# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.feed

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    Feed controller for rhodecode

    :created_on: Apr 23, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>    

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import logging

from pylons import url, response, tmpl_context as c

from pylons.i18n.translation import _

from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator

from rhodecode.lib.base import BaseRepoController

from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed

log = logging.getLogger(__name__)

class FeedController(BaseRepoController):

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def __before__(self):

        super(FeedController, self).__before__()

        #common values for feeds

        self.description = _('Changes on %s repository')

        self.title = self.title = _('%s %s feed') % (c.rhodecode_name, '%s')

        self.language = 'en-us'

        self.ttl = "5"

        self.feed_nr = 10

    def atom(self, repo_name):

        """Produce an atom-1.0 feed via feedgenerator module"""

        feed = Atom1Feed(title=self.title % repo_name,

                         link=url('summary_home', repo_name=repo_name, qualified=True),

                         description=self.description % repo_name,

                         language=self.language,

                         ttl=self.ttl)

        for cs in c.rhodecode_repo[:self.feed_nr]:

            feed.add_item(title=cs.message,

                          link=url('changeset_home', repo_name=repo_name,

                                   revision=cs.raw_id, qualified=True),

                                   description=str(cs.date))

        response.content_type = feed.mime_type

        return feed.writeString('utf-8')

    def rss(self, repo_name):

        """Produce an rss2 feed via feedgenerator module"""

        feed = Rss201rev2Feed(title=self.title % repo_name,

                         link=url('summary_home', repo_name=repo_name, qualified=True),

                         description=self.description % repo_name,

                         language=self.language,

                         ttl=self.ttl)

        for cs in c.rhodecode_repo[:self.feed_nr]:

            feed.add_item(title=cs.message,

                          link=url('changeset_home', repo_name=repo_name,

                                   revision=cs.raw_id, qualified=True),

                          description=str(cs.date))

        response.content_type = feed.mime_type

        return feed.writeString('utf-8')

# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.journal

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Journal controller for pylons

    :created_on: Nov 21, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>    

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; version 2

# of the License or (at your opinion) any later version of the license.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA  02110-1301, USA.

import logging

from sqlalchemy import or_

from sqlalchemy.orm import joinedload, make_transient

from webhelpers.paginate import Page

from itertools import groupby

from paste.httpexceptions import HTTPInternalServerError

from pylons import request, tmpl_context as c, response, url

from pylons.i18n.translation import _

from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed

import rhodecode.lib.helpers as h

from rhodecode.lib.auth import LoginRequired, NotAnonymous

from rhodecode.lib.base import BaseController, render

from rhodecode.model.db import UserLog, UserFollowing

log = logging.getLogger(__name__)

class JournalController(BaseController):

    def __before__(self):

        super(JournalController, self).__before__()

        c.rhodecode_user = self.rhodecode_user

        self.title = _('%s public journal %s feed') % (c.rhodecode_name, '%s')

        self.language = 'en-us'

        self.ttl = "5"

        self.feed_nr = 20

    @NotAnonymous()

    def index(self):

        # Return a rendered template

        p = int(request.params.get('page', 1))

        c.following = self.sa.query(UserFollowing)\

            .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\

            .options(joinedload(UserFollowing.follows_repository))\

            .all()

        journal = self._get_journal_data(c.following)

        c.journal_pager = Page(journal, page=p, items_per_page=20)

        c.journal_day_aggreagate = self._get_daily_aggregate(c.journal_pager)

        c.journal_data = render('journal/journal_data.html')

        if request.params.get('partial'):

            return c.journal_data

        return render('journal/journal.html')

    def _get_daily_aggregate(self, journal):

        groups = []

        for k, g in groupby(journal, lambda x:x.action_as_day):

            user_group = []

            for k2, g2 in groupby(list(g), lambda x:x.user.email):

                l = list(g2)

                user_group.append((l[0].user, l))

            groups.append((k, user_group,))

        return groups

    def _get_journal_data(self, following_repos):

        repo_ids = [x.follows_repository.repo_id for x in following_repos

                    if x.follows_repository is not None]

        user_ids = [x.follows_user.user_id for x in following_repos

                    if x.follows_user is not None]

        filtering_criterion = None

        if repo_ids and user_ids:

            filtering_criterion = or_(UserLog.repository_id.in_(repo_ids),

                        UserLog.user_id.in_(user_ids))

        if repo_ids and not user_ids:

            filtering_criterion = UserLog.repository_id.in_(repo_ids)

        if not repo_ids and user_ids:

            filtering_criterion = UserLog.user_id.in_(user_ids)

        if filtering_criterion is not None:

            journal = self.sa.query(UserLog)\

                .options(joinedload(UserLog.user))\

                .options(joinedload(UserLog.repository))\

                .filter(filtering_criterion)\

                .order_by(UserLog.action_date.desc())

        else:

            journal = []

        return journal

    @NotAnonymous()

    def toggle_following(self):

        cur_token = request.POST.get('auth_token')

        token = h.get_token()

        if cur_token == token:

            user_id = request.POST.get('follows_user_id')

            if user_id:

                try:

                    self.scm_model.toggle_following_user(user_id,

                                                    self.rhodecode_user.user_id)

                    return 'ok'

                except:

                    raise HTTPInternalServerError()

            repo_id = request.POST.get('follows_repo_id')

            if repo_id:

                try:

                    self.scm_model.toggle_following_repo(repo_id,

                                                    self.rhodecode_user.user_id)

                    return 'ok'

                except:

                    raise HTTPInternalServerError()

        log.debug('token mismatch %s vs %s', cur_token, token)

        raise HTTPInternalServerError()

    def public_journal(self):

        # Return a rendered template

        p = int(request.params.get('page', 1))

        c.following = self.sa.query(UserFollowing)\

            .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\

            .options(joinedload(UserFollowing.follows_repository))\

            .all()

        journal = self._get_journal_data(c.following)

        c.journal_pager = Page(journal, page=p, items_per_page=20)

        c.journal_day_aggreagate = self._get_daily_aggregate(c.journal_pager)

        c.journal_data = render('journal/journal_data.html')

        if request.params.get('partial'):

            return c.journal_data

        return render('journal/public_journal.html')

    def public_journal_atom(self):

        """

        Produce an atom-1.0 feed via feedgenerator module

        """

        c.following = self.sa.query(UserFollowing)\

            .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\

            .options(joinedload(UserFollowing.follows_repository))\

            .all()

        journal = self._get_journal_data(c.following)

        feed = Atom1Feed(title=self.title % 'atom',

                         link=url('public_journal_atom', qualified=True),

                         description=_('Public journal'),

                         language=self.language,

                         ttl=self.ttl)

        for entry in journal[:self.feed_nr]:

            #tmpl = h.action_parser(entry)[0]

            action, action_extra = h.action_parser(entry, feed=True)

            title = "%s - %s %s" % (entry.user.short_contact, action,

                                 entry.repository.repo_name)

            desc = action_extra()

            feed.add_item(title=title,

                          pubdate=entry.action_date,

                          link=url('', qualified=True),

                          author_email=entry.user.email,

                          author_name=entry.user.full_contact,

                          description=desc)

        response.content_type = feed.mime_type

        return feed.writeString('utf-8')

    def public_journal_rss(self):

        """

        Produce an rss2 feed via feedgenerator module

        """

        c.following = self.sa.query(UserFollowing)\

            .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\

            .options(joinedload(UserFollowing.follows_repository))\

            .all()

        journal = self._get_journal_data(c.following)

        feed = Rss201rev2Feed(title=self.title % 'rss',

                         link=url('public_journal_rss', qualified=True),

                         description=_('Public journal'),

                         language=self.language,

                         ttl=self.ttl)

        for entry in journal[:self.feed_nr]:

            #tmpl = h.action_parser(entry)[0]

            action, action_extra = h.action_parser(entry, feed=True)

            title = "%s - %s %s" % (entry.user.short_contact, action,

                                 entry.repository.repo_name)

            desc = action_extra()

            feed.add_item(title=title,

                          pubdate=entry.action_date,

                          link=url('', qualified=True),

                          author_email=entry.user.email,

                          author_name=entry.user.full_contact,

                          description=desc)

        response.content_type = feed.mime_type

        return feed.writeString('utf-8')

    """

    return authenticate(username, password)

def authenticate(username, password):

    """Authentication function used for access control,

    firstly checks for db authentication then if ldap is enabled for ldap

    authentication, also creates ldap user if not in database

    :param username: username

    :param password: password

    """

    user_model = UserModel()

    user = user_model.get_by_username(username, cache=False)

    log.debug('Authenticating user using RhodeCode account')

    if user is not None and not user.ldap_dn:

        if user.active:

            if user.username == 'default' and user.active:

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return True

            elif user.username == username and check_password(password, user.password):

                log.info('user %s authenticated correctly', username)

                return True

        else:

            log.warning('user %s is disabled', username)

    else:

        log.debug('Regular authentication failed')

        user_obj = user_model.get_by_username(username, cache=False,

                                            case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:

            log.debug('this user already exists as non ldap')

            return False

        from rhodecode.model.settings import SettingsModel

        ldap_settings = SettingsModel().get_ldap_settings()

        #======================================================================

        # FALLBACK TO LDAP AUTH IF ENABLE                

        #======================================================================

        if ldap_settings.get('ldap_active', False):

            log.debug("Authenticating user using ldap")

            kwargs = {

                  'server':ldap_settings.get('ldap_host', ''),

                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

                  'port':ldap_settings.get('ldap_port'),

                  'bind_dn':ldap_settings.get('ldap_dn_user'),

                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

                  'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'),

                  'ldap_filter':ldap_settings.get('ldap_filter'),

                  'search_scope':ldap_settings.get('ldap_search_scope'),

                  'attr_login':ldap_settings.get('ldap_attr_login'),

                  'ldap_version':3,

                  }

            log.debug('Checking for ldap authentication')

            try:

                aldap = AuthLdap(**kwargs)

                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)

                log.debug('Got ldap DN response %s', user_dn)

                user_attrs = {

                    'name'     : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0],

                    'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0],

                    'email'    : ldap_attrs[ldap_settings.get('ldap_attr_email')][0],

                    }

                if user_model.create_ldap(username, password, user_dn, user_attrs):

                    log.info('created new ldap user %s', username)

                return True

            except (LdapUsernameError, LdapPasswordError,):

                pass

            except (Exception,):

                log.error(traceback.format_exc())

                pass

    return False

class  AuthUser(object):

    """

    A simple object that handles all attributes of user in RhodeCode

    It does lookup based on API key,given user, or user present in session

    Then it fills all required information for such user. It also checks if 

    anonymous access is enabled and if so, it returns default user as logged

    in

    """

    def __init__(self, user_id=None, api_key=None):

        self.user_id = user_id

        self.username = 'None'

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.is_authenticated = False

        self.admin = False

        self.permissions = {}

        self.propagate_data()

    def propagate_data(self):

        user_model = UserModel()

            #try go get user by api key

        else:

            log.debug('Auth User lookup by USER ID %s', self.user_id)

            if self.user_id is not None and self.user_id != self.anonymous_user.user_id:

                user_model.fill_data(self, user_id=self.user_id)

            else:

                if self.anonymous_user.active is True:

                    user_model.fill_data(self, user_id=self.anonymous_user.user_id)

                    #then we set this user is logged in

                    self.is_authenticated = True

                else:

                    self.is_authenticated = False

        log.debug('Auth User is now %s', self)

        user_model.fill_perms(self)

    @property

    def is_admin(self):

        return self.admin

    def __repr__(self):

        return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,

                                              self.is_authenticated)

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

def set_available_permissions(config):

    """This function will propagate pylons globals with all available defined

    permission given in db. We don't want to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session()

        all_perms = sa.query(Permission).all()

    except:

        pass

    finally:

        meta.Session.remove()

    config['available_permissions'] = [x.permission_name for x in all_perms]

#===============================================================================

# CHECK DECORATORS

#===============================================================================

class LoginRequired(object):

    """

    Must be logged in to execute this function else 

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        user = cls.rhodecode_user

        api_access_ok = False

        if self.api_access:

            log.debug('Checking API KEY access for %s', cls)

            if user.api_key == request.GET.get('api_key'):

                api_access_ok = True

            else:

                log.debug("API KEY token not valid")

        log.debug('Checking if %s is authenticated @ %s', user.username, cls)

        if user.is_authenticated or api_access_ok:

            log.debug('user %s is authenticated', user.username)

            return func(*fargs, **fkwargs)

        else:

            log.warn('user %s NOT authenticated', user.username)

            p = ''

            if request.environ.get('SCRIPT_NAME') != '/':

                p += request.environ.get('SCRIPT_NAME')

            p += request.environ.get('PATH_INFO')

            if request.environ.get('QUERY_STRING'):

                p += '?' + request.environ.get('QUERY_STRING')

            log.debug('redirecting to login page with %s', p)

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

            self.sa.add(new_user)

            self.sa.commit()

            body = ('New user registration\n'

                    'username: %s\n'

                    'email: %s\n')

            body = body % (form_data['username'], form_data['email'])

            run_task(tasks.send_email, None,

                     _('[RhodeCode] New User registration'),

                     body)

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def update(self, user_id, form_data):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                    user.password = v

                    user.api_key = generate_api_key(user.username)

                else:

                    setattr(user, k, v)

            self.sa.add(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def update_my_account(self, user_id, form_data):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v != '':

                    user.password = v

                    user.api_key = generate_api_key(user.username)

                else:

                    if k not in ['admin', 'active']:

                        setattr(user, k, v)

            self.sa.add(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def delete(self, user_id):

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't remove this user since it's"

                                  " crucial for entire application"))

            if user.repositories:

                raise UserOwnsReposException(_('This user still owns %s '

                                               'repositories and cannot be '

                                               'removed. Switch owners or '

                                               'remove those repositories') \

                                               % user.repositories)

            self.sa.delete(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def reset_password(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.reset_user_password, data['email'])

    def fill_data(self, auth_user, user_id=None, api_key=None):

        """

        Fetches auth_user by user_id,or api_key if present.

        Fills auth_user attributes with those taken from database.

        Additionally set's is_authenitated if lookup fails 

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        """

            raise Exception('You need to pass user_id or api_key')

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

        return auth_user

    def fill_perms(self, user):

        """Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        as part of beeing group member

        :param user: user instance to fill his perms

        """

        user.permissions['repositories'] = {}

        user.permissions['global'] = set()

        #===========================================================================

        # fetch default permissions

        #===========================================================================

        default_user = self.get_by_username('default', cache=True)

        default_perms = self.sa.query(RepoToPerm, Repository, Permission)\

            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

            .filter(RepoToPerm.user == default_user).all()

        if user.is_admin:

            #=======================================================================

            # #admin have all default rights set to admin        

            #=======================================================================

            user.permissions['global'].add('hg.admin')

            for perm in default_perms:

                p = 'repository.admin'

                user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

        else:

            #=======================================================================

            # set default permissions

            #=======================================================================

            #default global

            default_global_perms = self.sa.query(UserToPerm)\

                .filter(UserToPerm.user == self.sa.query(User)\

                       .filter(User.username == 'default').one())

            for perm in default_global_perms:

                user.permissions['global'].add(perm.permission.permission_name)

            #default for repositories

            for perm in default_perms:

                if perm.Repository.private and not perm.Repository.user_id == user.user_id:

                    #diself.sable defaults for private repos,

                    p = 'repository.none'

                elif perm.Repository.user_id == user.user_id:

                    #set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

            #=======================================================================

            # overwrite default with user permissions if any

            #=======================================================================

            user_perms = self.sa.query(RepoToPerm, Permission, Repository)\

                .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

                .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

                .filter(RepoToPerm.user_id == user.user_id).all()

            for perm in user_perms:

                if perm.Repository.user_id == user.user_id:#set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

            #=======================================================================

            # check if user is part of groups for this repository and fill in 

            # (or replace with higher) permissions

            #=======================================================================

            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm, Permission, Repository,)\

                .join((Repository, UsersGroupToPerm.repository_id == Repository.repo_id))\

                .join((Permission, UsersGroupToPerm.permission_id == Permission.permission_id))\

                .join((UsersGroupMember, UsersGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\

                .filter(UsersGroupMember.user_id == user.user_id).all()

            for perm in user_perms_from_users_groups:

                p = perm.Permission.permission_name

                cur_perm = user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name]

                #overwrite permission only if it's greater than permission given from other sources

                if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: