return user_data

class KallitheaExternalAuthPlugin(KallitheaAuthPluginBase):

    def use_fake_password(self):

        """

        Return a boolean that indicates whether or not we should set the user's

        password to a random value when it is authenticated by this plugin.

        If your plugin provides authentication, then you will generally want this.

        :returns: boolean

        """

        raise NotImplementedError("Not implemented in base class")

    def _authenticate(self, userobj, username, passwd, settings, **kwargs):

        user_data = super(KallitheaExternalAuthPlugin, self)._authenticate(

            userobj, username, passwd, settings, **kwargs)

        if user_data is not None:

            # maybe plugin will clean the username ?

            # we should use the return value

            username = user_data['username']

            # if user is not active from our extern type we should fail to auth

            # this can prevent from creating users in Kallithea when using

            # external authentication, but if it's inactive user we shouldn't

            # create that user anyway

            if user_data['active_from_extern'] is False:

                log.warning("User %s authenticated against %s, but is inactive",

                            username, self.__module__)

                return None

            if self.use_fake_password():

                # Randomize the PW because we don't need it, but don't want

                # them blank either

                passwd = PasswordGenerator().gen_password(length=8)

            log.debug('Updating or creating user info from %s plugin',

                      self.name)

            user = UserModel().create_or_update(

                username=username,

                password=passwd,

                email=user_data["email"],

                firstname=user_data["firstname"],

                lastname=user_data["lastname"],

                active=user_data["active"],

                admin=user_data["admin"],

                extern_name=user_data["extern_name"],

                extern_type=self.name

            )

            # enforce user is just in given groups, all of them has to be ones

            # created from plugins. We store this info in _group_data JSON field

            groups = user_data['groups'] or []

            UserGroupModel().enforce_groups(user, groups, self.name)

            Session().commit()

        return user_data

def importplugin(plugin):

    """

    Imports and returns the authentication plugin in the module named by plugin

    (e.g., plugin='kallithea.lib.auth_modules.auth_internal'). Returns the

    KallitheaAuthPluginBase subclass on success, raises exceptions on failure.

    raises:

        AttributeError -- no KallitheaAuthPlugin class in the module

        TypeError -- if the KallitheaAuthPlugin is not a subclass of ours KallitheaAuthPluginBase

        ImportError -- if we couldn't import the plugin at all

    """

    log.debug("Importing %s", plugin)

    if not plugin.startswith(u'kallithea.lib.auth_modules.auth_'):

        parts = plugin.split(u'.lib.auth_modules.auth_', 1)

        if len(parts) == 2:

            _module, pn = parts

            plugin = u'kallithea.lib.auth_modules.auth_' + pn

    PLUGIN_CLASS_NAME = "KallitheaAuthPlugin"

    try:

        module = importlib.import_module(plugin)

    except (ImportError, TypeError):

        log.error(traceback.format_exc())

        # TODO: make this more error prone, if by some accident we screw up

        # the plugin name, the crash is pretty bad and hard to recover

        raise

    log.debug("Loaded auth plugin from %s (module:%s, file:%s)",

              plugin, module.__name__, module.__file__)

    pluginclass = getattr(module, PLUGIN_CLASS_NAME)

    if not issubclass(pluginclass, KallitheaAuthPluginBase):

        raise TypeError("Authentication class %s.KallitheaAuthPlugin is not "

                        "a subclass of %s" % (plugin, KallitheaAuthPluginBase))

    return pluginclass

def loadplugin(plugin):

    """

    Loads and returns an instantiated authentication plugin.

            'gist_db_id': gist_id,

            'gist_access_id': gist_access_id,

            'gist_owner_id': user_id,

            'gist_type': gist_type,

            'gist_expires': gist_expires,

            'gist_updated': time.time(),

        }

        with open(os.path.join(repo.path, '.hg', GIST_METADATA_FILE), 'wb') as f:

            f.write(json.dumps(metadata))

    def get_gist(self, gist):

        return self._get_gist(gist)

    def get_gist_files(self, gist_access_id, revision=None):

        """

        Get files for given gist

        :param gist_access_id:

        """

        repo = Gist.get_by_access_id(gist_access_id)

        cs = repo.scm_instance.get_changeset(revision)

        return cs, [n for n in cs.get_node('/')]

    def create(self, description, owner, gist_mapping,

               gist_type=Gist.GIST_PUBLIC, lifetime=-1):

        """

        :param description: description of the gist

        :param owner: user who created this gist

        :param gist_mapping: mapping {filename:{'content':content},...}

        :param gist_type: type of gist private/public

        :param lifetime: in minutes, -1 == forever

        """

        owner = self._get_user(owner)

        gist_id = safe_unicode(unique_id(20))

        lifetime = safe_int(lifetime, -1)

        gist_expires = time.time() + (lifetime * 60) if lifetime != -1 else -1

        log.debug('set GIST expiration date to: %s',

                  time_to_datetime(gist_expires)

                   if gist_expires != -1 else 'forever')

        #create the Database version

        gist = Gist()

        gist.gist_description = description

        gist.gist_access_id = gist_id

        gist.gist_owner = owner.user_id

        gist.gist_expires = gist_expires

        gist.gist_type = safe_unicode(gist_type)

        self.sa.add(gist)

        if gist_type == Gist.GIST_PUBLIC:

            # use DB ID for easy to use GIST ID

            gist_id = safe_unicode(gist.gist_id)

            gist.gist_access_id = gist_id

            self.sa.add(gist)

        gist_repo_path = os.path.join(GIST_STORE_LOC, gist_id)

        log.debug('Creating new %s GIST repo in %s', gist_type, gist_repo_path)

        repo = RepoModel()._create_filesystem_repo(

            repo_name=gist_id, repo_type='hg', repo_group=GIST_STORE_LOC)

        processed_mapping = {}

        for filename in gist_mapping:

            if filename != os.path.basename(filename):

                raise Exception('Filename cannot be inside a directory')

            content = gist_mapping[filename]['content']

            #TODO: expand support for setting explicit lexers

#             if lexer is None:

#                 try:

#                     guess_lexer = pygments.lexers.guess_lexer_for_filename

#                     lexer = guess_lexer(filename,content)

#                 except pygments.util.ClassNotFound:

#                     lexer = 'text'

            processed_mapping[filename] = {'content': content}

        # now create single multifile commit

        message = 'added file'

        message += 's: ' if len(processed_mapping) > 1 else ': '

        message += ', '.join([x for x in processed_mapping])

        #fake Kallithea Repository object

        fake_repo = AttributeDict(dict(

            repo_name=gist_repo_path,

            scm_instance_no_cache=lambda: repo,

        ))

        ScmModel().create_nodes(

            user=owner.user_id, repo=fake_repo,

            message=message,

            nodes=processed_mapping,

            trigger_push_hook=False

        )

        self._store_metadata(repo, gist.gist_id, gist.gist_access_id,

                             owner.user_id, gist.gist_type, gist.gist_expires)

        return gist

    def delete(self, gist, fs_remove=True):

        gist = self._get_gist(gist)

        try:

            self.sa.delete(gist)

            if fs_remove:

                self.__delete_gist(gist)

            else:

                log.debug('skipping removal from filesystem')

        except Exception:

            log.error(traceback.format_exc())

            raise

    def update(self, gist, description, owner, gist_mapping, gist_type,

               lifetime):

        gist = self._get_gist(gist)

        gist_repo = gist.scm_instance

        lifetime = safe_int(lifetime, -1)

        if lifetime == 0:  # preserve old value

            gist_expires = gist.gist_expires

        else:

            gist_expires = time.time() + (lifetime * 60) if lifetime != -1 else -1

        #calculate operation type based on given data

        gist_mapping_op = {}

        for k, v in gist_mapping.items():

            # add, mod, del

            if not v['org_filename'] and v['filename']:

                op = 'add'

            elif v['org_filename'] and not v['filename']:

                op = 'del'

            else:

                op = 'mod'

            v['op'] = op

            gist_mapping_op[k] = v

        gist.gist_description = description

        gist.gist_expires = gist_expires

        gist.owner = owner

        gist.gist_type = gist_type

        message = 'updated file'

        message += 's: ' if len(gist_mapping) > 1 else ': '

        message += ', '.join([x for x in gist_mapping])

        #fake Kallithea Repository object

        fake_repo = AttributeDict(dict(

            repo_name=gist_repo.path,

            scm_instance_no_cache=lambda: gist_repo,

        ))

        self._store_metadata(gist_repo, gist.gist_id, gist.gist_access_id,

                             owner.user_id, gist.gist_type, gist.gist_expires)

        ScmModel().update_nodes(

            user=owner.user_id,

            repo=fake_repo,

            message=message,

            nodes=gist_mapping_op,

            trigger_push_hook=False

        )

        return gist

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class UserModel(BaseModel):

    password_reset_token_lifetime = 86400 # 24 hours

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return self._get_user(user)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.hooks import log_create_user, \

            check_allowed_create_user

        _fd = form_data

        user_data = {

            'username': _fd['username'],

            'password': _fd['password'],

            'email': _fd['email'],

            'firstname': _fd['firstname'],

            'lastname': _fd['lastname'],

            'active': _fd['active'],

            'admin': False

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        from kallithea.lib.auth import get_crypt_password

        new_user = User()

        for k, v in form_data.items():

            if k == 'password':

                v = get_crypt_password(v)

            if k == 'firstname':

                k = 'name'

            setattr(new_user, k, v)

        new_user.api_key = generate_api_key()

        log_create_user(new_user.get_dict(), cur_user)

        return new_user

    def create_or_update(self, username, password, email, firstname=u'',

                         lastname=u'', active=True, admin=False,

                         extern_type=None, extern_name=None, cur_user=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param extern_name:

        :param extern_type:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.auth import get_crypt_password, check_password

        from kallithea.lib.hooks import log_create_user, \

            check_allowed_create_user

        user_data = {

            'username': username, 'password': password,

            'email': email, 'firstname': firstname, 'lastname': lastname,

            'active': active, 'admin': admin

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in Kallithea database', username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s', username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s', username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.email = email

            new_user.active = active

            new_user.extern_name = safe_str(extern_name) \

                if extern_name else None

            new_user.extern_type = safe_str(extern_type) \

                if extern_type else None

            new_user.name = firstname

            new_user.lastname = lastname

            if not edit:

                new_user.api_key = generate_api_key()

            # set password only if creating an user or password is changed

            password_change = new_user.password and \

                not check_password(password, new_user.password)

            if not edit or password_change:

                reason = 'new password' if edit else 'new user'

                log.debug('Updating password reason=>%s', reason)

                new_user.password = get_crypt_password(password) \

                    if password else ''

            if not edit:

                log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_registration(self, form_data):

        from kallithea.model.notification import NotificationModel

        import kallithea.lib.helpers as h

        form_data['admin'] = False

        form_data['extern_type'] = User.DEFAULT_AUTH_TYPE

        form_data['extern_name'] = ''

        new_user = self.create(form_data)

        # notification to admins

        subject = _('New user registration')

        body = (

            u'New user registration\n'

            '---------------------\n'

            '- Username: {user.username}\n'

            '- Full Name: {user.full_name}\n'

            '- Email: {user.email}\n'

            ).format(user=new_user)

        edit_url = h.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {

            'registered_user_url': edit_url,

            'new_username': new_user.username,

            'new_email': new_user.email,

            'new_full_name': new_user.full_name}

        NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=Notification.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=None):

        from kallithea.lib.auth import get_crypt_password

        skip_attrs = skip_attrs or []

        user = self.get(user_id, cache=False)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                            _("You can't edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

        self.sa.add(user)

    def update_user(self, user, **kwargs):

        from kallithea.lib.auth import get_crypt_password

        user = self._get_user(user)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                self.grant_user_permission(

                    user_group=user_group, user=member, perm=perm

                )

            else:

                #check if we have permissions to alter this usergroup

                if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',

                                             'usergroup.admin')(member):

                    self.grant_user_group_permission(

                        target_user_group=user_group, user_group=member, perm=perm

                    )

    def get(self, user_group_id, cache=False):

        return UserGroup.get(user_group_id)

    def get_group(self, user_group):

        return self._get_user_group(user_group)

    def get_by_name(self, name, cache=False, case_insensitive=False):

        return UserGroup.get_by_group_name(name, cache, case_insensitive)

    def create(self, name, description, owner, active=True, group_data=None):

        try:

            new_user_group = UserGroup()

            new_user_group.owner = self._get_user(owner)

            new_user_group.users_group_name = name

            new_user_group.user_group_description = description

            new_user_group.users_group_active = active

            if group_data:

                new_user_group.group_data = group_data

            self.sa.add(new_user_group)

            perm_obj = self._create_default_perms(new_user_group)

            self.sa.add(perm_obj)

            self.grant_user_permission(user_group=new_user_group,

                                       user=owner, perm='usergroup.admin')

            return new_user_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def update(self, user_group, form_data):

        try:

            user_group = self._get_user_group(user_group)

            for k, v in form_data.items():

                if k == 'users_group_members':

                    members_list = []

                    if v:

                        v = [v] if isinstance(v, basestring) else v

                        for u_id in set(v):

                            member = UserGroupMember(user_group.users_group_id, u_id)

                            members_list.append(member)

                setattr(user_group, k, v)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, user_group, force=False):

        """

        Deletes user group, unless force flag is used

        raises exception if there are members in that group, else deletes

        group and users

        :param user_group:

        :param force:

        """

        user_group = self._get_user_group(user_group)

        try:

            # check if this group is not assigned to repo

            assigned_groups = UserGroupRepoToPerm.query() \

                .filter(UserGroupRepoToPerm.users_group == user_group).all()

            assigned_groups = [x.repository.repo_name for x in assigned_groups]

            if assigned_groups and not force:

                raise UserGroupsAssignedException(

                    'User Group assigned to %s' % ", ".join(assigned_groups))

            self.sa.delete(user_group)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def add_user_to_group(self, user_group, user):

        user_group = self._get_user_group(user_group)

        user = self._get_user(user)

        for m in user_group.members:

            u = m.user

            if u.user_id == user.user_id:

                # user already in the group, skip

                return True

        try:

            user_group_member = UserGroupMember()

            user_group_member.user = user

            user_group_member.users_group = user_group

            user_group.members.append(user_group_member)

            user.group_member.append(user_group_member)

            self.sa.add(user_group_member)

            return user_group_member

from kallithea.model.meta import Session

from kallithea.model.db import Setting

name = 'spam-setting-name'

def test_passing_list_setting_value_results_in_string_valued_setting():

    assert Setting.get_by_name(name) is None

    setting = Setting.create_or_update(name, ['spam', 'eggs'])

    try:

        assert Setting.get_by_name(name) is not None

        # Quirk: list value is stringified.

        assert Setting.get_by_name(name).app_settings_value \

               == "['spam', 'eggs']"

        assert Setting.get_by_name(name).app_settings_type == 'unicode'

    finally:

        Session().delete(setting)

def test_list_valued_setting_creation_requires_manual_value_formatting():

    assert Setting.get_by_name(name) is None

    # Quirk: need manual formatting of list setting value.

    setting = Setting.create_or_update(name, 'spam,eggs', type='list')

    try:

        assert setting.app_settings_value == ['spam', 'eggs']

    finally:

        Session().delete(setting)

def test_list_valued_setting_update():

    assert Setting.get_by_name(name) is None

    setting = Setting.create_or_update(name, 'spam', type='list')

    try:

        assert setting.app_settings_value == [u'spam']

        # Assign back setting value.

        setting.app_settings_value = setting.app_settings_value

        # Quirk: value is stringified on write and listified on read.

        assert setting.app_settings_value == ["[u'spam']"]

        setting.app_settings_value = setting.app_settings_value

        assert setting.app_settings_value == ["[u\"[u'spam']\"]"]

    finally:

        Session().delete(setting)