# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.users

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Users crud controller for pylons

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from pylons import request, tmpl_context as c, url, config

from pylons.i18n.translation import _

from sqlalchemy.sql.expression import func

from webob.exc import HTTPFound, HTTPNotFound

import kallithea

from kallithea.lib.exceptions import DefaultUserException, \

    UserOwnsReposException, UserCreationError

from kallithea.lib import helpers as h

from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \

    AuthUser

from kallithea.lib import auth_modules

from kallithea.lib.auth_modules import auth_internal

from kallithea.lib.base import BaseController, render

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm

from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

from kallithea.lib.utils import action_logger

from kallithea.lib.compat import json

from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    @LoginRequired()

    @HasPermissionAnyDecorator('hg.admin')

    def __before__(self):

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

    def index(self, format='html'):

        c.users_list = User.query().order_by(User.username) \

                        .filter(User.username != User.DEFAULT_USER) \

                        .order_by(func.lower(User.username)) \

                        .all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = '<div class="gravatar">%s</div>'

        username = lambda user_id, username: (

                template.get_def("user_name")

                .render(user_id, username, _=_, h=h, c=c))

        user_actions = lambda user_id, username: (

                template.get_def("user_actions")

                .render(user_id, username, _=_, h=h, c=c))

        for user in c.users_list:

            users_data.append({

                "gravatar": grav_tmpl % h.gravatar(user.email, size=20),

                "raw_name": user.username,

                "username": username(user.user_id, user.username),

                "firstname": h.escape(user.name),

                "lastname": h.escape(user.lastname),

                "last_login": h.fmt_date(user.last_login),

                "last_login_raw": datetime_to_time(user.last_login),

                "active": h.boolicon(user.active),

                "admin": h.boolicon(user.admin),

                "extern_type": user.extern_type,

                "extern_name": user.extern_name,

                "action": user_actions(user.user_id, user.username),

            })

        c.data = json.dumps({

            "totalRecords": total_records,

            "startIndex": 0,

            "sort": None,

            "dir": "asc",

            "records": users_data

        })

        return render('admin/users/users.html')

    def create(self):

        c.default_extern_type = auth_internal.KallitheaAuthPlugin.name

        c.default_extern_name = auth_internal.KallitheaAuthPlugin.name

        user_model = UserModel()

        user_form = UserForm()()

        try:

            form_result = user_form.to_python(dict(request.POST))

            user = user_model.create(form_result)

                          None, self.ip_addr, self.sa)

                    category='success')

            Session().commit()

        except formencode.Invalid as errors:

            return htmlfill.render(

                render('admin/users/user_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except UserCreationError as e:

            h.flash(e, 'error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

    def new(self, format='html'):

        c.default_extern_type = auth_internal.KallitheaAuthPlugin.name

        c.default_extern_name = auth_internal.KallitheaAuthPlugin.name

        return render('admin/users/user_add.html')

    def update(self, id):

        user_model = UserModel()

        user = user_model.get(id)

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            skip_attrs = ['extern_type', 'extern_name',

                         ] + auth_modules.get_managed_fields(user)

            user_model.update(id, form_result, skip_attrs=skip_attrs)

            usr = form_result['username']

            action_logger(self.authuser, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session().commit()

        except formencode.Invalid as errors:

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': user_model.has_perm(id,

                                                        'hg.create.repository'),

                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

            })

            return htmlfill.render(

                self._render_edit_profile(user),

                defaults=defaults,

                errors=e,

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        raise HTTPFound(location=url('edit_user', id=id))

    def delete(self, id):

        usr = User.get_or_404(id)

        try:

            UserModel().delete(usr)

            Session().commit()

            h.flash(_('Successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException) as e:

            h.flash(e, category='warning')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        raise HTTPFound(location=url('users'))

    def _get_user_or_raise_if_default(self, id):

        try:

            return User.get_or_404(id, allow_default=False)

        except DefaultUserException:

            h.flash(_("The default user cannot be edited"), category='warning')

            raise HTTPNotFound

    def _render_edit_profile(self, user):

        c.user = user

        c.active = 'profile'

        c.perm_user = AuthUser(dbuser=user)

        c.ip_addr = self.ip_addr

        managed_fields = auth_modules.get_managed_fields(user)

        c.readonly = lambda n: 'readonly' if n in managed_fields else None

        return render('admin/users/user_edit.html')

    def edit(self, id, format='html'):

        user = self._get_user_or_raise_if_default(id)

        defaults = user.get_dict()

        return htmlfill.render(

            self._render_edit_profile(user),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'advanced'

        c.perm_user = AuthUser(user_id=id)

        c.ip_addr = self.ip_addr

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_api_keys(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,

                                                     show_expired=show_expired)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

            if user is not None:

                user.api_key = generate_api_key()

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'perms'

        c.perm_user = AuthUser(user_id=id)

        c.ip_addr = self.ip_addr

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def update_perms(self, id):

        user = self._get_user_or_raise_if_default(id)

        try:

            form = CustomDefaultPermissionsForm()()

            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']

            user.inherit_default_permissions = inherit_perms

            Session().add(user)

            user_model = UserModel()

            defs = UserToPerm.query() \

                .filter(UserToPerm.user == user) \

                .all()

            for ug in defs:

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError

import pytest

from kallithea.tests import *

from kallithea.tests.fixture import Fixture

from kallithea.controllers.admin.users import UsersController

from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys

from kallithea.lib.auth import check_password

from kallithea.model.user import UserModel

from kallithea.model import validators

from kallithea.lib import helpers as h

from kallithea.model.meta import Session

from webob.exc import HTTPNotFound

fixture = Fixture()

@pytest.yield_fixture

def user_and_repo_group_fail():

    username = 'repogrouperr'

    groupname = u'repogroup_fail'

    user = fixture.create_user(name=username)

    repo_group = fixture.create_repo_group(name=groupname, cur_user=username)

    yield user, repo_group

    # cleanup

    try:

        fixture.destroy_repo_group(repo_group)

    except ObjectDeletedError:

        # delete already succeeded in test body

        pass

class TestAdminUsersController(TestController):

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_index(self):

        self.log_user()

        response = self.app.get(url('users'))

        # Test response...

    def test_create(self):

        self.log_user()

        username = 'newtestuser'

        password = 'test12'

        password_confirmation = password

        name = u'name'

        lastname = u'lastname'

        email = 'mail@example.com'

        response = self.app.post(url('users'),

            {'username': username,

             'password': password,

             'password_confirmation': password_confirmation,

             'firstname': name,

             'active': True,

             'lastname': lastname,

             'extern_name': 'internal',

             'extern_type': 'internal',

             'email': email,

             '_authentication_token': self.authentication_token()})

        new_user = Session().query(User). \

            filter(User.username == username).one()

        assert new_user.username == username

        assert check_password(password, new_user.password) == True

        assert new_user.name == name

        assert new_user.lastname == lastname

        assert new_user.email == email

    def test_create_err(self):

        self.log_user()

        username = 'new_user'

        password = ''

        name = u'name'

        lastname = u'lastname'

        email = 'errmail.example.com'

        response = self.app.post(url('users'), {'username': username,

                                               'password': password,

                                               'name': name,

                                               'active': False,

                                               'lastname': lastname,

                                               'email': email,

                                               '_authentication_token': self.authentication_token()})

        msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

        msg = h.html_escape(msg % {'username': 'new_user'})

        response.mustcontain("""<span class="error-message">%s</span>""" % msg)

        response.mustcontain("""<span class="error-message">Please enter a value</span>""")

        response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")

        def get_user():

            Session().query(User).filter(User.username == username).one()

        with pytest.raises(NoResultFound):

            get_user(), 'found user in database'

    def test_new(self):

        self.log_user()

        response = self.app.get(url('new_user'))

    @parametrize('name,attrs',

        [('firstname', {'firstname': 'new_username'}),

         ('lastname', {'lastname': 'new_username'}),

         ('admin', {'admin': True}),

         ('admin', {'admin': False}),

         ('extern_type', {'extern_type': 'ldap'}),

         ('extern_type', {'extern_type': None}),

         ('extern_name', {'extern_name': 'test'}),

         ('extern_name', {'extern_name': None}),

         ('active', {'active': False}),

         ('active', {'active': True}),

         ('email', {'email': 'someemail@example.com'}),

        # ('new_password', {'new_password': 'foobar123',

        #                   'password_confirmation': 'foobar123'})

        ])

    def test_update(self, name, attrs):

        self.log_user()

        usr = fixture.create_user(self.test_user_1, password='qweqwe',

                                  email='testme@example.com',

                                  extern_type='internal',

                                  extern_name=self.test_user_1,

                                  skip_if_exists=True)

        Session().commit()

        params = usr.get_api_data(True)

        params.update({'password_confirmation': ''})

        params.update({'new_password': ''})

        params.update(attrs)

        if name == 'email':

            params['emails'] = [attrs['email']]

        if name == 'extern_type':

            #cannot update this via form, expected value is original one

            params['extern_type'] = "internal"

        if name == 'extern_name':

            #cannot update this via form, expected value is original one

            params['extern_name'] = self.test_user_1

            # special case since this user is not

                                          # logged in yet his data is not filled

                                          # so we use creation data

        params.update({'_authentication_token': self.authentication_token()})

        response = self.app.post(url('update_user', id=usr.user_id), params)

        self.checkSessionFlash(response, 'User updated successfully')

        params.pop('_authentication_token')

        updated_user = User.get_by_username(self.test_user_1)

        updated_params = updated_user.get_api_data(True)

        updated_params.update({'password_confirmation': ''})

        updated_params.update({'new_password': ''})

        assert params == updated_params

    def test_delete(self):

        self.log_user()

        username = 'newtestuserdeleteme'

        fixture.create_user(name=username)

        new_user = Session().query(User) \

            .filter(User.username == username).one()

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_delete_repo_err(self):

        self.log_user()

        username = 'repoerr'

        reponame = u'repoerr_fail'

        fixture.create_user(name=username)

        fixture.create_repo(name=reponame, cur_user=username)

        new_user = Session().query(User) \

            .filter(User.username == username).one()

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'User "%s" still '

                               'owns 1 repositories and cannot be removed. '

                               'Switch owners or remove those repositories: '

                               '%s' % (username, reponame))

        response = self.app.post(url('delete_repo', repo_name=reponame),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Deleted repository %s' % reponame)

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_delete_repo_group_err(self, user_and_repo_group_fail):

        self.log_user()

        username = 'repogrouperr'

        groupname = u'repogroup_fail'

        new_user = Session().query(User) \

            .filter(User.username == username).one()

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'User "%s" still '

                               'owns 1 repository groups and cannot be removed. '

                               'Switch owners or remove those repository groups: '

                               '%s' % (username, groupname))

        # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner

        # rg = RepoGroup.get_by_group_name(group_name=groupname)

        # response = self.app.get(url('repos_groups', id=rg.group_id))

        response = self.app.post(url('delete_repo_group', group_name=groupname),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Removed repository group %s' % groupname)

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_delete_user_group_err(self):

        self.log_user()

        username = 'usergrouperr'

        groupname = u'usergroup_fail'

        fixture.create_user(name=username)

        ug = fixture.create_user_group(name=groupname, cur_user=username)

        new_user = Session().query(User) \

            .filter(User.username == username).one()

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'User "%s" still '

                               'owns 1 user groups and cannot be removed. '

                               'Switch owners or remove those user groups: '

                               '%s' % (username, groupname))

        # TODO: why do this fail?

        #response = self.app.delete(url('delete_users_group', id=groupname))

        #self.checkSessionFlash(response, 'Removed user group %s' % groupname)

        fixture.destroy_user_group(ug.users_group_id)

        response = self.app.post(url('delete_user', id=new_user.user_id),

            params={'_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Successfully deleted user')

    def test_edit(self):

        self.log_user()

        user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

        response = self.app.get(url('edit_user', id=user.user_id))

    def test_add_perm_create_repo(self):

        self.log_user()

        perm_none = Permission.get_by_key('hg.create.none')

        perm_create = Permission.get_by_key('hg.create.repository')

        user = UserModel().create_or_update(username='dummy', password='qwe',

                                            email='dummy', firstname=u'a',

                                            lastname=u'b')

        Session().commit()

        uid = user.user_id

        try:

            #User should have None permission on creation repository