h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            raise HTTPFound(location=url('users'))

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = Session().query(Repository) \

                         .join(UserFollowing) \

                         .filter(UserFollowing.user_id ==

                                 request.authuser.user_id).all()

        else:

            admin = True

            repos_list = Session().query(Repository) \

                         .filter(Repository.owner_id ==

                                 request.authuser.user_id).all()

        return RepoModel().get_repos_as_dict(repos_list, admin=admin)

    def my_account(self):

        c.active = 'profile'

        self.__load_data()

        c.perm_user = AuthUser(user_id=request.authuser.user_id)

        managed_fields = auth_modules.get_managed_fields(c.user)

        if 'hg.register.none' in def_user_perms:

            managed_fields.extend(['username', 'firstname', 'lastname', 'email'])

        c.readonly = lambda n: 'readonly' if n in managed_fields else None

        defaults = c.user.get_dict()

        update = False

        if request.POST:

            _form = UserForm(edit=True,

                             old_data={'user_id': request.authuser.user_id,

                                       'email': request.authuser.email})()

            form_result = {}

            try:

                post_data = dict(request.POST)

                post_data['new_password'] = ''

                post_data['password_confirmation'] = ''

                form_result = _form.to_python(post_data)

                # skip updating those attrs for my account

                skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',

                              'new_password', 'password_confirmation',

                             ] + managed_fields

                UserModel().update(request.authuser.user_id, form_result,

                                   skip_attrs=skip_attrs)

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                # with user creation, explanation should be provided in

                # Exception itself

                h.flash(e, 'error')

            else:

                # login_form already validated the password - now set the session cookie accordingly

                auth_user = log_in_user(user, c.form_result['remember'], is_external_auth=False, ip_addr=request.ip_addr)

                if auth_user:

                    raise HTTPFound(location=c.came_from)

                h.flash(_('Authentication failed.'), 'error')

        else:

            # redirect if already logged in

            if not request.authuser.is_anonymous:

                raise HTTPFound(location=c.came_from)

            # continue to show login to default user

        return render('/login.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

                               'hg.register.manual_activate')

    def register(self):

        c.auto_active = 'hg.register.auto_activate' in def_user_perms

        settings = Setting.get_app_settings()

        captcha_private_key = settings.get('captcha_private_key')

        c.captcha_active = bool(captcha_private_key)

        c.captcha_public_key = settings.get('captcha_public_key')

        if request.POST:

            register_form = RegisterForm()()

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('g-recaptcha-response'),

                                      private_key=captcha_private_key,

                                      remoteip=request.ip_addr)

                    if not response.is_valid:

                        _value = form_result

                        _msg = _('Bad captcha')

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import hashlib

import itertools

import logging

import os

import string

import bcrypt

import ipaddr

from decorator import decorator

from sqlalchemy.orm import joinedload

from sqlalchemy.orm.exc import ObjectDeletedError

from tg import request

from tg.i18n import ugettext as _

from webob.exc import HTTPForbidden, HTTPFound

import kallithea

from kallithea.config.routing import url

from kallithea.lib.utils import get_repo_group_slug, get_repo_slug, get_user_group_slug

from kallithea.lib.utils2 import ascii_bytes, ascii_str, safe_bytes

from kallithea.model.db import (Permission, UserApiKeys, UserGroup, UserGroupMember, UserGroupRepoGroupToPerm, UserGroupRepoToPerm, UserGroupToPerm,

                                UserGroupUserGroupToPerm, UserIpMap, UserToPerm)

from kallithea.model.meta import Session

from kallithea.model.user import UserModel

log = logging.getLogger(__name__)

class PasswordGenerator(object):

    """

    This is a simple class for generating password from different sets of

    characters

    usage::

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

    """

    ALPHABETS_NUM = r'''1234567890'''

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''

def check_password(password, hashed):

    """

    Checks password match the hashed value using bcrypt.

    Remains backwards compatible and accept plain sha256 hashes which used to

    be used on Windows.

    :param password: password

    :param hashed: password in hashed form

    """

    # sha256 hashes will always be 64 hex chars

    # bcrypt hashes will always contain $ (and be shorter)

    if len(hashed) == 64 and all(x in string.hexdigits for x in hashed):

        return hashlib.sha256(password).hexdigest() == hashed

    try:

        return bcrypt.checkpw(safe_bytes(password), ascii_bytes(hashed))

    except ValueError as e:

        # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors

        log.error('error from bcrypt checking password: %s', e)

        return False

    log.error('check_password failed - no method found for hash length %s', len(hashed))

    return False

    PERM_WEIGHTS = Permission.PERM_WEIGHTS

        Assuming the permissions are comparable, set the new permission if it

        has higher weight, else drop it and keep the old permission.

        """

        new_perm_val = PERM_WEIGHTS[new_perm]

        cur_perm_val = PERM_WEIGHTS[cur_perm]

        if new_perm_val > cur_perm_val:

    #======================================================================

    # fetch default permissions

    #======================================================================

    default_repo_perms = Permission.get_default_perms(kallithea.DEFAULT_USER_ID)

    default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)

    default_user_group_perms = Permission.get_default_user_group_perms(kallithea.DEFAULT_USER_ID)

    if user_is_admin:

        #==================================================================

        # admin users have all rights;

        # based on default permissions, just set everything to admin

        #==================================================================

        # repositories

        for perm in default_repo_perms:

            r_k = perm.repository.repo_name

            p = 'repository.admin'

        # repository groups

        for perm in default_repo_groups_perms:

            rg_k = perm.group.group_name

            p = 'group.admin'

        # user groups

        for perm in default_user_group_perms:

            u_k = perm.user_group.users_group_name

            p = 'usergroup.admin'

    #==================================================================

    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

    #==================================================================

    # default global permissions taken from the default user

    default_global_perms = UserToPerm.query() \

        .filter(UserToPerm.user_id == kallithea.DEFAULT_USER_ID) \

        .options(joinedload(UserToPerm.permission))

    for perm in default_global_perms:

    # defaults for repositories, taken from default user

    for perm in default_repo_perms:

        r_k = perm.repository.repo_name

        if perm.repository.owner_id == user_id:

            p = 'repository.admin'

        elif perm.repository.private:

            p = 'repository.none'

        else:

            p = perm.permission.permission_name

    # defaults for repository groups taken from default user permission

    # on given group

    for perm in default_repo_groups_perms:

        rg_k = perm.group.group_name

        p = perm.permission.permission_name

    # defaults for user groups taken from default user permission

    # on given user group

    for perm in default_user_group_perms:

        u_k = perm.user_group.users_group_name

        p = perm.permission.permission_name

    #======================================================================

    # !! Augment GLOBALS with user permissions if any found !!

    #======================================================================

    # USER GROUPS comes first

    # user group global permissions

    user_perms_from_users_groups = Session().query(UserGroupToPerm) \

        .options(joinedload(UserGroupToPerm.permission)) \

        .join((UserGroupMember, UserGroupToPerm.users_group_id ==

               UserGroupMember.users_group_id)) \

        .filter(UserGroupMember.user_id == user_id) \

        .join((UserGroup, UserGroupMember.users_group_id ==

               UserGroup.users_group_id)) \

        .filter(UserGroup.users_group_active == True) \

        .order_by(UserGroupToPerm.users_group_id) \

        .all()

    # need to group here by groups since user can be in more than

    # one group

    _grouped = [[x, list(y)] for x, y in

                itertools.groupby(user_perms_from_users_groups,

                                  lambda x:x.users_group)]

    for gr, perms in _grouped:

        for perm in perms:

    # user specific global permissions

    user_perms = Session().query(UserToPerm) \

            .options(joinedload(UserToPerm.permission)) \

            .filter(UserToPerm.user_id == user_id).all()

    for perm in user_perms:

    # for each kind of global permissions, only keep the one with heighest weight

    kind_max_perm = {}

        kind = perm.rsplit('.', 1)[0]

        kind_max_perm[kind] = perm

    ## END GLOBAL PERMISSIONS

    #======================================================================

    # !! PERMISSIONS FOR REPOSITORIES !!

    #======================================================================

    #======================================================================

    # check if user is part of user groups for this repository and

    # fill in his permission from it.

    #======================================================================

    # user group for repositories permissions

    user_repo_perms_from_users_groups = \

     Session().query(UserGroupRepoToPerm) \

        .join((UserGroup, UserGroupRepoToPerm.users_group_id ==

               UserGroup.users_group_id)) \

        .filter(UserGroup.users_group_active == True) \

        .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==

               UserGroupMember.users_group_id)) \

        .filter(UserGroupMember.user_id == user_id) \

        .options(joinedload(UserGroupRepoToPerm.repository)) \

        .options(joinedload(UserGroupRepoToPerm.permission)) \

        .all()

    for perm in user_repo_perms_from_users_groups:

            perm.repository.repo_name,

            perm.permission.permission_name)

    # user permissions for repositories

    user_repo_perms = Permission.get_default_perms(user_id)

    for perm in user_repo_perms:

            perm.repository.repo_name,

            perm.permission.permission_name)

    #======================================================================

    # !! PERMISSIONS FOR REPOSITORY GROUPS !!

    #======================================================================

    #======================================================================

    # check if user is part of user groups for this repository groups and

    # fill in his permission from it.

    #======================================================================

    # user group for repo groups permissions

    user_repo_group_perms_from_users_groups = \

     Session().query(UserGroupRepoGroupToPerm) \

     .join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==

            UserGroup.users_group_id)) \

     .filter(UserGroup.users_group_active == True) \

     .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id

            == UserGroupMember.users_group_id)) \

     .filter(UserGroupMember.user_id == user_id) \

     .options(joinedload(UserGroupRepoGroupToPerm.permission)) \

     .all()

    for perm in user_repo_group_perms_from_users_groups:

            perm.group.group_name,

            perm.permission.permission_name)

    # user explicit permissions for repository groups

    user_repo_groups_perms = Permission.get_default_group_perms(user_id)

    for perm in user_repo_groups_perms:

            perm.group.group_name,

            perm.permission.permission_name)

    #======================================================================

    # !! PERMISSIONS FOR USER GROUPS !!

    #======================================================================

    # user group for user group permissions

    user_group_user_groups_perms = \

     Session().query(UserGroupUserGroupToPerm) \

     .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id

            == UserGroup.users_group_id)) \

     .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id

            == UserGroupMember.users_group_id)) \

     .filter(UserGroupMember.user_id == user_id) \

     .join((UserGroup, UserGroupMember.users_group_id ==

            UserGroup.users_group_id), aliased=True, from_joinpoint=True) \

     .filter(UserGroup.users_group_active == True) \

     .options(joinedload(UserGroupUserGroupToPerm.permission)) \

     .all()

    for perm in user_group_user_groups_perms:

            perm.target_user_group.users_group_name,

            perm.permission.permission_name)

    # user explicit permission for user groups

    user_user_groups_perms = Permission.get_default_user_group_perms(user_id)

    for perm in user_user_groups_perms:

            perm.user_group.users_group_name,

            perm.permission.permission_name)

class AuthUser(object):

    """

    Represents a Kallithea user, including various authentication and

    authorization information. Typically used to store the current user,

    but is also used as a generic user information data structure in

    parts of the code, e.g. user management.

    Constructed from a database `User` object, a user ID or cookie dict,

    it looks up the user (if needed) and copies all attributes to itself,

    adding various non-persistent data. If lookup fails but anonymous

    access to Kallithea is enabled, the default user is loaded instead.

    `AuthUser` does not by itself authenticate users. It's up to other parts of

    the code to check e.g. if a supplied password is correct, and if so, trust

    the AuthUser object as an authenticated user.

    However, `AuthUser` does refuse to load a user that is not `active`.

    Note that Kallithea distinguishes between the default user (an actual

    user in the database with username "default") and "no user" (no actual

    User object, AuthUser filled with blank values and username "None").

        # Look up database user, if necessary.

        if user_id is not None:

            assert dbuser is None

            log.debug('Auth User lookup by USER ID %s', user_id)

            dbuser = UserModel().get(user_id)

            assert dbuser is not None

        else:

            assert dbuser is not None

            log.debug('Auth User lookup by database user %s', dbuser)

        log.debug('filling %s data', dbuser)

        self.is_anonymous = dbuser.is_default_user

        if dbuser.is_default_user and not dbuser.active:

            self.username = 'None'

            self.is_default_user = False

        else:

            # copy non-confidential database fields from a `db.User` to this `AuthUser`.

            for k, v in dbuser.get_dict().items():

                assert k not in ['api_keys', 'permissions']

                setattr(self, k, v)

            self.is_default_user = dbuser.is_default_user

        log.debug('Auth User is now %s', self)

        log.debug('Getting PERMISSION tree for %s', self)

    def has_repository_permission_level(self, repo_name, level, purpose=None):

        required_perms = {

            'read': ['repository.read', 'repository.write', 'repository.admin'],

            'write': ['repository.write', 'repository.admin'],

            'admin': ['repository.admin'],

        }[level]

        ok = actual_perm in required_perms

        log.debug('Checking if user %r can %r repo %r (%s): %s (has %r)',

            self.username, level, repo_name, purpose, ok, actual_perm)

        return ok

    def has_repository_group_permission_level(self, repo_group_name, level, purpose=None):

        required_perms = {

            'read': ['group.read', 'group.write', 'group.admin'],

            'write': ['group.write', 'group.admin'],

            'admin': ['group.admin'],

        }[level]

        ok = actual_perm in required_perms

        log.debug('Checking if user %r can %r repo group %r (%s): %s (has %r)',

            self.username, level, repo_group_name, purpose, ok, actual_perm)

        return ok

    def has_user_group_permission_level(self, user_group_name, level, purpose=None):

        required_perms = {

            'read': ['usergroup.read', 'usergroup.write', 'usergroup.admin'],

            'write': ['usergroup.write', 'usergroup.admin'],

            'admin': ['usergroup.admin'],

        }[level]

        ok = actual_perm in required_perms

        log.debug('Checking if user %r can %r user group %r (%s): %s (has %r)',

            self.username, level, user_group_name, purpose, ok, actual_perm)

        return ok

    @property

    def api_keys(self):

        return self._get_api_keys()

    def _get_api_keys(self):

        api_keys = [self.api_key]

        for api_key in UserApiKeys.query() \

                .filter_by(user_id=self.user_id, is_expired=False):

            api_keys.append(api_key.api_key)

        return api_keys

    @property

    def is_admin(self):

        return self.admin

    @property

    def repositories_admin(self):

        """

        Returns list of repositories you're an admin of

        """

                if x[1] == 'repository.admin']

    @property

    def repository_groups_admin(self):

        """

        Returns list of repository groups you're an admin of

        """

                if x[1] == 'group.admin']

    @property

    def user_groups_admin(self):

        """

        Returns list of user groups you're an admin of

        """

                if x[1] == 'usergroup.admin']

    def __repr__(self):

        return "<%s %s: %r>" % (self.__class__.__name__, self.user_id, self.username)

    def to_cookie(self):

        """ Serializes this login session to a cookie `dict`. """

        return {

            'user_id': self.user_id,

            'is_external_auth': self.is_external_auth,

        }

    @staticmethod

    def from_cookie(cookie, ip_addr):

        """

        Deserializes an `AuthUser` from a cookie `dict` ... or return None.

        """

        return AuthUser.make(

            dbuser=UserModel().get(cookie.get('user_id')),

            is_external_auth=cookie.get('is_external_auth', False),

            ip_addr=ip_addr,

        )

    @classmethod

        log.debug('checking %s permissions %s for %s %s',

          self.__class__.__name__, self.required_perms, cls, user)

        if self.check_permissions(user):

            log.debug('Permission granted for %s %s', cls, user)

            return func(*fargs, **fkwargs)

        else:

            log.info('Permission denied for %s %s', cls, user)

            if user.is_default_user:

                raise _redirect_to_login(_('You need to be signed in to view this page'))

            else:

                raise HTTPForbidden()

    def check_permissions(self, user):

        raise NotImplementedError()

class HasPermissionAnyDecorator(_PermsDecorator):

    """

    Checks the user has any of the given global permissions.

    """

    def check_permissions(self, user):

class _PermDecorator(_PermsDecorator):

    """Base class for controller decorators with a single permission"""

    def __init__(self, required_perm):

        _PermsDecorator.__init__(self, [required_perm])

        self.required_perm = required_perm

class HasRepoPermissionLevelDecorator(_PermDecorator):

    """

    Checks the user has at least the specified permission level for the requested repository.

    """

    def check_permissions(self, user):

        repo_name = get_repo_slug(request)

        return user.has_repository_permission_level(repo_name, self.required_perm)

class HasRepoGroupPermissionLevelDecorator(_PermDecorator):

    """

    Checks the user has any of given permissions for the requested repository group.

    """

#==============================================================================

# CHECK FUNCTIONS

#==============================================================================

class _PermsFunction(object):

    """Base function for other check functions with multiple permissions"""

    def __init__(self, *required_perms):

        self.required_perms = required_perms # usually very short - a list is thus fine

    def __bool__(self):

        """ Defend against accidentally forgetting to call the object

            and instead evaluating it directly in a boolean context,

            which could have security implications.

        """

        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')

    def __call__(self, *a, **b):

        raise NotImplementedError()

class HasPermissionAny(_PermsFunction):

    def __call__(self, purpose=None):

        log.debug('Check %s for global %s (%s): %s',

            request.authuser.username, self.required_perms, purpose, ok)

        return ok

class _PermFunction(_PermsFunction):

    """Base function for other check functions with a single permission"""

    def __init__(self, required_perm):

        _PermsFunction.__init__(self, [required_perm])

        self.required_perm = required_perm

class HasRepoPermissionLevel(_PermFunction):

    def __call__(self, repo_name, purpose=None):

        return request.authuser.has_repository_permission_level(repo_name, self.required_perm, purpose)

class HasRepoGroupPermissionLevel(_PermFunction):

    def __call__(self, group_name, purpose=None):

        return request.authuser.has_repository_group_permission_level(group_name, self.required_perm, purpose)

class HasUserGroupPermissionLevel(_PermFunction):

    def __call__(self, user_group_name, purpose=None):

        return request.authuser.has_user_group_permission_level(user_group_name, self.required_perm, purpose)

#==============================================================================

# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH

#==============================================================================

class HasPermissionAnyMiddleware(object):

    def __init__(self, *perms):

        self.required_perms = set(perms)

    def __call__(self, authuser, repo_name, purpose=None):

        try:

        except KeyError:

            ok = False

        log.debug('Middleware check %s for %s for repo %s (%s): %s', authuser.username, self.required_perms, repo_name, purpose, ok)

        return ok

def check_ip_access(source_ip, allowed_ips=None):

    """

    Checks if source_ip is a subnet of any of allowed_ips.

    :param source_ip:

    :param allowed_ips: list of allowed ips together with mask

    """

    source_ip = source_ip.split('%', 1)[0]

    log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)

    if isinstance(allowed_ips, (tuple, list, set)):

        for ip in allowed_ips:

            if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):

                log.debug('IP %s is network %s',

                          ipaddr.IPAddress(source_ip), ipaddr.IPNetwork(ip))

                return True

    return False

        if not isinstance(user_data, dict):

            raise Exception('returned value from auth must be a dict')

        for k in self.auth_func_attrs:

            if k not in user_data:

                raise Exception('Missing %s attribute from returned data' % k)

        return user_data

class KallitheaExternalAuthPlugin(KallitheaAuthPluginBase):

    def use_fake_password(self):

        """

        Return a boolean that indicates whether or not we should set the user's

        password to a random value when it is authenticated by this plugin.

        If your plugin provides authentication, then you will generally want this.

        :returns: boolean

        """

        raise NotImplementedError("Not implemented in base class")

    def _authenticate(self, userobj, username, passwd, settings, **kwargs):

        user_data = super(KallitheaExternalAuthPlugin, self)._authenticate(

            userobj, username, passwd, settings, **kwargs)

        if user_data is not None:

            if userobj is None: # external authentication of unknown user that will be created soon

                active = 'hg.extern_activate.auto' in def_user_perms

            else:

                active = userobj.active

            if self.use_fake_password():

                # Randomize the PW because we don't need it, but don't want

                # them blank either

                passwd = PasswordGenerator().gen_password(length=8)

            log.debug('Updating or creating user info from %s plugin',

                      self.name)

            user = UserModel().create_or_update(

                username=user_data['username'],

                password=passwd,

                email=user_data["email"],

                firstname=user_data["firstname"],

                lastname=user_data["lastname"],

                active=active,

                admin=user_data["admin"],

                extern_name=user_data["extern_name"],

                extern_type=self.name,

            )

            # enforce user is just in given groups, all of them has to be ones

            # created from plugins. We store this info in _group_data JSON field

        return q.ui_value

    def get(self, repo_id):

        repo = Repository.query() \

            .filter(Repository.repo_id == repo_id)

        return repo.scalar()

    def get_repo(self, repository):

        return Repository.guess_instance(repository)

    def get_by_repo_name(self, repo_name):

        repo = Repository.query() \

            .filter(Repository.repo_name == repo_name)

        return repo.scalar()

    def get_all_user_repos(self, user):

        """

        Gets all repositories that user have at least read access

        :param user:

        """

        from kallithea.lib.auth import AuthUser

        auth_user = AuthUser(dbuser=User.guess_instance(user))

        repos = [repo_name

            if perm in ['repository.read', 'repository.write', 'repository.admin']

            ]

        return Repository.query().filter(Repository.repo_name.in_(repos))

    @classmethod

    def _render_datatable(cls, tmpl, *args, **kwargs):

        from tg import app_globals, request

        from tg import tmpl_context as c

        from tg.i18n import ugettext as _

        _tmpl_lookup = app_globals.mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        tmpl = template.get_def(tmpl)

        kwargs.update(dict(_=_, h=h, c=c, request=request))

        return tmpl.render_unicode(*args, **kwargs)

    def get_repos_as_dict(self, repos_list, repo_groups_list=None,

                          admin=False,

                          short_name=False):

        """Return repository list for use by DataTable.

        repos_list: list of repositories - but will be filtered for read permission.

        repo_groups_list: added at top of list without permission check.

        admin: return data for action column.