.. _changelog:

=========

Changelog

=========

1.3.5 (**2012-XX-XX**)

----------------------

:status: in-progress

:branch: beta

news

++++

- use ext_json for json module

- unified annotation view with file source view

- notification improvements, better inbox + css

- #419 don't strip passwords for login forms, make rhodecode 

  more compatible with LDAP servers

- Added HTTP_X_FORWARDED_FOR as another method of extracting 

  IP for pull/push logs. - moved all to base controller  

- #415: Adding comment to changeset causes reload. 

  Comments are now added via ajax and doesn't reload the page

- #374 LDAP config is discarded when LDAP can't be activated

- limited push/pull operations are now logged for git in the journal

- bumped mercurial to 2.2.X series

- added support for displaying submodules in file-browser

- #421 added bookmarks in changlog view

fixes

+++++

- fixed dev-version marker for stable when served from source codes

- fixed missing permission checks on show forks page

- #418 cast to unicode fixes in notification objects

- #426 fixed mention extracting regex

- fixed remote-pulling for git remotes remopositories

- fixed #434: Error when accessing files or changesets of a git repository 

  with submodules

1.3.4 (**2012-03-28**)

----------------------

news

++++

- Whoosh logging is now controlled by the .ini files logging setup

- added clone-url into edit form on /settings page

- added help text into repo add/edit forms

- created rcextensions module with additional mappings (ref #322) and

  post push/pull/create repo hooks callbacks

- implemented #377 Users view for his own permissions on account page

- #399 added inheritance of permissions for users group on repos groups

- #401 repository group is automatically pre-selected when adding repos 

  inside a repository group

- added alternative HTTP 403 response when client failed to authenticate. Helps 

  solving issues with Mercurial and LDAP

- #402 removed group prefix from repository name when listing repositories 

  inside a group

- added gravatars into permission view and permissions autocomplete

- #347 when running multiple RhodeCode instances, properly invalidates cache 

  for all registered servers

fixes

+++++

- fixed #390 cache invalidation problems on repos inside group

- fixed #385 clone by ID url was loosing proxy prefix in URL

- fixed some unicode problems with waitress

- fixed issue with escaping < and > in changeset commits

- fixed error occurring during recursive group creation in API 

  create_repo function

- fixed #393 py2.5 fixes for routes url generator

- fixed #397 Private repository groups shows up before login

- fixed #396 fixed problems with revoking users in nested groups

- fixed mysql unicode issues + specified InnoDB as default engine with 

  utf8 charset

- #406 trim long branch/tag names in changelog to not break UI

1.3.3 (**2012-03-02**)

----------------------

news

++++

fixes

    f_path = Column('f_path', Unicode(1000), nullable=True)

    user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    text = Column('text', Unicode(25000), nullable=False)

    modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)

    author = relationship('User', lazy='joined')

    repo = relationship('Repository')

    @classmethod

    def get_users(cls, revision):

        """

        Returns user associated with this changesetComment. ie those

        who actually commented

        :param cls:

        :param revision:

        """

        return Session.query(User)\

                .filter(cls.revision == revision)\

                .join(ChangesetComment.author).all()

class Notification(Base, BaseModel):

    __tablename__ = 'notifications'

    __table_args__ = (

        {'extend_existing': True, 'mysql_engine':'InnoDB',

         'mysql_charset': 'utf8'},

    )

    TYPE_CHANGESET_COMMENT = u'cs_comment'

    TYPE_MESSAGE = u'message'

    TYPE_MENTION = u'mention'

    TYPE_REGISTRATION = u'registration'

    notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)

    subject = Column('subject', Unicode(512), nullable=True)

    body = Column('body', Unicode(50000), nullable=True)

    created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)

    created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    type_ = Column('type', Unicode(256))

    created_by_user = relationship('User')

    notifications_to_users = relationship('UserNotification', lazy='joined',

                                          cascade="all, delete, delete-orphan")

    @property

    def recipients(self):

        return [x.user for x in UserNotification.query()\

    @classmethod

    def create(cls, created_by, subject, body, recipients, type_=None):

        if type_ is None:

            type_ = Notification.TYPE_MESSAGE

        notification = cls()

        notification.created_by_user = created_by

        notification.subject = subject

        notification.body = body

        notification.type_ = type_

        notification.created_on = datetime.datetime.now()

        for u in recipients:

            assoc = UserNotification()

            assoc.notification = notification

            u.notifications.append(assoc)

        Session.add(notification)

        return notification

    @property

    def description(self):

        from rhodecode.model.notification import NotificationModel

        return NotificationModel().make_description(self)

class UserNotification(Base, BaseModel):

    __tablename__ = 'user_to_notification'

    __table_args__ = (

        UniqueConstraint('user_id', 'notification_id'),

        {'extend_existing': True, 'mysql_engine':'InnoDB',

         'mysql_charset': 'utf8'}

    )

    user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)

    notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)

    read = Column('read', Boolean, default=False)

    sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)

    user = relationship('User', lazy="joined")

    notification = relationship('Notification', lazy="joined",

                                order_by=lambda: Notification.created_on.desc(),)

    def mark_as_read(self):

        self.read = True

        Session.add(self)

class DbMigrateVersion(Base, BaseModel):

        log.debug('User %s already exists. Skipping creation of account'

                  ' for container auth.', username)

        return None

    def create_ldap(self, username, password, user_dn, attrs):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        :param user_dn:

        :param attrs:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for such ldap account in RhodeCode database')

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for ldap account without one

            generate_email = lambda usr: '%s@ldap.account' % usr

            try:

                new_user = User()

                username = username.lower()

                # add ldap account always lowercase

                new_user.username = username

                new_user.password = get_crypt_password(password)

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email'] or generate_email(username)

                new_user.active = attrs.get('active', True)

                new_user.ldap_dn = safe_unicode(user_dn)

                new_user.name = attrs['name']

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('this %s user exists skipping creation of ldap account',

                  username)

        return None

    def create_registration(self, form_data):

        from rhodecode.model.notification import NotificationModel

        try:

            self.sa.add(new_user)

            self.sa.flush()

            # notification to admins

            subject = _('new user registration')

            body = ('New user registration\n'

                    '---------------------\n'

                    '- Username: %s\n'

                    '- Full Name: %s\n'

                    '- Email: %s\n')

            body = body % (new_user.username, new_user.full_name,

                           new_user.email)

            edit_url = url('edit_user', id=new_user.user_id, qualified=True)

            kw = {'registered_user_url': edit_url}

            NotificationModel().create(created_by=new_user, subject=subject,

                                       body=body, recipients=None,

                                       type_=Notification.TYPE_REGISTRATION,

                                       email_kwargs=kw)

        except:

            log.error(traceback.format_exc())

            raise

    def update(self, user_id, form_data):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                    user.password = v

                    user.api_key = generate_api_key(user.username)

                else:

                    setattr(user, k, v)

            self.sa.add(user)

        except:

            log.error(traceback.format_exc())

            raise

    def update_my_account(self, user_id, form_data):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

class TestLoginController(TestController):

    def tearDown(self):

        for n in Notification.query().all():

            Session.delete(n)

        Session.commit()

        self.assertEqual(Notification.query().all(), [])

    def test_index(self):

        response = self.app.get(url(controller='login', action='index'))

        self.assertEqual(response.status, '200 OK')

        # Test response...

    def test_login_admin_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'test_admin',

                                  'password':'test12'})

        self.assertEqual(response.status, '302 Found')

        self.assertEqual(response.session['rhodecode_user'].get('username') ,

                         'test_admin')

        response = response.follow()

        self.assertTrue('%s repository' % HG_REPO in response.body)

    def test_login_regular_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'test_regular',

                                  'password':'test12'})

        self.assertEqual(response.status, '302 Found')

        self.assertEqual(response.session['rhodecode_user'].get('username') ,

                         'test_regular')

        response = response.follow()

        self.assertTrue('%s repository' % HG_REPO in response.body)

        self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)

    def test_login_ok_came_from(self):

        test_came_from = '/_admin/users'

        response = self.app.post(url(controller='login', action='index',

                                     came_from=test_came_from),

                                 {'username':'test_admin',

                                  'password':'test12'})

        self.assertEqual(response.status, '302 Found')

        response = response.follow()

        self.assertEqual(response.status, '200 OK')

        self.assertTrue('Users administration' in response.body)

    def test_login_short_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'test_admin',

                                  'password':'as'})

        self.assertEqual(response.status, '200 OK')

        self.assertTrue('Enter 3 characters or more' in response.body)

    def test_login_wrong_username_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'error',

                                  'password':'test12'})

        self.assertEqual(response.status , '200 OK')

        self.assertTrue('invalid user name' in response.body)

        self.assertTrue('invalid password' in response.body)

    #==========================================================================

    # REGISTRATIONS

    #==========================================================================

    def test_register(self):

        response = self.app.get(url(controller='login', action='register'))

        self.assertTrue('Sign Up to RhodeCode' in response.body)

    def test_register_err_same_username(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'test_admin',

                                             'password':'test12',

                                             'password_confirmation':'test12',

                                             'email':'goodmail@domain.com',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

        self.assertTrue('This username already exists' in response.body)

    def test_register_err_same_email(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'test_admin_0',

                                             'password':'test12',

                                             'password_confirmation':'test12',

                                             'email':'test_admin@mail.com',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

    def test_register_err_same_email_case_sensitive(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'test_admin_1',

                                             'password':'test12',

                                             'password_confirmation':'test12',

                                             'email':'TesT_Admin@mail.COM',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

    def test_register_err_wrong_data(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xs',

                                             'password':'test',

                                             'password_confirmation':'test',

                                             'email':'goodmailm',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

    def test_register_err_username(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'error user',

                                             'password':'test12',

                                             'password_confirmation':'test12',

                                             'email':'goodmailm',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

                'alphanumeric characters underscores, '

                'periods or dashes and must begin with '

    def test_register_err_case_sensitive(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'Test_Admin',

                                             'password':'test12',

                                             'password_confirmation':'test12',

                                             'email':'goodmailm',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

        self.assertTrue('An email address must contain a single @' in response.body)

        self.assertTrue('This username already exists' in response.body)

    def test_register_special_chars(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xxxaxn',

                                             'password':'ąćźżąśśśś',

                                             'password_confirmation':'ąćźżąśśśś',

                                             'email':'goodmailm@test.plx',

                                             'name':'test',

                                             'lastname':'test'})

        self.assertEqual(response.status , '200 OK')

        self.assertTrue('Invalid characters in password' in response.body)

    def test_register_password_mismatch(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xs',

                                             'password':'123qwe',

                                             'password_confirmation':'qwe123',

                                             'email':'goodmailm@test.plxa',

                                             'name':'test',

                                             'lastname':'test'})

    def test_register_ok(self):

        username = 'test_regular4'

        password = 'qweqwe'

        email = 'marcin@test.com'

        name = 'testname'

        lastname = 'testlastname'

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':username,

                                             'password':password,

                                             'password_confirmation':password,

                                             'email':email,

                                             'name':name,

        ret = self.Session.query(User).filter(User.username == 'test_regular4').one()

    def test_forgot_password_wrong_mail(self):

    def test_forgot_password(self):

        response = self.app.get(url(controller='login',

                                    action='password_reset'))

        username = 'test_password_reset_1'

        password = 'qweqwe'

        email = 'marcin@python-works.com'

        name = 'passwd'

        lastname = 'reset'

        new = User()

        new.username = username

        new.password = password

        new.email = email

        new.name = name

        new.lastname = lastname

        new.api_key = generate_api_key(username)

        self.Session.add(new)

        self.Session.commit()

        response = self.app.post(url(controller='login',

                                     action='password_reset'),

                                 {'email':email, })

        self.checkSessionFlash(response, 'Your password reset link was sent')

        response = response.follow()

        # BAD KEY

        key = "bad"

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('reset_password')))

        # GOOD KEY

        key = User.get_by_username(username).api_key

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('login_home')))

        self.checkSessionFlash(response,

                               ('Your password reset was successful, '

                                'new password has been sent to your email'))

        response = response.follow()