation')]

        else:

            password = All(

                v.ValidPassword(),

                v.UnicodeString(strip=False, min=6, not_empty=True)

            )

            password_confirmation = All(

                v.ValidPassword(),

                v.UnicodeString(strip=False, min=6, not_empty=False)

            )

            chained_validators = [v.ValidPasswordsMatch('password',

                                                        'password_confirmation')]

        active = v.StringBoolean(if_missing=False)

        firstname = v.UnicodeString(strip=True, min=1, not_empty=False)

        lastname = v.UnicodeString(strip=True, min=1, not_empty=False)

        email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))

        extern_name = v.UnicodeString(strip=True, if_missing=None)

        extern_type = v.UnicodeString(strip=True, if_missing=None)

    return _UserForm

def UserGroupForm(edit=False, old_data=None, available_members=None):

    old_data = old_data or {}

    available_members = available_members or []

    class _UserGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        users_group_name = All(

            v.UnicodeString(strip=True, min=1, not_empty=True),

            v.ValidUserGroup(edit, old_data)

        )

        user_group_description = v.UnicodeString(strip=True, min=1,

                                                 not_empty=False)

        users_group_active = v.StringBoolean(if_missing=False)

        if edit:

            users_group_members = v.OneOf(

                available_members, hideList=False, testValueList=True,

                if_missing=None, not_empty=False

            )

    return _UserGroupForm

def RepoGroupForm(edit=False, old_data=None, repo_groups=None,

                   can_create_in_root=False):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                         v.SlugifyName(),

                         v.ValidRegex(msg=_('Name must not contain only digits'))(r'(?!^\d+$)^.+$'))

        group_description = v.UnicodeString(strip=True, min=1,

                                            not_empty=False)

        group_copy_permissions = v.StringBoolean(if_missing=False)

        if edit:

            #FIXME: do a special check that we cannot move a group to one of

            #its children

            pass

        parent_group_id = All(v.CanCreateGroup(can_create_in_root),

                              v.OneOf(repo_group_ids, hideList=False,

                                      testValueList=True,

                                      if_missing=None, not_empty=True),

                              v.Int(min=-1, not_empty=True))

        enable_locking = v.StringBoolean(if_missing=False)

        chained_validators = [v.ValidRepoGroup(edit, old_data)]

    return _RepoGroupForm

def RegisterForm(edit=False, old_data=None):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(

            v.ValidUsername(edit, old_data),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        password = All(

            v.ValidPassword(),

            v.UnicodeString(strip=False, min=6, not_empty=True)

        )

        password_confirmation = All(

            v.ValidPassword(),

            v.UnicodeString(strip=False, min=6, not_empty=True)

        )

        active = v.StringBoolean(if_missing=False)

        firstname = v.UnicodeString(strip=True, min=1, not_empty=False)

        lastname = v.UnicodeString(strip=True, min=1, not_empty=False)

        email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))

        chained_validators = [v.ValidPasswordsMatch('password',

                                                    'password_confirmation')]

    return _RegisterForm

def PasswordResetRequestForm():

    class _PasswordResetRequestForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = v.Email(not_empty=True)

    return _PasswordResetRequestForm

def PasswordResetConfirmationForm():

    class _PasswordResetConfirmationForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = v.UnicodeString(strip=True, not_empty=True)

        timestamp = v.Number(strip=True, not_empty=True)

        token = v.UnicodeString(strip=True, not_empty=True)

        password = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))

        password_confirm = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))

        chained_validators = [v.ValidPasswordsMatch('password',

                                                    'password_confirm')]

    return _PasswordResetConfirmationForm

def RepoForm(edit=False, old_data=None, supported_backends=BACKENDS.keys(),

             repo_groups=None, landing_revs=None):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    landing_revs = landing_revs or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(old_data),

                         v.OneOf(repo_group_ids, hideList=True),

                         v.Int(min=-1, not_empty=True))

        repo_type = v.OneOf(supported_backends, required=False,

                            if_missing=old_data.get('repo_type'))

        repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)

        repo_private = v.StringBoolean(if_missing=False)

        repo_landing_rev = v.OneOf(landing_revs, hideList=True)

        repo_copy_permissions = v.StringBoolean(if_missing=False)

        clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))

        repo_enable_statistics = v.StringBoolean(if_missing=False)

        repo_enable_downloads = v.StringBoolean(if_missing=False)

        repo_enable_locking = v.StringBoolean(if_missing=False)

        if edit:

            owner = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())

            # Not a real field - just for reference for validation:

            # clone_uri_hidden = v.UnicodeString(if_missing='')

        chained_validators = [v.ValidCloneUri(),

                              v.ValidRepoName(edit, old_data)]

    return _RepoForm

def RepoPermsForm():

    class _RepoPermsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        chained_validators = [v.ValidPerms(type_='repo')]

    return _RepoPermsForm

def RepoGroupPermsForm(valid_recursive_choices):

    class _RepoGroupPermsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        recursive = v.OneOf(valid_recursive_choices)

        chained_validators = [v.ValidPerms(type_='repo_group')]

    return _RepoGroupPermsForm

def UserGroupPermsForm():

    class _UserPermsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        chained_validators = [v.ValidPerms(type_='user_group')]

    return _UserPermsForm

def RepoFieldForm():

    class _RepoFieldForm(formencode.Schema):

        filter_extra_fields = True

        allow_extra_fields = True

        new_field_key = All(v.FieldKey(),

                            v.UnicodeString(strip=True, min=3, not_empty=True))

        new_field_value = v.UnicodeString(not_empty=False, if_missing='')

        new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],

                                 if_missing='str')

        new_field_label = v.UnicodeString(not_empty=False)

        new_field_desc = v.UnicodeString(not_empty=False)

    return _RepoFieldForm

def RepoForkForm(edit=False, old_data=None, supported_backends=BACKENDS.keys(),

                 repo_groups=None, landing_revs=None):

    old_data = old_data or {}

    repo_groups = repo_groups or []

    landing_revs = landing_revs or []

    repo_group_ids = [rg[0] for rg in repo_groups]

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

                        v.SlugifyName())

        repo_group = All(v.CanWriteGroup(),

                         v.OneOf(repo_group_ids, hideList=True),

                         v.Int(min=-1, not_empty=True))

        repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))

        description = v.UnicodeString(strip=True, min=1, not_empty=True)

        private = v.StringBoolean(if_missing=False)

        copy_permissions = v.StringBoolean(if_missing=False)

        update_after_clone = v.StringBoolean(if_missing=False)

        fork_parent_id = v.UnicodeString()

        chained_validators = [v.ValidForkName(edit, old_data)]

        landing_rev = v.OneOf(landing_revs, hideList=True)

    return _RepoForkForm

def ApplicationSettingsForm():

    class _ApplicationSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        title = v.UnicodeString(strip=True, not_empty=False)

        realm = v.UnicodeString(strip=True, min=1, not_empty=True)

        ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)

        captcha_public_key = v.UnicodeString(strip=True, min=1, not_empty=False)

        captcha_private_key = v.UnicodeString(strip=True, min=1, not_empty=False)

    return _ApplicationSettingsForm

def ApplicationVisualisationForm():

    class _ApplicationVisualisationForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        show_public_icon = v.StringBoolean(if_missing=False)

        show_private_icon = v.StringBoolean(if_missing=False)

        stylify_metatags = v.StringBoolean(if_missing=False)

        repository_fields = v.StringBoolean(if_missing=False)

        lightweight_journal = v.StringBoolean(if_missing=False)

        page_size = v.Int(min=5, not_empty=True)

        admin_grid_items = v.Int(min=5, not_empty=True)

        show_version = v.StringBoolean(if_missing=False)

        use_gravatar = v.StringBoolean(if_missing=False)

        gravatar_url = v.UnicodeString(min=3)

        clone_uri_tmpl = v.UnicodeString(min=3)

    return _ApplicationVisualisationForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        paths_root_path = All(

            v.ValidPath(),

            v.UnicodeString(strip=True, min=1, not_empty=True)

        )

        hooks_changegroup_update = v.StringBoolean(if_missing=False)

        hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)

        hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)

        hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)

        extensions_largefiles = v.StringBoolean(if_missing=False)

        extensions_hgsubversion = v.StringBoolean(if_missing=False)

        extensions_hggit = v.StringBoolean(if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

                           user_group_perms_choices, create_choices,

                           create_on_write_choices, repo_group_create_choices,

                           user_group_create_choices, fork_choices,

                           register_choices, extern_activate_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default_repo = v.StringBoolean(if_missing=False)

        overwrite_default_group = v.StringBoolean(if_missing=False)

        overwrite_default_user_group = v.StringBoolean(if_missing=False)

        anonymous = v.StringBoolean(if_missing=False)

        default_repo_perm = v.OneOf(repo_perms_choices)

        default_group_perm = v.OneOf(group_perms_choices)

        default_user_group_perm = v.OneOf(user_group_perms_choices)

        default_repo_create = v.OneOf(create_choices)

        create_on_write = v.OneOf(create_on_write_choices)

        default_user_group_create = v.OneOf(user_group_create_choices)

        #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet

        default_fork = v.OneOf(fork_choices)

        default_register = v.OneOf(register_choices)

        default_extern_activate = v.OneOf(extern_activate_choices)

    return _DefaultPermissionsForm

def CustomDefaultPermissionsForm():

    class _CustomDefaultPermissionsForm(formencode.Schema):

        filter_extra_fields = True

        allow_extra_fields = True

        inherit_default_permissions = v.StringBoolean(if_missing=False)

        create_repo_perm = v.StringBoolean(if_missing=False)

        create_user_group_perm = v.StringBoolean(if_missing=False)

        #create_repo_group_perm Impl. later

        fork_repo_perm = v.StringBoolean(if_missing=False)

    return _CustomDefaultPermissionsForm

def DefaultsForm(edit=False, old_data=None, supported_backends=BACKENDS.keys()):

    class _DefaultsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        default_repo_type = v.OneOf(supported_backends)

        default_repo_private = v.StringBoolean(if_missing=False)

        default_repo_enable_statistics = v.StringBoolean(if_missing=False)

        default_repo_enable_downloads = v.StringBoolean(if_missing=False)

        default_repo_enable_locking = v.StringBoolean(if_missing=False)

    return _DefaultsForm

def AuthSettingsForm(current_active_modules):

    class _AuthSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        auth_plugins = All(v.ValidAuthPlugins(),

                           v.UniqueListFromString()(not_empty=True))

        def __init__(self, *args, **kwargs):

            # The auth plugins tell us what form validators they use

            if current_active_modules:

                import kallithea.lib.auth_modules