h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('my_account_emails'))

    def my_account_emails_delete(self):

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(self.authuser.user_id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('my_account_emails'))

    def my_account_api_keys(self):

        c.active = 'api_keys'

        self.__load_data()

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id,

                                                     show_expired=show_expired)

        return render('admin/my_account/my_account.html')

    def my_account_api_keys_add(self):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(self.authuser.user_id, description, lifetime)

        Session().commit()

        h.flash(_("Api key successfully created"), category='success')

        return redirect(url('my_account_api_keys'))

    def my_account_api_keys_delete(self):

        api_key = request.POST.get('del_api_key')

        user_id = self.authuser.user_id

        if request.POST.get('del_api_key_builtin'):

            user = User.get(user_id)

            if user:

                Session().add(user)

                Session().commit()

                h.flash(_("Api key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, self.authuser.user_id)

            Session().commit()

            h.flash(_("Api key successfully deleted"), category='success')

        return redirect(url('my_account_api_keys'))

    def edit_api_keys(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,

                                                     show_expired=show_expired)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_api_key(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        h.flash(_("Api key successfully created"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

            if user:

                Session().add(user)

                Session().commit()

                h.flash(_("Api key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("Api key successfully deleted"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.user = User.get_or_404(id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.active = 'perms'

        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def update_perms(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('user_perm', id=ID, method='put')

        user = User.get_or_404(id)

        try:

            form = CustomDefaultPermissionsForm()()

            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']

            user.inherit_default_permissions = inherit_perms

            Session().add(user)

    def full_contact(self):

        return '%s %s <%s>' % (self.name, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.name, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        try:

            return "<%s('id:%s:%s')>" % (self.__class__.__name__,

                                             self.user_id, self.username)

        except:

            return self.__class__.__name__

    @classmethod

    def get_by_username(cls, username, case_insensitive=False):

        if case_insensitive:

            return Session.query(cls).filter(cls.username.ilike(username)).scalar()

        else:

            return Session.query(cls).filter(cls.username == username).scalar()

    @classmethod

    def get_by_api_key(cls, api_key):

        return cls.query().filter(cls.api_key == api_key).one()

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session.add(self)

        Session.commit()

        log.debug('updated user %s lastlogin' % self.username)

    @classmethod

    def create(cls, form_data):

        from kallithea.lib.auth import get_crypt_password

        try:

            new_user = cls()

            for k, v in form_data.items():

                if k == 'password':

                    v = get_crypt_password(v)

                setattr(new_user, k, v)

            Session.add(new_user)

            Session.commit()

            return new_user

        except:

            log.error(traceback.format_exc())

            Session.rollback()

            raise

class UserLog(Base, BaseModel):

    __tablename__ = 'user_logs'

    __table_args__ = {'extend_existing':True}

    user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)

    @property

    def action_as_day(self):

        return date(*self.action_date.timetuple()[:3])

    user = relationship('User')

    repository = relationship('Repository')

class UserGroup(Base, BaseModel):

    __tablename__ = 'users_groups'

    __table_args__ = {'extend_existing':True}

    users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)

    members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")

    def __repr__(self):

        return '<userGroup(%s)>' % (self.users_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        if case_insensitive:

            gr = cls.query()\

                .filter(cls.users_group_name.ilike(group_name))

        else:

            gr = cls.query()\

                .filter(cls.users_group_name == group_name)

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.utils

~~~~~~~~~~~~~~~~~~~

Some simple helper functions

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jan 5, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import re

import sys

import time

import uuid

import datetime

import webob

import urlobject

from pylons.i18n.translation import _, ungettext

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.lib.compat import json

def __get_lem():

    """

    Get language extension map based on what's inside pygments lexers

    """

    from pygments import lexers

    from string import lower

    from collections import defaultdict

    d = defaultdict(lambda: [])

    def __clean(s):

        s = s.lstrip('*')

        s = s.lstrip('.')

        if s.find('[') != -1:

            exts = []

            start, stop = s.find('['), s.find(']')

            for suffix in s[start + 1:stop]:

                exts.append(s[:s.find('[')] + suffix)

            return map(lower, exts)

        else:

            return map(lower, [s])

    for lx, t in sorted(lexers.LEXERS.items()):

        m = map(__clean, t[-2])

        if m:

            m = reduce(lambda x, y: x + y, m)

            for ext in m:

                desc = lx.replace('Lexer', '')

                d[ext].append(desc)

    return dict(d)

def str2bool(_str):

    """

    returs True/False value from given string, it tries to translate the

    string into boolean

    :param _str: string value to translate into boolean

def convert_line_endings(line, mode):

    """

    Converts a given line  "line end" according to given mode

    Available modes are::

        0 - Unix

        1 - Mac

        2 - DOS

    :param line: given line to convert

    :param mode: mode to convert to

    :rtype: str

    :return: converted line according to mode

    """

    from string import replace

    if mode == 0:

            line = replace(line, '\r\n', '\n')

            line = replace(line, '\r', '\n')

    elif mode == 1:

            line = replace(line, '\r\n', '\r')

            line = replace(line, '\n', '\r')

    elif mode == 2:

            line = re.sub("\r(?!\n)|(?<!\r)\n", "\r\n", line)

    return line

def detect_mode(line, default):

    """

    Detects line break for given line, if line break couldn't be found

    given default value is returned

    :param line: str line

    :param default: default

    :rtype: int

    :return: value of line end on of 0 - Unix, 1 - Mac, 2 - DOS

    """

    if line.endswith('\r\n'):

        return 2

    elif line.endswith('\n'):

        return 0

    elif line.endswith('\r'):

        return 1

    else:

        return default

    """

    """

def safe_int(val, default=None):

    """

    Returns int() of val if val is not convertable to int use default

    instead

    :param val:

    :param default:

    """

    try:

        val = int(val)

    except (ValueError, TypeError):

        val = default

    return val

def safe_unicode(str_, from_encoding=None):

    """

    safe unicode function. Does few trick to turn str_ into unicode

    In case of UnicodeDecode error we try to return it with encoding detected

    by chardet library if it fails fallback to unicode with errors replaced

    :param str_: string to decode

    :rtype: unicode

    :returns: unicode object

    """

    if isinstance(str_, unicode):

        return str_

    if not from_encoding:

        import kallithea

        DEFAULT_ENCODINGS = aslist(kallithea.CONFIG.get('default_encoding',

                                                        'utf8'), sep=',')

        from_encoding = DEFAULT_ENCODINGS

    if not isinstance(from_encoding, (list, tuple)):

        from_encoding = [from_encoding]

    try:

        return unicode(str_)

    except UnicodeDecodeError:

        pass

    for enc in from_encoding:

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.api_key

~~~~~~~~~~~~~~~~~~~~~~~

api key model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Sep 8, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

from __future__ import with_statement

import time

import logging

from sqlalchemy import or_

from kallithea.lib.utils2 import generate_api_key

from kallithea.model import BaseModel

from kallithea.model.db import UserApiKeys

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class ApiKeyModel(BaseModel):

    cls = UserApiKeys

    def create(self, user, description, lifetime=-1):

        """

        :param user: user or user_id

        :param description: description of ApiKey

        :param lifetime: expiration time in seconds

        """

        user = self._get_user(user)

        new_api_key = UserApiKeys()

        new_api_key.user_id = user.user_id

        new_api_key.description = description

        new_api_key.expires = time.time() + (lifetime * 60) if lifetime != -1 else -1

        Session().add(new_api_key)

        return new_api_key

    def delete(self, api_key, user=None):

        """

        Deletes given api_key, if user is set it also filters the object for

        deletion by given user.

        """

        api_key = UserApiKeys.query().filter(UserApiKeys.api_key == api_key)

        if user:

            user = self._get_user(user)

            api_key = api_key.filter(UserApiKeys.user_id == user.user_id)

        api_key = api_key.scalar()

        Session().delete(api_key)

    def get_api_keys(self, user, show_expired=True):

        user = self._get_user(user)

        user_api_keys = UserApiKeys.query()\

            .filter(UserApiKeys.user_id == user.user_id)

        if not show_expired:

            user_api_keys = user_api_keys\

                .filter(or_(UserApiKeys.expires == -1,

                            UserApiKeys.expires >= time.time()))

        return user_api_keys

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return self._get_user(user)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User)\

                .filter(User.username == username)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def get_by_email(self, email, cache=False, case_insensitive=False):

        return User.get_by_email(email, case_insensitive, cache)

    def get_by_api_key(self, api_key, cache=False):

        return User.get_by_api_key(api_key, cache)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.hooks import log_create_user, check_allowed_create_user

        _fd = form_data

        user_data = {

            'username': _fd['username'], 'password': _fd['password'],

            'email': _fd['email'], 'firstname': _fd['firstname'], 'lastname': _fd['lastname'],

            'active': _fd['active'], 'admin': False

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        from kallithea.lib.auth import get_crypt_password

        new_user = User()

        for k, v in form_data.items():

            if k == 'password':

                v = get_crypt_password(v)

            if k == 'firstname':

                k = 'name'

            setattr(new_user, k, v)

        self.sa.add(new_user)

        log_create_user(new_user.get_dict(), cur_user)

        return new_user

    def create_or_update(self, username, password, email, firstname='',

                         lastname='', active=True, admin=False,

                         extern_type=None, extern_name=None, cur_user=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param extern_name:

        :param extern_type:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.auth import get_crypt_password, check_password

        from kallithea.lib.hooks import log_create_user, check_allowed_create_user

        user_data = {

            'username': username, 'password': password,

            'email': email, 'firstname': firstname, 'lastname': lastname,

            'active': active, 'admin': admin

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in Kallithea database' % username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s' % username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s' % username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.email = email

            new_user.active = active

            new_user.extern_name = safe_unicode(extern_name) if extern_name else None

            new_user.extern_type = safe_unicode(extern_type) if extern_type else None

            new_user.name = firstname

            new_user.lastname = lastname

            if not edit:

            # set password only if creating an user or password is changed

            password_change = new_user.password and not check_password(password,

                                                            new_user.password)

            if not edit or password_change:

                reason = 'new password' if edit else 'new user'

                log.debug('Updating password reason=>%s' % (reason,))

                new_user.password = get_crypt_password(password) if password else None

            self.sa.add(new_user)

            if not edit:

                log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_registration(self, form_data):

        from kallithea.model.notification import NotificationModel

        import kallithea.lib.helpers as h

        form_data['admin'] = False

        form_data['extern_name'] = EXTERN_TYPE_INTERNAL

        form_data['extern_type'] = EXTERN_TYPE_INTERNAL

        new_user = self.create(form_data)

        self.sa.add(new_user)

        self.sa.flush()

        # notification to admins

        subject = _('New user registration')

        body = ('New user registration\n'

                '---------------------\n'

                '- Username: %s\n'

                '- Full Name: %s\n'

                '- Email: %s\n')

        body = body % (new_user.username, new_user.full_name, new_user.email)

        edit_url = h.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {'registered_user_url': edit_url, 'new_username': new_user.username}

        NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=Notification.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=[]):

        from kallithea.lib.auth import get_crypt_password

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': username,

                                             'password': password,

                                             'password_confirmation': password,

                                             'email': email,

                                             'firstname': name,

                                             'lastname': lastname,

                                             'admin': True})  # This should be overriden

        self.assertEqual(response.status, '302 Found')

        self.checkSessionFlash(response, 'You have successfully registered into Kallithea')

        ret = Session().query(User).filter(User.username == 'test_regular4').one()

        self.assertEqual(ret.username, username)

        self.assertEqual(check_password(password, ret.password), True)

        self.assertEqual(ret.email, email)

        self.assertEqual(ret.name, name)

        self.assertEqual(ret.lastname, lastname)

        self.assertNotEqual(ret.api_key, None)

        self.assertEqual(ret.admin, False)

    def test_forgot_password_wrong_mail(self):

        bad_email = 'marcin@wrongmail.org'

        response = self.app.post(

                        url(controller='login', action='password_reset'),

                            {'email': bad_email, }

        )

        msg = validators.ValidSystemEmail()._messages['non_existing_email']

        msg = h.html_escape(msg % {'email': bad_email})

        response.mustcontain()

    def test_forgot_password(self):

        response = self.app.get(url(controller='login',

                                    action='password_reset'))

        self.assertEqual(response.status, '200 OK')

        username = 'test_password_reset_1'

        password = 'qweqwe'

        email = 'marcin@python-works.com'

        name = 'passwd'

        lastname = 'reset'

        new = User()

        new.username = username

        new.password = password

        new.email = email

        new.name = name

        new.lastname = lastname

        Session().add(new)

        Session().commit()

        response = self.app.post(url(controller='login',

                                     action='password_reset'),

                                 {'email': email, })

        self.checkSessionFlash(response, 'Your password reset link was sent')

        response = response.follow()

        # BAD KEY

        key = "bad"

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('reset_password')))

        # GOOD KEY

        key = User.get_by_username(username).api_key

        response = self.app.get(url(controller='login',

                                    action='password_reset_confirmation',

                                    key=key))

        self.assertEqual(response.status, '302 Found')

        self.assertTrue(response.location.endswith(url('login_home')))

        self.checkSessionFlash(response,

                               ('Your password reset was successful, '

                                'new password has been sent to your email'))

        response = response.follow()

    def _get_api_whitelist(self, values=None):

        config = {'api_access_controllers_whitelist': values or []}

        return config

    @parameterized.expand([

        ('none', None),

        ('empty_string', ''),

        ('fake_number', '123456'),

        ('proper_api_key', None)

    ])

    def test_access_not_whitelisted_page_via_api_key(self, test_name, api_key):

        whitelist = self._get_api_whitelist([])

        with mock.patch('kallithea.CONFIG', whitelist):