# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import inspect

import logging

import types

import urllib

import traceback

from rhodecode.lib.compat import izip_longest, json

from paste.response import replace_header

from pylons.controllers import WSGIController

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \

HTTPBadRequest, HTTPError

from rhodecode.model.db import User

from rhodecode.lib.auth import AuthUser

log = logging.getLogger('JSONRPC')

class JSONRPCError(BaseException):

    def __init__(self, message):

        self.message = message

    def __str__(self):

        return str(self.message)

def jsonrpc_error(message, code=None):

    """

    Generate a Response object with a JSON-RPC error body

    """

    from pylons.controllers.util import Response

    resp = Response(body=json.dumps(dict(result=None, error=message)),

                    status=code,

                    content_type='application/json')

    return resp

class JSONRPCController(WSGIController):

    """

     A WSGI-speaking JSON-RPC controller class

     See the specification:

     <http://json-rpc.org/wiki/specification>`.

     Valid controller return values should be json-serializable objects.

     Sub-classes should catch their exceptions and raise JSONRPCError

     if they want to pass meaningful errors to the client.

     """

    def _get_method_args(self):

        """

        Return `self._rpc_args` to dispatched controller method

        chosen by __call__

        """

        return self._rpc_args

    def __call__(self, environ, start_response):

        """

        Parse the request body as JSON, look up the method on the

        controller and if it exists, dispatch to it.

        """

        if 'CONTENT_LENGTH' not in environ:

            log.debug("No Content-Length")

            return jsonrpc_error(message="No Content-Length in request")

        else:

            length = environ['CONTENT_LENGTH'] or 0

            length = int(environ['CONTENT_LENGTH'])

            log.debug('Content-Length: %s', length)

        if length == 0:

            log.debug("Content-Length is 0")

            return jsonrpc_error(message="Content-Length is 0")

        raw_body = environ['wsgi.input'].read(length)

        try:

            json_body = json.loads(urllib.unquote_plus(raw_body))

        except ValueError, e:

            #catch JSON errors Here

            return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \

                                 % (e, urllib.unquote_plus(raw_body)))

        try:

            self._req_api_key = json_body['api_key']

            self._req_method = json_body['method']

            self._req_params = json_body['args']

            log.debug('method: %s, params: %s',

                      self._req_method,

                      self._req_params)

        except KeyError, e:

            return jsonrpc_error(message='Incorrect JSON query missing %s' % e)

        try:

            u = User.get_by_api_key(self._req_api_key)

            auth_u = AuthUser(u.user_id, self._req_api_key)

        except Exception, e:

            return jsonrpc_error(message='Invalid API KEY')

        self._error = None

        try:

            self._func = self._find_method()

        except AttributeError, e:

            return jsonrpc_error(message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        defaults = argspec[3] or []

        default_empty = types.NotImplementedType

        kwarglist = list(izip_longest(reversed(arglist), reversed(defaults),

                                fillvalue=default_empty))

        # this is little trick to inject logged in user for 

        # perms decorators to work they expect the controller class to have

        # rhodecode_user attribute set

        self.rhodecode_user = auth_u

        # This attribute will need to be first param of a method that uses

        # api_key, which is translated to instance of user at that name

        USER_SESSION_ATTR = 'apiuser'

        if USER_SESSION_ATTR not in arglist:

            return jsonrpc_error(message='This method [%s] does not support '

                                 'authentication (missing %s param)' %

                                 (self._func.__name__, USER_SESSION_ATTR))

        # get our arglist and check if we provided them as args

        for arg, default in kwarglist:

            if arg == USER_SESSION_ATTR:

                # USER_SESSION_ATTR is something translated from api key and 

                # this is checked before so we don't need validate it

                continue

            # skip the required param check if it's default value is 

            # NotImplementedType (default_empty)

            if not self._req_params or (type(default) == default_empty

                                        and arg not in self._req_params):

                return jsonrpc_error(message=('Missing non optional %s arg '

                                              'in JSON DATA') % arg)

        self._rpc_args = {USER_SESSION_ATTR:u}

        self._rpc_args.update(self._req_params)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        self._rpc_args['start_response'] = start_response

        status = []

        headers = []

        exc_info = []

        def change_content(new_status, new_headers, new_exc_info=None):

            status.append(new_status)

            headers.extend(new_headers)

            exc_info.append(new_exc_info)

        output = WSGIController.__call__(self, environ, change_content)

        output = list(output)

        headers.append(('Content-Length', str(len(output[0]))))

        replace_header(headers, 'Content-Type', 'application/json')

        start_response(status[0], headers, exc_info[0])

        return output

    def _dispatch_call(self):

        """

        Implement dispatch interface specified by WSGIController

        """

        try:

            raw_response = self._inspect_call(self._func)

            if isinstance(raw_response, HTTPError):

                self._error = str(raw_response)

        except JSONRPCError, e:

            self._error = str(e)

        except Exception, e:

            log.error('Encountered unhandled exception: %s' \

                      % traceback.format_exc())

            json_exc = JSONRPCError('Internal server error')

            self._error = str(json_exc)

        if self._error is not None:

            raw_response = None

        response = dict(result=raw_response, error=self._error)

        try:

            return json.dumps(response)

        except TypeError, e:

            log.debug('Error encoding response: %s', e)

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.ui_key == key)

    @classmethod

    def get_builtin_hooks(cls):

        q = cls.query()

        q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE,

                                    cls.HOOK_REPO_SIZE,

                                    cls.HOOK_PUSH, cls.HOOK_PULL]))

        return q.all()

    @classmethod

    def get_custom_hooks(cls):

        q = cls.query()

        q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE,

                                    cls.HOOK_REPO_SIZE,

                                    cls.HOOK_PUSH, cls.HOOK_PULL]))

        q = q.filter(cls.ui_section == 'hooks')

        return q.all()

    @classmethod

    def create_or_update_hook(cls, key, val):

        new_ui = cls.get_by_key(key).scalar() or cls()

        new_ui.ui_section = 'hooks'

        new_ui.ui_active = True

        new_ui.ui_key = key

        new_ui.ui_value = val

        Session.add(new_ui)

        Session.commit()

class User(Base, BaseModel):

    __tablename__ = 'users'

    __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'extend_existing':True})

    user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    username = Column("username", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    password = Column("password", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    active = Column("active", Boolean(), nullable=True, unique=None, default=None)

    admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)

    name = Column("name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    lastname = Column("lastname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    email = Column("email", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)

    ldap_dn = Column("ldap_dn", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    api_key = Column("api_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    user_log = relationship('UserLog', cascade='all')

    user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')

    repositories = relationship('Repository')

    user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')

    repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')

    group_member = relationship('UsersGroupMember', cascade='all')

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.name, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.name, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        try:

            return "<%s('id:%s:%s')>" % (self.__class__.__name__,

                                             self.user_id, self.username)

        except:

            return self.__class__.__name__

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.username.ilike(username))

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_user_%s" % username))

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False):

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session.add(self)

        Session.commit()

        log.debug('updated user %s lastlogin', self.username)

class UserLog(Base, BaseModel):

    __tablename__ = 'user_logs'

    __table_args__ = {'extend_existing':True}

    user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)

    @property

    def action_as_day(self):

        return date(*self.action_date.timetuple()[:3])

    user = relationship('User')

    repository = relationship('Repository')

class UsersGroup(Base, BaseModel):

    __tablename__ = 'users_groups'

    __table_args__ = {'extend_existing':True}

    users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)

    members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")

    def __repr__(self):

        return '<userGroup(%s)>' % (self.users_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        if case_insensitive:

            gr = cls.query()\

                .filter(cls.users_group_name.ilike(group_name))

        else:

            gr = cls.query()\

                .filter(cls.users_group_name == group_name)

        if cache:

            gr = gr.options(FromCache("sql_cache_short",

                                          "get_user_%s" % group_name))

        return gr.scalar()

    @classmethod

    def get(cls, users_group_id, cache=False):

        users_group = cls.query()

        if cache:

            users_group = users_group.options(FromCache("sql_cache_short",

                                    "get_users_group_%s" % users_group_id))

        return users_group.get(users_group_id)

    @classmethod

    def create(cls, form_data):

        try:

            new_users_group = cls()

            for k, v in form_data.items():

                setattr(new_users_group, k, v)

            Session.add(new_users_group)

            Session.commit()

            return new_users_group

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

    @classmethod

    def update(cls, users_group_id, form_data):

        try:

            users_group = cls.get(users_group_id, cache=False)

            for k, v in form_data.items():

                if k == 'users_group_members':

                    users_group.members = []

                    Session.flush()

                    members_list = []

                    if v:

                        v = [v] if isinstance(v, basestring) else v

                        for u_id in set(v):

                            member = UsersGroupMember(users_group_id, u_id)

                            members_list.append(member)

                    setattr(users_group, 'members', members_list)

                setattr(users_group, k, v)

# -*- coding: utf-8 -*-

"""

    rhodecode.model.user

    ~~~~~~~~~~~~~~~~~~~~

    users model for RhodeCode

    :created_on: Apr 9, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

from pylons.i18n.translation import _

from rhodecode.lib import safe_unicode

from rhodecode.lib.caching_query import FromCache

from rhodecode.model import BaseModel

from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \

    UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from sqlalchemy.exc import DatabaseError

from rhodecode.lib import generate_api_key

from sqlalchemy.orm import joinedload

log = logging.getLogger(__name__)

PERM_WEIGHTS = {'repository.none': 0,

                'repository.read': 1,

                'repository.write': 3,

                'repository.admin': 3}

class UserModel(BaseModel):

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User)\

                .filter(User.username == username)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def get_by_api_key(self, api_key, cache=False):

    def create(self, form_data):

        try:

            new_user = User()

            for k, v in form_data.items():

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            self.sa.add(new_user)

            self.sa.commit()

            return new_user

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_or_update(self, username, password, email, name, lastname, 

                         active=True, admin=False, ldap_dn=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param name:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for %s account in RhodeCode database', username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s', username)            

            new_user = User()

        else:

            log.debug('updating user %s', username)            

            new_user = user

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.password = get_crypt_password(password)

            new_user.api_key = generate_api_key(username)

            new_user.email = email

            new_user.active = active

            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None

            new_user.name = name

            new_user.lastname = lastname

            self.sa.add(new_user)

            self.sa.commit()

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create_for_container_auth(self, username, attrs):

        """

        Creates the given user if it's not already in the database

        :param username:

        :param attrs:

        """

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one

            generate_email = lambda usr: '%s@container_auth.account' % usr

            try:

                new_user = User()

                new_user.username = username

                new_user.password = None

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email']

                new_user.active = attrs.get('active', True)

                new_user.name = attrs['name'] or generate_email(username)

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                self.sa.commit()

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('User %s already exists. Skipping creation of account'

                  ' for container auth.', username)

        return None

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xxxaxn',

                                             'password':'ąćźżąśśśś',

                                             'password_confirmation':'ąćźżąśśśś',

                                             'email':'goodmailm@test.plx',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

        self.assertTrue('Invalid characters in password' in response.body)

    def test_register_password_mismatch(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xs',

                                             'password':'123qwe',

                                             'password_confirmation':'qwe123',

                                             'email':'goodmailm@test.plxa',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

        assert 'Passwords do not match' in response.body

    def test_register_ok(self):

        username = 'test_regular4'

        password = 'qweqwe'

        email = 'marcin@test.com'

        name = 'testname'

        lastname = 'testlastname'

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':username,

                                             'password':password,

                                             'password_confirmation':password,

                                             'email':email,

                                             'name':name,

                                             'lastname':lastname})

        self.assertEqual(response.status , '302 Found')

        assert 'You have successfully registered into rhodecode' in response.session['flash'][0], 'No flash message about user registration'

        ret = self.sa.query(User).filter(User.username == 'test_regular4').one()

        assert ret.username == username , 'field mismatch %s %s' % (ret.username, username)

        assert check_password(password, ret.password) == True , 'password mismatch'

        assert ret.email == email , 'field mismatch %s %s' % (ret.email, email)

        assert ret.name == name , 'field mismatch %s %s' % (ret.name, name)

        assert ret.lastname == lastname , 'field mismatch %s %s' % (ret.lastname, lastname)

    def test_forgot_password_wrong_mail(self):

        response = self.app.post(url(controller='login', action='password_reset'),

                                            {'email':'marcin@wrongmail.org', })

        assert "This e-mail address doesn't exist" in response.body, 'Missing error message about wrong email'

    def test_forgot_password(self):

        response = self.app.get(url(controller='login',

                                    action='password_reset'))

        self.assertEqual(response.status , '200 OK')

        username = 'test_password_reset_1'

        password = 'qweqwe'

        email = 'marcin@python-works.com'

        name = 'passwd'

        lastname = 'reset'

        new = User()

        new.username = username

        new.password = password

        new.email = email

        new.name = name

        new.lastname = lastname

        new.api_key = generate_api_key(username)

        self.sa.add(new)

        self.sa.commit()

        response = self.app.post(url(controller='login',

                                     action='password_reset'),

                                 {'email':email, })

        self.checkSessionFlash(response, 'Your password reset link was sent')

        response = response.follow()

        # BAD KEY

        key = "bad"

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('reset_password')))

        # GOOD KEY

        key = User.get_by_username(username).api_key

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('login_home')))

        self.checkSessionFlash(response,

                               ('Your password reset was successful, '

                                'new password has been sent to your email'))

        response = response.follow()