:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from tg import config, request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound

import kallithea

import kallithea.lib.indexers.daemon

from kallithea.controllers import base

from kallithea.lib import webutils

from kallithea.lib.auth import HasPermissionAnyDecorator, LoginRequired

from kallithea.lib.utils import repo2db_mapper, set_app_settings

from kallithea.lib.utils2 import safe_str

from kallithea.lib.vcs import VCSError

from kallithea.lib.webutils import url

from kallithea.model.forms import ApplicationSettingsForm, ApplicationUiSettingsForm, ApplicationVisualisationForm

from kallithea.model.notification import EmailNotificationModel

from kallithea.model.scm import ScmModel

log = logging.getLogger(__name__)

class SettingsController(base.BaseController):

    @LoginRequired(allow_default_user=True)

    def _before(self, *args, **kwargs):

        super(SettingsController, self)._before(*args, **kwargs)

    def _get_hg_ui_settings(self):

        ret = db.Ui.query().all()

        settings = {}

        for each in ret:

            k = each.ui_section + '_' + each.ui_key

            v = each.ui_value

            if k == 'paths_/':

                k = 'paths_root_path'

            encoding="UTF-8",

            force_defaults=False)

    @HasPermissionAnyDecorator('hg.admin')

    def settings_email(self):

        c.active = 'email'

        if request.POST:

            test_email = request.POST.get('test_email')

            test_email_subj = 'Kallithea test email'

            test_body = ('Kallithea Email test, '

                               'Kallithea version: %s' % c.kallithea_version)

            if not test_email:

                webutils.flash(_('Please enter email address'), category='error')

                raise HTTPFound(location=url('admin_settings_email'))

            test_email_txt_body = EmailNotificationModel() \

                .get_email_tmpl(EmailNotificationModel.TYPE_DEFAULT,

                                'txt', body=test_body)

            test_email_html_body = EmailNotificationModel() \

                .get_email_tmpl(EmailNotificationModel.TYPE_DEFAULT,

                                'html', body=test_body)

            recipients = [test_email] if test_email else None

                             test_email_txt_body, test_email_html_body)

            webutils.flash(_('Send email task created'), category='success')

            raise HTTPFound(location=url('admin_settings_email'))

        defaults = db.Setting.get_app_settings()

        defaults.update(self._get_hg_ui_settings())

        c.ini = kallithea.CONFIG

        return htmlfill.render(

            base.render('admin/settings/settings.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    @HasPermissionAnyDecorator('hg.admin')

    def settings_hooks(self):

        c.active = 'hooks'

        if request.POST:

            if c.visual.allow_custom_hooks_settings:

                ui_key = request.POST.get('new_hook_ui_key')

                ui_value = request.POST.get('new_hook_ui_value')

# -*- coding: utf-8 -*-

"""

Kallithea wrapper of Celery

The Celery configuration is in the Kallithea ini file but must be converted to an

entirely different format before Celery can use it.

We read the configuration from tg.config at module import time. This module can

thus not be imported in global scope but must be imported on demand in function

scope after tg.config has been initialized.

To make sure that the config really has been initialized, we check one of the

mandatory settings.

"""

import logging

class CeleryConfig(object):

    imports = [

        'kallithea.lib.indexers.daemon',

        'kallithea.model.async_tasks',

        'kallithea.model.repo',

    ]

    task_always_eager = False

list_config_names = {'imports', 'accept_content'}

desupported = set([

    'broker.url',

    'celery.accept.content',

    'celery.always.eager',

    'celery.amqp.task.result.expires',

    'celeryd.concurrency',

    'celeryd.max.tasks.per.child',

    'celery.result.backend',  # Note: the .ini template used this instead of 'celery.result_backend' in 0.6

    'celery.result.dburi',

    'celery.result.serialier',

    'celery.result.serializer',

    'celery.send.task.error.emails',

    'celery.task_always_eager',  # still a valid configuration in celery, but not supported in Kallithea

    'celery.task.serializer',

])

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.async_tasks

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kallithea task modules, containing all task that suppose to be run

by celery daemon

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Oct 6, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import traceback

from collections import OrderedDict

from operator import itemgetter

from time import mktime

import celery.utils.log

from tg import config

import kallithea

from kallithea.lib import celerylib, conf, ext_json

from kallithea.lib.utils2 import asbool, ascii_bytes

from kallithea.lib.vcs.utils import author_email, author_name

from kallithea.model import db, meta

log = celery.utils.log.get_task_logger(__name__)

def _author_username(author):

    """Return the username of the user identified by the email part of the 'author' string,

    default to the name or email.

    Kind of similar to h.person() ."""

    email = author_email(author)

    if email:

        user = db.User.get_by_email(email)

        if user is not None:

            return user.username

    # Still nothing?  Just pass back the author name if any, else the email

    return author_name(author) or email

@celerylib.task

def get_commits_stats(repo_name, ts_min_y, ts_max_y, recurse_limit=100):

    lockkey = celerylib.__get_lockkey('get_commits_stats', repo_name, ts_min_y,

                            ts_max_y)

    log.info('running task with lockkey %s', lockkey)

    try:

            stats.repository = dbrepo

            stats.stat_on_revision = last_cs.revision if last_cs else 0

            meta.Session().add(stats)

            meta.Session().commit()

        except:

            log.error(traceback.format_exc())

            meta.Session().rollback()

            lock.release()

            return

        # final release

        lock.release()

        # execute another task if celery is enabled

        if len(scm_repo.revisions) > 1 and asbool(kallithea.CONFIG.get('use_celery')) and recurse_limit > 0:

            get_commits_stats(repo_name, ts_min_y, ts_max_y, recurse_limit - 1)

        elif recurse_limit <= 0:

            log.debug('Not recursing - limit has been reached')

        else:

            log.debug('Not recursing')

    except celerylib.LockHeld:

        log.info('Task with key %s already running', lockkey)

def __get_codes_stats(repo_name):

    scm_repo = db.Repository.get_by_repo_name(repo_name).scm_instance

    tip = scm_repo.get_changeset()

    code_stats = {}

    for _topnode, _dirnodes, filenodes in tip.walk('/'):

        for filenode in filenodes:

            ext = filenode.extension.lower()

            if ext in conf.LANGUAGES_EXTENSIONS_MAP and not filenode.is_binary:

                if ext in code_stats:

                    code_stats[ext] += 1

                else:

                    code_stats[ext] = 1

    return code_stats or {}

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.notification

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Model for notifications

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Nov 20, 2011

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import datetime

import logging

from tg import tmpl_context as c

from tg.i18n import ugettext as _

log = logging.getLogger(__name__)

class NotificationModel(object):

    TYPE_CHANGESET_COMMENT = 'cs_comment'

    TYPE_MESSAGE = 'message'

    TYPE_MENTION = 'mention' # not used

    TYPE_REGISTRATION = 'registration'

    TYPE_PULL_REQUEST = 'pull_request'

    TYPE_PULL_REQUEST_COMMENT = 'pull_request_comment'

    def create(self, created_by, body, recipients=None,

               type_=TYPE_MESSAGE, with_email=True,

               email_kwargs=None, repo_name=None):

        """

        Creates notification of given type

        :param created_by: int, str or User instance. User who created this

            notification

        :param body:

                  'when': created_on,

                  'user': created_by_obj.username,

                  }

        html_kwargs.update(email_kwargs)

        txt_kwargs.update(email_kwargs)

        email_subject = EmailNotificationModel() \

                            .get_email_description(type_, **txt_kwargs)

        email_txt_body = EmailNotificationModel() \

                            .get_email_tmpl(type_, 'txt', **txt_kwargs)

        email_html_body = EmailNotificationModel() \

                            .get_email_tmpl(type_, 'html', **html_kwargs)

        # don't send email to the person who caused the notification, except for

        # notifications about new pull requests where the author is explicitly

        # added.

        rec_mails = set(obj.email for obj in recipients_objs)

        if type_ == NotificationModel.TYPE_PULL_REQUEST:

            rec_mails.add(created_by_obj.email)

        else:

            rec_mails.discard(created_by_obj.email)

        # send email with notification to participants

        for rec_mail in sorted(rec_mails):

                     email_html_body, headers,

                     from_name=created_by_obj.full_name_or_username)

class EmailNotificationModel(object):

    TYPE_CHANGESET_COMMENT = NotificationModel.TYPE_CHANGESET_COMMENT

    TYPE_MESSAGE = NotificationModel.TYPE_MESSAGE # only used for testing

    # NotificationModel.TYPE_MENTION is not used

    TYPE_PASSWORD_RESET = 'password_link'

    TYPE_REGISTRATION = NotificationModel.TYPE_REGISTRATION

    TYPE_PULL_REQUEST = NotificationModel.TYPE_PULL_REQUEST

    TYPE_PULL_REQUEST_COMMENT = NotificationModel.TYPE_PULL_REQUEST_COMMENT

    TYPE_DEFAULT = 'default'

    def __init__(self):

        super(EmailNotificationModel, self).__init__()

        self._tmpl_lookup = app_globals.mako_lookup

        self.email_types = {

            self.TYPE_CHANGESET_COMMENT: 'changeset_comment',

            self.TYPE_PASSWORD_RESET: 'password_reset',

            self.TYPE_REGISTRATION: 'registration',

            self.TYPE_DEFAULT: 'default',

            self.TYPE_PULL_REQUEST: 'pull_request',

                   'c': c}

        _kwargs.update(kwargs)

        if content_type == 'html':

            _kwargs.update({

                "color_text": "#202020",

                "color_emph": "#395fa0",

                "color_link": "#395fa0",

                "color_border": "#ddd",

                "color_background_grey": "#f9f9f9",

                "color_button": "#395fa0",

                "monospace_style": "font-family:Lucida Console,Consolas,Monaco,Inconsolata,Liberation Mono,monospace",

                "sans_style": "font-family:Helvetica,Arial,sans-serif",

                })

            _kwargs.update({

                "default_style": "%(sans_style)s;font-weight:200;font-size:14px;line-height:17px;color:%(color_text)s" % _kwargs,

                "comment_style": "%(monospace_style)s;white-space:pre-wrap" % _kwargs,

                "data_style": "border:%(color_border)s 1px solid;background:%(color_background_grey)s" % _kwargs,

                "emph_style": "font-weight:600;color:%(color_emph)s" % _kwargs,

                "link_style": "color:%(color_link)s;text-decoration:none" % _kwargs,

                "link_text_style": "color:%(color_text)s;text-decoration:none;border:%(color_border)s 1px solid;background:%(color_background_grey)s" % _kwargs,

                })

        log.debug('rendering tmpl %s with kwargs %s', base, _kwargs)

        return email_template.render_unicode(**_kwargs)

users model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 9, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import hashlib

import hmac

import logging

import time

import traceback

from sqlalchemy.exc import DatabaseError

from tg import config

from tg.i18n import ugettext as _

from kallithea.lib import hooks, webutils

from kallithea.lib.exceptions import DefaultUserException, UserOwnsReposException

from kallithea.lib.utils2 import check_password, generate_api_key, get_crypt_password, get_current_authuser

log = logging.getLogger(__name__)

class UserModel(object):

    password_reset_token_lifetime = 86400 # 24 hours

    def get(self, user_id):

        user = db.User.query()

        return user.get(user_id)

    def get_user(self, user):

        return db.User.guess_instance(user)

    def create(self, form_data, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        _fd = form_data

        user_data = {

            'username': _fd['username'],

            'password': _fd['password'],

            'email': _fd['email'],

                new_user.api_key = generate_api_key()

            # set password only if creating an user or password is changed

            password_change = new_user.password and \

                not check_password(password, new_user.password)

            if not edit or password_change:

                reason = 'new password' if edit else 'new user'

                log.debug('Updating password reason=>%s', reason)

                new_user.password = get_crypt_password(password) \

                    if password else ''

            if user is None:

                meta.Session().add(new_user)

                meta.Session().flush() # make database assign new_user.user_id

            if not edit:

                hooks.log_create_user(new_user.get_dict(), cur_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_registration(self, form_data):

        form_data['admin'] = False

        form_data['extern_type'] = db.User.DEFAULT_AUTH_TYPE

        form_data['extern_name'] = ''

        new_user = self.create(form_data)

        # notification to admins

        edit_url = webutils.canonical_url('edit_user', id=new_user.user_id)

        email_kwargs = {

            'registered_user_url': edit_url,

            'new_username': new_user.username,

            'new_email': new_user.email,

            'new_full_name': new_user.full_name}

        notification.NotificationModel().create(created_by=new_user,

                                   body=None, recipients=None,

                                   type_=notification.NotificationModel.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=None):

        skip_attrs = skip_attrs or []

        user = self.get(user_id)

        if user.is_default_user:

            raise DefaultUserException(

                            _("You can't edit this user since it's "

                              "crucial for entire application"))

          access to the browser session in which the token was created

        * numeric user ID, limiting the token to a specific user (yet allowing

          users to be renamed)

        * user email address

        * time of token issue (a Unix timestamp, to enable token expiration)

        The key and message values are separated by NUL characters, which are

        guaranteed not to occur in any of the values.

        """

        app_secret = config.get('app_instance_uuid')

        return hmac.new(

            '\0'.join([app_secret, user.password]).encode('utf-8'),

            msg='\0'.join([session_id, str(user.user_id), user.email, str(timestamp)]).encode('utf-8'),

            digestmod=hashlib.sha1,

        ).hexdigest()

    def send_reset_password_email(self, data):

        """

        Sends email with a password reset token and link to the password

        reset confirmation page with all information (including the token)

        pre-filled. Also returns URL of that page, only without the token,

        allowing users to copy-paste or manually enter the token from the

        email.

        """

        user_email = data['email']

        user = db.User.get_by_email(user_email)

        timestamp = int(time.time())

        if user is not None:

            if self.can_change_password(user):

                log.debug('password reset user %s found', user)

                token = self.get_reset_password_token(user,

                                                      timestamp,

                                                      webutils.session_csrf_secret_token())

                # URL must be fully qualified; but since the token is locked to

                # the current browser session, we must provide a URL with the

                # current scheme and hostname, rather than the canonical_url.

                link = webutils.url('reset_password_confirmation', qualified=True,

                             email=user_email,

                             timestamp=timestamp,

                             token=token)

            else:

                log.debug('password reset user %s found but was managed', user)

                token = link = None

            reg_type = notification.EmailNotificationModel.TYPE_PASSWORD_RESET

            body = notification.EmailNotificationModel().get_email_tmpl(

                reg_type, 'txt',

                user=user.short_contact,

                reset_token=token,

                reset_url=link)

            html_body = notification.EmailNotificationModel().get_email_tmpl(

                reg_type, 'html',

                user=user.short_contact,

                reset_token=token,

                reset_url=link)

            log.debug('sending email')

            log.info('send new password mail to %s', user_email)

        else:

            log.debug("password reset email %s not found", user_email)

        return webutils.url('reset_password_confirmation',

                     email=user_email,

                     timestamp=timestamp)

    def verify_reset_password_token(self, email, timestamp, token):

        user = db.User.get_by_email(email)

        if user is None:

            log.debug("user with email %s not found", email)

            return False

        token_age = int(time.time()) - int(timestamp)

        if token_age < 0:

            log.debug('timestamp is from the future')

            return False

        if token_age > UserModel.password_reset_token_lifetime:

            log.debug('password reset token expired')

            return False

        expected_token = self.get_reset_password_token(user,

                                                       timestamp,

                                                       webutils.session_csrf_secret_token())

        log.debug('computed password reset token: %s', expected_token)

        log.debug('received password reset token: %s', token)

        return expected_token == token

    def reset_password(self, user_email, new_passwd):

        user = db.User.get_by_email(user_email)

        if user is not None:

            if not self.can_change_password(user):

                raise Exception('trying to change password for external user')

            user.password = get_crypt_password(new_passwd)

            meta.Session().commit()

            log.info('change password for %s', user_email)

        if new_passwd is None:

            raise Exception('unable to set new password')

                 _('Password reset notification'),

                 _('The password to your account %s has been changed using password reset form.') % (user.username,))

        log.info('send password reset mail to %s', user_email)

        return True

    def has_perm(self, user, perm):

        perm = db.Permission.guess_instance(perm)

        user = db.User.guess_instance(user)

        return db.UserToPerm.query().filter(db.UserToPerm.user == user) \

            .filter(db.UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """