action="settings_search", conditions=dict(method=["POST"]))

        m.connect("admin_settings_search", "/settings/search",

                  action="settings_search", conditions=dict(method=["GET"]))

        m.connect("admin_settings_system", "/settings/system",

                  action="settings_system", conditions=dict(method=["POST"]))

        m.connect("admin_settings_system", "/settings/system",

                  action="settings_system", conditions=dict(method=["GET"]))

        m.connect("admin_settings_system_update", "/settings/system/updates",

                  action="settings_system_update", conditions=dict(method=["GET"]))

    # ADMIN MY ACCOUNT

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/my_account') as m:

        m.connect("my_account", "/my_account",

                  action="my_account", conditions=dict(method=["GET"]))

        m.connect("my_account", "/my_account",

                  action="my_account", conditions=dict(method=["POST"]))

        m.connect("my_account_password", "/my_account/password",

                  action="my_account_password", conditions=dict(method=["GET"]))

        m.connect("my_account_password", "/my_account/password",

                  action="my_account_password", conditions=dict(method=["POST"]))

        m.connect("my_account_repos", "/my_account/repos",

                  action="my_account_repos", conditions=dict(method=["GET"]))

        m.connect("my_account_watched", "/my_account/watched",

                  action="my_account_watched", conditions=dict(method=["GET"]))

        m.connect("my_account_perms", "/my_account/perms",

                  action="my_account_perms", conditions=dict(method=["GET"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails", conditions=dict(method=["GET"]))

        m.connect("my_account_emails", "/my_account/emails",

                  action="my_account_emails_add", conditions=dict(method=["POST"]))

        m.connect("my_account_emails_delete", "/my_account/emails/delete",

                  action="my_account_emails_delete", conditions=dict(method=["POST"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys", conditions=dict(method=["GET"]))

        m.connect("my_account_api_keys", "/my_account/api_keys",

                  action="my_account_api_keys_add", conditions=dict(method=["POST"]))

        m.connect("my_account_api_keys_delete", "/my_account/api_keys/delete",

                  action="my_account_api_keys_delete", conditions=dict(method=["POST"]))

    # ADMIN GIST

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/gists') as m:

        m.connect("gists", "/gists",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("gists", "/gists",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_gist", "/gists/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("gist_delete", "/gists/{gist_id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("edit_gist", "/gists/{gist_id}/edit",

                  action="edit", conditions=dict(method=["GET", "POST"]))

        m.connect("edit_gist_check_revision", "/gists/{gist_id}/edit/check_revision",

                  action="check_revision", conditions=dict(method=["POST"]))

        m.connect("gist", "/gists/{gist_id}",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("gist_rev", "/gists/{gist_id}/{revision}",

                  revision="tip",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_gist", "/gists/{gist_id}/{revision}/{format}",

                  revision="tip",

                  action="show", conditions=dict(method=["GET"]))

        m.connect("formatted_gist_file", "/gists/{gist_id}/{revision}/{format}/{f_path:.*}",

                  revision='tip',

                  action="show", conditions=dict(method=["GET"]))

    # ADMIN MAIN PAGES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/admin') as m:

        m.connect('admin_home', '', action='index')

        m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',

                  action='add_repo')

    #==========================================================================

    # API V2

    #==========================================================================

    with rmap.submapper(path_prefix=ADMIN_PREFIX, controller='api/api',

                        action='_dispatch') as m:

        m.connect('api', '/api')

    # USER JOURNAL

    rmap.connect('journal', '%s/journal' % ADMIN_PREFIX,

                 controller='journal', action='index')

    rmap.connect('journal_rss', '%s/journal/rss' % ADMIN_PREFIX,

                 controller='journal', action='journal_rss')

    rmap.connect('journal_atom', '%s/journal/atom' % ADMIN_PREFIX,

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.my_account

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

my account controller for Kallithea admin

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: August 20, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from sqlalchemy import func

from formencode import htmlfill

from tg import request, tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound

from kallithea.config.routing import url

from kallithea.lib import helpers as h

from kallithea.lib import auth_modules

from kallithea.lib.auth import LoginRequired, AuthUser

from kallithea.lib.utils2 import generate_api_key, safe_int

from kallithea.model.db import Repository, UserEmailMap, User, UserFollowing

from kallithea.model.forms import UserForm, PasswordChangeForm

from kallithea.model.user import UserModel

from kallithea.model.repo import RepoModel

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class MyAccountController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('setting', 'settings', controller='admin/settings',

    #         path_prefix='/admin', name_prefix='admin_')

    @LoginRequired()

    def _before(self, *args, **kwargs):

        super(MyAccountController, self)._before(*args, **kwargs)

    def __load_data(self):

        c.user = User.get(request.authuser.user_id)

        if c.user.is_default_user:

            h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            raise HTTPFound(location=url('users'))

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = Session().query(Repository) \

                         .join(UserFollowing) \

                         .filter(UserFollowing.user_id ==

                                 request.authuser.user_id).all()

        else:

            admin = True

            repos_list = Session().query(Repository) \

                         .filter(Repository.owner_id ==

                                 request.authuser.user_id).all()

        return RepoModel().get_repos_as_dict(repos_list, admin=admin)

    def my_account(self):

        c.active = 'profile'

        self.__load_data()

        c.perm_user = AuthUser(user_id=request.authuser.user_id)

        managed_fields = auth_modules.get_managed_fields(c.user)

        def_user_perms = AuthUser(dbuser=User.get_default_user()).permissions['global']

        if 'hg.register.none' in def_user_perms:

            managed_fields.extend(['username', 'firstname', 'lastname', 'email'])

        c.readonly = lambda n: 'readonly' if n in managed_fields else None

                    category='error')

        raise HTTPFound(location=url('my_account_emails'))

    def my_account_emails_delete(self):

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(request.authuser.user_id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        raise HTTPFound(location=url('my_account_emails'))

    def my_account_api_keys(self):

        c.active = 'api_keys'

        self.__load_data()

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(request.authuser.user_id,

                                                     show_expired=show_expired)

        return render('admin/my_account/my_account.html')

    def my_account_api_keys_add(self):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(request.authuser.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        raise HTTPFound(location=url('my_account_api_keys'))

    def my_account_api_keys_delete(self):

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(request.authuser.user_id)

            user.api_key = generate_api_key()

            Session().commit()

            h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, request.authuser.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        raise HTTPFound(location=url('my_account_api_keys'))

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%block name="title">

    ${_('My Account')} ${request.authuser.username}

</%block>

<%def name="breadcrumbs_links()">

    ${_('My Account')}

</%def>

<%block name="header_menu">

    ${self.menu('admin')}

</%block>

<%def name="main()">

<div class="panel panel-primary">

    <div class="panel-heading">

        ${self.breadcrumbs()}

    </div>

    ##main

    <div class="panel-body settings">

        <ul class="nav nav-pills nav-stacked">

            <li class="${'active' if c.active=='profile' else ''}"><a href="${h.url('my_account')}">${_('Profile')}</a></li>

            <li class="${'active' if c.active=='emails' else ''}"><a href="${h.url('my_account_emails')}">${_('Email Addresses')}</a></li>

            <li class="${'active' if c.active=='password' else ''}"><a href="${h.url('my_account_password')}">${_('Password')}</a></li>

            <li class="${'active' if c.active=='api_keys' else ''}"><a href="${h.url('my_account_api_keys')}">${_('API Keys')}</a></li>

            <li class="${'active' if c.active=='repos' else ''}"><a href="${h.url('my_account_repos')}">${_('Owned Repositories')}</a></li>

            <li class="${'active' if c.active=='watched' else ''}"><a href="${h.url('my_account_watched')}">${_('Watched Repositories')}</a></li>

            <li class="${'active' if c.active=='perms' else ''}"><a href="${h.url('my_account_perms')}">${_('Show Permissions')}</a></li>

        </ul>

        <div>

            <%include file="/admin/my_account/my_account_${c.active}.html"/>

        </div>

    </div>

</div>

</%def>

# -*- coding: utf-8 -*-

from kallithea.tests.base import *

from kallithea.tests.fixture import Fixture

from kallithea.lib import helpers as h

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

from tg.util.webtest import test_context

fixture = Fixture()

class TestMyAccountController(TestController):

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_my_account(self):

        self.log_user()

        response = self.app.get(url('my_account'))

        response.mustcontain('value="%s' % TEST_USER_ADMIN_LOGIN)

    def test_my_account_my_repos(self):

        self.log_user()

        response = self.app.get(url('my_account_repos'))

        cnt = Repository.query().filter(Repository.owner ==

                           User.get_by_username(TEST_USER_ADMIN_LOGIN)).count()

        response.mustcontain('"raw_name": "%s"' % HG_REPO)

        response.mustcontain('"just_name": "%s"' % GIT_REPO)

    def test_my_account_my_watched(self):

        self.log_user()

        response = self.app.get(url('my_account_watched'))

        cnt = UserFollowing.query().filter(UserFollowing.user ==

                            User.get_by_username(TEST_USER_ADMIN_LOGIN)).count()

        response.mustcontain('"raw_name": "%s"' % HG_REPO)

        response.mustcontain('"just_name": "%s"' % GIT_REPO)

    def test_my_account_my_emails(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

    ])

    def test_my_account_add_api_keys(self, desc, lifetime):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        try:

            response = response.follow()

            user = User.get(usr['user_id'])

            for api_key in user.api_keys:

                response.mustcontain(api_key)

        finally:

            for api_key in UserApiKeys.query().all():

                Session().delete(api_key)

                Session().commit()

    def test_my_account_remove_api_key(self):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        response = response.follow()

        # now delete our key

        keys = UserApiKeys.query().all()

        assert 1 == len(keys)

        response = self.app.post(url('my_account_api_keys_delete'),

                 {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().all()

        assert 0 == len(keys)

    def test_my_account_reset_main_api_key(self):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        api_key = user.api_key

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(api_key)

        response.mustcontain('Expires: Never')

        response = self.app.post(url('my_account_api_keys_delete'),

                 {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])