Peter Vitt <petervitt@web.de> 2015

    Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> 2015

    Tuux <tuxa@galaxie.eu.org> 2015

    Viktar Palstsiuk <vipals@gmail.com> 2015

    Ante Ilic <ante@unity3d.com> 2014

    Bradley M. Kuhn <bkuhn@sfconservancy.org> 2014

    Calinou <calinou@opmbx.org> 2014

    Daniel Anderson <daniel@dattrix.com> 2014

    Henrik Stuart <hg@hstuart.dk> 2014

    Ingo von Borstel <kallithea@planetmaker.de> 2014

    Jelmer Vernooij <jelmer@samba.org> 2014

    Jim Hague <jim.hague@acm.org> 2014

    Matt Fellows <kallithea@matt-fellows.me.uk> 2014

    Max Roman <max@choloclos.se> 2014

    Na'Tosha Bard <natosha@unity3d.com> 2014

    Rasmus Selsmark <rasmuss@unity3d.com> 2014

    Tim Freund <tim@freunds.net> 2014

    Travis Burtrum <android@moparisthebest.com> 2014

    Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com> 2014

    Marcin Kuźmiński <marcin@python-works.com> 2010-2013

    xpol <xpolife@gmail.com> 2012-2013

    Aparkar <aparkar@icloud.com> 2013

    Dennis Brakhane <brakhane@googlemail.com> 2013

    Grzegorz Rożniecki <xaerxess@gmail.com> 2013

    Jonathan Sternberg <jonathansternberg@gmail.com> 2013

    Leonardo Carneiro <leonardo@unity3d.com> 2013

    Magnus Ericmats <magnus.ericmats@gmail.com> 2013

    Martin Vium <martinv@unity3d.com> 2013

    Simon Lopez <simon.lopez@slopez.org> 2013

    Ton Plomp <tcplomp@gmail.com> 2013

    Augusto Herrmann <augusto.herrmann@planejamento.gov.br> 2011-2012

    Dan Sheridan <djs@adelard.com> 2012

    Dies Koper <diesk@fast.au.fujitsu.com> 2012

    Erwin Kroon <e.kroon@smartmetersolutions.nl> 2012

    H Waldo G <gwaldo@gmail.com> 2012

    hppj <hppj@postmage.biz> 2012

    Indra Talip <indra.talip@gmail.com> 2012

    mikespook 2012

    nansenat16 <nansenat16@null.tw> 2012

    Philip Jameson <philip.j@hostdime.com> 2012

    Raoul Thill <raoul.thill@gmail.com> 2012

    Stefan Engel <mail@engel-stefan.de> 2012

    Tony Bussieres <t.bussieres@gmail.com> 2012

    Vincent Caron <vcaron@bearstech.com> 2012

    Vincent Duvert <vincent@duvert.net> 2012

    Vladislav Poluhin <nuklea@gmail.com> 2012

    Zachary Auclair <zach101@gmail.com> 2012

    Ankit Solanki <ankit.solanki@gmail.com> 2011

        m.connect("users", "/users",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("formatted_users", "/users.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_user", "/users/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_user", "/users/{id}",

                  action="update", conditions=dict(method=["POST"]))

        m.connect("delete_user", "/users/{id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("edit_user", "/users/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]))

        # EXTRAS USER ROUTES

        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

                  action="edit_advanced", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="edit_api_keys", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys_update", "/users/{id}/edit/api_keys",

                  action="add_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

                  action="delete_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="edit_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_perms_update", "/users/{id}/edit/permissions",

                  action="update_perms", conditions=dict(method=["POST"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="edit_emails", conditions=dict(method=["GET"]))

        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

                  action="add_email", conditions=dict(method=["POST"]))

        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

                  action="delete_email", conditions=dict(method=["POST"]))

        m.connect("edit_user_ips", "/users/{id}/edit/ips",

                  action="edit_ips", conditions=dict(method=["GET"]))

        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

                  action="add_ip", conditions=dict(method=["POST"]))

        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

                  action="delete_ip", conditions=dict(method=["POST"]))

    # ADMIN USER GROUPS REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/user_groups') as m:

        m.connect("users_groups", "/user_groups",

                  action="create", conditions=dict(method=["POST"]))

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from tg import request, tmpl_context as c, config, app_globals

from tg.i18n import ugettext as _

from sqlalchemy.sql.expression import func

from webob.exc import HTTPFound, HTTPNotFound

import kallithea

from kallithea.config.routing import url

from kallithea.lib.exceptions import DefaultUserException, \

    UserOwnsReposException, UserCreationError

from kallithea.lib import helpers as h

from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \

    AuthUser

from kallithea.lib import auth_modules

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm

from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

from kallithea.lib.utils import action_logger

from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    @LoginRequired()

    @HasPermissionAnyDecorator('hg.admin')

    def _before(self, *args, **kwargs):

        super(UsersController, self)._before(*args, **kwargs)

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        c.users_list = User.query().order_by(User.username) \

                        .filter_by(is_default_user=False) \

                        .order_by(func.lower(User.username)) \

                        .all()

            Session().commit()

            h.flash(_("Added IP address %s to user whitelist") % ip, category='success')

        except formencode.Invalid as error:

            msg = error.error_dict['ip']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred while adding IP address'),

                    category='error')

        if 'default_user' in request.POST:

            raise HTTPFound(location=url('admin_permissions_ips'))

        raise HTTPFound(location=url('edit_user_ips', id=id))

    def delete_ip(self, id):

        ip_id = request.POST.get('del_ip_id')

        user_model = UserModel()

        user_model.delete_extra_ip(id, ip_id)

        Session().commit()

        h.flash(_("Removed IP address from user whitelist"), category='success')

        if 'default_user' in request.POST:

            raise HTTPFound(location=url('admin_permissions_ips'))

        raise HTTPFound(location=url('edit_user_ips', id=id))

  <li>Copyright &copy; 2015, Ronny Pfannschmidt</li>

  <li>Copyright &copy; 2015, Tuux</li>

  <li>Copyright &copy; 2015, Viktar Palstsiuk</li>

  <li>Copyright &copy; 2014, Ante Ilic</li>

  <li>Copyright &copy; 2014, Bradley M. Kuhn</li>

  <li>Copyright &copy; 2014, Calinou</li>

  <li>Copyright &copy; 2014, Daniel Anderson</li>

  <li>Copyright &copy; 2014, Henrik Stuart</li>

  <li>Copyright &copy; 2014, Ingo von Borstel</li>

  <li>Copyright &copy; 2014, Jelmer Vernooij</li>

  <li>Copyright &copy; 2014, Jim Hague</li>

  <li>Copyright &copy; 2014, Matt Fellows</li>

  <li>Copyright &copy; 2014, Max Roman</li>

  <li>Copyright &copy; 2014, Na'Tosha Bard</li>

  <li>Copyright &copy; 2014, Rasmus Selsmark</li>

  <li>Copyright &copy; 2014, Tim Freund</li>

  <li>Copyright &copy; 2014, Travis Burtrum</li>

  <li>Copyright &copy; 2014, Zoltan Gyarmati</li>

  <li>Copyright &copy; 2010&ndash;2013, Marcin Kuźmiński</li>

  <li>Copyright &copy; 2010&ndash;2013, RhodeCode GmbH</li>

  <li>Copyright &copy; 2011, 2013, Aparkar</li>

  <li>Copyright &copy; 2012&ndash;2013, xpol</li>

  <li>Copyright &copy; 2013, Dennis Brakhane</li>

  <li>Copyright &copy; 2013, Grzegorz Rożniecki</li>

  <li>Copyright &copy; 2013, Jonathan Sternberg</li>

  <li>Copyright &copy; 2013, Leonardo Carneiro</li>

  <li>Copyright &copy; 2013, Magnus Ericmats</li>

  <li>Copyright &copy; 2013, Martin Vium</li>

  <li>Copyright &copy; 2013, Simon Lopez</li>

  <li>Copyright &copy; 2011&ndash;2012, Augusto Herrmann</li>

  <li>Copyright &copy; 2012, Dan Sheridan</li>

  <li>Copyright &copy; 2012, H Waldo G</li>

  <li>Copyright &copy; 2012, hppj</li>

  <li>Copyright &copy; 2012, Indra Talip</li>

  <li>Copyright &copy; 2012, mikespook</li>

  <li>Copyright &copy; 2012, nansenat16</li>

  <li>Copyright &copy; 2012, Philip Jameson</li>

  <li>Copyright &copy; 2012, Raoul Thill</li>

  <li>Copyright &copy; 2012, Tony Bussieres</li>

  <li>Copyright &copy; 2012, Vincent Duvert</li>

  <li>Copyright &copy; 2012, Vladislav Poluhin</li>

  <li>Copyright &copy; 2012, Zachary Auclair</li>

  <li>Copyright &copy; 2011, Ankit Solanki</li>

  <li>Copyright &copy; 2011, Dmitri Kuznetsov</li>

  <li>Copyright &copy; 2011, Jared Bunting</li>

  <li>Copyright &copy; 2011, Jason Harris</li>

  <li>Copyright &copy; 2011, Les Peabody</li>

  <li>Copyright &copy; 2011, Liad Shani</li>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))}

    »

    ${h.link_to(_('Users'),h.url('users'))}

    »

    ${c.user.username}

</%def>

<%block name="header_menu">

    ${self.menu('admin')}

</%block>

<%def name="main()">

<div class="panel panel-primary">

    <div class="panel-heading clearfix">

        ${self.breadcrumbs()}

    </div>

    ##main

    <div class="panel-body settings">

      <ul class="nav nav-pills nav-stacked">

        <li class="${'active' if c.active=='profile' else ''}"><a href="${h.url('edit_user', id=c.user.user_id)}">${_('Profile')}</a></li>

        <li class="${'active' if c.active=='emails' else ''}"><a href="${h.url('edit_user_emails', id=c.user.user_id)}">${_('Emails')}</a></li>

        <li class="${'active' if c.active=='api_keys' else ''}"><a href="${h.url('edit_user_api_keys', id=c.user.user_id)}">${_('API Keys')}</a></li>

        <li class="${'active' if c.active=='ips' else ''}"><a href="${h.url('edit_user_ips', id=c.user.user_id)}">${_('IP Whitelist')}</a></li>

        <li class="${'active' if c.active=='advanced' else ''}"><a href="${h.url('edit_user_advanced', id=c.user.user_id)}">${_('Advanced')}</a></li>

        <li class="${'active' if c.active=='perms' else ''}"><a href="${h.url('edit_user_perms', id=c.user.user_id)}">${_('Show Permissions')}</a></li>

      </ul>

      <div>

          <%include file="/admin/users/user_edit_${c.active}.html"/>

      </div>

    </div>

</div>

</%def>

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError

import pytest

from kallithea.tests.base import *

from kallithea.tests.fixture import Fixture

from kallithea.controllers.admin.users import UsersController

from kallithea.lib.auth import check_password

from kallithea.model.user import UserModel

from kallithea.model import validators

from kallithea.lib import helpers as h

from kallithea.model.meta import Session

from webob.exc import HTTPNotFound

from tg.util.webtest import test_context

fixture = Fixture()

@pytest.fixture

def user_and_repo_group_fail():

    username = 'repogrouperr'

    groupname = u'repogroup_fail'

    user = fixture.create_user(name=username)

    repo_group = fixture.create_repo_group(name=groupname, cur_user=username)

    yield user, repo_group

    # cleanup

    if RepoGroup.get_by_group_name(groupname):

        fixture.destroy_repo_group(repo_group)

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        assert 1 == len(keys)

        response = self.app.post(url('edit_user_api_keys_delete', id=user_id),

                 {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        assert 0 == len(keys)

    def test_reset_main_api_key(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        api_key = user.api_key

        response = self.app.get(url('edit_user_api_keys', id=user_id))

        response.mustcontain(api_key)

        response.mustcontain('Expires: Never')

        response = self.app.post(url('edit_user_api_keys_delete', id=user_id),

                 {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])

class TestAdminUsersController_unittest(TestController):

    """ Unit tests for the users controller """

    def test_get_user_or_raise_if_default(self, monkeypatch, test_context_fixture):

        # flash complains about an non-existing session

        def flash_mock(*args, **kwargs):

            pass

        monkeypatch.setattr(h, 'flash', flash_mock)

        u = UsersController()

        # a regular user should work correctly

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        assert u._get_user_or_raise_if_default(user.user_id) == user

        # the default user should raise

        with pytest.raises(HTTPNotFound):

            u._get_user_or_raise_if_default(User.get_default_user().user_id)

class TestAdminUsersControllerForDefaultUser(TestController):

    """

    Edit actions on the default user are not allowed.

    Validate that they throw a 404 exception.

    """

domain_extra = {}

domain_extra['unity3d.com'] = "Unity Technologies"

domain_extra['rhodecode.com'] = "RhodeCode GmbH"

# Repository history show some old contributions that traditionally hasn't been

# listed in about.html - preserve that:

no_about = set(total_ignore)

# The following contributors were traditionally not listed in about.html and it

# seems unclear if the copyright is personal or belongs to a company.

no_about.add(('Thayne Harbaugh <thayne@fusionio.com>', '2011'))

no_about.add(('Dies Koper <diesk@fast.au.fujitsu.com>', '2012'))

no_about.add(('Erwin Kroon <e.kroon@smartmetersolutions.nl>', '2012'))

no_about.add(('Vincent Caron <vcaron@bearstech.com>', '2012'))

# These contributors' contributions might be too small to be copyrightable:

no_about.add(('philip.j@hostdime.com', '2012'))

no_about.add(('Stefan Engel <mail@engel-stefan.de>', '2012'))

no_about.add(('Ton Plomp <tcplomp@gmail.com>', '2013'))

# Was reworked and contributed later and shadowed by other contributions:

no_about.add(('Sean Farley <sean.michael.farley@gmail.com>', '2013'))

# Contributors in about.html and CONTRIBUTORS not appearing in repository

# history:

other = [

    # Work folded into commits attributed to others:

]

# Preserve contributors listed in about.html but not appearing in repository

# history:

other_about = [

    ("2011", "Aparkar <aparkar@icloud.com>"),

    ("2010", "RhodeCode GmbH"),

    ("2011", "RhodeCode GmbH"),

    ("2012", "RhodeCode GmbH"),

    ("2013", "RhodeCode GmbH"),

]

# Preserve contributors listed in CONTRIBUTORS but not appearing in repository

# history:

other_contributors = [

    ("", "Andrew Kesterson <andrew@aklabs.net>"),

    ("", "cejones"),

    ("", "David A. Sjøen <david.sjoen@westcon.no>"),

    ("", "James Rhodes <jrhodes@redpointsoftware.com.au>"),

    ("", "Jonas Oberschweiber <jonas.oberschweiber@d-velop.de>"),

    ("", "larikale"),

    ("", "RhodeCode GmbH"),

    ("", "Sebastian Kreutzberger <sebastian@rhodecode.com>"),

    ("", "Steve Romanow <slestak989@gmail.com>"),