# Only allow the following HTTP request methods. (We sometimes use POST

        # requests with a '_method' set to 'PUT' or 'DELETE'; but that is only

        # used for the route lookup, and does not affect request.method.)

        if request.method not in ['GET', 'HEAD', 'POST', 'PUT']:

            raise HTTPMethodNotAllowed()

        # Also verify the _method override. This is only permitted in POST

        # requests, and can specify PUT or DELETE.

        _method = request.params.get('_method')

        if _method is None:

            pass # no override, no problem

        elif request.method == 'POST' and _method.upper() in ['PUT', 'DELETE']:

            pass # permitted override

        else:

            raise HTTPMethodNotAllowed()

        # Make sure CSRF token never appears in the URL. If so, invalidate it.

        if secure_form.token_key in request.GET:

            log.error('CSRF key leak detected')

            session.pop(secure_form.token_key, None)

            session.save()

            from kallithea.lib import helpers as h

            h.flash(_("CSRF token leak has been detected - all form tokens have been expired"),

                    category='error')

        # CSRF protection: Whenever a request has ambient authority (whether

        # through a session cookie or its origin IP address), it must include

        # the correct token, unless the HTTP method is GET or HEAD (and thus

        # guaranteed to be side effect free. In practice, the only situation

        # where we allow side effects without ambient authority is when the

        # authority comes from an API key; and that is handled above.

        if request.method not in ['GET', 'HEAD']:

            token = request.POST.get(secure_form.token_key)

            if not token or token != secure_form.authentication_token():

                log.error('CSRF check failed')

                raise HTTPForbidden()

        # WebOb already ignores request payload parameters for anything other

        # than POST/PUT, but double-check since other Kallithea code relies on

        # this assumption.

        if request.method not in ['POST', 'PUT'] and request.POST:

            log.error('%r request with payload parameters; WebOb should have stopped this', request.method)

            raise HTTPBadRequest()

        # regular user authentication

        if user.is_authenticated or user.is_default_user:

            log.info('user %s authenticated with regular auth @ %s', user, loc)

            return func(*fargs, **fkwargs)

        else:

            log.warning('user %s NOT authenticated with regular auth @ %s', user, loc)

            raise _redirect_to_login()

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        log.debug('Checking if user is not anonymous @%s', cls)

        if self.user.is_default_user:

            raise _redirect_to_login(_('You need to be a registered user to '

                                       'perform this action'))

        else:

            return func(*fargs, **fkwargs)

class PermsDecorator(object):

    """Base class for controller decorators"""

    def __init__(self, *required_perms):

        self.required_perms = set(required_perms)

        self.user_perms = None

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

          self.__class__.__name__, self.required_perms, cls, self.user)

        if self.check_permissions():

            log.debug('Permission granted for %s %s', cls, self.user)

            return func(*fargs, **fkwargs)

        else:

            log.debug('Permission denied for %s %s', cls, self.user)

            if self.user.is_default_user:

                raise _redirect_to_login(_('You need to be signed in to view this page'))

            else:

                raise HTTPForbidden()

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates. In order to

    fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    repository. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        repo_name = get_repo_slug(request)

        try:

            user_perms = set([self.user_perms['repositories'][repo_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

class HasRepoGroupPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    repository group. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        group_name = get_repo_group_slug(request)

        try:

            user_perms = set([self.user_perms['repositories_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

class HasUserGroupPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    user group. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        group_name = get_user_group_slug(request)

        try:

            user_perms = set([self.user_perms['user_groups'][group_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

#==============================================================================

# CHECK FUNCTIONS

#==============================================================================

class PermsFunction(object):

    """Base function for other check functions"""

    def __init__(self, *perms):

        self.required_perms = set(perms)

        self.user_perms = None

        self.repo_name = None

        self.group_name = None

    def __nonzero__(self):

        """ Defend against accidentally forgetting to call the object

            and instead evaluating it directly in a boolean context,

            which could have security implications.

        """

        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')

        if not user:

            #TODO: remove this someday,put as user as attribute here

            user = request.user

        # init auth user if not already given

        if not isinstance(user, AuthUser):

            user = AuthUser(user.user_id)

        cls_name = self.__class__.__name__

        log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,

                  self.required_perms, user, check_scope,

        if not user:

            log.debug('Empty request user')

            return False

        self.user_perms = user.permissions

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAny(PermsFunction):

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAny(PermsFunction):

    def __call__(self, repo_name=None, check_location='', user=None):

        self.repo_name = repo_name

        return super(HasRepoPermissionAny, self).__call__(check_location, user)

    def check_permissions(self):

        if not self.repo_name:

            self.repo_name = get_repo_slug(request)

        try:

            self._user_perms = set(

                [self.user_perms['repositories'][self.repo_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

class HasRepoGroupPermissionAny(PermsFunction):

    def __call__(self, group_name=None, check_location='', user=None):

        self.group_name = group_name

        return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)

    def check_permissions(self):

        try:

            self._user_perms = set(

                [self.user_perms['repositories_groups'][self.group_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

class HasUserGroupPermissionAny(PermsFunction):

    def __call__(self, user_group_name=None, check_location='', user=None):

        self.user_group_name = user_group_name

        return super(HasUserGroupPermissionAny, self).__call__(check_location, user)

    def check_permissions(self):

        try:

            self._user_perms = set(

                [self.user_perms['user_groups'][self.user_group_name]]

            )

        except KeyError:

            return False

        if self.required_perms.intersection(self._user_perms):

            return True

        return False

#==============================================================================

# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH

#==============================================================================

class HasPermissionAnyMiddleware(object):

    def __init__(self, *perms):

        self.required_perms = set(perms)

    def __call__(self, user, repo_name):

        # repo_name MUST be unicode, since we handle keys in permission

        # dict by unicode

        repo_name = safe_unicode(repo_name)

        usr = AuthUser(user.user_id)

        self.user_perms = set([usr.permissions['repositories'][repo_name]])

        self.username = user.username

        self.repo_name = repo_name

        return self.check_permissions()

    def check_permissions(self):

        log.debug('checking VCS protocol '

                  'permissions %s for user:%s repository:%s', self.user_perms,

                                                self.username, self.repo_name)

        if self.required_perms.intersection(self.user_perms):

            log.debug('Permission to repo: %s granted for user: %s @ %s',

                      self.repo_name, self.username, 'PermissionMiddleware')

            return True

        log.debug('Permission to repo: %s denied for user: %s @ %s',

                  self.repo_name, self.username, 'PermissionMiddleware')

        return False

#==============================================================================

# SPECIAL VERSION TO HANDLE API AUTH

#==============================================================================

class _BaseApiPerm(object):

    def __init__(self, *perms):

        self.required_perms = set(perms)

    def __call__(self, check_location=None, user=None, repo_name=None,

                 group_name=None):

        cls_name = self.__class__.__name__

        check_scope = 'user:%s' % (user)

        if repo_name:

            check_scope += ', repo:%s' % (repo_name)

        if group_name:

            check_scope += ', repo group:%s' % (group_name)

        log.debug('checking cls:%s %s %s @ %s',

                  cls_name, self.required_perms, check_scope, check_location)

        if not user:

            log.debug('Empty User passed into arguments')

            return False

        ## process user

        if not isinstance(user, AuthUser):

            user = AuthUser(user.user_id)

        if not check_location:

            check_location = 'unspecified'

        if self.check_permissions(user.permissions, repo_name, group_name):

            log.debug('Permission to %s granted for user: %s @ %s',

                      check_scope, user, check_location)

            return True

        else:

            log.debug('Permission to %s denied for user: %s @ %s',

                      check_scope, user, check_location)

            return False

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        """

        implement in child class should return True if permissions are ok,

        False otherwise

        :param perm_defs: dict with permission definitions

        :param repo_name: repo name

        """

        raise NotImplementedError()

class HasPermissionAnyApi(_BaseApiPerm):

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        if self.required_perms.intersection(perm_defs.get('global')):

            return True

        return False

class HasRepoPermissionAnyApi(_BaseApiPerm):

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        try:

            _user_perms = set([perm_defs['repositories'][repo_name]])

        except KeyError:

            log.warning(traceback.format_exc())

            return False

        if self.required_perms.intersection(_user_perms):

            return True

        return False

class HasRepoGroupPermissionAnyApi(_BaseApiPerm):

    def check_permissions(self, perm_defs, repo_name=None, group_name=None):

        try:

            _user_perms = set([perm_defs['repositories_groups'][group_name]])

        except KeyError:

            log.warning(traceback.format_exc())

            return False

        if self.required_perms.intersection(_user_perms):

            return True

        return False

def check_ip_access(source_ip, allowed_ips=None):

    """

    Checks if source_ip is a subnet of any of allowed_ips.

    :param source_ip:

    :param allowed_ips: list of allowed ips together with mask

    """

    from kallithea.lib import ipaddr

    log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)

    if isinstance(allowed_ips, (tuple, list, set)):

        for ip in allowed_ips:

            if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):

                log.debug('IP %s is network %s',

                          ipaddr.IPAddress(source_ip), ipaddr.IPNetwork(ip))

                return True

    return False