Misago/misago/models/usermodel.py

import hashlib
from datetime import timedelta
import math
from random import choice
from path import path
from django.contrib.auth.hashers import (
    check_password, make_password, is_password_usable, UNUSABLE_PASSWORD)
from django.core.cache import cache, InvalidCacheBackendError
from django.core.exceptions import ValidationError
from django.core.mail import EmailMultiAlternatives
from django.db import models
from django.template import RequestContext
from django.utils import timezone as tz_util
from django.utils.translation import ugettext_lazy as _
from misago.acl.builder import acl
from misago.apps.profiles.warnings.warningstracker import WarningsTracker
from misago.conf import settings
from misago.monitor import monitor, UpdatingMonitor
from misago.signals import delete_user_content, rename_user, sync_user_profile
from misago.template.loader import render_to_string
from misago.utils.avatars import avatar_size
from misago.utils.strings import random_string, slugify
from misago.validators import validate_username, validate_password, validate_email

class UserManager(models.Manager):
    """
    User Manager provides us with some additional methods for users
    """
    def get_blank_user(self):
        blank_user = User(
                        join_date=tz_util.now(),
                        join_ip='127.0.0.1'
                        )
        return blank_user

    def resync_monitor(self):
        with UpdatingMonitor() as cm:
            monitor['users'] = self.filter(activation=0).count()
            monitor['users_inactive'] = self.filter(activation__gt=0).count()
            last_user = self.filter(activation=0).latest('id')
            monitor['last_user'] = last_user.pk
            monitor['last_user_name'] = last_user.username
            monitor['last_user_slug'] = last_user.username_slug

    def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', agent='', no_roles=False, activation=0, request=False):
        token = ''
        if activation > 0:
            token = random_string(12)

        timezone = timezone or settings.default_timezone

        # Get first rank
        try:
            from misago.models import Rank
            default_rank = Rank.objects.filter(special=0).order_by('-order')[0]
        except IndexError:
            default_rank = None

        # Store user in database
        new_user = User(
                        last_sync=tz_util.now(),
                        join_date=tz_util.now(),
                        join_ip=ip,
                        join_agent=agent,
                        activation=activation,
                        token=token,
                        timezone=timezone,
                        rank=default_rank,
                        subscribe_start=settings.subscribe_start,
                        subscribe_reply=settings.subscribe_reply,
                        )

        validate_username(username)
        validate_password(password)
        new_user.set_username(username)
        new_user.set_email(email)
        new_user.set_password(password)
        new_user.full_clean()
        new_user.default_avatar()
        new_user.save(force_insert=True)

        # Set user roles?
        if not no_roles:
            from misago.models import Role
            new_user.roles.add(Role.objects.get(_special='registered'))
            new_user.make_acl_key()
            new_user.save(force_update=True)

        # Update forum stats
        with UpdatingMonitor() as cm:
            if activation == 0:
                monitor.increase('users')
                monitor['last_user'] = new_user.pk
                monitor['last_user_name'] = new_user.username
                monitor['last_user_slug'] = new_user.username_slug
            else:
                monitor.increase('users_inactive')

        # Return new user
        return new_user

    def get_by_email(self, email):
        return self.get(email_hash=hashlib.md5(email.lower().encode('utf-8')).hexdigest())

    def filter_stats(self, start, end):
        return self.filter(join_date__gte=start).filter(join_date__lte=end)

    def block_user(self, user):
        return User.objects.select_for_update().get(id=user.id)


class User(models.Model):
    """
    Misago User model
    """
    username = models.CharField(max_length=255)
    username_slug = models.SlugField(max_length=255, unique=True,
                                     error_messages={'unique': _("This user name is already in use by another user.")})
    email = models.EmailField(max_length=255, validators=[validate_email])
    email_hash = models.CharField(max_length=32, unique=True,
                                     error_messages={'unique': _("This email address is already in use by another user.")})
    password = models.CharField(max_length=255)
    password_date = models.DateTimeField()
    avatar_type = models.CharField(max_length=10, null=True, blank=True)
    avatar_image = models.CharField(max_length=255, null=True, blank=True)
    avatar_original = models.CharField(max_length=255, null=True, blank=True)
    avatar_temp = models.CharField(max_length=255, null=True, blank=True)
    _avatar_crop = models.CharField(max_length=255, null=True, blank=True, db_column='avatar_crop')
    signature = models.TextField(null=True, blank=True)
    signature_preparsed = models.TextField(null=True, blank=True)
    join_date = models.DateTimeField()
    join_ip = models.GenericIPAddressField()
    join_agent = models.TextField(null=True, blank=True)
    last_date = models.DateTimeField(null=True, blank=True)
    last_ip = models.GenericIPAddressField(null=True, blank=True)
    last_agent = models.TextField(null=True, blank=True)
    hide_activity = models.PositiveIntegerField(default=0)
    subscribe_start = models.PositiveIntegerField(default=0)
    subscribe_reply = models.PositiveIntegerField(default=0)
    receive_newsletters = models.BooleanField(default=True)
    threads = models.PositiveIntegerField(default=0)
    posts = models.PositiveIntegerField(default=0)
    votes = models.PositiveIntegerField(default=0)
    karma_given_p = models.PositiveIntegerField(default=0)
    karma_given_n = models.PositiveIntegerField(default=0)
    karma_p = models.PositiveIntegerField(default=0)
    karma_n = models.PositiveIntegerField(default=0)
    following = models.PositiveIntegerField(default=0)
    followers = models.PositiveIntegerField(default=0)
    score = models.IntegerField(default=0)
    ranking = models.PositiveIntegerField(default=0)
    rank = models.ForeignKey('Rank', null=True, blank=True, on_delete=models.SET_NULL)
    last_sync = models.DateTimeField(null=True, blank=True)
    follows = models.ManyToManyField('self', related_name='follows_set', symmetrical=False)
    ignores = models.ManyToManyField('self', related_name='ignores_set', symmetrical=False)
    title = models.CharField(max_length=255, null=True, blank=True)
    last_post = models.DateTimeField(null=True, blank=True)
    last_vote = models.DateTimeField(null=True, blank=True)
    last_search = models.DateTimeField(null=True, blank=True)
    alerts = models.PositiveIntegerField(default=0)
    alerts_date = models.DateTimeField(null=True, blank=True)
    allow_pds = models.PositiveIntegerField(default=0)
    unread_pds = models.PositiveIntegerField(default=0)
    sync_pds = models.BooleanField(default=False)
    activation = models.IntegerField(default=0)
    token = models.CharField(max_length=12, null=True, blank=True)
    avatar_ban = models.BooleanField(default=False)
    avatar_ban_reason_user = models.TextField(null=True, blank=True)
    avatar_ban_reason_admin = models.TextField(null=True, blank=True)
    signature_ban = models.BooleanField(default=False)
    signature_ban_reason_user = models.TextField(null=True, blank=True)
    signature_ban_reason_admin = models.TextField(null=True, blank=True)
    timezone = models.CharField(max_length=255, default='utc')
    roles = models.ManyToManyField('Role')
    is_team = models.BooleanField(default=False)
    acl_key = models.CharField(max_length=12, null=True, blank=True)
    warning_level = models.PositiveIntegerField(default=0)
    warning_level_update_on = models.DateTimeField(null=True, blank=True)

    objects = UserManager()

    ACTIVATION_NONE = 0
    ACTIVATION_USER = 1
    ACTIVATION_ADMIN = 2
    ACTIVATION_CREDENTIALS = 3

    statistics_name = _('Users Registrations')

    class Meta:
        app_label = 'misago'

    def is_god(self):
        try:
            return self.is_god_cache
        except AttributeError:
            for user in settings.ADMINS:
                if user[1].lower() == self.email:
                    self.is_god_cache = True
                    return True
            self.is_god_cache = False
            return False

    def is_anonymous(self):
        return False

    def is_authenticated(self):
        return True

    def is_crawler(self):
        return False

    def is_protected(self):
        for role in self.roles.all():
            if role.protected:
                return True
        return False

    def lock_avatar(self):
        # Kill existing avatar and lock our ability to change it
        self.delete_avatar()
        self.avatar_ban = True

        # Pick new one from _locked gallery
        galleries = path(settings.STATICFILES_DIRS[0]).joinpath('avatars').joinpath('_locked')
        avatars_list = galleries.files('*.gif')
        avatars_list += galleries.files('*.jpg')
        avatars_list += galleries.files('*.jpeg')
        avatars_list += galleries.files('*.png')
        self.avatar_type = 'gallery'
        self.avatar_image = '/'.join(path(choice(avatars_list)).splitall()[-2:])

    def default_avatar(self):
        if settings.default_avatar == 'gallery':
            try:
                avatars_list = []
                try:
                    # First try, _default path
                    galleries = path(settings.STATICFILES_DIRS[0]).joinpath('avatars').joinpath('_default')
                    avatars_list += galleries.files('*.gif')
                    avatars_list += galleries.files('*.jpg')
                    avatars_list += galleries.files('*.jpeg')
                    avatars_list += galleries.files('*.png')
                except Exception as e:
                    pass
                # Second try, all paths
                if not avatars_list:
                    avatars_list = []
                    for directory in path(settings.STATICFILES_DIRS[0]).joinpath('avatars').dirs():
                        if not directory[-7:] == '_locked' and not directory[-7:] == '_thumbs':
                            avatars_list += directory.files('*.gif')
                            avatars_list += directory.files('*.jpg')
                            avatars_list += directory.files('*.jpeg')
                            avatars_list += directory.files('*.png')
                if avatars_list:
                    # Pick random avatar from list
                    self.avatar_type = 'gallery'
                    self.avatar_image = '/'.join(path(choice(avatars_list)).splitall()[-2:])
                    return True
            except Exception as e:
                pass

        self.avatar_type = 'gravatar'
        self.avatar_image = None
        return True

    def delete_avatar_temp(self):
        if self.avatar_temp:
            try:
                av_file = path(settings.MEDIA_ROOT + 'avatars/' + self.avatar_temp)
                if not av_file.isdir():
                    av_file.remove()
            except Exception:
                pass

        self.avatar_temp = None

    def delete_avatar_original(self):
        if self.avatar_original:
            try:
                av_file = path(settings.MEDIA_ROOT + 'avatars/' + self.avatar_original)
                if not av_file.isdir():
                    av_file.remove()
            except Exception:
                pass

        self.avatar_original = None

    def delete_avatar_image(self):
        if self.avatar_image:
            for size in settings.AVATAR_SIZES[1:]:
                try:
                    av_file = path(settings.MEDIA_ROOT + 'avatars/' + str(size) + '_' + self.avatar_image)
                    if not av_file.isdir():
                        av_file.remove()
                except Exception:
                    pass
            try:
                av_file = path(settings.MEDIA_ROOT + 'avatars/' + self.avatar_image)
                if not av_file.isdir():
                    av_file.remove()
            except Exception:
                pass

        self.avatar_image = None

    def delete_avatar(self):
        self.delete_avatar_temp()
        self.delete_avatar_original()
        self.delete_avatar_image()

    def delete_content(self):
        delete_user_content.send(sender=self)

    def delete(self, *args, **kwargs):
        self.delete_avatar()
        super(User, self).delete(*args, **kwargs)

    def set_username(self, username):
        self.username = username.strip()
        self.username_slug = slugify(username).replace('-', '')

    def sync_username(self):
        rename_user.send(sender=self)

    def is_username_valid(self, e):
        try:
            raise ValidationError(e.message_dict['username'])
        except KeyError:
            pass
        try:
            raise ValidationError(e.message_dict['username_slug'])
        except KeyError:
            pass

    def is_email_valid(self, e):
        try:
            raise ValidationError(e.message_dict['email'])
        except KeyError:
            pass
        try:
            raise ValidationError(e.message_dict['email_hash'])
        except KeyError:
            pass

    def is_password_valid(self, e):
        try:
            raise ValidationError(e.message_dict['password'])
        except KeyError:
            pass

    def set_email(self, email):
        self.email = email.strip().lower()
        self.email_hash = hashlib.md5(self.email.encode('utf-8')).hexdigest()

    def set_password(self, raw_password):
        self.password_date = tz_util.now()
        self.password = make_password(raw_password.strip())

    def set_last_visit(self, ip, agent):
        self.last_date = tz_util.now()
        self.last_ip = ip
        self.last_agent = agent

    def check_password(self, raw_password, mobile=False):
        """
        Returns a boolean of whether the raw_password was correct. Handles
        hashing formats behind the scenes.
        """
        def setter(raw_password):
            self.set_password(raw_password)
            self.save()

        # Is standard password allright?
        if check_password(raw_password, self.password, setter):
            return True

        # Check mobile password?
        if mobile:
            raw_password = raw_password[:1].lower() + raw_password[1:]
        else:
            password_reversed = u''
            for c in raw_password:
                r = c.upper()
                if r == c:
                    r = c.lower()
                password_reversed += r
            raw_password = password_reversed
        return check_password(raw_password, self.password, setter)

    def is_following(self, user):
        try:
            return self.follows.filter(id=user.pk).count() > 0
        except AttributeError:
            return self.follows.filter(id=user).count() > 0

    def is_ignoring(self, user):
        try:
            return self.ignores.filter(id=user.pk).count() > 0
        except AttributeError:
            return self.ignores.filter(id=user).count() > 0

    def ignored_users(self):
        return [item['id'] for item in self.ignores.values('id')]

    def allow_pd_invite(self, user):
        # PD's from nobody
        if self.allow_pds == 3:
            return False
        # PD's from followed
        if self.allow_pds == 2:
            return self.is_following(user)
        # PD's from non-ignored
        if self.allow_pds == 1:
            return not self.is_ignoring(user)
        return True

    def get_roles(self):
        if self.rank:
            return self.roles.all() | self.rank.roles.all()
        return self.roles.all()

    def make_acl_key(self, force=False):
        if not force and self.acl_key:
            return self.acl_key
        roles_ids = []
        for role in self.roles.all():
            roles_ids.append(role.pk)
        if self.rank:
            for role in self.rank.roles.all():
                if not role.pk in roles_ids:
                    roles_ids.append(role.pk)
        roles_ids.sort()
        self.acl_key = 'acl_%s' % hashlib.md5('_'.join(str(x) for x in roles_ids)).hexdigest()[0:8]
        self.save(update_fields=('acl_key',))
        return self.acl_key

    def acl(self):
        return acl(self)

    @property
    def avatar_crop(self):
        return [int(float(x)) for x in self._avatar_crop.split(',')] if self._avatar_crop else (0, 0, 100, 100)

    @avatar_crop.setter
    def avatar_crop(self, value):
        self._avatar_crop = ','.join(value)

    def get_avatar(self, size=None):
        image_size = avatar_size(size) if size else None

        # Get uploaded avatar
        if self.avatar_type == 'upload':
            image_prefix = '%s_' % image_size if image_size else ''
            return settings.MEDIA_URL + 'avatars/' + image_prefix + self.avatar_image

        # Get gallery avatar
        if self.avatar_type == 'gallery':
            image_prefix = '_thumbs/%s/' % image_size if image_size else ''
            return settings.STATIC_URL + 'avatars/' + image_prefix + self.avatar_image

        # No avatar found, get gravatar
        if not image_size:
            image_size = settings.AVATAR_SIZES[0]

        # Decide on default gravatar
        gravatar_default = ''
        if (settings.GRAVATAR_DEFAULT
                and not '&' in settings.GRAVATAR_DEFAULT
                and not '?' in settings.GRAVATAR_DEFAULT):
            gravatar_default = '&d=%s' % settings.GRAVATAR_DEFAULT

        return 'http://www.gravatar.com/avatar/%s?s=%s%s' % (hashlib.md5(self.email.encode('utf-8')).hexdigest(), image_size, gravatar_default)

    def get_ranking(self):
        if not self.ranking:
            self.ranking = User.objects.filter(score__gt=self.score).count() + 1
            self.save(force_update=True)
        return self.ranking

    def get_title(self):
        if self.title:
            return self.title
        if self.rank:
            return self.rank.title
        return None

    def get_style(self):
        if self.rank:
            return self.rank.style
        return ''

    def email_user(self, request, template, subject, context={}):
        context = RequestContext(request, context)
        context['author'] = context['user']
        context['user'] = self

        email_html = render_to_string('_email/%s.html' % template,
                                      context_instance=context)
        email_text = render_to_string('_email/%s.txt' % template,
                                      context_instance=context)

        # Set message recipient
        if settings.DEBUG and settings.CATCH_ALL_EMAIL_ADDRESS:
            recipient = settings.CATCH_ALL_EMAIL_ADDRESS
        else:
            recipient = self.email

        # Set message author
        if settings.board_name:
            sender = '%s <%s>' % (settings.board_name.replace("<", "(").replace(">", ")"), settings.DEFAULT_FROM_EMAIL)
        else:
            sender = settings.DEFAULT_FROM_EMAIL

        # Build message and add it to queue
        email = EmailMultiAlternatives(subject, email_text, sender, [recipient])
        email.attach_alternative(email_html, "text/html")
        request.mails_queue.append(email)

    def get_activation(self):
        activations = ['none', 'user', 'admin', 'credentials']
        return activations[self.activation]

    def alert(self, message):
        from misago.models import Alert
        self.alerts += 1
        return Alert(user=self, message=message, date=tz_util.now())

    def sync_unread_pds(self, unread):
        self.unread_pds = unread
        self.sync_pds = False

    def get_date(self):
        return self.join_date

    def sync_profile(self):
        if (settings.PROFILES_SYNC_FREQUENCY > 0 and
                self.last_sync <= tz_util.now() - timedelta(days=settings.PROFILES_SYNC_FREQUENCY)):
            sync_user_profile.send(sender=self)
            self.last_sync = tz_util.now()
            return True
        return False

    def is_warning_level_expired(self):
        if self.warning_level and self.warning_level_update_on:
            return tz_util.now() > self.warning_level_update_on
        return False

    def update_expired_warning_level(self):
        self.warning_level -= 1

        try:
            from misago.models import WarnLevel
            warning_levels = WarnLevel.objects.get_levels()
            new_warning_level = warning_levels[self.warning_level]
            if new_warning_level.expires_after_minutes:
                self.warning_level_update_on -= timedelta(
                    minutes=new_warning_level.expires_after_minutes)
            else:
                self.warning_level_update_on = None
        except KeyError:
            # Break expiration chain so infinite loop won't happen
            # This should only happen if your warning level is 0, but
            # will also keep app responsive if data corruption happens
            self.warning_level_update_on = None

    def get_warning_level(self):
        if self.warning_level:
            from misago.models import WarnLevel
            return WarnLevel.objects.get_level(
                self.warning_level)
        else:
            return None

    def get_current_warning_level(self):
        if self.is_warning_level_expired():
            while self.update_expired_warning_level():
                self.update_warning_level()
            self.save(force_update=True)

        return self.get_warning_level()

    def get_latest_activte_warning(self):
        return self.warning_set.filter(canceled=False).order_by('-id')[:1][0]

    def freeze_warning_level(self):
        self.warning_level_update_on = tz_util.now() + timedelta(days=1)

    def set_warning_level_update_date(self, warning, warning_level):
        if warning_level.expires_after_minutes:
            self.warning_level_update_on = warning.given_on + timedelta(
                minutes=warning_level.expires_after_minutes)
        else:
            self.warning_level_update_on = None

    def decrease_warning_level(self):
        if self.get_current_warning_level():
            self.warning_level -= 1
            if self.warning_level:
                self.freeze_warning_level()
                latest_warning = self.get_latest_activte_warning()
                new_warning_level = self.get_current_warning_level()
                self.set_warning_level_update_date(
                    latest_warning, new_warning_level)
                self.get_current_warning_level()
            else:
                self.warning_level_update_on = None
            self.save(force_update=True)

    def is_warning_active(self, warning):
        warning_level = self.get_warning_level()
        warnings_tracker = WarningsTracker(self.warning_level)

        for db_warning in self.warning_set.order_by('-pk').iterator():
            if warnings_tracker.is_warning_active(db_warning):
                if warning.pk == db_warning.pk:
                    return True
        return False

    @property
    def warning_level_moderate_new_threads(self):
        warning_level = self.get_current_warning_level()
        if warning_level:
            restriction_level = warning_level.restrict_posting_threads
            return restriction_level == warning_level.RESTRICT_MODERATOR_REVIEW
        else:
            return False

    @property
    def warning_level_disallows_writing_threads(self):
        warning_level = self.get_current_warning_level()
        if warning_level:
            restriction_level = warning_level.restrict_posting_threads
            return restriction_level == warning_level.RESTRICT_DISALLOW
        else:
            return False

    @property
    def warning_level_moderate_new_replies(self):
        warning_level = self.get_current_warning_level()
        if warning_level:
            restriction_level = warning_level.restrict_posting_replies
            return restriction_level == warning_level.RESTRICT_MODERATOR_REVIEW
        else:
            return False

    @property
    def warning_level_disallows_writing_replies(self):
        warning_level = self.get_current_warning_level()
        if warning_level:
            restriction_level = warning_level.restrict_posting_replies
            return restriction_level == warning_level.RESTRICT_DISALLOW
        else:
            return False

    def timeline(self, qs, length=100):
        posts = {}
        now = tz_util.now()
        for item in qs.iterator():
            diff = (now - item.timeline_date).days
            try:
                posts[diff] += 1
            except KeyError:
                posts[diff] = 1

        graph = []
        for i in reversed(range(100)):
            try:
                graph.append(posts[i])
            except KeyError:
                graph.append(0)
        return graph


class Guest(object):
    """
    Misago Guest dummy
    """
    id = -1
    pk = -1
    is_team = False

    def is_anonymous(self):
        return True

    def is_authenticated(self):
        return False

    def is_crawler(self):
        return False

    def get_roles(self):
        from misago.models import Role
        return Role.objects.filter(_special='guest')

    def make_acl_key(self):
        return 'acl_guest'


class Crawler(Guest):
    """
    Misago Crawler dummy
    """
    is_team = False

    def __init__(self, username):
        self.username = username

    def is_anonymous(self):
        return False

    def is_authenticated(self):
        return False

    def is_crawler(self):
        return True


"""
Signals handlers
"""
def sync_user_handler(sender, **kwargs):
    sender.following = sender.follows.count()
    sender.followers = sender.follows_set.count()

sync_user_profile.connect(sync_user_handler, dispatch_uid="sync_user_follows")