try:

            pull_request = cmd.execute()

            Session().commit()

        except Exception:

            h.flash(_('Error occurred while creating pull request'),

                    category='error')

            log.error(traceback.format_exc())

            raise HTTPFound(location=url('pullrequest_home', repo_name=repo_name))

        h.flash(_('Successfully opened new pull request'),

                category='success')

        raise HTTPFound(location=pull_request.url())

    def create_new_iteration(self, old_pull_request, new_rev, title, description, reviewers):

        owner = User.get(request.authuser.user_id)

        new_org_rev = self._get_ref_rev(old_pull_request.org_repo, 'rev', new_rev)

        new_other_rev = self._get_ref_rev(old_pull_request.other_repo, old_pull_request.other_ref_parts[0], old_pull_request.other_ref_parts[1])

        try:

            cmd = CreatePullRequestIterationAction(old_pull_request, new_org_rev, new_other_rev, title, description, owner, reviewers)

        except CreatePullRequestAction.ValidationError as e:

            h.flash(str(e), category='error', logf=log.error)

            raise HTTPNotFound

        try:

            pull_request = cmd.execute()

            Session().commit()

        except Exception:

            h.flash(_('Error occurred while creating pull request'),

                    category='error')

            log.error(traceback.format_exc())

            raise HTTPFound(location=old_pull_request.url())

        h.flash(_('New pull request iteration created'),

                category='success')

        raise HTTPFound(location=pull_request.url())

    # pullrequest_post for PR editing

    @LoginRequired()

    @HasRepoPermissionLevelDecorator('read')

    def post(self, repo_name, pull_request_id):

        pull_request = PullRequest.get_or_404(pull_request_id)

        if pull_request.is_closed():

            raise HTTPForbidden()

        assert pull_request.other_repo.repo_name == repo_name

        # only owner or admin can update it

        owner = pull_request.owner_id == request.authuser.user_id

        repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name)

        if not (h.HasPermissionAny('hg.admin')() or repo_admin or owner):

            raise HTTPForbidden()

        _form = PullRequestPostForm()().to_python(request.POST)

        cur_reviewers = set(pull_request.get_reviewer_users())

        new_reviewers = set(_get_reviewer(s) for s in _form['review_members'])

        old_reviewers = set(_get_reviewer(s) for s in _form['org_review_members'])

        other_added = cur_reviewers - old_reviewers

        other_removed = old_reviewers - cur_reviewers

        if other_added:

            h.flash(_('Meanwhile, the following reviewers have been added: %s') %

                    (', '.join(u.username for u in other_added)),

                    category='warning')

        if other_removed:

            h.flash(_('Meanwhile, the following reviewers have been removed: %s') %

                    (', '.join(u.username for u in other_removed)),

                    category='warning')

        if _form['updaterev']:

            return self.create_new_iteration(pull_request,

                                      _form['updaterev'],

                                      _form['pullrequest_title'],

                                      _form['pullrequest_desc'],

                                      new_reviewers)

        added_reviewers = new_reviewers - old_reviewers - cur_reviewers

        removed_reviewers = (old_reviewers - new_reviewers) & cur_reviewers

        old_description = pull_request.description

        pull_request.title = _form['pullrequest_title']

        pull_request.description = _form['pullrequest_desc'].strip() or _('No description')

        pull_request.owner = User.get_by_username(_form['owner'])

        user = User.get(request.authuser.user_id)

        PullRequestModel().mention_from_description(user, pull_request, old_description)

        PullRequestModel().add_reviewers(user, pull_request, added_reviewers)

        PullRequestModel().remove_reviewers(user, pull_request, removed_reviewers)

        Session().commit()

        h.flash(_('Pull request updated'), category='success')

        raise HTTPFound(location=pull_request.url())

    @LoginRequired()

    @HasRepoPermissionLevelDecorator('read')

    @jsonify

    def delete(self, repo_name, pull_request_id):

        pull_request = PullRequest.get_or_404(pull_request_id)

        # only owner can delete it !

        if pull_request.owner_id == request.authuser.user_id:

            PullRequestModel().delete(pull_request)

            Session().commit()

            h.flash(_('Successfully deleted pull request'),

                    category='success')

            raise HTTPFound(location=url('my_pullrequests'))

        raise HTTPForbidden()

    @LoginRequired(allow_default_user=True)

    @HasRepoPermissionLevelDecorator('read')

    def show(self, repo_name, pull_request_id, extra=None):

        c.pull_request = PullRequest.get_or_404(pull_request_id)

        c.allowed_to_change_status = self._is_allowed_to_change_status(c.pull_request)

        cc_model = ChangesetCommentsModel()

        cs_model = ChangesetStatusModel()

        # pull_requests repo_name we opened it against

        # ie. other_repo must match

        if repo_name != c.pull_request.other_repo.repo_name:

            raise HTTPNotFound

        # load compare data into template context

        c.cs_repo = c.pull_request.org_repo

        (c.cs_ref_type,

         c.cs_ref_name,

         c.cs_rev) = c.pull_request.org_ref.split(':')

        c.a_repo = c.pull_request.other_repo

        (c.a_ref_type,

         c.a_ref_name,

         c.a_rev) = c.pull_request.other_ref.split(':') # a_rev is ancestor

        org_scm_instance = c.cs_repo.scm_instance # property with expensive cache invalidation check!!!

        try:

            c.cs_ranges = []

            for x in c.pull_request.revisions:

                c.cs_ranges.append(org_scm_instance.get_changeset(x))

        except ChangesetDoesNotExistError:

            c.cs_ranges = []

            h.flash(_('Revision %s not found in %s') % (x, c.cs_repo.repo_name),

                'error')

        c.cs_ranges_org = None # not stored and not important and moving target - could be calculated ...

        revs = [ctx.revision for ctx in reversed(c.cs_ranges)]

        c.jsdata = graph_data(org_scm_instance, revs)

        c.is_range = False

        try:

            if c.a_ref_type == 'rev': # this looks like a free range where target is ancestor

                cs_a = org_scm_instance.get_changeset(c.a_rev)

                root_parents = c.cs_ranges[0].parents

                c.is_range = cs_a in root_parents

                #c.merge_root = len(root_parents) > 1 # a range starting with a merge might deserve a warning

        except ChangesetDoesNotExistError: # probably because c.a_rev not found

            pass

        except IndexError: # probably because c.cs_ranges is empty, probably because revisions are missing

            pass

        avail_revs = set()

        avail_show = []

        c.cs_branch_name = c.cs_ref_name

        c.a_branch_name = None

        other_scm_instance = c.a_repo.scm_instance

        c.update_msg = ""

        c.update_msg_other = ""

        try:

            if not c.cs_ranges:

                c.update_msg = _('Error: changesets not found when displaying pull request from %s.') % c.cs_rev

            elif org_scm_instance.alias == 'hg' and c.a_ref_name != 'ancestor':

                if c.cs_ref_type != 'branch':

                    c.cs_branch_name = org_scm_instance.get_changeset(c.cs_ref_name).branch # use ref_type ?

                c.a_branch_name = c.a_ref_name

                if c.a_ref_type != 'branch':

                    try:

                        c.a_branch_name = other_scm_instance.get_changeset(c.a_ref_name).branch # use ref_type ?

                    except EmptyRepositoryError:

                        c.a_branch_name = 'null' # not a branch name ... but close enough

                # candidates: descendants of old head that are on the right branch

                #             and not are the old head itself ...

                #             and nothing at all if old head is a descendant of target ref name

                if not c.is_range and other_scm_instance._repo.revs('present(%s)::&%s', c.cs_ranges[-1].raw_id, c.a_branch_name):

                    c.update_msg = _('This pull request has already been merged to %s.') % c.a_branch_name

                elif c.pull_request.is_closed():

                    c.update_msg = _('This pull request has been closed and can not be updated.')

                else: # look for descendants of PR head on source branch in org repo

                    avail_revs = org_scm_instance._repo.revs('%s:: & branch(%s)',

                                                             revs[0], c.cs_branch_name)

                    if len(avail_revs) > 1: # more than just revs[0]

                        # also show changesets that not are descendants but would be merged in

                        targethead = other_scm_instance.get_changeset(c.a_branch_name).raw_id

                        if org_scm_instance.path != other_scm_instance.path:

                            # Note: org_scm_instance.path must come first so all

                            # valid revision numbers are 100% org_scm compatible

                            # - both for avail_revs and for revset results

                        else:

                            hgrepo = org_scm_instance._repo

                        show = set(hgrepo.revs('::%ld & !::parents(%s) & !::%s',

                                               avail_revs, revs[0], targethead))

                        if show:

                            c.update_msg = _('The following additional changes are available on %s:') % c.cs_branch_name

                        else:

                            c.update_msg = _('No additional changesets found for iterating on this pull request.')

                    else:

                        show = set()

                        avail_revs = set() # drop revs[0]

                        c.update_msg = _('No additional changesets found for iterating on this pull request.')

                    # TODO: handle branch heads that not are tip-most

                    brevs = org_scm_instance._repo.revs('%s - %ld - %s', c.cs_branch_name, avail_revs, revs[0])

                    if brevs:

                        # also show changesets that are on branch but neither ancestors nor descendants

                        show.update(org_scm_instance._repo.revs('::%ld - ::%ld - ::%s', brevs, avail_revs, c.a_branch_name))

                        show.add(revs[0]) # make sure graph shows this so we can see how they relate

                        c.update_msg_other = _('Note: Branch %s has another head: %s.') % (c.cs_branch_name,

                            h.short_id(org_scm_instance.get_changeset((max(brevs))).raw_id))

                    avail_show = sorted(show, reverse=True)

            elif org_scm_instance.alias == 'git':

                c.cs_repo.scm_instance.get_changeset(c.cs_rev) # check it exists - raise ChangesetDoesNotExistError if not

                c.update_msg = _("Git pull requests don't support iterating yet.")

        except ChangesetDoesNotExistError:

            c.update_msg = _('Error: some changesets not found when displaying pull request from %s.') % c.cs_rev

        c.avail_revs = avail_revs

        c.avail_cs = [org_scm_instance.get_changeset(r) for r in avail_show]

        c.avail_jsdata = graph_data(org_scm_instance, avail_show)

        raw_ids = [x.raw_id for x in c.cs_ranges]

        c.cs_comments = c.cs_repo.get_comments(raw_ids)

        c.cs_statuses = c.cs_repo.statuses(raw_ids)

        ignore_whitespace = request.GET.get('ignorews') == '1'

        line_context = safe_int(request.GET.get('context'), 3)

        c.ignorews_url = _ignorews_url

        c.context_url = _context_url

        fulldiff = request.GET.get('fulldiff')

        diff_limit = None if fulldiff else self.cut_off_limit

        # we swap org/other ref since we run a simple diff on one repo

        log.debug('running diff between %s and %s in %s',

                  c.a_rev, c.cs_rev, org_scm_instance.path)

        try:

            raw_diff = diffs.get_diff(org_scm_instance, rev1=safe_str(c.a_rev), rev2=safe_str(c.cs_rev),

                                      ignore_whitespace=ignore_whitespace, context=line_context)

        except ChangesetDoesNotExistError:

            raw_diff = _("The diff can't be shown - the PR revisions could not be found.")

        diff_processor = diffs.DiffProcessor(raw_diff or '', diff_limit=diff_limit)

        c.limited_diff = diff_processor.limited_diff

        c.file_diff_data = []

        c.lines_added = 0

        c.lines_deleted = 0

        for f in diff_processor.parsed:

            st = f['stats']

            c.lines_added += st['added']

            c.lines_deleted += st['deleted']

            filename = f['filename']

            fid = h.FID('', filename)

            html_diff = diffs.as_html(enable_comments=True, parsed_lines=[f])

            c.file_diff_data.append((fid, None, f['operation'], f['old_filename'], filename, html_diff, st))

        # inline comments

        c.inline_cnt = 0

        c.inline_comments = cc_model.get_inline_comments(

                                c.db_repo.repo_id,

                                pull_request=pull_request_id)

        # count inline comments

        for __, lines in c.inline_comments:

            for comments in lines.values():

                c.inline_cnt += len(comments)

        # comments

        c.comments = cc_model.get_comments(c.db_repo.repo_id, pull_request=pull_request_id)

        # (badly named) pull-request status calculation based on reviewer votes

        (c.pull_request_reviewers,

         c.pull_request_pending_reviewers,

         c.current_voting_result,

         ) = cs_model.calculate_pull_request_result(c.pull_request)

        c.changeset_statuses = ChangesetStatus.STATUSES

        c.is_ajax_preview = False

        c.ancestors = None # [c.a_rev] ... but that is shown in an other way

        return render('/pullrequests/pullrequest_show.html')

    @LoginRequired()

    @HasRepoPermissionLevelDecorator('read')

    @jsonify

    def comment(self, repo_name, pull_request_id):

        pull_request = PullRequest.get_or_404(pull_request_id)

        allowed_to_change_status = self._is_allowed_to_change_status(pull_request)

        return create_cs_pr_comment(repo_name, pull_request=pull_request,

                allowed_to_change_status=allowed_to_change_status)

    @LoginRequired()

    @HasRepoPermissionLevelDecorator('read')

    @jsonify

    def delete_comment(self, repo_name, comment_id):

        return delete_cs_pr_comment(repo_name, comment_id)

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.user

~~~~~~~~~~~~~~~~~~~~

users model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 9, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import hashlib

import hmac

import logging

import time

import traceback

from sqlalchemy.exc import DatabaseError

from tg import config

from tg.i18n import ugettext as _

from kallithea.lib.caching_query import FromCache

from kallithea.lib.exceptions import DefaultUserException, UserOwnsReposException

from kallithea.model.db import Permission, User, UserEmailMap, UserIpMap, UserToPerm

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class UserModel(object):

    password_reset_token_lifetime = 86400 # 24 hours

    def get(self, user_id, cache=False):

        user = User.query()

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return User.guess_instance(user)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.hooks import log_create_user, \

            check_allowed_create_user

        _fd = form_data

        user_data = {

            'username': _fd['username'],

            'password': _fd['password'],

            'email': _fd['email'],

            'firstname': _fd['firstname'],

            'lastname': _fd['lastname'],

            'active': _fd['active'],

            'admin': False

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        from kallithea.lib.auth import get_crypt_password

        new_user = User()

        for k, v in form_data.items():

            if k == 'password':

                v = get_crypt_password(v)

            if k == 'firstname':

                k = 'name'

            setattr(new_user, k, v)

        new_user.api_key = generate_api_key()

        Session().add(new_user)

        Session().flush() # make database assign new_user.user_id

        log_create_user(new_user.get_dict(), cur_user)

        return new_user

    def create_or_update(self, username, password, email, firstname=u'',

                         lastname=u'', active=True, admin=False,

                         extern_type=None, extern_name=None, cur_user=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param extern_name:

        :param extern_type:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.auth import get_crypt_password, check_password

        from kallithea.lib.hooks import log_create_user, \

            check_allowed_create_user

        user_data = {

            'username': username, 'password': password,

            'email': email, 'firstname': firstname, 'lastname': lastname,

            'active': active, 'admin': admin

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in Kallithea database', username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s', username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s', username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.email = email

            new_user.active = active

                if extern_name else None

                if extern_type else None

            new_user.name = firstname

            new_user.lastname = lastname

            if not edit:

                new_user.api_key = generate_api_key()

            # set password only if creating an user or password is changed

            password_change = new_user.password and \

                not check_password(password, new_user.password)

            if not edit or password_change:

                reason = 'new password' if edit else 'new user'

                log.debug('Updating password reason=>%s', reason)

                new_user.password = get_crypt_password(password) \

                    if password else ''

            if user is None:

                Session().add(new_user)

                Session().flush() # make database assign new_user.user_id

            if not edit:

                log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_registration(self, form_data):

        from kallithea.model.notification import NotificationModel

        import kallithea.lib.helpers as h

        form_data['admin'] = False

        form_data['extern_type'] = User.DEFAULT_AUTH_TYPE

        form_data['extern_name'] = ''

        new_user = self.create(form_data)

        # notification to admins

        subject = _('New user registration')

        body = (

            u'New user registration\n'

            '---------------------\n'

            '- Username: {user.username}\n'

            '- Full Name: {user.full_name}\n'

            '- Email: {user.email}\n'

            ).format(user=new_user)

        edit_url = h.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {

            'registered_user_url': edit_url,

            'new_username': new_user.username,

            'new_email': new_user.email,

            'new_full_name': new_user.full_name}

        NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=NotificationModel.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=None):

        from kallithea.lib.auth import get_crypt_password

        skip_attrs = skip_attrs or []

        user = self.get(user_id, cache=False)

        if user.is_default_user:

            raise DefaultUserException(

                            _("You can't edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

    def update_user(self, user, **kwargs):

        from kallithea.lib.auth import get_crypt_password

        user = User.guess_instance(user)

        if user.is_default_user:

            raise DefaultUserException(

                _("You can't edit this user since it's"

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        return user

    def delete(self, user, cur_user=None):

        if cur_user is None:

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = User.guess_instance(user)

        if user.is_default_user:

            raise DefaultUserException(

                _("You can't remove this user since it is"

                  " crucial for the entire application"))

        if user.repositories:

            repos = [x.repo_name for x in user.repositories]

            raise UserOwnsReposException(

                _('User "%s" still owns %s repositories and cannot be '

                  'removed. Switch owners or remove those repositories: %s')

                % (user.username, len(repos), ', '.join(repos)))

        if user.repo_groups:

            repogroups = [x.group_name for x in user.repo_groups]

            raise UserOwnsReposException(_(

                'User "%s" still owns %s repository groups and cannot be '

                'removed. Switch owners or remove those repository groups: %s')

                % (user.username, len(repogroups), ', '.join(repogroups)))

        if user.user_groups:

            usergroups = [x.users_group_name for x in user.user_groups]

            raise UserOwnsReposException(

                _('User "%s" still owns %s user groups and cannot be '

                  'removed. Switch owners or remove those user groups: %s')

                % (user.username, len(usergroups), ', '.join(usergroups)))

        Session().delete(user)

        from kallithea.lib.hooks import log_delete_user

        log_delete_user(user.get_dict(), cur_user)

    def can_change_password(self, user):

        from kallithea.lib import auth_modules

        managed_fields = auth_modules.get_managed_fields(user)

        return 'password' not in managed_fields

    def get_reset_password_token(self, user, timestamp, session_id):

        """

        The token is a 40-digit hexstring, calculated as a HMAC-SHA1.

        In a traditional HMAC scenario, an attacker is unable to know or

        influence the secret key, but can know or influence the message

        and token. This scenario is slightly different (in particular

        since the message sender is also the message recipient), but

        sufficiently similar to use an HMAC. Benefits compared to a plain

        SHA1 hash includes resistance against a length extension attack.

        The HMAC key consists of the following values (known only to the

        server and authorized users):

        * per-application secret (the `app_instance_uuid` setting), without

          which an attacker cannot counterfeit tokens

        * hashed user password, invalidating the token upon password change

        The HMAC message consists of the following values (potentially known

        to an attacker):

        * session ID (the anti-CSRF token), requiring an attacker to have

          access to the browser session in which the token was created

        * numeric user ID, limiting the token to a specific user (yet allowing

          users to be renamed)

        * user email address

        * time of token issue (a Unix timestamp, to enable token expiration)

        The key and message values are separated by NUL characters, which are

        guaranteed not to occur in any of the values.

        """

        app_secret = config.get('app_instance_uuid')

        return hmac.HMAC(

            key=u'\0'.join([app_secret, user.password]).encode('utf-8'),

            msg=u'\0'.join([session_id, str(user.user_id), user.email, str(timestamp)]).encode('utf-8'),

            digestmod=hashlib.sha1,

        ).hexdigest()

    def send_reset_password_email(self, data):

        """

        Sends email with a password reset token and link to the password

        reset confirmation page with all information (including the token)

        pre-filled. Also returns URL of that page, only without the token,

        allowing users to copy-paste or manually enter the token from the

        email.

        """

        from kallithea.lib.celerylib import tasks

        from kallithea.model.notification import EmailNotificationModel

        import kallithea.lib.helpers as h

        user_email = data['email']

        user = User.get_by_email(user_email)

        timestamp = int(time.time())

        if user is not None:

            if self.can_change_password(user):

                log.debug('password reset user %s found', user)

                token = self.get_reset_password_token(user,

                                                      timestamp,

                                                      h.session_csrf_secret_token())

                # URL must be fully qualified; but since the token is locked to