from webob.exc import HTTPNotFound, HTTPForbidden

from sqlalchemy.sql.expression import or_

from kallithea.lib.vcs.exceptions import VCSError, NodeNotChangedError

log = logging.getLogger(__name__)

class GistsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    def __load_defaults(self, extra_values=None):

        c.lifetime_values = [

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        if extra_values:

            c.lifetime_values.append(extra_values)

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

    @LoginRequired()

    def index(self):

        """GET /admin/gists: All items in the collection"""

        #check if this gist is not expired

        if c.gist.gist_expires != -1:

            if time.time() > c.gist.gist_expires:

                log.error('Gist expired at %s' %

                          (time_to_datetime(c.gist.gist_expires)))

                raise HTTPNotFound()

        try:

            c.file_changeset, c.files = GistModel().get_gist_files(gist_id)

        except VCSError:

            log.error(traceback.format_exc())

            raise HTTPNotFound()

        rendered = render('admin/gists/edit.html')

        if request.POST:

            rpost = request.POST

            nodes = {}

            for org_filename, filename, mimetype, content in zip(

                                                    rpost.getall('org_files'),

                                                    rpost.getall('files'),

                                                    rpost.getall('mimetypes'),

                                                    rpost.getall('contents')):

                nodes[org_filename] = {

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(self.authuser.user_id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('my_account_emails'))

    def my_account_api_keys(self):

        c.active = 'api_keys'

        self.__load_data()

        show_expired = True

        c.lifetime_values = [

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id,

                                                     show_expired=show_expired)

        return render('admin/my_account/my_account.html')

    def my_account_api_keys_add(self):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

            encoding="UTF-8",

            force_defaults=False)

    def edit_api_keys(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,

                                                     show_expired=show_expired)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            ig_ws_key = 'ignorews'

            ig_ws_val = 1

    # per file option

    else:

        params[fileid] += ['C:%s' % ln_ctx]

        ig_ws_key = fileid

        ig_ws_val = 'WS:%s' % 1

    if ig_ws:

        params[ig_ws_key] += [ig_ws_val]

    params['anchor'] = fileid

    icon = h.literal('<i class="icon-sort"></i>')

    return h.link_to(icon, h.url.current(**params), title=lbl, class_='tooltip')

class ChangesetController(BaseRepoController):

    def __before__(self):

        super(ChangesetController, self).__before__()

        c.affected_files_cut_off = 60

            journal = _journal_filter(journal, c.search_term)

            journal = journal.filter(filtering_criterion)\

                        .order_by(UserLog.action_date.desc())

        else:

            journal = []

        return journal

    def _atom_feed(self, repos, public=True):

        journal = self._get_journal_data(repos)

        if public:

            _link = h.canonical_url('public_journal_atom')

                                  'atom feed')

        else:

            _link = h.canonical_url('journal_atom')

        feed = Atom1Feed(title=_desc,

                         link=_link,

                         description=_desc,

                         language=self.language,

                         ttl=self.ttl)

        for entry in journal[:self.feed_nr]:

            user = entry.user

            if user is None:

                #fix deleted users

                user = AttributeDict({'short_contact': entry.username,

                          link=_url or h.canonical_url(''),

                          author_email=user.email,

                          author_name=user.full_contact,

                          description=desc)

        response.content_type = feed.mime_type

        return feed.writeString('utf-8')

    def _rss_feed(self, repos, public=True):

        journal = self._get_journal_data(repos)

        if public:

            _link = h.canonical_url('public_journal_atom')

                                  'rss feed')

        else:

            _link = h.canonical_url('journal_atom')

        feed = Rss201rev2Feed(title=_desc,

                         link=_link,

                         description=_desc,

                         language=self.language,

                         ttl=self.ttl)

        for entry in journal[:self.feed_nr]:

            user = entry.user

            if user is None:

                #fix deleted users

                user = AttributeDict({'short_contact': entry.username,

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('recaptcha_challenge_field'),

                                      request.POST.get('recaptcha_response_field'),

                                      private_key=captcha_private_key,

                                      remoteip=self.ip_addr)

                    if c.captcha_active and not response.is_valid:

                        _value = form_result

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

                UserModel().create_registration(form_result)

                h.flash(_('You have successfully registered into Kallithea'),

                        category='success')

                Session().commit()

                return redirect(url('login_home'))

            except formencode.Invalid, errors:

                return htmlfill.render(

        if request.POST:

            password_reset_form = PasswordResetForm()()

            try:

                form_result = password_reset_form.to_python(dict(request.POST))

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('recaptcha_challenge_field'),

                                      request.POST.get('recaptcha_response_field'),

                                      private_key=captcha_private_key,

                                      remoteip=self.ip_addr)

                    if c.captcha_active and not response.is_valid:

                        _value = form_result

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

                UserModel().reset_password_link(form_result)

                h.flash(_('Your password reset link was sent'),

                            category='success')

                return redirect(url('login_home'))

            except formencode.Invalid, errors:

                return htmlfill.render(

                    render('/password_reset.html'),

                    defaults=errors.value,

        _rev = '%s...%s' % (_name1, _name2)

        compare_view = (

            ' <div class="compare_view tooltip" title="%s">'

            '<a href="%s">%s</a> </div>' % (

                _('Show all combined changesets %s->%s') % (

                    revs_ids[0][:12], revs_ids[-1][:12]

                ),

                url('changeset_home', repo_name=repo_name,

                    revision=_rev

                ),

            )

        )

        # if we have exactly one more than normally displayed

        # just display it, takes less space than displaying

        # "and 1 more revisions"

        if len(revs_ids) == revs_limit + 1:

            cs_links.append(", " + lnk(revs[revs_limit], repo_name))

        # hidden-by-default ones

        if len(revs_ids) > revs_limit + 1:

            uniq_id = revs_ids[0]

            if len(revs_ids) > revs_top_limit:

                morelinks += ', ...'

            cs_links.append(html_tmpl % (uniq_id, morelinks))

        if len(revs) > 1:

            cs_links.append(compare_view)

        return ''.join(cs_links)

    def get_fork_name():

        repo_name = action_params

        _url = url('summary_home', repo_name=repo_name)

    def get_user_name():

        user_name = action_params

        return user_name

    def get_users_group():

        group_name = action_params

        return group_name

    def get_pull_request():

        pull_request_id = action_params

        nice_id = PullRequest.make_nice_id(pull_request_id)

    def _generate_choice(cls, repo_group):

        from webhelpers.html import literal as _literal

        _name = lambda k: _literal(cls.SEP.join(k))

        return repo_group.group_id, _name(repo_group.full_path_splitted)

    @classmethod

    def groups_choices(cls, groups=None, show_empty_group=True):

        if not groups:

            groups = cls.query().all()

        repo_groups = []

        if show_empty_group:

        repo_groups.extend([cls._generate_choice(x) for x in groups])

        repo_groups = sorted(repo_groups, key=lambda t: t[1].split(cls.SEP)[0])

        return repo_groups

    @classmethod

    def url_sep(cls):

        return URL_SEP

    @classmethod

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        <span class="btn btn-mini btn-success disabled">${_('Primary')}</span>

    </td>

    </tr>

    %if c.user_email_map:

        %for em in c.user_email_map:

          <tr>

            <td><div class="gravatar">${h.gravatar(em.email, size=16)}</div></td>

            <td><div class="email">${em.email}</div></td>

            <td>

                ${h.form(url('my_account_emails'),method='delete')}

                    ${h.hidden('del_email_id',em.email_id)}

                    <i class="icon-minus-circled" style="color:#FF4444"></i>

                    class_="action_button", onclick="return  confirm('"+_('Confirm to delete this email: %s') % em.email+"');")}

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %else:

    <tr><td><div class="ip">${_('No additional emails specified.')}</div></td></tr>

    %endif

  </table>

</div>

<div>

<div class="ips_wrap">

      <table class="noborder">

      %if c.user_ip_map:

        %for ip in c.user_ip_map:

          <tr>

              <td><div class="ip">${ip.ip_addr}</div></td>

              <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>

              <td>

                ${h.form(url('edit_user_ips', id=c.user.user_id),method='delete')}

                    ${h.hidden('del_ip_id',ip.ip_id)}

                    ${h.hidden('default_user', 'True')}

                    class_="action_button", onclick="return confirm('"+_('Confirm to delete this IP address: %s') % ip.ip_addr+"');")}

                ${h.end_form()}

              </td>

          </tr>

        %endfor

       %else:

        <tr><td><div class="ip">${_('All IP addresses are allowed.')}</div></td></tr>

       %endif

      </table>

</div>

${h.form(url('edit_user_ips', id=c.user.user_id),method='put')}

                    ##forbid revoking permission from yourself, except if you're an super admin

                    <tr id="id${id(r2p.user.username)}">

                        %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin:

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin')}</td>

                        <td style="white-space: nowrap;">

                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

                            %else:

                            %endif

                        </td>

                        <td>

                          %if r2p.user.username !='default':

                            <span style="color:#da4f49" class="action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

                             <i class="icon-minus-circled"></i> ${_('Revoke')}

                            </span>

                          %endif

                        </td>

                        %else:

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td>

                        <td style="white-space: nowrap;">

                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

                        </td>

                        <td><i class="icon-user"></i> ${_('Delegated Admin')}</td>

                        %endif

                    </tr>

                %endfor

                ## USER GROUPS

                %for g2p in c.repo_group.users_group_to_perm:

                    <tr id="id${id(g2p.users_group.users_group_name)}">

                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>

                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>

                        <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>

        <th>${_('Key')}</th>

        <th>${_('Type')}</th>

        <th>${_('Action')}</th>

      %for field in c.repo_fields:

        <tr>

            <td>${field.field_label}</td>

            <td>${field.field_key}</td>

            <td>${field.field_type}</td>

            <td>

              ${h.form(url('delete_repo_fields', repo_name=c.repo_info.repo_name, field_id=field.repo_field_id),method='delete')}

                  <i class="icon-minus-circled" style="color:#FF4444"></i>

                  class_="action_button", onclick="return confirm('"+_('Confirm to delete this field: %s') % field.field_key+"');")}

              ${h.end_form()}

            </td>

        </tr>

      %endfor

      </table>

    </div>

    %endif

    ${h.form(url('create_repo_fields', repo_name=c.repo_name),method='put')}

    <div class="form">

        <!-- fields -->

        <div class="fields">

                        </tr>

                    %else:

                    <tr id="id${id(r2p.user.username)}">

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.none')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.read')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.write')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.admin')}</td>

                        <td style="white-space: nowrap;">

                            ${h.gravatar(r2p.user.email, size=14)}

                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

                            %else:

                            %endif

                        </td>

                        <td>

                          %if r2p.user.username !='default':

                            <span style="color:#da4f49" class="action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

                            <i class="icon-minus-circled"></i> ${_('Revoke')}

                            </span>

                          %endif

                        </td>

                    </tr>

                    %endif

                %endfor

<dl class="dl-horizontal">

<%

 elems = [

    (_('Python version'), c.py_version, ''),

    (_('Platform'), c.platform, ''),

    (_('Git version'), c.git_version, ''),

    (_('Git path'), c.ini.get('git_path'), ''),

    (_('Upgrade info endpoint'), h.literal('%s <br/><span style="color:#999999">%s.</span>' % (c.update_url, _('Note: please make sure this server can access this URL'))), '')

 ]

%>

<div id="update_notice" style="display: none">

    <div style="padding: 5px 0px 5px 0px; color: #000000; font-weight: bold">${_('Checking for updates...')}</div>

</div>

%for dt, dd, tt in elems:

                    ##forbid revoking permission from yourself, except if you're an super admin

                    <tr id="id${id(r2p.user.username)}">

                        %if c.authuser.user_id != r2p.user.user_id or c.authuser.is_admin:

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin')}</td>

                        <td style="white-space: nowrap;">

                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

                            %if h.HasPermissionAny('hg.admin')() and r2p.user.username != 'default':

                             <a href="${h.url('edit_user',id=r2p.user.user_id)}">${r2p.user.username}</a>

                            %else:

                            %endif

                        </td>

                        <td>

                          %if r2p.user.username !='default':

                            <span style="color:#da4f49" class="action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}', '${r2p.user.username}')">

                             <i class="icon-minus-circled"></i> ${_('Revoke')}

                            </span>

                          %endif

                        </td>

                        %else:

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none', disabled="disabled")}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read', disabled="disabled")}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write', disabled="disabled")}</td>

                        <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin', disabled="disabled")}</td>

                        <td style="white-space: nowrap;">

                            ${h.gravatar(r2p.user.email, cls="perm-gravatar", size=14)}

                        </td>

                        <td><i class="icon-user"></i> ${_('Delegated Admin')}</td>

                        %endif

                    </tr>

                %endfor

                ## USER GROUPS

                %for g2p in c.user_group.user_group_user_group_to_perm:

                    <tr id="id${id(g2p.user_group.users_group_name)}">

                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.none')}</td>

                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.read')}</td>

                        <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.write')}</td>

        <span class="btn btn-mini btn-success disabled">${_('Primary')}</span>

    </td>

    </tr>

    %if c.user_email_map:

        %for em in c.user_email_map:

          <tr>

            <td><div class="gravatar">${h.gravatar(c.user.email, size=16)}</div></td>

            <td><div class="email">${em.email}</div></td>

            <td>

                ${h.form(url('edit_user_emails', id=c.user.user_id),method='delete')}

                    ${h.hidden('del_email_id',em.email_id)}

                    <i class="icon-minus-circled" style="color:#FF4444"></i>

                    class_="action_button", onclick="return  confirm('"+_('Confirm to delete this email: %s') % em.email+"');")}

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %else:

    <tr><td><div class="ip">${_('No additional emails specified.')}</div></td></tr>

    %endif

  </table>

</div>

<div>

        %endfor

    %endif

    %if c.user_ip_map:

        %for ip in c.user_ip_map:

          <tr>

            <td><div class="ip">${ip.ip_addr}</div></td>

            <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>

            <td>

                ${h.form(url('edit_user_ips', id=c.user.user_id),method='delete')}

                    ${h.hidden('del_ip_id',ip.ip_id)}

                    <i class="icon-minus-circled" style="color:#FF4444"></i>

                    class_="action_button", onclick="return  confirm('"+_('Confirm to delete this IP address: %s') % ip.ip_addr+"');")}

                ${h.end_form()}

            </td>

          </tr>

        %endfor

    %endif

    %if not c.default_user_ip_map and not c.user_ip_map:

        <tr><td><div class="ip">${_('All IP addresses are allowed.')}</div></td></tr>

    %endif

  </table>

</div>

<%def name="atom(name)">

  %if c.authuser.username != 'default':

    <a title="${_('Subscribe to %s atom feed')% name}" href="${h.url('atom_feed_home',repo_name=name,api_key=c.authuser.api_key)}"><i class="icon-rss-squared"></i></a>

  %else:

    <a title="${_('Subscribe to %s atom feed')% name}" href="${h.url('atom_feed_home',repo_name=name)}"><i class="icon-rss-squared"></i></a>

  %endif

</%def>

<%def name="repo_actions(repo_name, super_user=True)">

  <div>

    <div style="float:left; margin-right:5px;" class="grid_edit">

      <a href="${h.url('edit_repo',repo_name=repo_name)}" title="${_('Edit')}">

      </a>

    </div>

    <div style="float:left" class="grid_delete">

      ${h.form(h.url('repo', repo_name=repo_name),method='delete')}

        <i class="icon-minus-circled" style="color:#FF4444"></i>

        onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}

      ${h.end_form()}

    </div>

  </div>

</%def>

<%def name="repo_state(repo_state)">

  <div>

    %if repo_state == 'repo_state_pending':

        <div class="btn btn-mini btn-info disabled">${_('Creating')}</div>

    %elif repo_state == 'repo_state_created':

        <div class="btn btn-mini btn-success disabled">${_('Created')}</div>

    %else:

        <div class="btn btn-mini btn-danger disabled" title="${repo_state}">invalid</div>

    %endif

  </div>

</%def>

<%def name="user_actions(user_id, username)">

 <div style="float:left" class="grid_edit">

   <a href="${h.url('edit_user',id=user_id)}" title="${_('Edit')}">

   </a>

 </div>

 <div style="float:left" class="grid_delete">

  ${h.form(h.url('delete_user', id=user_id),method='delete')}

    <i class="icon-minus-circled" style="color:#FF4444"></i>

    onclick="return confirm('"+_('Confirm to delete this user: %s') % username+"');")}

  ${h.end_form()}

 </div>

</%def>

<%def name="user_group_actions(user_group_id, user_group_name)">

 <div style="float:left" class="grid_edit">

    <a href="${h.url('edit_users_group', id=user_group_id)}" title="${_('Edit')}">

    <i class="icon-pencil"></i>

    </a>

 </div>

 <div style="float:left" class="grid_delete">

    ${h.form(h.url('users_group', id=user_group_id),method='delete')}

      <i class="icon-minus-circled" style="color:#FF4444"></i>

      onclick="return confirm('"+_('Confirm to delete this user group: %s') % user_group_name+"');")}

    ${h.end_form()}

 </div>

</%def>

<%def name="repo_group_actions(repo_group_id, repo_group_name, gr_count)">

 <div style="float:left" class="grid_edit">

    <a href="${h.url('edit_repo_group',group_name=repo_group_name)}" title="${_('Edit')}">

    <i class="icon-pencil"></i>

    </a>

 </div>

 <div style="float:left" class="grid_delete">

    ${h.form(h.url('repos_group', group_name=repo_group_name),method='delete')}

        <i class="icon-minus-circled" style="color:#FF4444"></i>

        onclick="return confirm('"+ungettext('Confirm to delete this group: %s with %s repository','Confirm to delete this group: %s with %s repositories',gr_count) % (repo_group_name, gr_count)+"');")}

    ${h.end_form()}

 </div>

</%def>

<%def name="user_name(user_id, username)">

    ${h.link_to(username,h.url('edit_user', id=user_id))}

</%def>

<%def name="repo_group_name(repo_group_name, children_groups)">

  <div style="white-space: nowrap">

  <a href="${h.url('repos_group_home',group_name=repo_group_name)}">

        response = self.app.get(url('edit_user_ips', id=user_id))

        response.mustcontain('All IP addresses are allowed')

        response.mustcontain(no=[ip])

        response.mustcontain(no=[ip_range])

    def test_api_keys(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        response = self.app.get(url('edit_user_api_keys', id=user.user_id))

        response.mustcontain(user.api_key)

    @parameterized.expand([

        ('forever', -1),

        ('5mins', 60*5),

        ('30days', 60*60*24*30),

    ])

    def test_add_api_keys(self, desc, lifetime):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        self.assertEqual(0, len(keys))

    def test_reset_main_api_key(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        api_key = user.api_key

        response = self.app.get(url('edit_user_api_keys', id=user_id))

        response.mustcontain(api_key)

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])

        response.mustcontain('An email address must contain a single @')

        from kallithea.model import validators

        msg = validators.ValidUsername(edit=False, old_data={})\

                ._messages['username_exists']

        msg = h.html_escape(msg % {'username': 'test_admin'})

        response.mustcontain(u"%s" % msg)

    def test_my_account_api_keys(self):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(user.api_key)

    @parameterized.expand([

        ('forever', -1),

        ('5mins', 60*5),

        ('30days', 60*60*24*30),

    ])

    def test_my_account_add_api_keys(self, desc, lifetime):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        response = self.app.post(url('my_account_api_keys'),

                                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().all()

        self.assertEqual(0, len(keys))

    def test_my_account_reset_main_api_key(self):

        usr = self.log_user('test_regular2', 'test12')

        user = User.get(usr['user_id'])

        api_key = user.api_key

        response = self.app.get(url('my_account_api_keys'))

        response.mustcontain(api_key)

        response = self.app.post(url('my_account_api_keys'),

                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])