from kallithea.tests import *

from kallithea.tests.fixture import Fixture

from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys

from kallithea.lib.auth import check_password

from kallithea.model.user import UserModel

from kallithea.model import validators

from kallithea.lib import helpers as h

from kallithea.model.meta import Session

fixture = Fixture()

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_index(self):

        self.log_user()

        response = self.app.get(url('users'))

        # Test response...

        response.mustcontain("""<span class="error-message">Please enter a value</span>""")

        response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")

        def get_user():

            Session().query(User).filter(User.username == username).one()

        self.assertRaises(NoResultFound, get_user), 'found user in database'

    def test_new(self):

        self.log_user()

        response = self.app.get(url('new_user'))

        [('firstname', {'firstname': 'new_username'}),

         ('lastname', {'lastname': 'new_username'}),

         ('admin', {'admin': True}),

         ('admin', {'admin': False}),

         ('extern_type', {'extern_type': 'ldap'}),

         ('extern_type', {'extern_type': None}),

         ('extern_name', {'extern_name': 'test'}),

         ('extern_name', {'extern_name': None}),

         ('active', {'active': False}),

         ('active', {'active': True}),

         ('email', {'email': 'someemail@example.com'}),

        # ('new_password', {'new_password': 'foobar123',

            self.assertEqual(UserModel().has_perm(uid, perm_none), True)

            self.assertEqual(UserModel().has_perm(uid, perm_create), False)

        finally:

            UserModel().delete(uid)

            Session().commit()

    def test_ips(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        response = self.app.get(url('edit_user_ips', id=user.user_id))

        response.mustcontain('All IP addresses are allowed')

        ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False),

        ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False),

        ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False),

        ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False),

        ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True),

        ('127_bad_ip', 'foobar', 'foobar', True),

    ])

    def test_add_ip(self, test_name, ip, ip_range, failure):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response.mustcontain('All IP addresses are allowed')

        response.mustcontain(no=[ip])

        response.mustcontain(no=[ip_range])

    def test_api_keys(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        response = self.app.get(url('edit_user_api_keys', id=user.user_id))

        response.mustcontain(user.api_key)

        response.mustcontain('Expires: Never')

        ('forever', -1),

        ('5mins', 60*5),

        ('30days', 60*60*24*30),

    ])

    def test_add_api_keys(self, desc, lifetime):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

from kallithea.lib.utils2 import generate_api_key

from kallithea.lib.auth import check_password

from kallithea.lib import helpers as h

from kallithea.model.api_key import ApiKeyModel

from kallithea.model import validators

from kallithea.model.db import User, Notification

from kallithea.model.meta import Session

from kallithea.model.user import UserModel

fixture = Fixture()

        remove_all_notifications()

        self.assertEqual(Notification.query().all(), [])

    def test_index(self):

        response = self.app.get(url(controller='login', action='index'))

        self.assertEqual(response.status, '200 OK')

        # Test response...

    def test_login_admin_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_ADMIN_LOGIN,

                                  'password': TEST_USER_ADMIN_PASS})

        # Verify that a login session has been established.

        response = self.app.get(url(controller='login', action='index'))

        response = response.follow()

        self.assertIn('authuser', response.session)

        response.click('Log Out')

        # Verify that the login session has been terminated.

        response = self.app.get(url(controller='login', action='index'))

        self.assertNotIn('authuser', response.session)

          ('data:text/html,<script>window.alert("xss")</script>',),

          ('mailto:test@example.com',),

          ('file:///etc/passwd',),

          ('ftp://ftp.example.com',),

          ('http://other.example.com/bl%C3%A5b%C3%A6rgr%C3%B8d',),

          ('//evil.example.com/',),

          ('/\r\nX-Header-Injection: boo',),

          ('/invälid_url_bytes',),

          ('non-absolute-path',),

    ])

    def test_login_bad_came_froms(self, url_came_from):

        response = self.app.post(url(controller='login', action='index',

        response.mustcontain('Enter 3 characters or more')

    def test_login_wrong_username_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': 'error',

                                  'password': 'test12'})

        response.mustcontain('Invalid username or password')

    # verify that get arguments are correctly passed along login redirection

        ({'foo':'one', 'bar':'two'}, (('foo', 'one'), ('bar', 'two'))),

        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

             (('blue', u'blå'.encode('utf-8')), ('green', u'grøn'.encode('utf-8')))),

    ])

    def test_redirection_to_login_form_preserves_get_args(self, args, args_encoded):

        with fixture.anon_access(False):

            response = self.app.get(url(controller='summary', action='index',

                                        repo_name=HG_REPO,

                                        **args))

            self.assertEqual(response.status, '302 Found')

            came_from = urlparse.parse_qs(urlparse.urlparse(response.location).query)['came_from'][0]

            came_from_qs = urlparse.parse_qsl(urlparse.urlparse(came_from).query)

            for encoded in args_encoded:

                self.assertIn(encoded, came_from_qs)

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå', 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_login_form_preserves_get_args(self, args, args_encoded):

        response = self.app.get(url(controller='login', action='index',

                                    came_from=url('/_admin/users', **args)))

        came_from = urlparse.parse_qs(urlparse.urlparse(response.form.action).query)['came_from'][0]

        for encoded in args_encoded:

            self.assertIn(encoded, came_from)

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå', 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_redirection_after_successful_login_preserves_get_args(self, args, args_encoded):

        response = self.app.post(url(controller='login', action='index',

                                     came_from = url('/_admin/users', **args)),

                                 {'username': TEST_USER_ADMIN_LOGIN,

                                  'password': TEST_USER_ADMIN_PASS})

        self.assertEqual(response.status, '302 Found')

        for encoded in args_encoded:

            self.assertIn(encoded, response.location)

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå', 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_login_form_after_incorrect_login_preserves_get_args(self, args, args_encoded):

        response = self.app.post(url(controller='login', action='index',

                                     came_from=url('/_admin/users', **args)),

                                 {'username': 'error',

                                  'password': 'test12'})

        response.mustcontain('Invalid username or password')

        came_from = urlparse.parse_qs(urlparse.urlparse(response.form.action).query)['came_from'][0]

        self.checkSessionFlash(response, 'Successfully updated password')

        response = response.follow()

    #==========================================================================

    # API

    #==========================================================================

    def _get_api_whitelist(self, values=None):

        config = {'api_access_controllers_whitelist': values or []}

        return config

        ('none', None),

        ('empty_string', ''),

        ('fake_number', '123456'),

        ('proper_api_key', None)

    ])

    def test_access_not_whitelisted_page_via_api_key(self, test_name, api_key):

        whitelist = self._get_api_whitelist([])

        with mock.patch('kallithea.CONFIG', whitelist):

            self.assertEqual([],

                             whitelist['api_access_controllers_whitelist'])

            if test_name == 'proper_api_key':

                #use builtin if api_key is None

                api_key = User.get_first_admin().api_key

            with fixture.anon_access(False):

                self.app.get(url(controller='changeset',

                                 action='changeset_raw',

                                 repo_name=HG_REPO, revision='tip', api_key=api_key),

                             status=403)

        ('none', None, 302),

        ('empty_string', '', 302),

        ('fake_number', '123456', 302),

        ('fake_not_alnum', 'a-z', 302),

        ('fake_api_key', '0123456789abcdef0123456789ABCDEF01234567', 302),

        ('proper_api_key', None, 200)

    ])

    def test_access_whitelisted_page_via_api_key(self, test_name, api_key, code):

        whitelist = self._get_api_whitelist(['ChangesetController:changeset_raw'])

        with mock.patch('kallithea.CONFIG', whitelist):

            self.assertEqual(['ChangesetController:changeset_raw'],

                             whitelist['api_access_controllers_whitelist'])

# -*- coding: utf-8 -*-

from kallithea.model.db import User, UserFollowing, Repository, UserApiKeys

from kallithea.tests import *

from kallithea.tests.fixture import Fixture

from kallithea.lib import helpers as h

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

fixture = Fixture()

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_my_account(self):

        self.log_user()

        response = self.app.get(url('my_account'))

            .filter(UserEmailMap.email == 'barz@example.com').one().email_id

        response.mustcontain('barz@example.com')

        response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id)

        response = self.app.post(url('my_account_emails'),

                                 {'del_email_id': email_id, '_method': 'delete', '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Removed email from user')

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        [('firstname', {'firstname': 'new_username'}),

         ('lastname', {'lastname': 'new_username'}),

         ('admin', {'admin': True}),

         ('admin', {'admin': False}),

         ('extern_type', {'extern_type': 'ldap'}),

         ('extern_type', {'extern_type': None}),

         #('extern_name', {'extern_name': 'test'}),

         #('extern_name', {'extern_name': None}),

         ('active', {'active': False}),

         ('active', {'active': True}),

         ('email', {'email': 'someemail@example.com'}),

        # ('new_password', {'new_password': 'foobar123',

        msg = validators.ValidUsername(edit=False, old_data={}) \

                ._messages['username_exists']

        msg = h.html_escape(msg % {'username': TEST_USER_ADMIN_LOGIN})

        response.mustcontain(msg)

    def test_my_account_api_keys(self):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(user.api_key)

        response.mustcontain('Expires: Never')

        ('forever', -1),

        ('5mins', 60*5),

        ('30days', 60*60*24*30),

    ])

    def test_my_account_add_api_keys(self, desc, lifetime):

        usr = self.log_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS)

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        try:

            response = response.follow()