# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.login

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Login controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 22, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import formencode

import urlparse

from formencode import htmlfill

from webob.exc import HTTPFound, HTTPBadRequest

from pylons.i18n.translation import _

from pylons.controllers.util import redirect

from pylons import request, session, tmpl_context as c, url

import kallithea.lib.helpers as h

from kallithea.lib.auth import AuthUser, HasPermissionAnyDecorator

from kallithea.lib.base import BaseController, log_in_user, render

from kallithea.lib.exceptions import UserCreationError

from kallithea.lib.utils2 import safe_str

from kallithea.model.db import User, Setting

from kallithea.model.forms import \

    LoginForm, RegisterForm, PasswordResetRequestForm, PasswordResetConfirmationForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class LoginController(BaseController):

    def __before__(self):

        super(LoginController, self).__before__()

    def _validate_came_from(self, came_from):

        """Return True if came_from is valid and can and should be used"""

        url = urlparse.urlsplit(came_from)

        return not url.scheme and not url.netloc

    def index(self):

        if c.came_from:

            if not self._validate_came_from(c.came_from):

                log.error('Invalid came_from (not server-relative): %r', c.came_from)

                raise HTTPBadRequest()

        else:

            c.came_from = came_from = url('home')

        not_default = self.authuser.username != User.DEFAULT_USER

        ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)

        # redirect if already logged in

        if self.authuser.is_authenticated and not_default and ip_allowed:

            raise HTTPFound(location=came_from)

        if request.POST:

            # import Login Form validator class

            login_form = LoginForm()

            try:

                c.form_result = login_form.to_python(dict(request.POST))

                # form checks for username/password, now we're authenticated

                username = c.form_result['username']

                user = User.get_by_username(username, case_insensitive=True)

            except formencode.Invalid as errors:

                defaults = errors.value

                # remove password from filling in form again

                del defaults['password']

                return htmlfill.render(

                    render('/login.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                # with user creation, explanation should be provided in

                # Exception itself

                h.flash(e, 'error')

            else:

                log_in_user(user, c.form_result['remember'],

                    is_external_auth=False)

                raise HTTPFound(location=came_from)

        return render('/login.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

                               'hg.register.manual_activate')

    def register(self):

        c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\

            .AuthUser.permissions['global']

        settings = Setting.get_app_settings()

        captcha_private_key = settings.get('captcha_private_key')

        c.captcha_active = bool(captcha_private_key)

        c.captcha_public_key = settings.get('captcha_public_key')

        if request.POST:

            register_form = RegisterForm()()

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('recaptcha_challenge_field'),

                                      request.POST.get('recaptcha_response_field'),

                                      private_key=captcha_private_key,

                                      remoteip=self.ip_addr)

                    if c.captcha_active and not response.is_valid:

                        _value = form_result

                        _msg = _('Bad captcha')

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

                UserModel().create_registration(form_result)

                h.flash(_('You have successfully registered into Kallithea'),

                        category='success')

                Session().commit()

                return redirect(url('login_home'))

            except formencode.Invalid as errors:

                return htmlfill.render(

                    render('/register.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                # with user creation, explanation should be provided in

                # Exception itself

                h.flash(e, 'error')

        return render('/register.html')

    def password_reset(self):

        else:

            log.info('Access for IP:%s forbidden, '

                     'not in %s' % (ip_addr, allowed_ips))

            return False

    def __repr__(self):

        return "<AuthUser('id:%s[%s] auth:%s')>"\

            % (self.user_id, self.username, self.is_authenticated)

    def set_authenticated(self, authenticated=True):

        if self.user_id != self.anonymous_user.user_id:

            self.is_authenticated = authenticated

    def to_cookie(self):

        """ Serializes this login session to a cookie `dict`. """

        return {

            'user_id': self.user_id,

            'is_authenticated': self.is_authenticated,

            'is_external_auth': self.is_external_auth,

        }

    @staticmethod

    def from_cookie(cookie):

        """

        Deserializes an `AuthUser` from a cookie `dict`.

        """

        au = AuthUser(

            user_id=cookie.get('user_id'),

            is_external_auth=cookie.get('is_external_auth', False),

        )

        if not au.is_authenticated and au.user_id is not None:

            # user is not authenticated and not empty

            au.set_authenticated(cookie.get('is_authenticated'))

        return au

    @classmethod

    def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):

        _set = set()

        if inherit_from_default:

            default_ips = UserIpMap.query().filter(UserIpMap.user ==

                                            User.get_default_user(cache=True))

            if cache:

                default_ips = default_ips.options(FromCache("sql_cache_short",

                                                  "get_user_ips_default"))

            # populate from default user

            for ip in default_ips:

                try:

                    _set.add(ip.ip_addr)

                except ObjectDeletedError:

                    # since we use heavy caching sometimes it happens that we get

                    # deleted objects here, we just skip them

                    pass

        user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)

        if cache:

            user_ips = user_ips.options(FromCache("sql_cache_short",

                                                  "get_user_ips_%s" % user_id))

        for ip in user_ips:

            try:

                _set.add(ip.ip_addr)

            except ObjectDeletedError:

                # since we use heavy caching sometimes it happens that we get

                # deleted objects here, we just skip them

                pass

        return _set or set(['0.0.0.0/0', '::/0'])

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't want to check each time from db for new

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    :param config: current pylons config instance

    """

    log.info('getting information about all available permissions')

    try:

        sa = meta.Session

        all_perms = sa.query(Permission).all()

        config['available_permissions'] = [x.permission_name for x in all_perms]

    finally:

        meta.Session.remove()

#==============================================================================

# CHECK DECORATORS

#==============================================================================

def redirect_to_login(message=None):

    from kallithea.lib import helpers as h

    if message:

        h.flash(h.literal(message), category='warning')

    log.debug('Redirecting to login page, origin: %s', p)

class LoginRequired(object):

    """

    Must be logged in to execute this function else

    redirect to login page

    :param api_access: if enabled this checks only for valid auth token

        and grants access based on valid token

    """

    def __init__(self, api_access=False):

        self.api_access = api_access

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        controller = fargs[0]

        user = controller.authuser

        loc = "%s:%s" % (controller.__class__.__name__, func.__name__)

        log.debug('Checking access for user %s @ %s', user, loc)

        if not AuthUser.check_ip_allowed(user, controller.ip_addr):

            return redirect_to_login(_('IP %s not allowed') % controller.ip_addr)

        # check if we used an API key and it's a valid one

        api_key = request.GET.get('api_key')

        if api_key is not None:

            # explicit controller is enabled or API is in our whitelist

            if self.api_access or allowed_api_access(loc, api_key=api_key):

                if api_key in user.api_keys:

                    log.info('user %s authenticated with API key ****%s @ %s',

                             user, api_key[-4:], loc)

                    return func(*fargs, **fkwargs)

                else:

                    log.warning('API key ****%s is NOT valid', api_key[-4:])

                    return redirect_to_login(_('Invalid API key'))

            else:

                # controller does not allow API access

                log.warning('API access to %s is not allowed', loc)

                return abort(403)

        # Only allow the following HTTP request methods. (We sometimes use POST

        # requests with a '_method' set to 'PUT' or 'DELETE'; but that is only

        # used for the route lookup, and does not affect request.method.)

        if request.method not in ['GET', 'HEAD', 'POST', 'PUT']:

            return abort(405)

        # CSRF protection: Whenever a request has ambient authority (whether

        # through a session cookie or its origin IP address), it must include

        # the correct token, unless the HTTP method is GET or HEAD (and thus

        # guaranteed to be side effect free. In practice, the only situation

        # where we allow side effects without ambient authority is when the

        # authority comes from an API key; and that is handled above.

        if request.method not in ['GET', 'HEAD']:

            token = request.POST.get(secure_form.token_key)

            if not token or token != secure_form.authentication_token():

                log.error('CSRF check failed')

                return abort(403)

        # WebOb already ignores request payload parameters for anything other

        # than POST/PUT, but double-check since other Kallithea code relies on

        # this assumption.

        if request.method not in ['POST', 'PUT'] and request.POST:

            log.error('%r request with payload parameters; WebOb should have stopped this', request.method)

            return abort(400)

        # regular user authentication

        if user.is_authenticated:

            log.info('user %s authenticated with regular auth @ %s', user, loc)

            return func(*fargs, **fkwargs)

        else:

            log.warning('user %s NOT authenticated with regular auth @ %s', user, loc)

            return redirect_to_login()

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        log.debug('Checking if user is not anonymous @%s', cls)

        anonymous = self.user.username == User.DEFAULT_USER

        if anonymous:

            return redirect_to_login(_('You need to be a registered user to '

                    'perform this action'))

        else:

            return func(*fargs, **fkwargs)

  </script>

  <!--- END CONTEXT BAR -->

</%def>

<%def name="menu(current=None)">

  <%

  def is_current(selected):

      if selected == current:

          return h.literal('class="current"')

  %>

  <ul id="quick" class="horizontal-list">

    <!-- repo switcher -->

    <li ${is_current('repositories')}>

      <input id="repo_switcher" name="repo_switcher" type="hidden">

    </li>

    ##ROOT MENU

    %if c.authuser.username != 'default':

      <li ${is_current('journal')}>

        <a class="menu_link" title="${_('Show recent activity')}"  href="${h.url('journal')}">

          <i class="icon-book"></i> ${_('Journal')}

        </a>

      </li>

    %else:

      <li ${is_current('journal')}>

        <a class="menu_link" title="${_('Public journal')}"  href="${h.url('public_journal')}">

          <i class="icon-book"></i> ${_('Public journal')}

        </a>

      </li>

    %endif

      <li ${is_current('gists')}>

        <a class="menu_link childs" title="${_('Show public gists')}"  href="${h.url('gists')}">

          <i class="icon-clippy"></i> ${_('Gists')}

        </a>

          <ul class="admin_menu">

            <li><a href="${h.url('new_gist', public=1)}"><i class="icon-paste"></i> ${_('Create New Gist')}</a></li>

            <li><a href="${h.url('gists')}"><i class="icon-globe"></i> ${_('All Public Gists')}</a></li>

            %if c.authuser.username != 'default':

              <li><a href="${h.url('gists', public=1)}"><i class="icon-user"></i> ${_('My Public Gists')}</a></li>

              <li><a href="${h.url('gists', private=1)}"><i class="icon-keyhole-circled"></i> ${_('My Private Gists')}</a></li>

            %endif

          </ul>

      </li>

    <li ${is_current('search')}>

        <a class="menu_link" title="${_('Search in repositories')}"  href="${h.url('search')}">

          <i class="icon-search"></i> ${_('Search')}

        </a>

    </li>

    % if h.HasPermissionAll('hg.admin')('access admin main page'):

      <li ${is_current('admin')}>

        <a class="menu_link childs" title="${_('Admin')}" href="${h.url('admin_home')}">

          <i class="icon-gear"></i> ${_('Admin')}

        </a>

        ${admin_menu()}

      </li>

    % elif c.authuser.repositories_admin or c.authuser.repository_groups_admin or c.authuser.user_groups_admin:

    <li ${is_current('admin')}>

        <a class="menu_link childs" title="${_('Admin')}">

          <i class="icon-gear"></i> ${_('Admin')}

        </a>

        ${admin_menu_simple(c.authuser.repositories_admin,

                            c.authuser.repository_groups_admin,

                            c.authuser.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')())}

    </li>

    % endif

    <li ${is_current('my_pullrequests')}>

      <a class="menu_link" title="${_('My Pull Requests')}" href="${h.url('my_pullrequests')}">

        <i class="icon-git-pull-request"></i> ${_('My Pull Requests')}

        %if c.my_pr_count != 0:

          <span class="menu_link_notifications">${c.my_pr_count}</span>

        %endif

      </a>

    </li>

    ## USER MENU

    <li>

      <a class="menu_link childs" id="quick_login_link">

          <span class="icon">

            ${h.gravatar(c.authuser.email, size=20)}

          </span>

          %if c.authuser.username != 'default':

            <span class="menu_link_user">${c.authuser.username}</span>

            %if c.unread_notifications != 0:

              <span class="menu_link_notifications">${c.unread_notifications}</span>

            %endif

          %else:

              <span>${_('Not Logged In')}</span>

          %endif

      </a>

      <div class="user-menu">

        <div id="quick_login">

          %if c.authuser.username == 'default' or c.authuser.user_id is None:

            <h4>${_('Login to Your Account')}</h4>

            <div class="form">

                <div class="fields">

                    <div class="field">

                        <div class="label">

                            <label for="username">${_('Username')}:</label>

                        </div>

                        <div class="input">

                            ${h.text('username',class_='focus')}

                        </div>

                    </div>

                    <div class="field">

                        <div class="label">

                            <label for="password">${_('Password')}:</label>

                        </div>

                        <div class="input">

                            ${h.password('password',class_='focus')}

                        </div>

                    </div>

                    <div class="buttons">

                        <div class="password_forgoten">${h.link_to(_('Forgot password ?'),h.url('reset_password'))}</div>

                        <div class="register">

                        %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():

                         ${h.link_to(_("Don't have an account ?"),h.url('register'))}

                        %endif

                        </div>

                        <div class="submit">

                            ${h.submit('sign_in',_('Log In'),class_="btn btn-mini")}

                        </div>

                    </div>

                </div>

            </div>

            ${h.end_form()}

          %else:

            <div class="links_left">

                <div class="big_gravatar">

                  ${h.gravatar(c.authuser.email, size=48)}

                </div>

                <div class="full_name">${c.authuser.full_name_or_username}</div>

                <div class="email">${c.authuser.email}</div>

            </div>

            <div class="links_right">

            <ol class="links">

              <li><a href="${h.url('notifications')}">${_('Notifications')}: ${c.unread_notifications}</a></li>

              <li>${h.link_to(_('My Account'),h.url('my_account'))}</li>

              %if not c.authuser.is_external_auth:

                ## Cannot log out if using external (container) authentication.

                <li class="logout">${h.link_to(_('Log Out'), h.url('logout_home'))}</li>

              %endif

            </ol>

            </div>

          %endif

        </div>

      </div>

    </li>

    <script type="text/javascript">

        var visual_show_public_icon = "${c.visual.show_public_icon}" == "True";

        var cache = {}

        /*format the look of items in the list*/

        var format = function(state){

            if (!state.id){

              return state.text; // optgroup

            }

            var obj_dict = state.obj;

            var tmpl = '';

            if(obj_dict && state.type == 'repo'){

                tmpl += '<span class="repo-icons">';

                if(obj_dict['repo_type'] === 'hg'){

                    tmpl += '<span class="repotag">hg</span> ';

                }

                else if(obj_dict['repo_type'] === 'git'){

                    tmpl += '<span class="repotag">git</span> ';

                }

                if(obj_dict['private']){

                    tmpl += '<i class="icon-keyhole-circled"></i> ';

                }

                else if(visual_show_public_icon){

                    tmpl += '<i class="icon-globe"></i> ';

                }

                tmpl += '</span>';

            }

            if(obj_dict && state.type == 'group'){

                    tmpl += '<i class="icon-folder"></i> ';

            }

            tmpl += state.text;

            return tmpl;

        }

        $("#repo_switcher").select2({

            placeholder: '<i class="icon-database"></i> ${_('Repositories')}',

            dropdownAutoWidth: true,

            formatResult: format,

            formatSelection: format,

## -*- coding: utf-8 -*-

## usage:

## <%namespace name="comment" file="/changeset/changeset_file_comment.html"/>

## ${comment.comment_block(co)}

##

<%def name="comment_block(co)">

  <div class="comment" id="comment-${co.comment_id}" line="${co.line_no}">

    <div class="comment-prev-next-links"></div>

    <div class="comment-wrapp">

      <div class="meta">

          <div style="float:left">

               ${h.gravatar(co.author.email, size=20)}

          </div>

          <div class="user">

              ${co.author.full_name_and_username}

          </div>

          <span>

              ${h.age(co.modified_at)}

              %if co.pull_request:

                ${_('on pull request')}

                <a href="${co.pull_request.url()}">"${co.pull_request.title or _("No title")}"</a>

              %else:

                ${_('on this changeset')}

              %endif

              <a class="permalink" href="${co.url()}">&para;</a>

          </span>

          %if h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or co.author.user_id == c.authuser.user_id:

            <div onClick="confirm('${_("Delete comment?")}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-mini">${_('Delete')}</div>

          %endif

      </div>

      <div class="text">

        %if co.status_change:

           <div class="rst-block automatic-comment">

             <p>

               <span title="${_('Changeset status')}" class="changeset-status-lbl">${_("Status change")}: ${co.status_change[0].status_lbl}</span>

               <span class="changeset-status-ico"><i class="icon-circle changeset-status-${co.status_change[0].status}"></i></span>

             </p>

           </div>

        %endif

        %if co.text:

          ${h.rst_w_mentions(co.text)|n}

        %endif

      </div>

    </div>

  </div>

</%def>

## expanded with .format(f_path, line_no)

## TODO: don't assume line_no is globally unique ...

<%def name="comment_inline_form()">

<div id='comment-inline-form-template' style="display:none">

  <div class="ac">

  %if c.authuser.username != 'default':

    ${h.form('#', class_='inline-form')}

      <div id="edit-container_{1}" class="clearfix">

        <div class="comment-help">${_('Commenting on line {1}.')}

          ${(_('Comments parsed using %s syntax with %s support.') % (

                 ('<a href="%s">RST</a>' % h.url('rst_help')),

                   ('<span style="color:#577632" class="tooltip" title="%s">@mention</span>' % _('Use @username inside this text to notify another user'))

               )

            )|n

           }

        </div>

        <div class="mentions-container" id="mentions_container_{1}"></div>

        <textarea id="text_{1}" name="text" class="comment-block-ta yui-ac-input"></textarea>

      </div>

      <div id="preview-container_{1}" class="clearfix" style="display:none">

        <div class="comment-help">

            ${_('Comment preview')}

        </div>

        <div id="preview-box_{1}" class="preview-box"></div>

      </div>

      <div class="comment-button">

        <div class="submitting-overlay">${_('Submitting ...')}</div>

        <input type="hidden" name="f_path" value="{0}">

        <input type="hidden" name="line" value="{1}">

        ${h.submit('save', _('Comment'), class_='btn btn-small save-inline-form')}

        ${h.reset('hide-inline-form', _('Cancel'), class_='btn btn-small hide-inline-form')}

        <div id="preview-btn_{1}" class="preview-btn btn btn-small">${_('Preview')}</div>

        <div id="edit-btn_{1}" class="edit-btn btn btn-small" style="display:none">${_('Edit')}</div>

      </div>

    ${h.end_form()}

  %else:

      ${h.form('')}

      <div class="clearfix">

          <div class="comment-help">

          </div>

      </div>

      <div class="comment-button">

      ${h.reset('hide-inline-form', _('Hide'), class_='btn btn-small hide-inline-form')}

      </div>

      ${h.end_form()}

  %endif

  </div>

</div>

</%def>

## show comment count as "x comments (y inline, z general)"

<%def name="comment_count(inline_cnt, general_cnt)">

    ${'%s (%s, %s)' % (

        ungettext("%d comment", "%d comments", inline_cnt + general_cnt) % (inline_cnt + general_cnt),

        ungettext("%d inline", "%d inline", inline_cnt) % inline_cnt,

        ungettext("%d general", "%d general", general_cnt) % general_cnt

    )}

    <span class="firstlink"></span>

</%def>

## generate inline comments and the main ones

<%def name="generate_comments()">

<div class="comments">

  %for f_path, lines in c.inline_comments:

    %for line_no, comments in lines.iteritems():

      <div class="comments-list-chunk" data-f_path="${f_path}" data-line_no="${line_no}" data-target-id="${h.safeid(h.safe_unicode(f_path))}_${line_no}">

        %for co in comments:

            ${comment_block(co)}

        %endfor

      </div>

    %endfor

  %endfor

  <div class="comments-number">

    ${comment_count(c.inline_cnt, len(c.comments))}

  </div>

      <div class="comments-list-general">

        %for co in c.comments:

            ${comment_block(co)}

        %endfor

      </div>

</div>

</%def>

## MAIN COMMENT FORM

<%def name="comments(post_url, cur_status, is_pr=False, change_status=True)">

<div class="comments">

    %if c.authuser.username != 'default':

    <div class="comment-form ac">

      ${h.form(post_url, id="main_form")}

        <div id="edit-container" class="clearfix">

            <div class="comment-help">

                ${(_('Comments parsed using %s syntax with %s support.') % (('<a href="%s">RST</a>' % h.url('rst_help')),

                  '<span style="color:#577632" class="tooltip" title="%s">@mention</span>' %

                  _('Use @username inside this text to notify another user.')))|n}

            </div>

            <div class="mentions-container" id="mentions_container"></div>

            ${h.textarea('text', class_="comment-block-ta")}

            %if change_status:

              <div id="status_block_container" class="status-block">

                %if is_pr:

                  ${_('Vote for pull request status')}:

                %else:

                  ${_('Set changeset status')}:

                %endif

                <input type="radio" class="status_change_radio" name="changeset_status" id="changeset_status_unchanged" value="" checked="checked" />

                <label for="changeset_status_unchanged">

                  ${_('No change')}

                </label>

                %for status,lbl in c.changeset_statuses:

                    <span>

                        <input type="radio" class="status_change_radio" name="changeset_status" id="${status}" value="${status}">

                        <label for="${status}"><i class="icon-circle changeset-status-${status}" /></i>${lbl}</label>

                    </span>

                %endfor

                %if is_pr and ( \

                    h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) \

                    or c.pull_request.owner.user_id == c.authuser.user_id):

                  <input id="save_close" type="checkbox" name="save_close">

                  <label id="save_close_label" for="save_close">${_("Close")}</label>

                %endif

              </div>

            %endif

        </div>

        <div id="preview-container" class="clearfix" style="display:none">

            <div class="comment-help">

                ${_('Comment preview')}

            </div>

            <div id="preview-box" class="preview-box"></div>

## -*- coding: utf-8 -*-

<%inherit file="base/root.html"/>

<%block name="title">

    ${_('Log In')}

</%block>

<div id="login" class="panel panel-default">

    <%include file="/base/flash_msg.html"/>

    <!-- login -->

    <div class="panel-heading title withlogo">

        %if c.site_name:

            <h5>${_('Log In to %s') % c.site_name}</h5>

        %else:

            <h5>${_('Log In')}</h5>

        %endif

    </div>

    <div class="panel-body inner">

        <div class="form">

            <i class="icon-lock"></i>

            <!-- fields -->

            <div class="form-horizontal">

                <div class="form-group">

                    <label class="control-label col-sm-5" for="username">${_('Username')}:</label>

                    <div class="input col-sm-7">

                        ${h.text('username',class_='form-control focus large')}

                    </div>

                </div>

                <div class="form-group">

                    <label class="control-label col-sm-5" for="password">${_('Password')}:</label>

                    <div class="input col-sm-7">

                        ${h.password('password',class_='form-control focus large')}

                    </div>

                </div>

                <div class="form-group">

                    <div class="col-sm-offset-5 col-sm-7">

                        <div class="checkbox">

                            <label for="remember">

                                <input type="checkbox" id="remember" name="remember"/>

                                ${_('Remember me')}

                            </label>

                        </div>

                    </div>

                </div>

            </div>

            <!-- end fields -->

            <!-- links -->

            <div class="links">

                ${h.link_to(_('Forgot your password ?'),h.url('reset_password'))}

                %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():

                  /

                 ${h.link_to(_("Don't have an account ?"),h.url('register'))}

                %endif

                <span class="buttons">

                    ${h.submit('sign_in',_('Sign In'),class_="btn btn-default")}

                </span>

            </div>

            <!-- end links -->

        </div>

        ${h.end_form()}

        <script type="text/javascript">

        $(document).ready(function(){

            $('#username').focus();

        });

        </script>

    </div>

    <!-- end login -->

</div>

# -*- coding: utf-8 -*-

import re

import time

import mock

from kallithea.tests import *

from kallithea.tests.fixture import Fixture

from kallithea.lib.utils2 import generate_api_key

from kallithea.lib.auth import check_password

from kallithea.lib import helpers as h

from kallithea.model.api_key import ApiKeyModel

from kallithea.model import validators

from kallithea.model.db import User, Notification

from kallithea.model.meta import Session

from kallithea.model.user import UserModel

fixture = Fixture()

class TestLoginController(TestController):

    def setUp(self):

        self.remove_all_notifications()

        self.assertEqual(Notification.query().all(), [])

    def test_index(self):

        response = self.app.get(url(controller='login', action='index'))