from kallithea.model.db import Repository, UserEmailMap, User, UserFollowing

from kallithea.model.forms import UserForm, PasswordChangeForm

from kallithea.model.user import UserModel

from kallithea.model.repo import RepoModel

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class MyAccountController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('setting', 'settings', controller='admin/settings',

    #         path_prefix='/admin', name_prefix='admin_')

    @LoginRequired()

    @NotAnonymous()

    def __before__(self):

        super(MyAccountController, self).__before__()

    def __load_data(self):

        c.user = User.get(request.authuser.user_id)

            h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            raise HTTPFound(location=url('users'))

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = Session().query(Repository) \

                         .join(UserFollowing) \

                         .filter(UserFollowing.user_id ==

                                 request.authuser.user_id).all()

        else:

            admin = True

            repos_list = Session().query(Repository) \

                         .filter(Repository.owner_id ==

                                 request.authuser.user_id).all()

        repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,

                                                   admin=admin)

        #json used to render the grid

        return json.dumps(repos_data)

    def my_account(self):

        c.active = 'profile'

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm

from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

from kallithea.lib.utils import action_logger

from kallithea.lib.compat import json

from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    @LoginRequired()

    @HasPermissionAnyDecorator('hg.admin')

    def __before__(self):

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        c.users_list = User.query().order_by(User.username) \

                        .order_by(func.lower(User.username)) \

                        .all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = '<div class="gravatar">%s</div>'

        username = lambda user_id, username: (

                template.get_def("user_name")

                .render(user_id, username, _=_, h=h, c=c))

        user_actions = lambda user_id, username: (

                template.get_def("user_actions")

                .render(user_id, username, _=_, h=h, c=c))

        for user in c.users_list:

            users_data.append({

                "gravatar": grav_tmpl % h.gravatar(user.email, size=20),

                "raw_name": user.username,

                "username": username(user.user_id, user.username),

                "firstname": h.escape(user.name),

        user = get_user_or_error(userid)

        data = user.get_api_data()

        data['permissions'] = AuthUser(user_id=user.user_id).permissions

        return data

    @HasPermissionAnyDecorator('hg.admin')

    def get_users(self):

        """

        Lists all existing users. This command can be executed only using api_key

        belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result: [<user_object>, ...]

            error:  null

        """

        return [

            user.get_api_data()

            for user in User.query()

                .order_by(User.username)

        ]

    @HasPermissionAnyDecorator('hg.admin')

    def create_user(self, username, email, password=Optional(''),

                    firstname=Optional(''), lastname=Optional(''),

                    active=Optional(True), admin=Optional(False),

                    extern_type=Optional(User.DEFAULT_AUTH_TYPE),

                    extern_name=Optional('')):

        """

        Creates new user. Returns new user object. This command can

        be executed only using api_key belonging to user with admin rights.

        :param username: new username

        :type username: str or int

        :param email: email

        :type email: str

        :param password: password

        :type password: Optional(str)

        :param firstname: firstname

        :type firstname: Optional(str)

        :param lastname: lastname

        :type lastname: Optional(str)

        :param active: active

        :type active: Optional(bool)

        if userobj.extern_type != self.name:

            log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`",

                     userobj, userobj.extern_type, self.name)

            return None

        if not username:

            log.debug('Empty username - skipping...')

            return None

        user_data = {

            "username": userobj.username,

            "firstname": userobj.firstname,

            "lastname": userobj.lastname,

            "groups": [],

            "email": userobj.email,

            "admin": userobj.admin,

            "active": userobj.active,

            "active_from_extern": userobj.active,

            "extern_name": userobj.user_id,

        }

        log.debug(formatted_json(user_data))

        if userobj.active:

            from kallithea.lib import auth

            password_match = auth.check_password(password, userobj.password)

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return user_data

            elif userobj.username == username and password_match:

                log.info('user %s authenticated correctly', user_data['username'])

                return user_data

            log.error("user %s had a bad password", username)

            return None

        else:

            log.warning('user %s tried auth but is disabled', username)

            return None

    def get_managed_fields(self):

        # Note: 'username' should only be editable (at least for user) if self registration is enabled

        return []

        # creation, even during development.

        alembic.command.stamp(alembic_cfg, 'head')

        log.info('Created tables for %s', self.dbname)

    def fix_repo_paths(self):

        """

        Fixes a old kallithea version path into new one without a '*'

        """

        paths = self.sa.query(Ui) \

                .filter(Ui.ui_key == '/') \

                .scalar()

        paths.ui_value = paths.ui_value.replace('*', '')

        self.sa.add(paths)

        self.sa.commit()

    def fix_default_user(self):

        """

        Fixes a old default user with some 'nicer' default values,

        used mostly for anonymous access

        """

        def_user.name = 'Anonymous'

        def_user.lastname = 'User'

        def_user.email = 'anonymous@kallithea-scm.org'

        self.sa.add(def_user)

        self.sa.commit()

    def fix_settings(self):

        """

        Fixes kallithea settings adds ga_code key for google analytics

        """

        hgsettings3 = Setting('ga_code', '')

        self.sa.add(hgsettings3)

        self.sa.commit()

    def admin_prompt(self, second=False):

        if not self.tests:

            import getpass

            username = self.cli_args.get('username')

            password = self.cli_args.get('password')

        # extras are injected into UI object and later available

        # in hooks executed by kallithea

        from kallithea import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': user.username,

            'action': action,

            'repository': repo_name,

            'scm': 'git',

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = os.path.join(safe_str(self.basepath),str_repo_name)

        log.debug('Repository path is %s', repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        fix_PATH()

        log.debug('HOOKS extras is %s', extras)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            self._handle_githooks(repo_name, action, baseui, environ)

            log.info('%s action on Git repo "%s" by "%s" from %s',

                     action, str_repo_name, safe_str(user.username), ip_addr)

            app = self.__make_app(repo_name, repo_path, extras)

            result = app(environ, start_response)

            if action == 'push':

                result = WSGIResultCloseCallback(result,

            return response_app(environ, start_response)

        # extras are injected into mercurial UI object and later available

        # in hg hooks executed by kallithea

        from kallithea import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': user.username,

            'action': action,

            'repository': repo_name,

            'scm': 'hg',

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = os.path.join(safe_str(self.basepath), str_repo_name)

        log.debug('Repository path is %s', repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        fix_PATH()

        log.debug('HOOKS extras is %s', extras)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            log.info('%s action on Mercurial repo "%s" by "%s" from %s',

                     action, str_repo_name, safe_str(user.username), ip_addr)

            app = self.__make_app(repo_path, baseui, extras)

            result = app(environ, start_response)

            if action == 'push':

                result = WSGIResultCloseCallback(result,

                    lambda: self._invalidate_cache(repo_name))

                return

        return datetime.datetime.fromtimestamp(tm)

# Must match regexp in kallithea/public/js/base.js MentionsAutoComplete()

# Check char before @ - it must not look like we are in an email addresses.

# Matching is greedy so we don't have to look beyond the end.

MENTIONS_REGEX = re.compile(r'(?:^|(?<=[^a-zA-Z0-9]))@([a-zA-Z0-9][-_.a-zA-Z0-9]*[a-zA-Z0-9])')

def extract_mentioned_usernames(text):

    r"""

    Returns list of (possible) usernames @mentioned in given text.

    >>> extract_mentioned_usernames('@1-2.a_X,@1234 not@not @ddd@not @n @ee @ff @gg, @gg;@hh @n\n@zz,')

    ['1-2.a_X', '1234', 'ddd', 'ee', 'ff', 'gg', 'hh', 'zz']

    """

    return MENTIONS_REGEX.findall(text)

def extract_mentioned_users(text):

    """ Returns set of actual database Users @mentioned in given text. """

    from kallithea.model.db import User

    result = set()

    for name in extract_mentioned_usernames(text):

        user = User.get_by_username(name, case_insensitive=True)

            result.add(user)

    return result

class AttributeDict(dict):

    def __getattr__(self, attr):

        return self.get(attr, None)

    __setattr__ = dict.__setitem__

    __delattr__ = dict.__delitem__

def fix_PATH(os_=None):

    """

    Get current active python path, and append it to PATH variable to fix issues

    of subprocess calls and different python versions

    """

    if os_ is None:

        import os

    else:

        os = os_

    cur_path = os.path.split(sys.executable)[0]

    if not os.environ['PATH'].startswith(cur_path):

        os.environ['PATH'] = '%s:%s' % (cur_path, os.environ['PATH'])

        return ('%s %s' % (self.firstname, self.lastname)

                if (self.firstname and self.lastname) else self.username)

    @property

    def full_name_and_username(self):

        """

        Show full name and username as 'Firstname Lastname (username)'.

        If full name is not set, fall back to username.

        """

        return ('%s %s (%s)' % (self.firstname, self.lastname, self.username)

                if (self.firstname and self.lastname) else self.username)

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.firstname, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    @property

    def AuthUser(self):

        """

        Returns instance of AuthUser for this user

        """

        from kallithea.lib.auth import AuthUser

        return AuthUser(dbuser=self)

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

        try:

            return json.loads(self._user_data)

        except TypeError:

            return {}

    @user_data.setter

    def user_data(self, val):

        try:

            self._user_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.user_id, self.username)

    @classmethod

    def guess_instance(cls, value):

        return super(User, cls).guess_instance(value, User.get_by_username)

    @classmethod

    def get_or_404(cls, id_, allow_default=True):

        '''

        Overridden version of BaseDbModel.get_or_404, with an extra check on

        the default user.

        '''

        user = super(User, cls).get_or_404(id_)

        return user

    @classmethod

    def get_by_username_or_email(cls, username_or_email, case_insensitive=False, cache=False):

        """

        For anything that looks like an email address, look up by the email address (matching

        case insensitively).

        For anything else, try to look up by the user name.

        This assumes no normal username can have '@' symbol.

        """

        if '@' in username_or_email:

            return User.get_by_email(username_or_email, cache=cache)

        else:

            return User.get_by_username(username_or_email, case_insensitive=case_insensitive, cache=cache)

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(func.lower(cls.username) == func.lower(username))

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

                                (x.permission.permission_name for x in perms))

        log.debug('GOT ALREADY DEFINED:%s', perms)

        DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS

        if force:

            for perm in perms:

                self.sa.delete(perm)

            self.sa.commit()

            defined_perms_groups = []

        # For every default permission that needs to be created, we check if

        # its group is already defined. If it's not, we create default permission.

        for perm_name in DEFAULT_PERMS:

            gr = _get_group(perm_name)

            if gr not in defined_perms_groups:

                log.debug('GR:%s not found, creating permission %s',

                          gr, perm_name)

                new_perm = _make_perm(perm_name)

                self.sa.add(new_perm)

    def update(self, form_result):

        perm_user = User.get_by_username(username=form_result['perm_user_name'])

        try:

            # stage 1 set anonymous access

                perm_user.active = str2bool(form_result['anonymous'])

                self.sa.add(perm_user)

            # stage 2 reset defaults and set them from form data

            def _make_new(usr, perm_name):

                log.debug('Creating new permission:%s', perm_name)

                new = UserToPerm()

                new.user = usr

                new.permission = Permission.get_by_key(perm_name)

                return new

            # clear current entries, to make this function idempotent

            # it will fix even if we define more permissions or permissions

            # are somehow missing

            u2p = self.sa.query(UserToPerm) \

                .filter(UserToPerm.user == perm_user) \

                .all()

            for p in u2p:

                self.sa.delete(p)

            #create fresh set of permissions

            for def_perm_key in ['default_repo_perm',

                                 'default_group_perm',

                                 'default_user_group_perm',

                                 'default_repo_create',

                                 'create_on_write', # special case for create repos on write access to group

from sqlalchemy.orm import joinedload

from kallithea.model.meta import Session

from kallithea.lib import helpers as h

from kallithea.lib.exceptions import UserInvalidException

from kallithea.model.base import BaseModel

from kallithea.model.db import PullRequest, PullRequestReviewer, Notification, \

    ChangesetStatus, User

from kallithea.model.notification import NotificationModel

from kallithea.lib.utils2 import extract_mentioned_users, safe_unicode

log = logging.getLogger(__name__)

class PullRequestModel(BaseModel):

    def _get_valid_reviewers(self, seq):

        """ Generate User objects from a sequence of user IDs, usernames or

        User objects. Raises UserInvalidException if the DEFAULT user is

        specified, or if a given ID or username does not match any user.

        """

        for user_spec in seq:

            user = User.guess_instance(user_spec)

                raise UserInvalidException(user_spec)

            yield user

    def create(self, created_by, org_repo, org_ref, other_repo, other_ref,

               revisions, title, description, reviewers):

        pr = PullRequest()

        pr.org_repo = org_repo

        pr.org_ref = org_ref

        pr.other_repo = other_repo

        pr.other_ref = other_ref

        pr.revisions = revisions

        pr.title = title

        pr.description = description

        pr.owner = created_by

        Session().add(pr)

        Session().flush() # make database assign pull_request_id

        #reset state to under-review

        from kallithea.model.changeset_status import ChangesetStatusModel

        from kallithea.model.comment import ChangesetCommentsModel

        comment = ChangesetCommentsModel().create(

            text=u'',

            repo=org_repo,

            author=created_by,

            return new_repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repo_group, perms_new=None,

                            perms_updates=None, recursive=None,

                            check_perms=True):

        from kallithea.model.repo import RepoModel

        from kallithea.lib.auth import HasUserGroupPermissionLevel

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_permission(repo_group=obj, user=user, perm=perm)

            elif isinstance(obj, Repository):

                user = User.guess_instance(user)

                # private repos will not allow to change the default permissions

                # using recursive mode

                    return

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_group_permission(repo_group=obj,

                                                  group_name=users_group,

                                                  perm=perm)

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        # start updates

        updates = []

        # notification to admins

        subject = _('New user registration')

        body = (

            u'New user registration\n'

            '---------------------\n'

            '- Username: {user.username}\n'

            '- Full Name: {user.full_name}\n'

            '- Email: {user.email}\n'

            ).format(user=new_user)

        edit_url = h.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {

            'registered_user_url': edit_url,

            'new_username': new_user.username,

            'new_email': new_user.email,

            'new_full_name': new_user.full_name}

        NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=Notification.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=None):

        from kallithea.lib.auth import get_crypt_password

        skip_attrs = skip_attrs or []

        user = self.get(user_id, cache=False)

            raise DefaultUserException(

                            _("You can't edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

        self.sa.add(user)

    def update_user(self, user, **kwargs):

        from kallithea.lib.auth import get_crypt_password

        user = User.guess_instance(user)

            raise DefaultUserException(

                _("You can't edit this user since it's"

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        self.sa.add(user)

        return user

    def delete(self, user, cur_user=None):

        if cur_user is None:

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = User.guess_instance(user)

            raise DefaultUserException(

                _("You can't remove this user since it is"

                  " crucial for the entire application"))

        if user.repositories:

            repos = [x.repo_name for x in user.repositories]

            raise UserOwnsReposException(

                _('User "%s" still owns %s repositories and cannot be '

                  'removed. Switch owners or remove those repositories: %s')

                % (user.username, len(repos), ', '.join(repos)))

        if user.repo_groups:

            repogroups = [x.group_name for x in user.repo_groups]

            raise UserOwnsReposException(_(

                'User "%s" still owns %s repository groups and cannot be '

                'removed. Switch owners or remove those repository groups: %s')

                % (user.username, len(repogroups), ', '.join(repogroups)))

        if user.user_groups:

            usergroups = [x.users_group_name for x in user.user_groups]

            raise UserOwnsReposException(

                _('User "%s" still owns %s user groups and cannot be '

                  'removed. Switch owners or remove those user groups: %s')

                % (user.username, len(usergroups), ', '.join(usergroups)))

        self.sa.delete(user)

        from kallithea.lib.hooks import log_delete_user

        assert response.status == '200 OK'

    def test_api_args_is_bad(self):

        id_, params = _build_data(self.apikey, 'get_users', )

        params = params.replace('"args": {}', '"args": 1')

        response = api_call(self, params)

        assert response.status == '200 OK'

    def test_api_args_different_args(self):

        import string

        expected = {

            'ascii_letters': string.ascii_letters,

            'ws': string.whitespace,

            'printables': string.printable

        }

        id_, params = _build_data(self.apikey, 'test', args=expected)

        response = api_call(self, params)

        assert response.status == '200 OK'

        self._compare_ok(id_, expected, response.body)

    def test_api_get_users(self):

        id_, params = _build_data(self.apikey, 'get_users', )

        response = api_call(self, params)

        ret_all = []

            .order_by(User.username).all()

        for usr in _users:

            ret = usr.get_api_data()

            ret_all.append(jsonify(ret))

        expected = ret_all

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user(self):

        id_, params = _build_data(self.apikey, 'get_user',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

        usr = User.get_by_username(TEST_USER_ADMIN_LOGIN)

        ret = usr.get_api_data()

        ret['permissions'] = AuthUser(dbuser=usr).permissions

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user_that_does_not_exist(self):

        id_, params = _build_data(self.apikey, 'get_user',

                                  userid='trololo')

        response = api_call(self, params)

        # git commit needs EMAIL on some machines

        Command(cwd).execute(cmd, EMAIL=email)

    # PUSH it back

    _REPO = None

    if vcs == 'hg':

        _REPO = HG_REPO

    elif vcs == 'git':

        _REPO = GIT_REPO

    kwargs['dest'] = ''

    clone_url = _construct_url(_REPO, **kwargs)

    if 'clone_url' in kwargs:

        clone_url = kwargs['clone_url']

    stdout = stderr = None

    if vcs == 'hg':

        stdout, stderr = Command(cwd).execute('hg push --verbose', clone_url)

    elif vcs == 'git':

        stdout, stderr = Command(cwd).execute('git push --verbose', clone_url + " master")

    return stdout, stderr