"""abstract class for http request

:organization: Logilab

:copyright: 2001-2009 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2.

:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr

:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses

"""

__docformat__ = "restructuredtext en"

import Cookie

import sha

import time

import random

import base64

from urlparse import urlsplit

from itertools import count

from rql.utils import rqlvar_maker

from logilab.common.decorators import cached

from logilab.common.deprecation import obsolete

from logilab.mtconverter import xml_escape

from cubicweb.dbapi import DBAPIRequest

from cubicweb.common.mail import header

from cubicweb.common.uilib import remove_html_tags

from cubicweb.utils import SizeConstrainedList, HTMLHead

from cubicweb.web import (INTERNAL_FIELD_VALUE, LOGGER, NothingToEdit,

                          RequestError, StatusResponse)

_MARKER = object()

def list_form_param(form, param, pop=False):

    """get param from form parameters and return its value as a list,

    skipping internal markers if any

    * if the parameter isn't defined, return an empty list

    * if the parameter is a single (unicode) value, return a list

      containing that value

    * if the parameter is already a list or tuple, just skip internal

      markers

    if pop is True, the parameter is removed from the form dictionnary

    """

    if pop:

        try:

            value = form.pop(param)

        except KeyError:

            return []

    else:

        value = form.get(param, ())

    if value is None:

        value = ()

    elif not isinstance(value, (list, tuple)):

        value = [value]

    return [v for v in value if v != INTERNAL_FIELD_VALUE]

class CubicWebRequestBase(DBAPIRequest):

    """abstract HTTP request, should be extended according to the HTTP backend"""

    json_request = False # to be set to True by json controllers

    def __init__(self, vreg, https, form=None):

        super(CubicWebRequestBase, self).__init__(vreg)

        self.message = None

        self.authmode = vreg.config['auth-mode']

        self.https = https

        # raw html headers that can be added from any view

        self.html_headers = HTMLHead()

        # form parameters

        self.setup_params(form)

        # dictionnary that may be used to store request data that has to be

        # shared among various components used to publish the request (views,

        # controller, application...)

        self.data = {}

        # search state: 'normal' or 'linksearch' (eg searching for an object

        # to create a relation with another)

        self.search_state = ('normal',)

        # tabindex generator

        self.tabindexgen = count()

        self.next_tabindex = self.tabindexgen.next

        # page id, set by htmlheader template

        self.pageid = None

        self.varmaker = rqlvar_maker()

        self.datadir_url = self._datadir_url()

    def set_connection(self, cnx, user=None):

        """method called by the session handler when the user is authenticated

        or an anonymous connection is open

        """

        super(CubicWebRequestBase, self).set_connection(cnx, user)

        # set request language

        vreg = self.vreg

        if self.user:

            try:

                # 1. user specified language

                lang = vreg.typed_value('ui.language',

                                        self.user.properties['ui.language'])

                self.set_language(lang)

                return

            except KeyError, ex:

                pass

        if vreg.config['language-negociation']:

            # 2. http negociated language

            for lang in self.header_accept_language():

                if lang in self.translations:

                    self.set_language(lang)

                    return

        # 3. default language

        self.set_default_language(vreg)

    def set_language(self, lang):

        self._ = self.__ = self.translations[lang]

        self.lang = lang

        self.cnx.set_session_props(lang=lang)

        self.debug('request language: %s', lang)

    # input form parameters management ########################################

    # common form parameters which should be protected against html values

    # XXX can't add 'eid' for instance since it may be multivalued

    # dont put rql as well, if query contains < and > it will be corrupted!

    no_script_form_params = set(('vid',

                                 'etype',

                                 'vtitle', 'title',

                                 '__message',

                                 '__redirectvid', '__redirectrql'))

    def setup_params(self, params):

        """WARNING: we're intentionaly leaving INTERNAL_FIELD_VALUE here

        subclasses should overrides to

        """

        if params is None:

            params = {}

        self.form = params

        encoding = self.encoding

        for k, v in params.items():

            if isinstance(v, (tuple, list)):

                v = [unicode(x, encoding) for x in v]

                if len(v) == 1:

                    v = v[0]

            if k in self.no_script_form_params:

                v = self.no_script_form_param(k, value=v)

            if isinstance(v, str):

                v = unicode(v, encoding)

            if k == '__message':

                self.set_message(v)

                del self.form[k]

            else:

                self.form[k] = v

        # special key for created entity, added in controller's reset method

        # if no message set, we don't want this neither

        if '__createdpath' in params and self.message:

            self.message += ' (<a href="%s">%s</a>)' % (

                self.build_url(params.pop('__createdpath')),

                self._('click here to see created entity'))

    def no_script_form_param(self, param, default=None, value=None):

        """ensure there is no script in a user form param

        by default return a cleaned string instead of raising a security

        exception

        this method should be called on every user input (form at least) fields

        that are at some point inserted in a generated html page to protect

        against script kiddies

        """

        if value is None:

            value = self.form.get(param, default)

        if not value is default and value:

            # safety belt for strange urls like http://...?vtitle=yo&vtitle=yo

            if isinstance(value, (list, tuple)):

                self.error('no_script_form_param got a list (%s). Who generated the URL ?',

                           repr(value))

                value = value[0]

            return remove_html_tags(value)

        return value

    def list_form_param(self, param, form=None, pop=False):

        """get param from form parameters and return its value as a list,

        skipping internal markers if any

        * if the parameter isn't defined, return an empty list

        * if the parameter is a single (unicode) value, return a list

          containing that value

        * if the parameter is already a list or tuple, just skip internal

          markers

        if pop is True, the parameter is removed from the form dictionnary

        """

        if form is None:

            form = self.form

        return list_form_param(form, param, pop)

    def reset_headers(self):

        """used by AutomaticWebTest to clear html headers between tests on

        the same resultset

        """

        self.html_headers = HTMLHead()

        return self

    # web state helpers #######################################################

    def set_message(self, msg):

        assert isinstance(msg, unicode)

        self.message = msg

    def update_search_state(self):

        """update the current search state"""

        searchstate = self.form.get('__mode')

        if not searchstate and self.cnx is not None:

            searchstate = self.get_session_data('search_state', 'normal')

        self.set_search_state(searchstate)

    def set_search_state(self, searchstate):

        """set a new search state"""

        if searchstate is None or searchstate == 'normal':

            self.search_state = (searchstate or 'normal',)

        else:

            self.search_state = ('linksearch', searchstate.split(':'))

            assert len(self.search_state[-1]) == 4

        if self.cnx is not None:

            self.set_session_data('search_state', searchstate)

    def match_search_state(self, rset):

        """when searching an entity to create a relation, return True if entities in

        the given rset may be used as relation end

        """

        try:

            searchedtype = self.search_state[1][-1]

        except IndexError:

            return False # no searching for association

        for etype in rset.column_types(0):

            if etype != searchedtype:

                return False

        return True

    def update_breadcrumbs(self):

        """stores the last visisted page in session data"""

        searchstate = self.get_session_data('search_state')

        if searchstate == 'normal':

            breadcrumbs = self.get_session_data('breadcrumbs', None)

            if breadcrumbs is None:

                breadcrumbs = SizeConstrainedList(10)

                self.set_session_data('breadcrumbs', breadcrumbs)

            breadcrumbs.append(self.url())

    def last_visited_page(self):

        breadcrumbs = self.get_session_data('breadcrumbs', None)

        if breadcrumbs:

            return breadcrumbs.pop()

        return self.base_url()

    def register_onetime_callback(self, func, *args):

        cbname = 'cb_%s' % (

            sha.sha('%s%s%s%s' % (time.time(), func.__name__,

                                  random.random(),

                                  self.user.login)).hexdigest())

        def _cb(req):

            try:

                ret = func(req, *args)

            except TypeError:

                from warnings import warn

                warn('user callback should now take request as argument')

                ret = func(*args)

            self.unregister_callback(self.pageid, cbname)

            return ret

        self.set_page_data(cbname, _cb)

        return cbname

    def unregister_callback(self, pageid, cbname):

        assert pageid is not None

        assert cbname.startswith('cb_')

        self.info('unregistering callback %s for pageid %s', cbname, pageid)

        self.del_page_data(cbname)

    def clear_user_callbacks(self):

        if self.cnx is not None:

            sessdata = self.session_data()

            callbacks = [key for key in sessdata if key.startswith('cb_')]

            for callback in callbacks:

                self.del_session_data(callback)

    # web edition helpers #####################################################

    @cached # so it's writed only once

    def fckeditor_config(self):

        self.add_js('fckeditor/fckeditor.js')

        self.html_headers.define_var('fcklang', self.lang)

        self.html_headers.define_var('fckconfigpath',

                                     self.build_url('data/cubicweb.fckcwconfig.js'))

    def use_fckeditor(self):

        return self.vreg.config.fckeditor_installed() and self.property_value('ui.fckeditor')

    def edited_eids(self, withtype=False):

        """return a list of edited eids"""

        yielded = False

        # warning: use .keys since the caller may change `form`

        form = self.form

        try:

            eids = form['eid']

        except KeyError:

            raise NothingToEdit(None, {None: self._('no selected entities')})

        if isinstance(eids, basestring):

            eids = (eids,)

        for peid in eids:

            if withtype:

                typekey = '__type:%s' % peid

                assert typekey in form, 'no entity type specified'

                yield peid, form[typekey]

            else:

                yield peid

            yielded = True

        if not yielded:

            raise NothingToEdit(None, {None: self._('no selected entities')})

    # minparams=3 by default: at least eid, __type, and some params to change

    def extract_entity_params(self, eid, minparams=3):

        """extract form parameters relative to the given eid"""

        params = {}

        eid = str(eid)

        form = self.form

        for param in form:

            try:

                name, peid = param.split(':', 1)

            except ValueError:

                if not param.startswith('__') and param != "eid":

                    self.warning('param %s mis-formatted', param)

                continue

            if peid == eid:

                value = form[param]

                if value == INTERNAL_FIELD_VALUE:

                    value = None

                params[name] = value

        params['eid'] = eid

        if len(params) < minparams:

            raise RequestError(self._('missing parameters for entity %s') % eid)

        return params

    def get_pending_operations(self, entity, relname, role):

        operations = {'insert' : [], 'delete' : []}

        for optype in ('insert', 'delete'):

            data = self.get_session_data('pending_%s' % optype) or ()

            for eidfrom, rel, eidto in data:

                if relname == rel:

                    if role == 'subject' and entity.eid == eidfrom:

                        operations[optype].append(eidto)

                    if role == 'object' and entity.eid == eidto:

                        operations[optype].append(eidfrom)

        return operations

    def get_pending_inserts(self, eid=None):

        """shortcut to access req's pending_insert entry

        This is where are stored relations being added while editing

        an entity. This used to be stored in a temporary cookie.

        """

        pending = self.get_session_data('pending_insert') or ()

        return ['%s:%s:%s' % (subj, rel, obj) for subj, rel, obj in pending

                if eid is None or eid in (subj, obj)]

    def get_pending_deletes(self, eid=None):

        """shortcut to access req's pending_delete entry

        This is where are stored relations being removed while editing

        an entity. This used to be stored in a temporary cookie.

        """

        pending = self.get_session_data('pending_delete') or ()

        return ['%s:%s:%s' % (subj, rel, obj) for subj, rel, obj in pending

                if eid is None or eid in (subj, obj)]

    def remove_pending_operations(self):

        """shortcut to clear req's pending_{delete,insert} entries

        This is needed when the edition is completed (whether it's validated

        or cancelled)

        """

        self.del_session_data('pending_insert')

        self.del_session_data('pending_delete')

    def cancel_edition(self, errorurl):

        """remove pending operations and `errorurl`'s specific stored data

        """

        self.del_session_data(errorurl)

        self.remove_pending_operations()

    # high level methods for HTTP headers management ##########################

    # must be cached since login/password are popped from the form dictionary

    # and this method may be called multiple times during authentication

    @cached

    def get_authorization(self):

        """Parse and return the Authorization header"""