#!/usr/bin/env python

# encoding: utf-8

# summary controller for pylons

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

# 

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 18, 2010

summary controller for pylons

@author: marcink

"""

from pylons import tmpl_context as c, request, url

from vcs.exceptions import ChangesetError

from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator

from rhodecode.lib.base import BaseController, render

from rhodecode.lib.utils import OrderedDict, EmptyChangeset

from rhodecode.model.hg import HgModel

from rhodecode.model.db import Statistics

from webhelpers.paginate import Page

from rhodecode.lib.celerylib import run_task

from rhodecode.lib.celerylib.tasks import get_commits_stats

from datetime import datetime, timedelta

from time import mktime

import calendar

import logging

try:

    import json

except ImportError:

    #python 2.5 compatibility

    import simplejson as json

log = logging.getLogger(__name__)

class SummaryController(BaseController):

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def __before__(self):

        super(SummaryController, self).__before__()

    def index(self):

        hg_model = HgModel()

        c.repo_info = hg_model.get_repo(c.repo_name)

        def url_generator(**kw):

            return url('shortlog_home', repo_name=c.repo_name, **kw)

        c.repo_changesets = Page(c.repo_info, page=1, items_per_page=10,

                                 url=url_generator)

        e = request.environ

                                        'protocol': e.get('wsgi.url_scheme'),

                                        'user':str(c.rhodecode_user.username),

                                        'host':e.get('HTTP_HOST'),

                                        'prefix':e.get('SCRIPT_NAME'),

                                        'repo_name':c.repo_name, }

        c.clone_repo_url = uri

        c.repo_tags = OrderedDict()

        for name, hash in c.repo_info.tags.items()[:10]:

            try:

                c.repo_tags[name] = c.repo_info.get_changeset(hash)

            except ChangesetError:

                c.repo_tags[name] = EmptyChangeset(hash)

        c.repo_branches = OrderedDict()

        for name, hash in c.repo_info.branches.items()[:10]:

            try:

                c.repo_branches[name] = c.repo_info.get_changeset(hash)

            except ChangesetError:

                c.repo_branches[name] = EmptyChangeset(hash)

        td = datetime.today() + timedelta(days=1)

        y, m, d = td.year, td.month, td.day

        ts_min_y = mktime((y - 1, (td - timedelta(days=calendar.mdays[m])).month,

                            d, 0, 0, 0, 0, 0, 0,))

        ts_min_m = mktime((y, (td - timedelta(days=calendar.mdays[m])).month,

                            d, 0, 0, 0, 0, 0, 0,))

        ts_max_y = mktime((y, m, d, 0, 0, 0, 0, 0, 0,))

        run_task(get_commits_stats, c.repo_info.name, ts_min_y, ts_max_y)

        c.ts_min = ts_min_m

        c.ts_max = ts_max_y

        stats = self.sa.query(Statistics)\

            .filter(Statistics.repository == c.repo_info.dbrepo)\

            .scalar()

        if stats and stats.languages:

            lang_stats = json.loads(stats.languages)

            c.commit_data = stats.commit_activity

            c.overview_data = stats.commit_activity_combined

            c.trending_languages = json.dumps(OrderedDict(

                                       sorted(lang_stats.items(), reverse=True,

                                            key=lambda k: k[1])[:2]

                                        )

                                    )

        else:

            c.commit_data = json.dumps({})

            c.overview_data = json.dumps([[ts_min_y, 0], [ts_max_y, 0] ])

            c.trending_languages = json.dumps({})

        return render('summary/summary.html')

#!/usr/bin/env python

# encoding: utf-8

# authentication and permission libraries

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on April 4, 2010

@author: marcink

"""

from pylons import config, session, url, request

from pylons.controllers.util import abort, redirect

from rhodecode.lib.utils import get_repo_slug

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.caching_query import FromCache

from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \

    UserToPerm

import bcrypt

from decorator import decorator

import logging

import random

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """This is a simple class for generating password from

        different sets of characters

        usage:

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters of alphabet

        print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)        

    """

    ALPHABETS_NUM = r'''1234567890'''#[0]

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]

    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]

    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, len, type):

        self.passwd = ''.join([random.choice(type) for _ in xrange(len)])

        return self.passwd

def get_crypt_password(password):

    """Cryptographic function used for password hashing based on sha1

    :param password: password to hash

    """

    return bcrypt.hashpw(password, bcrypt.gensalt(10))

def check_password(password, hashed):

    return bcrypt.hashpw(password, hashed) == hashed

def authfunc(environ, username, password):

    user = UserModel().get_by_username(username, cache=False)

    if user:

        if user.active:

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.error('user %s is disabled', username)

    return False

class  AuthUser(object):

    """

    A simple object that handles a mercurial username for authentication

    """

    def __init__(self):

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.user_id = None

        self.is_authenticated = False

        self.is_admin = False

        self.permissions = {}

    def __repr__(self):

        return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't wannt to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config:

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session()

        all_perms = sa.query(Permission).all()

    except:

        pass

    finally:

        meta.Session.remove()

    config['available_permissions'] = [x.permission_name for x in all_perms]

def set_base_path(config):

    config['base_path'] = config['pylons.app_globals'].base_path

def fill_perms(user):

    """

    Fills user permission attribute with permissions taken from database

    :param user:

    """

    sa = meta.Session()

    user.permissions['repositories'] = {}

    user.permissions['global'] = set()

    #===========================================================================

    # fetch default permissions

    #===========================================================================

    default_user = UserModel(sa).get_by_username('default', cache=True)

    default_perms = sa.query(RepoToPerm, Repository, Permission)\

        .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

        .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

        .filter(RepoToPerm.user == default_user).all()

    if user.is_admin:

        #=======================================================================

        # #admin have all default rights set to admin        

        #=======================================================================

        user.permissions['global'].add('hg.admin')

        for perm in default_perms:

            p = 'repository.admin'

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

    else:

        #=======================================================================

        # set default permissions

        #=======================================================================

        #default global

        default_global_perms = sa.query(UserToPerm)\

            .filter(UserToPerm.user == sa.query(User).filter(User.username ==

            'default').one())

        for perm in default_global_perms:

            user.permissions['global'].add(perm.permission.permission_name)

        #default repositories

        for perm in default_perms:

            if perm.Repository.private and not perm.Repository.user_id == user.user_id:

                #disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == user.user_id:

                #set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

        #=======================================================================

        # #overwrite default with user permissions if any

        #=======================================================================

        user_perms = sa.query(RepoToPerm, Permission, Repository)\

            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

            .filter(RepoToPerm.user_id == user.user_id).all()

        for perm in user_perms:

            if perm.Repository.user_id == user.user_id:#set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

    meta.Session.remove()

    return user

def get_user(session):

    """

    Gets user from session, and wraps permissions into user

    :param session:

    """

    user = session.get('rhodecode_user', AuthUser())

    #if the user is not logged in we check for anonymous access

    #if user is logged and it's a default user check if we still have anonymous

    #access enabled

    if user.user_id is None or user.username == 'default':

        anonymous_user = UserModel().get_by_username('default', cache=True)

        if anonymous_user.active is True:

            #then we set this user is logged in

            user.is_authenticated = True

        else:

            user.is_authenticated = False

    if user.is_authenticated:

        user = UserModel().fill_data(user)

    user = fill_perms(user)

    session['rhodecode_user'] = user

    session.save()

    return user

#===============================================================================

# CHECK DECORATORS

#===============================================================================

class LoginRequired(object):

    """Must be logged in to execute this function else redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        user = session.get('rhodecode_user', AuthUser())

        log.debug('Checking login required for user:%s', user.username)

        if user.is_authenticated:

            log.debug('user %s is authenticated', user.username)

            return func(*fargs, **fkwargs)

        else:

            log.warn('user %s not authenticated', user.username)

            p = ''

            if request.environ.get('SCRIPT_NAME') != '/':

                p += request.environ.get('SCRIPT_NAME')

            p += request.environ.get('PATH_INFO')

            if request.environ.get('QUERY_STRING'):

                p += '?' + request.environ.get('QUERY_STRING')

            log.debug('redirecting to login page with %s', p)

            return redirect(url('login_home', came_from=p))

class PermsDecorator(object):

    """Base class for decorators"""

    def __init__(self, *required_perms):

        available_perms = config['available_permissions']

        for perm in required_perms:

            if perm not in available_perms:

                raise Exception("'%s' permission is not defined" % perm)

        self.required_perms = set(required_perms)

        self.user_perms = None

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

#!/usr/bin/env python

# encoding: utf-8

# middleware to handle mercurial api calls

# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

"""

Created on 2010-04-28

@author: marcink

SimpleHG middleware for handling mercurial protocol request (push/clone etc.)

It's implemented with basic auth function

"""

from itertools import chain

from mercurial.error import RepoError

from mercurial.hgweb import hgweb

from mercurial.hgweb.request import wsgiapplication

from paste.auth.basic import AuthBasicAuthenticator

from paste.httpheaders import REMOTE_USER, AUTH_TYPE

from rhodecode.lib.auth import authfunc, HasPermissionAnyMiddleware

from rhodecode.lib.utils import is_mercurial, make_ui, invalidate_cache, \

    check_repo_fast, ui_sections

from rhodecode.model.user import UserModel

from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError

import logging

import os

import traceback

log = logging.getLogger(__name__)

class SimpleHg(object):

    def __init__(self, application, config):

        self.application = application

        self.config = config

        self.authenticate = AuthBasicAuthenticator('', authfunc)

        self.ipaddr = '0.0.0.0'

        self.repository = None

        self.username = None

        self.action = None

    def __call__(self, environ, start_response):

        if not is_mercurial(environ):

            return self.application(environ, start_response)

        proxy_key = 'HTTP_X_REAL_IP'

        def_key = 'REMOTE_ADDR'

        self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))

        #===================================================================

        # AUTHENTICATE THIS MERCURIAL REQUEST

        #===================================================================

        username = REMOTE_USER(environ)

        if not username:

            self.authenticate.realm = self.config['rhodecode_realm']

            result = self.authenticate(environ)

            if isinstance(result, str):

                AUTH_TYPE.update(environ, 'basic')

                REMOTE_USER.update(environ, result)

            else:

                return result.wsgi_application(environ, start_response)

        #=======================================================================

        # GET REPOSITORY

        #=======================================================================

        try:

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

            self.repository = repo_name

        except:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #===================================================================

        # CHECK PERMISSIONS FOR THIS REQUEST

        #===================================================================

        self.action = self.__get_action(environ)

        if self.action:

            username = self.__get_environ_user(environ)

            try:

                user = self.__get_user(username)

                self.username = user.username

            except:

                log.error(traceback.format_exc())

                return HTTPInternalServerError()(environ, start_response)

            #check permissions for this repository

            if self.action == 'push':

                if not HasPermissionAnyMiddleware('repository.write',

                                                  'repository.admin')\

                                                    (user, repo_name):

                    return HTTPForbidden()(environ, start_response)

            else:

                #any other action need at least read permission

                if not HasPermissionAnyMiddleware('repository.read',

                                                  'repository.write',

                                                  'repository.admin')\

                                                    (user, repo_name):

                    return HTTPForbidden()(environ, start_response)

        self.extras = {'ip':self.ipaddr,

                       'username':self.username,

                       'action':self.action,

                       'repository':self.repository}

        #===================================================================

        # MERCURIAL REQUEST HANDLING

        #===================================================================

        environ['PATH_INFO'] = '/'#since we wrap into hgweb, reset the path

        self.baseui = make_ui('db')

        self.basepath = self.config['base_path']

        self.repo_path = os.path.join(self.basepath, repo_name)

        #quick check if that dir exists...

        if check_repo_fast(repo_name, self.basepath):

            return HTTPNotFound()(environ, start_response)

        try:

            app = wsgiapplication(self.__make_app)

        except RepoError, e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

        #invalidate cache on push

        if self.action == 'push':

            self.__invalidate_cache(repo_name)

            messages = []

            messages.append('thank you for using rhodecode')

            return self.msg_wrapper(app, environ, start_response, messages)

        else:

            return app(environ, start_response)

    def msg_wrapper(self, app, environ, start_response, messages=[]):

        """

        Wrapper for custom messages that come out of mercurial respond messages

        is a list of messages that the user will see at the end of response 

        from merurial protocol actions that involves remote answers

        :param app:

        :param environ:

        :param start_response:

        """

        def custom_messages(msg_list):

            for msg in msg_list:

                yield msg + '\n'

        org_response = app(environ, start_response)

        return chain(org_response, custom_messages(messages))

    def __make_app(self):

        hgserve = hgweb(str(self.repo_path), baseui=self.baseui)

        return  self.__load_web_settings(hgserve, self.extras)

    def __get_environ_user(self, environ):

        return environ.get('REMOTE_USER')

    def __get_user(self, username):

        return UserModel().get_by_username(username, cache=True)

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a clone,pull or push command.

        This should always return a valid command string

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if mapping.has_key(cmd):

                    return mapping[cmd]

                else:

                    return cmd

    def __invalidate_cache(self, repo_name):

        """we know that some change was made to repositories and we should

        invalidate the cache to see the changes right away but only for

        push requests"""

        invalidate_cache('get_repo_cached_%s' % repo_name)

    def __load_web_settings(self, hgserve, extras={}):

        #set the global ui for hgserve instance passed

        hgserve.repo.ui = self.baseui

        hgrc = os.path.join(self.repo_path, '.hg', 'hgrc')

        #inject some additional parameters that will be available in ui

        #for hooks

        for k, v in extras.items():

            hgserve.repo.ui.setconfig('rhodecode_extras', k, v)

        repoui = make_ui('file', hgrc, False)

        if repoui:

            #overwrite our ui instance with the section from hgrc file

            for section in ui_sections:

                for k, v in repoui.configitems(section):

                    hgserve.repo.ui.setconfig(section, k, v)

        return hgserve