# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.auth

~~~~~~~~~~~~~~~~~~

authentication and permission libraries

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import logging

import traceback

import hashlib

import itertools

import collections

from decorator import decorator

from tg import request, session

from tg.i18n import ugettext as _

from sqlalchemy.orm.exc import ObjectDeletedError

from sqlalchemy.orm import joinedload

from webob.exc import HTTPFound, HTTPBadRequest, HTTPForbidden, HTTPMethodNotAllowed

from kallithea import __platform__, is_windows, is_unix

from kallithea.config.routing import url

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.model.meta import Session

from kallithea.model.user import UserModel

from kallithea.model.db import User, Repository, Permission, \

    UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \

    RepoGroup, UserGroupRepoGroupToPerm, UserIpMap, UserGroupUserGroupToPerm, \

    UserGroup, UserApiKeys

from kallithea.lib.utils2 import safe_str, safe_unicode, aslist

from kallithea.lib.utils import get_repo_slug, get_repo_group_slug, \

    get_user_group_slug, conditional_cache

from kallithea.lib.caching_query import FromCache

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """

    This is a simple class for generating password from different sets of

    characters

    usage::

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

    """

    ALPHABETS_NUM = r'''1234567890'''

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''

    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \

        + ALPHABETS_NUM + ALPHABETS_SPECIAL

    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

    def gen_password(self, length, alphabet=ALPHABETS_FULL):

        assert len(alphabet) <= 256, alphabet

        l = []

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Set of generic validators

"""

import os

import re

import formencode

import logging

from collections import defaultdict

from tg.i18n import ugettext as _

from sqlalchemy import func

import sqlalchemy

from formencode.validators import (

    UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set,

    NotEmpty, IPAddress, CIDR, String, FancyValidator

)

from kallithea.lib.compat import OrderedSet

from kallithea.lib import ipaddr

from kallithea.lib.utils import is_valid_repo_uri

from kallithea.lib.utils2 import str2bool, aslist, repo_name_slug

from kallithea.model.db import RepoGroup, Repository, UserGroup, User

from kallithea.lib.exceptions import LdapImportError

from kallithea.config.routing import ADMIN_PREFIX

from kallithea.lib.auth import HasRepoGroupPermissionLevel, HasPermissionAny

# silence warnings and pylint

UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \

    NotEmpty, IPAddress, CIDR, String, FancyValidator

log = logging.getLogger(__name__)

def UniqueListFromString():

    class _UniqueListFromString(formencode.FancyValidator):

        """

        Split value on ',' and make unique while preserving order

        """

        messages = dict(

            empty=_('Value cannot be an empty list'),

            missing_value=_('Value cannot be an empty list'),

        )

        def _convert_to_python(self, value, state):

            value = aslist(value, ',')

            seen = set()

            return [c for c in value if not (c in seen or seen.add(c))]

        def empty_value(self, value):

            return []

    return _UniqueListFromString

def ValidUsername(edit=False, old_data=None):

    old_data = old_data or {}

    class _validator(formencode.validators.FancyValidator):

        messages = {

def ValidPasswordsMatch(password_field, password_confirmation_field):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'password_mismatch': _('Passwords do not match'),

        }

        def _validate_python(self, value, state):

            if value.get(password_field) != value[password_confirmation_field]:

                msg = self.message('password_mismatch', state)

                raise formencode.Invalid(msg, value, state,

                     error_dict={password_field:msg, password_confirmation_field: msg}

                )

    return _validator

def ValidAuth():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_auth': _(u'Invalid username or password'),

        }

        def _validate_python(self, value, state):

            from kallithea.lib import auth_modules

            password = value['password']

            username = value['username']

            # authenticate returns unused dict but has called

            # plugin._authenticate which has create_or_update'ed the username user in db

            if auth_modules.authenticate(username, password) is None:

                user = User.get_by_username_or_email(username)

                if user and not user.active:

                    log.warning('user %s is disabled', username)

                    msg = self.message('invalid_auth', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=' ', password=msg)

                    )

                else:

                    log.warning('user %s failed to authenticate', username)

                    msg = self.message('invalid_auth', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=' ', password=msg)

                    )

    return _validator

def ValidRepoName(edit=False, old_data=None):

    old_data = old_data or {}

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_repo_name':

                _('Repository name %(repo)s is not allowed'),

            'repository_exists':

                _('Repository named %(repo)s already exists'),

            'repository_in_group_exists': _('Repository "%(repo)s" already '

                                            'exists in group "%(group)s"'),

            'same_group_exists': _('Repository group with name "%(repo)s" '

                                   'already exists')

        }

        def _convert_to_python(self, value, state):

            repo_name = repo_name_slug(value.get('repo_name', ''))

            repo_group = value.get('repo_group')

            if repo_group:

                gr = RepoGroup.get(repo_group)

                group_path = gr.full_path

                group_name = gr.group_name

                # value needs to be aware of group name in order to check

                # db key This is an actual just the name to store in the

                # database

                repo_name_full = group_path + RepoGroup.url_sep() + repo_name

            else:

                group_name = group_path = ''

                repo_name_full = repo_name

            value['repo_name'] = repo_name

            value['repo_name_full'] = repo_name_full

            value['group_path'] = group_path

            value['group_name'] = group_name

            return value

        def _validate_python(self, value, state):

            repo_name = value.get('repo_name')

            repo_name_full = value.get('repo_name_full')

            group_path = value.get('group_path')

            group_name = value.get('group_name')

            if repo_name in [ADMIN_PREFIX, '']:

                msg = self.message('invalid_repo_name', state, repo=repo_name)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(repo_name=msg)

                )

        validator = v.ValidRepoGroup(edit=True,

                                      old_data={'group_id':  gr.group_id})

        with pytest.raises(formencode.Invalid):

            validator.to_python({

                                        'group_name': gr.group_name + 'n',

                                        'parent_group_id': gr.group_id

                                        })

        model.delete(gr)

    def test_ValidPassword(self):

        validator = v.ValidPassword()

        assert 'lol' == validator.to_python('lol')

        assert validator.to_python(None) is None

        with pytest.raises(formencode.Invalid):

            validator.to_python('ąćżź')

    def test_ValidPasswordsMatch(self):

        validator = v.ValidPasswordsMatch('new_password', 'password_confirmation')

        with pytest.raises(formencode.Invalid):

            validator.to_python({'new_password': 'pass',

                                          'password_confirmation': 'pass2'})

        with pytest.raises(formencode.Invalid):

            validator.to_python({'new_password': 'pass',

                                          'password_confirmation': 'pass2'})

        assert {'new_password': 'pass',

                          'password_confirmation': 'pass'} == validator.to_python({'new_password': 'pass',

                                         'password_confirmation': 'pass'})

        assert {'new_password': 'pass',

                          'password_confirmation': 'pass'} == validator.to_python({'new_password': 'pass',

                                         'password_confirmation': 'pass'})

    def test_ValidAuth(self):

        validator = v.ValidAuth()

        valid_creds = {

            'username': TEST_USER_REGULAR2_LOGIN,

            'password': TEST_USER_REGULAR2_PASS,

        }

        invalid_creds = {

            'username': 'err',

            'password': 'err',

        }

        assert valid_creds == validator.to_python(valid_creds)

        with pytest.raises(formencode.Invalid):

            validator.to_python(invalid_creds)

    def test_ValidRepoName(self):

        validator = v.ValidRepoName()

        with pytest.raises(formencode.Invalid):

            validator.to_python({'repo_name': ''})

        with pytest.raises(formencode.Invalid):

            validator.to_python({'repo_name': HG_REPO})

        gr = RepoGroupModel().create(group_name=u'group_test',

                                      group_description=u'desc',

                                      parent=None,

                                      owner=TEST_USER_ADMIN_LOGIN)

        with pytest.raises(formencode.Invalid):

            validator.to_python({'repo_name': gr.group_name})

        # TODO: write an error case for that ie. create a repo withinh a group

#        self.assertRaises(formencode.Invalid,

#                          validator.to_python, {'repo_name': 'some',

#                                                'repo_group': gr.group_id})

    def test_ValidForkName(self):

        # this uses ValidRepoName validator

        assert True

    @parametrize('name,expected', [

        ('test', 'test'), ('lolz!', 'lolz'), ('  aavv', 'aavv'),

        ('ala ma kota', 'ala-ma-kota'), ('@nooo', 'nooo'),

        ('$!haha lolz !', 'haha-lolz'), ('$$$$$', ''), ('{}OK!', 'OK'),

        ('/]re po', 're-po')])

    def test_SlugifyName(self, name, expected):

        validator = v.SlugifyName()

        assert expected == validator.to_python(name)

    def test_ValidCloneUri(self):

            # TODO: write this one

            pass

    def test_ValidForkType(self):

            validator = v.ValidForkType(old_data={'repo_type': 'hg'})

            assert 'hg' == validator.to_python('hg')

            with pytest.raises(formencode.Invalid):

                validator.to_python('git')

    def test_ValidPerms(self):

            # TODO: write this one

            pass