""" this is forms validation classes

http://formencode.org/module-formencode.validators.html

for list off all availible validators

we can create our own validators

The table below outlines the options which can be used in a schema in addition to the validators themselves

pre_validators          []     These validators will be applied before the schema

chained_validators      []     These validators will be applied after the schema

allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present

filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed

if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.

ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already    

<name> = formencode.validators.<name of validator>

<name> must equal form name

list=[1,2,3,4,5]

for SELECT use formencode.All(OneOf(list), Int())

"""

from formencode import All

from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \

    Email, Bool, StringBoolean

from pylons import session

from pylons.i18n.translation import _

from rhodecode.lib.auth import authfunc, get_crypt_password

from rhodecode.lib.exceptions import LdapImportError

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import User

from webhelpers.pylonslib.secure_form import authentication_token

from rhodecode import BACKENDS

import formencode

import logging

import os

import re

import rhodecode.lib.helpers as h

log = logging.getLogger(__name__)

#this is needed to translate the messages using _() in validators

class State_obj(object):

    _ = staticmethod(_)

#===============================================================================

# VALIDATORS

#===============================================================================

class ValidAuthToken(formencode.validators.FancyValidator):

    messages = {'invalid_token':_('Token mismatch')}

    def validate_python(self, value, state):

        if value != authentication_token():

            raise formencode.Invalid(self.message('invalid_token', state,

                                            search_number=value), value, state)

def ValidUsername(edit, old_data):

    class _ValidUsername(formencode.validators.FancyValidator):

        def validate_python(self, value, state):

            if value in ['default', 'new_user']:

                raise formencode.Invalid(_('Invalid username'), value, state)

            #check if user is unique

            old_un = None

            if edit:

                old_un = UserModel().get(old_data.get('user_id')).username

            if old_un != value or not edit:

                if UserModel().get_by_username(value, cache=False,

                                               case_insensitive=True):

                    raise formencode.Invalid(_('This username already exists') ,

                                             value, state)

                raise formencode.Invalid(_('Username may only contain '

                                      value, state)

    return _ValidUsername

class ValidPassword(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        if value:

            if value.get('password'):

                try:

                    value['password'] = get_crypt_password(value['password'])

                except UnicodeEncodeError:

                    e_dict = {'password':_('Invalid characters in password')}

                    raise formencode.Invalid('', value, state, error_dict=e_dict)

            if value.get('password_confirmation'):

                try:

                    value['password_confirmation'] = \

                        get_crypt_password(value['password_confirmation'])

                except UnicodeEncodeError:

                    e_dict = {'password_confirmation':_('Invalid characters in password')}

                    raise formencode.Invalid('', value, state, error_dict=e_dict)

            if value.get('new_password'):

                try:

                    value['new_password'] = \

                        get_crypt_password(value['new_password'])

                except UnicodeEncodeError:

                    e_dict = {'new_password':_('Invalid characters in password')}

                    raise formencode.Invalid('', value, state, error_dict=e_dict)

            return value

class ValidPasswordsMatch(formencode.validators.FancyValidator):

    def validate_python(self, value, state):

        if value['password'] != value['password_confirmation']:

            e_dict = {'password_confirmation':

                   _('Password do not match')}

            raise formencode.Invalid('', value, state, error_dict=e_dict)

class ValidAuth(formencode.validators.FancyValidator):

    messages = {

            'invalid_password':_('invalid password'),

            'invalid_login':_('invalid user name'),

            'disabled_account':_('Your account is disabled')

            }

    #error mapping

    e_dict = {'username':messages['invalid_login'],

              'password':messages['invalid_password']}

    e_dict_disable = {'username':messages['disabled_account']}

    def validate_python(self, value, state):

        password = value['password']

        username = value['username']

        user = UserModel().get_by_username(username)

        if authfunc(None, username, password):

            return value

        else:

            if user and user.active is False:

                log.warning('user %s is disabled', username)

                raise formencode.Invalid(self.message('disabled_account',

                                         state=State_obj),

                                         value, state,

                                         error_dict=self.e_dict_disable)

            else:

                log.warning('user %s not authenticated', username)

                raise formencode.Invalid(self.message('invalid_password',

                                         state=State_obj), value, state,

                                         error_dict=self.e_dict)

class ValidRepoUser(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        sa = meta.Session()

        try:

            self.user_db = sa.query(User)\

                .filter(User.active == True)\

                .filter(User.username == value).one()

        except Exception:

            raise formencode.Invalid(_('This username is not valid'),

                                     value, state)

        finally:

            meta.Session.remove()

        return self.user_db.user_id

def ValidRepoName(edit, old_data):

    class _ValidRepoName(formencode.validators.FancyValidator):

        def to_python(self, value, state):

            slug = h.repo_name_slug(value)

            if slug in ['_admin']:

                raise formencode.Invalid(_('This repository name is disallowed'),

                                         value, state)

            if old_data.get('repo_name') != value or not edit:

                if RepoModel().get_by_repo_name(slug, cache=False):

                    raise formencode.Invalid(_('This repository already exists') ,

                                             value, state)

            return slug

    return _ValidRepoName

def ValidForkType(old_data):

    class _ValidForkType(formencode.validators.FancyValidator):

        def to_python(self, value, state):

            if old_data['repo_type'] != value:

                raise formencode.Invalid(_('Fork have to be the same type as original'),

                                         value, state)

            return value

    return _ValidForkType

class ValidPerms(formencode.validators.FancyValidator):

    messages = {'perm_new_user_name':_('This username is not valid')}

    def to_python(self, value, state):

        perms_update = []

        perms_new = []

        #build a list of permission to update and new permission to create

        for k, v in value.items():

            if k.startswith('perm_'):

                if  k.startswith('perm_new_user'):

                    new_perm = value.get('perm_new_user', False)

                    new_user = value.get('perm_new_user_name', False)

                    if new_user and new_perm:

                        if (new_user, new_perm) not in perms_new:

                            perms_new.append((new_user, new_perm))

                else:

                    usr = k[5:]

                    if usr == 'default':

                        if value['private']:

                            #set none for default when updating to private repo

                            v = 'repository.none'

                    perms_update.append((usr, v))

        value['perms_updates'] = perms_update

        value['perms_new'] = perms_new

        sa = meta.Session

        for k, v in perms_new:

            try:

                self.user_db = sa.query(User)\

                    .filter(User.active == True)\

                    .filter(User.username == k).one()

            except Exception:

                msg = self.message('perm_new_user_name',

                                     state=State_obj)

                raise formencode.Invalid(msg, value, state,

                                         error_dict={'perm_new_user_name':msg})

        return value

class ValidSettings(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        #settings  form can't edit user

        if value.has_key('user'):

            del['value']['user']

        return value

class ValidPath(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        if not os.path.isdir(value):

            msg = _('This is not a valid path')

            raise formencode.Invalid(msg, value, state,

                                     error_dict={'paths_root_path':msg})

        return value

def UniqSystemEmail(old_data):

    class _UniqSystemEmail(formencode.validators.FancyValidator):

        def to_python(self, value, state):

            value = value.lower()

            if old_data.get('email') != value:

                sa = meta.Session()

                try:

                    user = sa.query(User).filter(User.email == value).scalar()

                    if user:

                        raise formencode.Invalid(_("That e-mail address is already taken") ,

                                                 value, state)

                finally:

                    meta.Session.remove()

            return value

    return _UniqSystemEmail

class ValidSystemEmail(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        value = value.lower()

        sa = meta.Session

        try:

            user = sa.query(User).filter(User.email == value).scalar()

            if  user is None:

                raise formencode.Invalid(_("That e-mail address doesn't exist.") ,

                                         value, state)

        finally:

            meta.Session.remove()

        return value

class LdapLibValidator(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        try:

            import ldap

        except ImportError:

            raise LdapImportError

        return value

#===============================================================================

# FORMS        

#===============================================================================

class LoginForm(formencode.Schema):

    allow_extra_fields = True

    filter_extra_fields = True

    username = UnicodeString(

                             strip=True,

                             min=1,

                             not_empty=True,

                             messages={

                                       'empty':_('Please enter a login'),

                                       'tooShort':_('Enter a value %(min)i characters long or more')}

                            )

    password = UnicodeString(

                            strip=True,

                            min=6,

                            not_empty=True,

                            messages={

                                      'empty':_('Please enter a password'),

                                      'tooShort':_('Enter %(min)i characters or more')}

                                )

    #chained validators have access to all data

    chained_validators = [ValidAuth]

def UserForm(edit=False, old_data={}):

    class _UserForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(UnicodeString(strip=True, min=1, not_empty=True),

                       ValidUsername(edit, old_data))

        if edit:

            new_password = All(UnicodeString(strip=True, min=6, not_empty=False))

            admin = StringBoolean(if_missing=False)

        else:

            password = All(UnicodeString(strip=True, min=6, not_empty=True))

        active = StringBoolean(if_missing=False)

        name = UnicodeString(strip=True, min=1, not_empty=True)

        lastname = UnicodeString(strip=True, min=1, not_empty=True)

        email = All(Email(not_empty=True), UniqSystemEmail(old_data))

        chained_validators = [ValidPassword]

    return _UserForm

def RegisterForm(edit=False, old_data={}):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(ValidUsername(edit, old_data),

                       UnicodeString(strip=True, min=1, not_empty=True))

        password = All(UnicodeString(strip=True, min=6, not_empty=True))

        password_confirmation = All(UnicodeString(strip=True, min=6, not_empty=True))

        active = StringBoolean(if_missing=False)

        name = UnicodeString(strip=True, min=1, not_empty=True)

        lastname = UnicodeString(strip=True, min=1, not_empty=True)

        email = All(Email(not_empty=True), UniqSystemEmail(old_data))

        chained_validators = [ValidPasswordsMatch, ValidPassword]

    return _RegisterForm

def PasswordResetForm():

    class _PasswordResetForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = All(ValidSystemEmail(), Email(not_empty=True))

    return _PasswordResetForm

def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                        ValidRepoName(edit, old_data))

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        repo_type = OneOf(supported_backends)

        if edit:

            user = All(Int(not_empty=True), ValidRepoUser)

        chained_validators = [ValidPerms]

    return _RepoForm

def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        fork_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                        ValidRepoName(edit, old_data))

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        repo_type = All(ValidForkType(old_data), OneOf(supported_backends))

    return _RepoForkForm

def RepoSettingsForm(edit=False, old_data={}):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                        ValidRepoName(edit, old_data))

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        chained_validators = [ValidPerms, ValidSettings]

    return _RepoForm

def ApplicationSettingsForm():

    class _ApplicationSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)

    return _ApplicationSettingsForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        web_push_ssl = OneOf(['true', 'false'], if_missing='false')

        paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))

        hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)

        hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)

        hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)

        hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(perms_choices, register_choices, create_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default = StringBoolean(if_missing=False)

        anonymous = OneOf(['True', 'False'], if_missing=False)

        default_perm = OneOf(perms_choices)

        default_register = OneOf(register_choices)

        default_create = OneOf(create_choices)

    return _DefaultPermissionsForm

def LdapSettingsForm():

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        pre_validators = [LdapLibValidator]

        ldap_active = StringBoolean(if_missing=False)

        ldap_host = UnicodeString(strip=True,)

        ldap_port = Number(strip=True,)

# -*- coding: utf-8 -*-

from rhodecode.tests import *

from rhodecode.model.db import User

from rhodecode.lib.auth import check_password

class TestLoginController(TestController):

    def test_index(self):

        response = self.app.get(url(controller='login', action='index'))

        assert response.status == '200 OK', 'Wrong response from login page got %s' % response.status

        # Test response...

    def test_login_admin_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'test_admin',

                                  'password':'test12'})

        assert response.status == '302 Found', 'Wrong response code from login got %s' % response.status

        assert response.session['rhodecode_user'].username == 'test_admin', 'wrong logged in user'

        response = response.follow()

        assert '%s repository' % HG_REPO in response.body

    def test_login_regular_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'test_regular',

                                  'password':'test12'})

        print response

        assert response.status == '302 Found', 'Wrong response code from login got %s' % response.status

        assert response.session['rhodecode_user'].username == 'test_regular', 'wrong logged in user'

        response = response.follow()

        assert '%s repository' % HG_REPO in response.body

        assert '<a title="Admin" href="/_admin">' not in response.body

    def test_login_ok_came_from(self):

        test_came_from = '/_admin/users'

        response = self.app.post(url(controller='login', action='index', came_from=test_came_from),

                                 {'username':'test_admin',

                                  'password':'test12'})

        assert response.status == '302 Found', 'Wrong response code from came from redirection'

        response = response.follow()

        assert response.status == '200 OK', 'Wrong response from login page got %s' % response.status

        assert 'Users administration' in response.body, 'No proper title in response'

    def test_login_short_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'error',

                                  'password':'test'})

        assert response.status == '200 OK', 'Wrong response from login page'

        print response.body

        assert 'Enter 6 characters or more' in response.body, 'No error password message in response'

    def test_login_wrong_username_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username':'error',

                                  'password':'test12'})

        assert response.status == '200 OK', 'Wrong response from login page'

        assert 'invalid user name' in response.body, 'No error username message in response'

        assert 'invalid password' in response.body, 'No error password message in response'

    #==========================================================================

    # REGISTRATIONS

    #==========================================================================

    def test_register(self):

        response = self.app.get(url(controller='login', action='register'))

        assert 'Sign Up to RhodeCode' in response.body, 'wrong page for user registration'

    def test_register_err_same_username(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'test_admin',

                                             'password':'test12',

                                             'password_confirmation':'test12',

                                             'email':'goodmail@domain.com',

                                             'name':'test',

                                             'lastname':'test'})

        assert response.status == '200 OK', 'Wrong response from register page got %s' % response.status

        assert 'This username already exists' in response.body

    def test_register_err_wrong_data(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xs',

                                             'password':'test',

                                             'password_confirmation':'test',

                                             'email':'goodmailm',

                                             'name':'test',

                                             'lastname':'test'})

        assert response.status == '200 OK', 'Wrong response from register page got %s' % response.status

        assert 'An email address must contain a single @' in response.body

        assert 'Enter a value 6 characters long or more' in response.body

    def test_register_special_chars(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xxxaxn',

                                             'password':'ąćźżąśśśś',

                                             'password_confirmation':'ąćźżąśśśś',

                                             'email':'goodmailm@test.plx',

                                             'name':'test',

                                             'lastname':'test'})

        print response.body

        assert response.status == '200 OK', 'Wrong response from register page got %s' % response.status

        assert 'Invalid characters in password' in response.body

    def test_register_password_mismatch(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':'xs',

                                             'password':'123qwe',

                                             'password_confirmation':'qwe123',

                                             'email':'goodmailm@test.plxa',

                                             'name':'test',

                                             'lastname':'test'})

        assert response.status == '200 OK', 'Wrong response from register page got %s' % response.status

        print response.body

        assert 'Password do not match' in response.body

    def test_register_ok(self):

        username = 'test_regular4'

        password = 'qweqwe'

        email = 'marcin@test.com'

        name = 'testname'

        lastname = 'testlastname'

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':username,

                                             'password':password,

                                             'password_confirmation':password,

                                             'email':email,

                                             'name':name,

                                             'lastname':lastname})

        assert response.status == '302 Found', 'Wrong response from register page got %s' % response.status

        assert 'You have successfully registered into rhodecode' in response.session['flash'][0], 'No flash message about user registration'

        ret = self.sa.query(User).filter(User.username == 'test_regular4').one()

        assert ret.username == username , 'field mismatch %s %s' % (ret.username, username)

        assert check_password(password, ret.password) == True , 'password mismatch'

        assert ret.email == email , 'field mismatch %s %s' % (ret.email, email)

        assert ret.name == name , 'field mismatch %s %s' % (ret.name, name)

        assert ret.lastname == lastname , 'field mismatch %s %s' % (ret.lastname, lastname)

    def test_forgot_password_wrong_mail(self):

        response = self.app.post(url(controller='login', action='password_reset'),

                                            {'email':'marcin@wrongmail.org', })

        assert "That e-mail address doesn't exist" in response.body, 'Missing error message about wrong email'

    def test_forgot_password(self):

        response = self.app.get(url(controller='login', action='password_reset'))

        assert response.status == '200 OK', 'Wrong response from login page got %s' % response.status

        username = 'test_password_reset_1'

        password = 'qweqwe'

        email = 'marcin@python-works.com'

        name = 'passwd'

        lastname = 'reset'

        response = self.app.post(url(controller='login', action='register'),

                                            {'username':username,

                                             'password':password,

                                             'password_confirmation':password,

                                             'email':email,

                                             'name':name,

                                             'lastname':lastname})

        #register new user for email test

        response = self.app.post(url(controller='login', action='password_reset'),

                                            {'email':email, })

        print response.session['flash']

        assert 'You have successfully registered into rhodecode' in response.session['flash'][0], 'No flash message about user registration'

        assert 'Your new password was sent' in response.session['flash'][1], 'No flash message about password reset'