# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

vcs.backends.ssh

~~~~~~~~~~~~~~~~~

SSH backend for all available SCMs

"""

import datetime

import logging

import sys

from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware

from kallithea.lib.utils2 import safe_str, set_hook_environment

from kallithea.model.db import Repository, User, UserSshKeys

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class BaseSshHandler(object):

    # Protocol for setting properties:

    # Set by sub class:

    #   vcs_type: 'hg' or 'git'

    # Set by make() / __init__():

    #   repo_name: requested repo name - only validated by serve()

    # Set by serve() - must not be accessed before:

    #   db_repo: repository db object

    #   authuser: user that has been authenticated - like request.authuser ... which isn't used here

    #   allow_push: false for read-only access to the repo

    # Set defaults, in case .exit should be called early

    vcs_type = None

    repo_name = None

    @staticmethod

    def make(ssh_command):

        """Factory function. Given a command as invoked over SSH (and preserved

        in SSH_ORIGINAL_COMMAND when run as authorized_keys command), return a

        handler if the command looks ok, else return None.

        """

        raise NotImplementedError

    def __init__(self, repo_name):

    def serve(self, user_id, key_id, client_ip):

        """Verify basic sanity of the repository, and that the user is

        valid and has access - then serve the native VCS protocol for

        repository access."""

        dbuser = User.get(user_id)

        if dbuser is None:

            self.exit('User %r not found' % user_id)

        self.authuser = AuthUser.make(dbuser=dbuser, ip_addr=client_ip)

        log.info('Authorized user %s from SSH %s trusting user id %s and key id %s for %r', dbuser, client_ip, user_id, key_id, self.repo_name)

        if self.authuser is None: # not ok ... but already kind of authenticated by SSH ... but not really not authorized ...

            self.exit('User %s from %s cannot be authorized' % (dbuser.username, client_ip))

        ssh_key = UserSshKeys.get(key_id)

        if ssh_key is None:

            self.exit('SSH key %r not found' % key_id)

        ssh_key.last_seen = datetime.datetime.now()

        Session().commit()

        if HasPermissionAnyMiddleware('repository.write',

                                      'repository.admin')(self.authuser, self.repo_name):

            self.allow_push = True

        elif HasPermissionAnyMiddleware('repository.read')(self.authuser, self.repo_name):

            self.allow_push = False

        else:

            self.exit('Access to %r denied' % safe_str(self.repo_name))

        self.db_repo = Repository.get_by_repo_name(self.repo_name)

        if self.db_repo is None:

            self.exit("Repository '%s' not found" % self.repo_name)

        assert self.db_repo.repo_name == self.repo_name

        # Set global hook environment up for 'push' actions.

        # If pull actions should be served, the actual hook invocation will be

        # hardcoded to 'pull' when log_pull_action is invoked (directly on Git,

        # or through the Mercurial 'outgoing' hook).

        # For push actions, the action in global hook environment is used (in

        # handle_git_post_receive when it is called as Git post-receive hook,

        # or in log_push_action through the Mercurial 'changegroup' hook).

        set_hook_environment(self.authuser.username, client_ip, self.repo_name, self.vcs_type, 'push')

        return self._serve()

    def _serve(self):

        """Serve the native protocol for repository access."""

        raise NotImplementedError

    def exit(self, error):

        log.info('abort serving %s %s: %s', self.vcs_type, self.repo_name, error)

        sys.stderr.write('abort: %s\n' % error)

        sys.exit(1)

            'http://%s:%s/_admin/api' % webserver.server_address,

            data=json.dumps(params),

            headers={'content-type': 'application/json'})

        response = urllib2.urlopen(req)

        result = json.loads(response.read())

        # Expect something like:

        # {u'result': {u'msg': u'Created new repository `new_XXX`', u'task': None, u'success': True}, u'id': 7, u'error': None}

        assert result[u'result'][u'success']

        # Create local clone of the empty server repo

        local_clone_dir = _get_tmp_dir()

        clone_url = vt.repo_url_param(webserver, repo_name)

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, local_clone_dir)

        # Make 3 commits and push to the empty server repo.

        # The server repo doesn't have any other heads than the

        # refs/heads/master we are pushing, but the `git log` in the push hook

        # should still list the 3 commits.

        stdout, stderr = _add_files_and_push(webserver, vt, local_clone_dir, clone_url=clone_url)

        if vt.repo_type == 'git':

            _check_proper_git_push(stdout, stderr)

        elif vt.repo_type == 'hg':

            assert 'pushing to ' in stdout

            assert 'remote: added ' in stdout

        # Verify that we got the right events in UserLog. Expect something like:

        # <UserLog('id:new_git_XXX:started_following_repo')>

        # <UserLog('id:new_git_XXX:user_created_repo')>

        # <UserLog('id:new_git_XXX:pull')>

        # <UserLog('id:new_git_XXX:push:aed9d4c1732a1927da3be42c47eb9afdc200d427,d38b083a07af10a9f44193486959a96a23db78da,4841ff9a2b385bec995f4679ef649adb3f437622')>

        action_parts = [ul.action.split(':', 1) for ul in UserLog.query().order_by(UserLog.user_log_id)]

        assert [(t[0], (t[1].count(',') + 1) if len(t) == 2 else 0) for t in action_parts] == ([

            (u'started_following_repo', 0),

            (u'user_created_repo', 0),

            (u'pull', 0),

            (u'push', 3)]

            if vt.repo_type == 'git' else [

            (u'started_following_repo', 0),

            (u'user_created_repo', 0),

            # (u'pull', 0), # Mercurial outgoing hook is not called for empty clones

            (u'push', 3)])

    @parametrize_vcs_test

    def test_push_new_file(self, webserver, testfork, vt):

        UserLog.query().delete()

        Session().commit()

        dest_dir = _get_tmp_dir()

        clone_url = vt.repo_url_param(webserver, vt.repo_name)

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, dest_dir)

        clone_url = vt.repo_url_param(webserver, testfork[vt.repo_type])

        stdout, stderr = _add_files_and_push(webserver, vt, dest_dir, clone_url=clone_url)

        if vt.repo_type == 'git':

            _check_proper_git_push(stdout, stderr)

        elif vt.repo_type == 'hg':

            assert 'pushing to' in stdout

            assert 'Repository size' in stdout

            assert 'Last revision is now' in stdout

        action_parts = [ul.action.split(':', 1) for ul in UserLog.query().order_by(UserLog.user_log_id)]

        assert [(t[0], (t[1].count(',') + 1) if len(t) == 2 else 0) for t in action_parts] == \

            [(u'pull', 0), (u'push', 3)]

    @parametrize_vcs_test

    def test_pull(self, webserver, testfork, vt):

        UserLog.query().delete()

        Session().commit()

        dest_dir = _get_tmp_dir()

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'init', dest_dir)

        clone_url = vt.repo_url_param(webserver, vt.repo_name)

        stdout, stderr = Command(dest_dir).execute(vt.repo_type, 'pull', clone_url)

        if vt.repo_type == 'git':

            assert 'FETCH_HEAD' in stderr

        elif vt.repo_type == 'hg':

            assert 'new changesets' in stdout

        action_parts = [ul.action for ul in UserLog.query().order_by(UserLog.user_log_id)]

        assert action_parts == [u'pull']

        # Test handling of URLs with extra '/' around repo_name

        stdout, stderr = Command(dest_dir).execute(vt.repo_type, 'pull', clone_url.replace('/' + vt.repo_name, '/./%s/' % vt.repo_name), ignoreReturnCode=True)

        if issubclass(vt, HttpVcsTest):

            if vt.repo_type == 'git':

                # NOTE: when pulling from http://hostname/./vcs_test_git/ , the git client will normalize that and issue an HTTP request to /vcs_test_git/info/refs

                assert 'Already up to date.' in stdout

            else:

                assert vt.repo_type == 'hg'

                assert "abort: HTTP Error 404: Not Found" in stderr

        else:

            assert issubclass(vt, SshVcsTest)

            if vt.repo_type == 'git':

            else:

        stdout, stderr = Command(dest_dir).execute(vt.repo_type, 'pull', clone_url.replace('/' + vt.repo_name, '/%s/' % vt.repo_name), ignoreReturnCode=True)

        else:

    @parametrize_vcs_test

    def test_push_invalidates_cache(self, webserver, testfork, vt):

        pre_cached_tip = [repo.get_api_data()['last_changeset']['short_id'] for repo in Repository.query().filter(Repository.repo_name == testfork[vt.repo_type])]

        key = CacheInvalidation.query().filter(CacheInvalidation.cache_key

                                               == testfork[vt.repo_type]).scalar()

        if not key:

            key = CacheInvalidation(testfork[vt.repo_type], testfork[vt.repo_type])

            Session().add(key)

        key.cache_active = True

        Session().commit()

        dest_dir = _get_tmp_dir()

        clone_url = vt.repo_url_param(webserver, testfork[vt.repo_type])

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, dest_dir)

        stdout, stderr = _add_files_and_push(webserver, vt, dest_dir, files_no=1, clone_url=clone_url)

        if vt.repo_type == 'git':

            _check_proper_git_push(stdout, stderr)

        post_cached_tip = [repo.get_api_data()['last_changeset']['short_id'] for repo in Repository.query().filter(Repository.repo_name == testfork[vt.repo_type])]

        assert pre_cached_tip != post_cached_tip

        key = CacheInvalidation.query().filter(CacheInvalidation.cache_key

                                               == testfork[vt.repo_type]).all()

        assert key == []

    @parametrize_vcs_test_http

    def test_push_wrong_credentials(self, webserver, vt):

        dest_dir = _get_tmp_dir()

        clone_url = vt.repo_url_param(webserver, vt.repo_name)

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, dest_dir)

        clone_url = webserver.repo_url(vt.repo_name, username='bad', password='name')

        stdout, stderr = _add_files_and_push(webserver, vt, dest_dir,

                                             clone_url=clone_url, ignoreReturnCode=True)

        if vt.repo_type == 'git':

            assert 'fatal: Authentication failed' in stderr

        elif vt.repo_type == 'hg':

            assert 'abort: authorization failed' in stderr

    @parametrize_vcs_test

    def test_push_with_readonly_credentials(self, webserver, vt):

        UserLog.query().delete()

        Session().commit()

        dest_dir = _get_tmp_dir()

        clone_url = vt.repo_url_param(webserver, vt.repo_name, username=TEST_USER_REGULAR_LOGIN, password=TEST_USER_REGULAR_PASS)

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, dest_dir)

        stdout, stderr = _add_files_and_push(webserver, vt, dest_dir, ignoreReturnCode=True, clone_url=clone_url)

        if vt.repo_type == 'git':

            assert 'The requested URL returned error: 403' in stderr or 'abort: Push access to %r denied' % str(vt.repo_name) in stderr

        elif vt.repo_type == 'hg':

            assert 'abort: HTTP Error 403: Forbidden' in stderr or 'abort: push failed on remote' in stderr and 'remote: Push access to %r denied' % str(vt.repo_name) in stdout

        action_parts = [ul.action.split(':', 1) for ul in UserLog.query().order_by(UserLog.user_log_id)]

        assert [(t[0], (t[1].count(',') + 1) if len(t) == 2 else 0) for t in action_parts] == \

            [(u'pull', 0)]

    @parametrize_vcs_test

    def test_push_back_to_wrong_url(self, webserver, vt):

        dest_dir = _get_tmp_dir()

        clone_url = vt.repo_url_param(webserver, vt.repo_name)

        stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, dest_dir)

        stdout, stderr = _add_files_and_push(

            webserver, vt, dest_dir, clone_url='http://%s:%s/tmp' % (

                webserver.server_address[0], webserver.server_address[1]),

            ignoreReturnCode=True)

        if vt.repo_type == 'git':

            assert 'not found' in stderr

        elif vt.repo_type == 'hg':

            assert 'HTTP Error 404: Not Found' in stderr

    @parametrize_vcs_test

    def test_ip_restriction(self, webserver, vt):

        user_model = UserModel()

        try:

            # Add IP constraint that excludes the test context:

            user_model.add_extra_ip(TEST_USER_ADMIN_LOGIN, '10.10.10.10/32')

            Session().commit()

            # IP permissions are cached, need to wait for the cache in the server process to expire

            time.sleep(1.5)

            clone_url = vt.repo_url_param(webserver, vt.repo_name)

            stdout, stderr = Command(TESTS_TMP_PATH).execute(vt.repo_type, 'clone', clone_url, _get_tmp_dir(), ignoreReturnCode=True)

            if vt.repo_type == 'git':

                # The message apparently changed in Git 1.8.3, so match it loosely.

                assert re.search(r'\b403\b', stderr) or 'abort: User test_admin from 127.0.0.127 cannot be authorized' in stderr

            elif vt.repo_type == 'hg':