# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import sys

import platform

VERSION = (1, 4, 0, 'b')

try:

    from rhodecode.lib import get_current_revision

    _rev = get_current_revision()

    if _rev and len(VERSION) > 3:

        VERSION += ('dev%s' % _rev[0],)

except ImportError:

    pass

__version__ = ('.'.join((str(each) for each in VERSION[:3])) +

               '.'.join(VERSION[3:]))

__dbversion__ = 6  # defines current db version for migrations

__platform__ = platform.system()

__license__ = 'GPLv3'

__py_version__ = sys.version_info

__author__ = 'Marcin Kuzminski'

__url__ = 'http://rhodecode.org'

PLATFORM_WIN = ('Windows')

is_windows = __platform__ in PLATFORM_WIN

BACKENDS = {

    'hg': 'Mercurial repository',

    'git': 'Git repository',

}

CELERY_ON = False

CELERY_EAGER = False

# link to config for pylons

CONFIG = {}

# Linked module for extensions

EXTENSIONS = {}

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import random

import logging

import traceback

import hashlib

from tempfile import _RandomNameSequence

from decorator import decorator

from pylons import config, url, request

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.model.meta import Session

from rhodecode.lib.utils2 import str2bool, safe_unicode

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import Permission, RhodeCodeSetting, User

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """

    This is a simple class for generating password from different sets of

    characters

    usage::

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, length, type_=None):

        if type_ is None:

            type_ = self.ALPHABETS_FULL

        self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])

        return self.passwd

class RhodeCodeCrypto(object):

    @classmethod

    def hash_string(cls, str_):

        """

        Cryptographic function used for password hashing based on pybcrypt

        or pycrypto in windows

        :param password: password to hash

        """

            from hashlib import sha256

            return sha256(str_).hexdigest()

            import bcrypt

            return bcrypt.hashpw(str_, bcrypt.gensalt(10))

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

    @classmethod

    def hash_check(cls, password, hashed):

        """

        Checks matching password with it's hashed value, runs different

        implementation based on platform it runs on

        :param password: password

        :param hashed: password in hashed form

        """

            from hashlib import sha256

            return sha256(password).hexdigest() == hashed

            import bcrypt

            return bcrypt.hashpw(password, hashed) == hashed

        else:

            raise Exception('Unknown or unsupported platform %s' \

                            % __platform__)

def get_crypt_password(password):

    return RhodeCodeCrypto.hash_string(password)

def check_password(password, hashed):

    return RhodeCodeCrypto.hash_check(password, hashed)

def generate_api_key(str_, salt=None):

    """

    Generates API KEY from given string

    :param str_:

    :param salt:

    """

    if salt is None:

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

                                                                password)

                log.debug('Got ldap DN response %s' % user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

                                                           .get(k), [''])[0]

                user_attrs = {

                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

                 'email': get_ldap_attr('ldap_attr_email'),

                }

                # don't store LDAP password since we don't need it. Override

                # with some random generated password

                _password = PasswordGenerator().gen_password(length=8)

                # create this user on the fly if it doesn't exist in rhodecode

                # database

                if user_model.create_ldap(username, _password, user_dn,

                                          user_attrs):

                    log.info('created new ldap user %s' % username)

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

def login_container_auth(username):

    user = User.get_by_username(username)

    if user is None:

        user_attrs = {

            'name': username,

            'lastname': None,

            'email': None,

        }

        user = UserModel().create_for_container_auth(username, user_attrs)

        if not user:

            return None

        log.info('User %s was created by container authentication' % username)

    if not user.active:

        return None

    user.update_lastlogin()

    log.debug('User %s is now logged in by container authentication',

              user.username)

    return user

def get_container_username(environ, config):

    username = None

    if str2bool(config.get('container_auth_enabled', False)):

        from paste.httpheaders import REMOTE_USER

        username = REMOTE_USER(environ)

    if not username and str2bool(config.get('proxypass_auth_enabled', False)):

        username = environ.get('HTTP_X_FORWARDED_USER')

    if username:

        # Removing realm and domain from username

        username = username.partition('@')[0]

        username = username.rpartition('\\')[2]

        log.debug('Received username %s from container' % username)

    return username

            return True

        return False

class HasReposGroupPermissionAny(PermsFunction):

    def __call__(self, group_name=None, check_Location=''):

        self.group_name = group_name

        return super(HasReposGroupPermissionAny, self).__call__(check_Location)

    def check_permissions(self):

        try:

            self._user_perms = set(

                [self.user_perms['repositories_groups'][self.group_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

class HasReposGroupPermissionAll(PermsFunction):

    def __call__(self, group_name=None, check_Location=''):

        self.group_name = group_name

    def check_permissions(self):

        try:

            self._user_perms = set(

                [self.user_perms['repositories_groups'][self.group_name]]

            )

        except KeyError:

            return False

        if self.required_perms.issubset(self._user_perms):

            return True

        return False

#==============================================================================

# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH

#==============================================================================

class HasPermissionAnyMiddleware(object):

    def __init__(self, *perms):

        self.required_perms = set(perms)

    def __call__(self, user, repo_name):

        # repo_name MUST be unicode, since we handle keys in permission

        # dict by unicode

        repo_name = safe_unicode(repo_name)