# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea

~~~~~~~~~

Kallithea, a web based repository management system.

Versioning implementation: http://www.python.org/dev/peps/pep-0386/

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 9, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, (C) 2014 Bradley M. Kuhn, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import platform

import sys

if sys.version_info < (3, 6):

    raise Exception('Kallithea requires python 3.6 or later')

VERSION = (0, 6, 99)

BACKENDS = {

    'hg': 'Mercurial repository',

    'git': 'Git repository',

}

CELERY_APP = None  # set to Celery app instance if using Celery

CELERY_EAGER = False

CONFIG = {}

URL_SEP = '/'

# Linked module for extensions

EXTENSIONS = {}

__version__ = '.'.join(str(each) for each in VERSION)

__platform__ = platform.system()

__license__ = 'GPLv3'

__py_version__ = sys.version_info

__author__ = "Various Authors"

__url__ = 'https://kallithea-scm.org/'

is_windows = __platform__ in ['Windows']

is_unix = not is_windows

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Routes configuration

The more specific and detailed routes should be defined first so they

may take precedent over the more generic routes. For more information

refer to the routes manual at http://routes.groovie.org/docs/

"""

import routes

from kallithea.lib.utils2 import safe_str

class Mapper(routes.Mapper):

    """

    Subclassed Mapper with routematch patched to decode "unicode" str url to

    *real* unicode str before applying matches and invoking controller methods.

    """

    def routematch(self, url=None, environ=None):

        """

        routematch that also decode url from "fake bytes" to real unicode

        string before matching and invoking controllers.

        """

        # Process url like get_path_info does ... but PATH_INFO has already

        # been retrieved from environ and is passed, so - let's just use that

        # instead.

        url = safe_str(url.encode('latin1'))

        return super().routematch(url=url, environ=environ)

def make_map(config):

    """Create, configure and return the routes Mapper"""

    rmap = Mapper(directory=config['paths']['controllers'],

                  always_scan=config['debug'])

    rmap.minimization = False

    rmap.explicit = False

    from kallithea.lib.utils import is_valid_repo, is_valid_repo_group

    def check_repo(environ, match_dict):

        """

        Check for valid repository for proper 404 handling.

        Also, a bit of side effect modifying match_dict ...

        """

        if match_dict.get('f_path'):

            # fix for multiple initial slashes that causes errors

            match_dict['f_path'] = match_dict['f_path'].lstrip('/')

        return is_valid_repo(match_dict['repo_name'], config['base_path'])

    def check_group(environ, match_dict):

        """

        check for valid repository group for proper 404 handling

        :param environ:

        :param match_dict:

        """

        repo_group_name = match_dict.get('group_name')

        return is_valid_repo_group(repo_group_name, config['base_path'])

    def check_group_skip_path(environ, match_dict):

        """

        check for valid repository group for proper 404 handling, but skips

        verification of existing path

        :param environ:

        :param match_dict:

        """

        repo_group_name = match_dict.get('group_name')

        return is_valid_repo_group(repo_group_name, config['base_path'],

                                   skip_path_check=True)

    def check_user_group(environ, match_dict):

        """

        check for valid user group for proper 404 handling

        :param environ:

        :param match_dict:

        """

        return True

    def check_int(environ, match_dict):

        return match_dict.get('id').isdigit()

    #==========================================================================

    # CUSTOM ROUTES HERE

    #==========================================================================

    # MAIN PAGE

    rmap.connect('home', '/', controller='home')

    rmap.connect('about', '/about', controller='home', action='about')

    rmap.redirect('/favicon.ico', '/images/favicon.ico')

    rmap.connect('repo_switcher_data', '/_repos', controller='home',

                 action='repo_switcher_data')

    rmap.connect('users_and_groups_data', '/_users_and_groups', controller='home',

                 action='users_and_groups_data')

    rmap.connect('rst_help',

                 "http://docutils.sourceforge.net/docs/user/rst/quickref.html",

                 _static=True)

    rmap.connect('kallithea_project_url', "https://kallithea-scm.org/", _static=True)

    rmap.connect('issues_url', 'https://bitbucket.org/conservancy/kallithea/issues', _static=True)

    # ADMIN REPOSITORY ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/repos') as m:

        m.connect("repos", "/repos",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("repos", "/repos",

                  conditions=dict(method=["GET"]))

        m.connect("new_repo", "/create_repository",

                  action="create_repository", conditions=dict(method=["GET"]))

        m.connect("update_repo", "/repos/{repo_name:.*?}",

                  action="update", conditions=dict(method=["POST"],

                  function=check_repo))

        m.connect("delete_repo", "/repos/{repo_name:.*?}/delete",

                  action="delete", conditions=dict(method=["POST"]))

    # ADMIN REPOSITORY GROUPS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/repo_groups') as m:

        m.connect("repos_groups", "/repo_groups",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("repos_groups", "/repo_groups",

                  conditions=dict(method=["GET"]))

        m.connect("new_repos_group", "/repo_groups/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

                  action="update", conditions=dict(method=["POST"],

                                                   function=check_group))

        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_group))

        # EXTRAS REPO GROUP ROUTES

        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

                  action="edit",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

                  action="edit_repo_group_advanced",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="edit_repo_group_perms",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="update_perms",

                  conditions=dict(method=["POST"], function=check_group))

        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",

                  action="delete_perms",

                  conditions=dict(method=["POST"], function=check_group))

        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",

                  action="delete", conditions=dict(method=["POST"],

                                                   function=check_group_skip_path))

    # ADMIN USER ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/users') as m:

        m.connect("new_user", "/users/new",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("users", "/users",

                  conditions=dict(method=["GET"]))

        m.connect("formatted_users", "/users.{format}",

                  conditions=dict(method=["GET"]))

        m.connect("new_user", "/users/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_user", "/users/{id}",

                  action="update", conditions=dict(method=["POST"]))

        m.connect("delete_user", "/users/{id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("edit_user", "/users/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]))

        # EXTRAS USER ROUTES

        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

                  action="edit_advanced", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="edit_api_keys", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys_update", "/users/{id}/edit/api_keys",

                  action="add_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

                  action="delete_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_ssh_keys", "/users/{id}/edit/ssh_keys",

                  action="edit_ssh_keys", conditions=dict(method=["GET"]))

        m.connect("edit_user_ssh_keys", "/users/{id}/edit/ssh_keys",

                  action="ssh_keys_add", conditions=dict(method=["POST"]))

        m.connect("edit_user_ssh_keys_delete", "/users/{id}/edit/ssh_keys/delete",

                  action="ssh_keys_delete", conditions=dict(method=["POST"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="edit_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_perms_update", "/users/{id}/edit/permissions",

                  action="update_perms", conditions=dict(method=["POST"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Set of generic validators

"""

import logging

import os

import re

from collections import defaultdict

import formencode

import ipaddr

import sqlalchemy

from formencode.validators import CIDR, Bool, Email, FancyValidator, Int, IPAddress, NotEmpty, Number, OneOf, Regex, Set, String, StringBoolean, UnicodeString

from sqlalchemy import func

from tg.i18n import ugettext as _

import kallithea

from kallithea.lib.auth import HasPermissionAny, HasRepoGroupPermissionLevel

from kallithea.lib.compat import OrderedSet

from kallithea.lib.exceptions import InvalidCloneUriException, LdapImportError

from kallithea.lib.utils import is_valid_repo_uri

from kallithea.lib.utils2 import asbool, aslist, repo_name_slug

from kallithea.model.db import RepoGroup, Repository, User, UserGroup

# silence warnings and pylint

UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \

    NotEmpty, IPAddress, CIDR, String, FancyValidator

log = logging.getLogger(__name__)

def UniqueListFromString():

    class _UniqueListFromString(formencode.FancyValidator):

        """

        Split value on ',' and make unique while preserving order

        """

        messages = dict(

            empty=_('Value cannot be an empty list'),

            missing_value=_('Value cannot be an empty list'),

        )

        def _convert_to_python(self, value, state):

            value = aslist(value, ',')

            seen = set()

            return [c for c in value if not (c in seen or seen.add(c))]

        def empty_value(self, value):

            return []

    return _UniqueListFromString

def ValidUsername(edit=False, old_data=None):

    old_data = old_data or {}

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'username_exists': _('Username "%(username)s" already exists'),

            'system_invalid_username':

                _('Username "%(username)s" cannot be used'),

            'invalid_username':

                _('Username may only contain alphanumeric characters '

                  'underscores, periods or dashes and must begin with an '

                  'alphanumeric character or underscore')

        }

        def _validate_python(self, value, state):

            if value in ['default', 'new_user']:

                msg = self.message('system_invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state)

            # check if user is unique

            old_un = None

            if edit:

                old_un = User.get(old_data.get('user_id')).username

            if old_un != value or not edit:

                if User.get_by_username(value, case_insensitive=True):

                    msg = self.message('username_exists', state, username=value)

                    raise formencode.Invalid(msg, value, state)

            if re.match(r'^[a-zA-Z0-9\_]{1}[a-zA-Z0-9\-\_\.]*$', value) is None:

                msg = self.message('invalid_username', state)

                raise formencode.Invalid(msg, value, state)

    return _validator

def ValidRegex(msg=None):

    class _validator(formencode.validators.Regex):

        messages = dict(invalid=msg or _('The input is not valid'))

    return _validator

def ValidRepoUser():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_username': _('Username %(username)s is not valid')

        }

        def _validate_python(self, value, state):

            try:

                User.query().filter(User.active == True) \

                    .filter(User.username == value).one()

            except sqlalchemy.exc.InvalidRequestError: # NoResultFound/MultipleResultsFound

                msg = self.message('invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(username=msg)

                )

    return _validator

def ValidUserGroup(edit=False, old_data=None):

            if auth_modules.authenticate(username, value, '') is None:

                msg = self.message('invalid_password', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(current_password=msg)

                )

    return _validator

def ValidPasswordsMatch(password_field, password_confirmation_field):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'password_mismatch': _('Passwords do not match'),

        }

        def _validate_python(self, value, state):

            if value.get(password_field) != value[password_confirmation_field]:

                msg = self.message('password_mismatch', state)

                raise formencode.Invalid(msg, value, state,

                     error_dict={password_field: msg, password_confirmation_field: msg}

                )

    return _validator

def ValidAuth():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_auth': _('Invalid username or password'),

        }

        def _validate_python(self, value, state):

            from kallithea.lib import auth_modules

            password = value['password']

            username = value['username']

            # authenticate returns unused dict but has called

            # plugin._authenticate which has create_or_update'ed the username user in db

            if auth_modules.authenticate(username, password) is None:

                user = User.get_by_username_or_email(username)

                if user and not user.active:

                    log.warning('user %s is disabled', username)

                    msg = self.message('invalid_auth', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=' ', password=msg)

                    )

                else:

                    log.warning('user %s failed to authenticate', username)

                    msg = self.message('invalid_auth', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=' ', password=msg)

                    )

    return _validator

def ValidRepoName(edit=False, old_data=None):

    old_data = old_data or {}

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_repo_name':

                _('Repository name %(repo)s is not allowed'),

            'repository_exists':

                _('Repository named %(repo)s already exists'),

            'repository_in_group_exists': _('Repository "%(repo)s" already '

                                            'exists in group "%(group)s"'),

            'same_group_exists': _('Repository group with name "%(repo)s" '

                                   'already exists')

        }

        def _convert_to_python(self, value, state):

            repo_name = repo_name_slug(value.get('repo_name', ''))

            repo_group = value.get('repo_group')

            if repo_group:

                gr = RepoGroup.get(repo_group)

                group_path = gr.full_path

                group_name = gr.group_name

                # value needs to be aware of group name in order to check

                # db key This is an actual just the name to store in the

                # database

                repo_name_full = group_path + kallithea.URL_SEP + repo_name

            else:

                group_name = group_path = ''

                repo_name_full = repo_name

            value['repo_name'] = repo_name

            value['repo_name_full'] = repo_name_full

            value['group_path'] = group_path

            value['group_name'] = group_name

            return value

        def _validate_python(self, value, state):

            repo_name = value.get('repo_name')

            repo_name_full = value.get('repo_name_full')

            group_path = value.get('group_path')

            group_name = value.get('group_name')

                msg = self.message('invalid_repo_name', state, repo=repo_name)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(repo_name=msg)

                )

            rename = old_data.get('repo_name') != repo_name_full

            create = not edit

            if rename or create:

                repo = Repository.get_by_repo_name(repo_name_full, case_insensitive=True)

                repo_group = RepoGroup.get_by_group_name(repo_name_full, case_insensitive=True)

                if group_path != '':

                    if repo is not None:

                        msg = self.message('repository_in_group_exists', state,

                                repo=repo.repo_name, group=group_name)

                        raise formencode.Invalid(msg, value, state,

                            error_dict=dict(repo_name=msg)

                        )

                elif repo_group is not None:

                    msg = self.message('same_group_exists', state,

                            repo=repo_name)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(repo_name=msg)

                    )

                elif repo is not None:

                    msg = self.message('repository_exists', state,

                            repo=repo.repo_name)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(repo_name=msg)

                    )

            return value

    return _validator

def ValidForkName(*args, **kwargs):

    return ValidRepoName(*args, **kwargs)

def SlugifyName():

    class _validator(formencode.validators.FancyValidator):

        def _convert_to_python(self, value, state):

            return repo_name_slug(value)

        def _validate_python(self, value, state):

            pass

    return _validator

def ValidCloneUri():

    from kallithea.lib.utils import make_ui

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'clone_uri': _('Invalid repository URL'),

            'invalid_clone_uri': _('Invalid repository URL. It must be a '

                                   'valid http, https, or ssh URL'),

        }

        def _validate_python(self, value, state):

            repo_type = value.get('repo_type')

            url = value.get('clone_uri')

            if url and url != value.get('clone_uri_hidden'):

                try:

                    is_valid_repo_uri(repo_type, url, make_ui())

                except InvalidCloneUriException as e:

                    log.warning('validation of clone URL %r failed: %s', url, e)

                    msg = self.message('clone_uri', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(clone_uri=msg)

                    )

    return _validator

def ValidForkType(old_data=None):

    old_data = old_data or {}

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_fork_type': _('Fork has to be the same type as parent')

        }

        def _validate_python(self, value, state):

            if old_data['repo_type'] != value:

                msg = self.message('invalid_fork_type', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(repo_type=msg)

                )

    return _validator

def CanWriteGroup(old_data=None):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'permission_denied': _("You don't have permissions "