# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.auth

~~~~~~~~~~~~~~~~~~

authentication and permission libraries

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import itertools

import logging

import ipaddr

from decorator import decorator

from sqlalchemy.orm import joinedload

from sqlalchemy.orm.exc import ObjectDeletedError

from tg import request

from tg.i18n import ugettext as _

from webob.exc import HTTPForbidden, HTTPFound

import kallithea

from kallithea.lib import webutils

from kallithea.lib.utils import get_repo_group_slug, get_repo_slug, get_user_group_slug

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.lib.webutils import url

from kallithea.model import db, meta

from kallithea.model.user import UserModel

log = logging.getLogger(__name__)

PERM_WEIGHTS = db.Permission.PERM_WEIGHTS

def bump_permission(permissions, key, new_perm):

    """Add a new permission for key to permissions.

    Assuming the permissions are comparable, set the new permission if it

    has higher weight, else drop it and keep the old permission.

    """

    cur_perm = permissions[key]

    new_perm_val = PERM_WEIGHTS[new_perm]

    cur_perm_val = PERM_WEIGHTS[cur_perm]

    if new_perm_val > cur_perm_val:

        permissions[key] = new_perm

class AuthUser(object):

    """

    Represents a Kallithea user, including various authentication and

    authorization information. Typically used to store the current user,

    but is also used as a generic user information data structure in

    parts of the code, e.g. user management.

    Constructed from a database `User` object, a user ID or cookie dict,

    it looks up the user (if needed) and copies all attributes to itself,

    adding various non-persistent data. If lookup fails but anonymous

    access to Kallithea is enabled, the default user is loaded instead.

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Authentication modules

"""

import importlib

import logging

import traceback

from inspect import isfunction

from kallithea.lib.compat import hybrid_property

from kallithea.model import db, meta, validators

from kallithea.model.user import UserModel

from kallithea.model.user_group import UserGroupModel

log = logging.getLogger(__name__)

class LazyFormencode(object):

    def __init__(self, formencode_obj, *args, **kwargs):

        self.formencode_obj = formencode_obj

        self.args = args

        self.kwargs = kwargs

    def __call__(self, *args, **kwargs):

        formencode_obj = self.formencode_obj

        if isfunction(formencode_obj):

            # case we wrap validators into functions

            formencode_obj = self.formencode_obj(*args, **kwargs)

        return formencode_obj(*self.args, **self.kwargs)

class KallitheaAuthPluginBase(object):

    auth_func_attrs = {

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.auth_modules.auth_internal

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kallithea authentication plugin for built in internal auth

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Created on Nov 17, 2012

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

from kallithea.lib.compat import hybrid_property

log = logging.getLogger(__name__)

class KallitheaAuthPlugin(auth_modules.KallitheaAuthPluginBase):

    def __init__(self):

        pass

    @hybrid_property

    def name(self):

        # Also found as kallithea.lib.model.db.User.DEFAULT_AUTH_TYPE

        return 'internal'

    def settings(self):

        return []

    def accepts(self, user, accepts_empty=True):

        """

        Custom accepts for this auth that doesn't accept empty users. We

        know that user exists in database.

        """

        return super(KallitheaAuthPlugin, self).accepts(user,

    def auth(self, userobj, username, password, settings, **kwargs):

        if not userobj:

            log.debug('userobj was:%s skipping', userobj)

            return None

        if userobj.extern_type != self.name:

            log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`",

                     userobj, userobj.extern_type, self.name)

            return None

        if not username:

            log.debug('Empty username - skipping...')

            return None

        user_data = {

            "username": userobj.username,

            "firstname": userobj.firstname,

            "lastname": userobj.lastname,

            "groups": [],

            "email": userobj.email,

            "admin": userobj.admin,

            "extern_name": userobj.user_id,

        }

        log.debug('user data: %s', user_data)

        if userobj.is_default_user:

            log.info('user %s authenticated correctly as anonymous user',

                     username)

            return user_data

        elif userobj.username == username and password_match:

            log.info('user %s authenticated correctly', user_data['username'])

            return user_data

        log.error("user %s had a bad password", username)

        return None

    def get_managed_fields(self):

        # Note: 'username' should only be editable (at least for user) if self registration is enabled

        return []

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.lib.utils2

~~~~~~~~~~~~~~~~~~~~

Some simple helper functions.

Note: all these functions should be independent of Kallithea classes, i.e.

models, controllers, etc.  to prevent import cycles.

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jan 5, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import binascii

import datetime

import json

import os

import re

import time

import urllib.parse

import urlobject

from dateutil import relativedelta

from sqlalchemy.engine import url as sa_url

from sqlalchemy.exc import ArgumentError

from tg import tmpl_context

from tg.i18n import ugettext as _

from tg.i18n import ungettext

from tg.support.converters import asbool, aslist

from webhelpers2.text import collapse, remove_formatting, strip_tags

import kallithea

from kallithea.lib import webutils

from kallithea.lib.vcs.backends.base import BaseRepository, EmptyChangeset

from kallithea.lib.vcs.exceptions import RepositoryError

from kallithea.lib.vcs.utils import ascii_bytes, ascii_str, safe_bytes, safe_str  # re-export

from kallithea.lib.vcs.utils.lazy import LazyProperty

try:

    import pwd

except ImportError:

    pass

# mute pyflakes "imported but unused"

assert asbool

assert aslist

assert ascii_bytes

assert ascii_str

assert safe_bytes

assert safe_str

assert LazyProperty

def convert_line_endings(line, mode):

    """

    Converts a given line  "line end" according to given mode

    Available modes are::

        0 - Unix

        1 - Mac

        2 - DOS

    :param line: given line to convert

    :param mode: mode to convert to

    :rtype: str

    :return: converted line according to mode

    """

    of repository to prevent bad names in repo

    """

    slug = remove_formatting(value)

    slug = strip_tags(slug)

    for c in r"""`?=[]\;'"<>,/~!@#$%^&*()+{}|: """:

        slug = slug.replace(c, '-')

    slug = recursive_replace(slug, '-')

    slug = collapse(slug, '-')

    return slug

def ask_ok(prompt, retries=4, complaint='Yes or no please!'):

    while True:

        ok = input(prompt)

        if ok in ('y', 'ye', 'yes'):

            return True

        if ok in ('n', 'no', 'nop', 'nope'):

            return False

        retries = retries - 1

        if retries < 0:

            raise IOError

        print(complaint)

users model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 9, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import hashlib

import hmac

import logging

import time

import traceback

from sqlalchemy.exc import DatabaseError

from tg import config

from tg.i18n import ugettext as _

from kallithea.lib import webutils

from kallithea.lib.exceptions import DefaultUserException, UserOwnsReposException

from kallithea.model import db, forms, meta

log = logging.getLogger(__name__)

class UserModel(object):

    password_reset_token_lifetime = 86400 # 24 hours

    def get(self, user_id):

        user = db.User.query()

        return user.get(user_id)

    def get_user(self, user):

        return db.User.guess_instance(user)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.hooks import check_allowed_create_user, log_create_user

        _fd = form_data

        user_data = {

            'username': _fd['username'],

            'password': _fd['password'],

            'email': _fd['email'],

            'firstname': _fd['firstname'],

            'lastname': _fd['lastname'],

            'active': _fd['active'],

            'admin': False

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        new_user = db.User()

        for k, v in form_data.items():

            if k == 'password':

                v = get_crypt_password(v)

            if k == 'firstname':

                k = 'name'

            setattr(new_user, k, v)

        new_user.api_key = generate_api_key()

        meta.Session().add(new_user)

        meta.Session().flush() # make database assign new_user.user_id

        log_create_user(new_user.get_dict(), cur_user)

        return new_user

    def create_or_update(self, username, password, email, firstname='',

                         lastname='', active=True, admin=False,

                         extern_type=None, extern_name=None, cur_user=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param extern_name:

        :param extern_type:

        :param cur_user:

        """

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        from kallithea.lib.hooks import check_allowed_create_user, log_create_user

        user_data = {

            'username': username, 'password': password,

            'email': email, 'firstname': firstname, 'lastname': lastname,

            'active': active, 'admin': admin

        }

        # raises UserCreationError if it's not allowed

        check_allowed_create_user(user_data, cur_user)

        log.debug('Checking for %s account in Kallithea database', username)

        user = db.User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s', username)

            new_user = db.User()

            edit = False

        else:

            log.debug('updating user %s', username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            new_user.email = email

        form_data['extern_name'] = ''

        new_user = self.create(form_data)

        # notification to admins

        subject = _('New user registration')

        body = (

            'New user registration\n'

            '---------------------\n'

            '- Username: {user.username}\n'

            '- Full Name: {user.full_name}\n'

            '- Email: {user.email}\n'

            ).format(user=new_user)

        edit_url = webutils.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {

            'registered_user_url': edit_url,

            'new_username': new_user.username,

            'new_email': new_user.email,

            'new_full_name': new_user.full_name}

        notification.NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=notification.NotificationModel.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=None):

        skip_attrs = skip_attrs or []

        user = self.get(user_id)

        if user.is_default_user:

            raise DefaultUserException(

                            _("You can't edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

    def update_user(self, user, **kwargs):

        user = db.User.guess_instance(user)

        if user.is_default_user:

            raise DefaultUserException(

                _("You can't edit this user since it's"

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        return user

    def delete(self, user, cur_user=None):

        if cur_user is None:

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = db.User.guess_instance(user)

        if user.is_default_user:

            raise DefaultUserException(

                _("You can't remove this user since it is"

                  " crucial for the entire application"))

        if user.repositories:

    def verify_reset_password_token(self, email, timestamp, token):

        user = db.User.get_by_email(email)

        if user is None:

            log.debug("user with email %s not found", email)

            return False

        token_age = int(time.time()) - int(timestamp)

        if token_age < 0:

            log.debug('timestamp is from the future')

            return False

        if token_age > UserModel.password_reset_token_lifetime:

            log.debug('password reset token expired')

            return False

        expected_token = self.get_reset_password_token(user,

                                                       timestamp,

                                                       webutils.session_csrf_secret_token())

        log.debug('computed password reset token: %s', expected_token)

        log.debug('received password reset token: %s', token)

        return expected_token == token

    def reset_password(self, user_email, new_passwd):

        from kallithea.lib.celerylib import tasks

        user = db.User.get_by_email(user_email)

        if user is not None:

            if not self.can_change_password(user):

                raise Exception('trying to change password for external user')

            meta.Session().commit()

            log.info('change password for %s', user_email)

        if new_passwd is None:

            raise Exception('unable to set new password')

        tasks.send_email([user_email],

                 _('Password reset notification'),

                 _('The password to your account %s has been changed using password reset form.') % (user.username,))

        log.info('send password reset mail to %s', user_email)

        return True

    def has_perm(self, user, perm):

        perm = db.Permission.guess_instance(perm)

        user = db.User.guess_instance(user)

        return db.UserToPerm.query().filter(db.UserToPerm.user == user) \

            .filter(db.UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import pytest

from sqlalchemy.orm.exc import NoResultFound

from tg.util.webtest import test_context

from webob.exc import HTTPNotFound

import kallithea

from kallithea.controllers.admin.users import UsersController

from kallithea.lib import webutils

from kallithea.model import db, meta, validators

from kallithea.model.user import UserModel

from kallithea.tests import base

from kallithea.tests.fixture import Fixture

fixture = Fixture()

@pytest.fixture

def user_and_repo_group_fail():

    username = 'repogrouperr'

    groupname = 'repogroup_fail'

    user = fixture.create_user(name=username)

    repo_group = fixture.create_repo_group(name=groupname, cur_user=username)

    yield user, repo_group

    # cleanup

    if db.RepoGroup.get_by_group_name(groupname):

        fixture.destroy_repo_group(repo_group)

class TestAdminUsersController(base.TestController):

    test_user_1 = 'testme'

# -*- coding: utf-8 -*-

import re

import time

import urllib.parse

import mock

from tg.util.webtest import test_context

import kallithea.lib.celerylib.tasks

from kallithea.lib import webutils

from kallithea.model import db, meta, validators

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.user import UserModel

from kallithea.tests import base

from kallithea.tests.fixture import Fixture

fixture = Fixture()

class TestLoginController(base.TestController):

    def test_index(self):

        response = self.app.get(base.url(controller='login', action='index'))

        assert response.status == '200 OK'

        # Test response...

    def test_login_admin_ok(self):

        response = self.app.post(base.url(controller='login', action='index'),

                                 {'username': base.TEST_USER_ADMIN_LOGIN,

                                  'password': base.TEST_USER_ADMIN_PASS,

                                  '_session_csrf_secret_token': self.session_csrf_secret_token()})

        assert response.status == '302 Found'

        self.assert_authenticated_user(response, base.TEST_USER_ADMIN_LOGIN)

Test suite for making push/pull operations

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Dec 30, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import os

import shutil

import sys

import tempfile

from os.path import dirname

from subprocess import PIPE, Popen

from paste.deploy import appconfig

from sqlalchemy import engine_from_config

import kallithea.config.application

from kallithea.model import db, meta

from kallithea.model.base import init_model

from kallithea.model.repo import RepoModel

from kallithea.tests.base import HG_REPO, TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS

rel_path = dirname(dirname(dirname(dirname(os.path.abspath(__file__)))))

conf = appconfig('config:development.ini', relative_to=rel_path)

kallithea.config.application.make_app(conf.global_conf, **conf.local_conf)

USER = TEST_USER_ADMIN_LOGIN

PASS = TEST_USER_ADMIN_PASS

HOST = 'server.local'

METHOD = 'pull'

DEBUG = True

log = logging.getLogger(__name__)

class Command(object):

    def __init__(self, cwd):

        self.cwd = cwd

    def execute(self, cmd, *args):