# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.users

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Users crud controller for pylons

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from pylons import request, tmpl_context as c, url, config

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

from sqlalchemy.sql.expression import func

import kallithea

from kallithea.lib.exceptions import DefaultUserException, \

    UserOwnsReposException, UserCreationError

from kallithea.lib import helpers as h

from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \

    AuthUser

import kallithea.lib.auth_modules.auth_internal

from kallithea.lib import auth_modules

from kallithea.lib.base import BaseController, render

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm

from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

from kallithea.lib.utils import action_logger

from kallithea.lib.compat import json

from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

    def index(self, format='html'):

        """GET /users: All items in the collection"""

        # url('users')

        c.users_list = User.query().order_by(User.username)\

                        .filter(User.username != User.DEFAULT_USER)\

                        .order_by(func.lower(User.username))\

                        .all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = '<div class="gravatar">%s</div>'

        except formencode.Invalid, errors:

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': user_model.has_perm(id,

                                                        'hg.create.repository'),

                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

                '_method': 'put'

            })

            return htmlfill.render(

                render('admin/users/user_edit.html'),

                defaults=defaults,

                errors=e,

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('edit_user', id=id))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('delete_user', id=ID),

        #           method='delete')

        # url('user', id=ID)

        usr = User.get_or_404(id)

        try:

            UserModel().delete(usr)

            Session().commit()

            h.flash(_('Successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException), e:

            h.flash(e, category='warning')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

        User.get_or_404(-1)

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.active = 'profile'

        c.extern_type = c.user.extern_type

        c.extern_name = c.user.extern_name

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.active = 'advanced'

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_api_keys(self, id):

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,

                                                     show_expired=show_expired)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_api_key(self, id):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

            if user:

                user.api_key = generate_api_key(user.username)

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.active = 'perms'

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def update_perms(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('user_perm', id=ID, method='put')

        user = User.get_or_404(id)

        try:

            form = CustomDefaultPermissionsForm()()

            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']

            user.inherit_default_permissions = inherit_perms

            Session().add(user)

            user_model = UserModel()

            defs = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .all()

            for ug in defs:

                Session().delete(ug)

            if form_result['create_repo_perm']:

                user_model.grant_perm(id, 'hg.create.repository')

            else:

                user_model.grant_perm(id, 'hg.create.none')

            if form_result['create_user_group_perm']:

                user_model.grant_perm(id, 'hg.usergroup.create.true')

            else:

                user_model.grant_perm(id, 'hg.usergroup.create.false')

            if form_result['fork_repo_perm']:

                user_model.grant_perm(id, 'hg.fork.repository')

            else:

                user_model.grant_perm(id, 'hg.fork.none')

            h.flash(_("Updated permissions"), category='success')

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during permissions saving'),

                    category='error')

        return redirect(url('edit_user_perms', id=id))

    def edit_emails(self, id):

        c.active = 'emails'

        c.user_email_map = UserEmailMap.query()\

            .filter(UserEmailMap.user == c.user).all()

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_email(self, id):

        """POST /user_emails:Add an existing item"""

        # url('user_emails', id=ID, method='put')

        email = request.POST.get('new_email')

        user_model = UserModel()

        try:

            user_model.add_extra_email(id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('edit_user_emails', id=id))

    def delete_email(self, id):

        """DELETE /user_emails_delete/id: Delete an existing item"""

        # url('user_emails_delete', id=ID, method='delete')

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('edit_user_emails', id=id))

    def edit_ips(self, id):

        c.active = 'ips'

        c.user_ip_map = UserIpMap.query()\

            .filter(UserIpMap.user == c.user).all()

        c.inherit_default_ips = c.user.inherit_default_permissions

        c.default_user_ip_map = UserIpMap.query()\

            .filter(UserIpMap.user == User.get_default_user()).all()

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_ip(self, id):

        """POST /user_ips:Add an existing item"""

        # url('user_ips', id=ID, method='put')

        ip = request.POST.get('new_ip')

        user_model = UserModel()

        try:

            user_model.add_extra_ip(id, ip)

            Session().commit()

            h.flash(_("Added IP address %s to user whitelist") % ip, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['ip']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during ip saving'),

                    category='error')

        if 'default_user' in request.POST:

            return redirect(url('admin_permissions_ips'))

        return redirect(url('edit_user_ips', id=id))

    def delete_ip(self, id):

        """DELETE /user_ips_delete/id: Delete an existing item"""

        # url('user_ips_delete', id=ID, method='delete')

        ip_id = request.POST.get('del_ip_id')

        user_model = UserModel()

        user_model.delete_extra_ip(id, ip_id)

        Session().commit()

        h.flash(_("Removed IP address from user whitelist"), category='success')

        if 'default_user' in request.POST:

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.exceptions

~~~~~~~~~~~~~~~~~~~~~~~~

Set of custom exceptions used in Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Nov 17, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

from webob.exc import HTTPClientError

class LdapUsernameError(Exception):

    pass

class LdapPasswordError(Exception):

    pass

class LdapConnectionError(Exception):

    pass

class LdapImportError(Exception):

    pass

class DefaultUserException(Exception):

    pass

class UserOwnsReposException(Exception):

    pass

class UserGroupsAssignedException(Exception):

    pass

class StatusChangeOnClosedPullRequestError(Exception):

    pass

class AttachedForksError(Exception):

    pass

class RepoGroupAssignmentError(Exception):

    pass

class NonRelativePathError(Exception):

    pass

class HTTPLockedRC(HTTPClientError):

    """

    Special Exception For locked Repos in Kallithea, the return code can

    be overwritten by _code keyword argument passed into constructors

    """

    code = 423

    title = explanation = 'Repository Locked'

    def __init__(self, reponame, username, *args, **kwargs):

        from kallithea import CONFIG

        from kallithea.lib.utils2 import safe_int

        _code = CONFIG.get('lock_ret_code')

        self.code = safe_int(_code, self.code)

        self.title = self.explanation = ('Repository `%s` locked by '

                                         'user `%s`' % (reponame, username))

        super(HTTPLockedRC, self).__init__(*args, **kwargs)

class IMCCommitError(Exception):

    pass

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.db

~~~~~~~~~~~~~~~~~~

Database Models for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 08, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import time

import logging

import datetime

import traceback

import hashlib

import collections

import functools

from sqlalchemy import *

from sqlalchemy.ext.hybrid import hybrid_property

from sqlalchemy.orm import relationship, joinedload, class_mapper, validates

from beaker.cache import cache_region, region_invalidate

from webob.exc import HTTPNotFound

from pylons.i18n.translation import lazy_ugettext as _

from kallithea import DB_PREFIX

from kallithea.lib.vcs import get_backend

from kallithea.lib.vcs.utils.helpers import get_scm

from kallithea.lib.vcs.exceptions import VCSError

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.lib.vcs.backends.base import EmptyChangeset

from kallithea.lib.utils2 import str2bool, safe_str, get_changeset_safe, \

    safe_unicode, remove_prefix, time_to_datetime, aslist, Optional, safe_int, \

    get_clone_url, urlreadable

from kallithea.lib.compat import json

from kallithea.lib.caching_query import FromCache

from kallithea.model.meta import Base, Session

URL_SEP = '/'

log = logging.getLogger(__name__)

#==============================================================================

# BASE CLASSES

#==============================================================================

_hash_key = lambda k: hashlib.md5(safe_str(k)).hexdigest()

class BaseModel(object):

    """

    Base Model for all classes

    """

    @classmethod

    def _get_keys(cls):

        """return column names for this model """

        return class_mapper(cls).c.keys()

    def get_dict(self):

        """

        return dict with keys and values corresponding

        to this model data """

        d = {}

        for k in self._get_keys():

            d[k] = getattr(self, k)

        # also use __json__() if present to get additional fields

        _json_attr = getattr(self, '__json__', None)

        if _json_attr:

            # update with attributes from __json__

            if callable(_json_attr):

    @property

    def full_name_or_username(self):

        return ('%s %s' % (self.firstname, self.lastname)

                if (self.firstname and self.lastname) else self.username)

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.firstname, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    @property

    def AuthUser(self):

        """

        Returns instance of AuthUser for this user

        """

        from kallithea.lib.auth import AuthUser

        return AuthUser(user_id=self.user_id, api_key=self.api_key,

                        username=self.username)

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

        try:

            return json.loads(self._user_data)

        except TypeError:

            return {}

    @user_data.setter

    def user_data(self, val):

        try:

            self._user_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.user_id, self.username)

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.username.ilike(username))

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_user_%s" % _hash_key(username)

                          )

            )

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False, fallback=True):

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        res = q.scalar()

        if fallback and not res:

            #fallback to additional keys

            _res = UserApiKeys.query()\

                .filter(UserApiKeys.api_key == api_key)\

                .filter(or_(UserApiKeys.expires == -1,

                            UserApiKeys.expires >= time.time()))\

                .first()

            if _res:

                res = _res.user

        return res

    @classmethod

    def get_by_email(cls, email, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.email.ilike(email))

        else:

            q = cls.query().filter(cls.email == email)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_email_key_%s" % email))

        ret = q.scalar()

        if ret is None:

            q = UserEmailMap.query()

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from sqlalchemy.orm.exc import NoResultFound

from kallithea.tests import *

from kallithea.tests.fixture import Fixture

from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys

from kallithea.lib.auth import check_password

from kallithea.model.user import UserModel

from kallithea.model import validators

from kallithea.lib import helpers as h

from kallithea.model.meta import Session

fixture = Fixture()

class TestAdminUsersController(TestController):

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_index(self):

        self.log_user()

        response = self.app.get(url('users'))

        # Test response...

    def test_create(self):

        self.log_user()

        username = 'newtestuser'

        password = 'test12'

        password_confirmation = password

        name = 'name'

        lastname = 'lastname'

        email = 'mail@mail.com'

        response = self.app.post(url('users'),

            {'username': username,

             'password': password,

             'password_confirmation': password_confirmation,

             'firstname': name,

             'active': True,

             'lastname': lastname,

             'extern_name': 'internal',

             'extern_type': 'internal',

             'email': email,

             '_authentication_token': self.authentication_token()})

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        try:

            response = response.follow()

            user = User.get(user_id)

            for api_key in user.api_keys:

                response.mustcontain(api_key)

        finally:

            for api_key in UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all():

                Session().delete(api_key)

                Session().commit()

    def test_remove_api_key(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully created')

        response = response.follow()

        #now delete our key

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        self.assertEqual(1, len(keys))

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'delete', 'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully deleted')

        keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()

        self.assertEqual(0, len(keys))

    def test_reset_main_api_key(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

        user_id = user.user_id

        api_key = user.api_key

        response = self.app.get(url('edit_user_api_keys', id=user_id))

        response.mustcontain(api_key)

        response.mustcontain('Expires: Never')

        response = self.app.post(url('edit_user_api_keys', id=user_id),

                 {'_method': 'delete', 'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'API key successfully reset')

        response = response.follow()

        response.mustcontain(no=[api_key])