# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2019-01-15 10:34:50
# Node ID e8cf67e0ea0d789a6592980cda87fd71d44737a3
# Parent  5a371ab1c333107a9e282af6cfd15f60f65238b7

auth: login/registration changes for upcomming new rules for login using external identities.

- show session expiration

diff --git a/rhodecode/apps/login/tests/test_password_reset.py b/rhodecode/apps/login/tests/test_password_reset.py
--- a/rhodecode/apps/login/tests/test_password_reset.py
+++ b/rhodecode/apps/login/tests/test_password_reset.py
@@ -74,20 +74,17 @@ class TestPasswordReset(TestController):
             'default_password_reset': pwd_reset_setting,
             'default_extern_activate': 'hg.extern_activate.auto',
         }
-        resp = self.app.post(route_path('admin_permissions_application_update'), params=params)
+        resp = self.app.post(
+            route_path('admin_permissions_application_update'), params=params)
         self.logout_user()
 
         login_page = self.app.get(route_path('login'))
         asr_login = AssertResponse(login_page)
-        index_page = self.app.get(h.route_path('home'))
-        asr_index = AssertResponse(index_page)
 
         if show_link:
             asr_login.one_element_exists('a.pwd_reset')
-            asr_index.one_element_exists('a.pwd_reset')
         else:
             asr_login.no_element_exists('a.pwd_reset')
-            asr_index.no_element_exists('a.pwd_reset')
 
         response = self.app.get(route_path('reset_password'))
         
diff --git a/rhodecode/authentication/plugins/auth_rhodecode.py b/rhodecode/authentication/plugins/auth_rhodecode.py
--- a/rhodecode/authentication/plugins/auth_rhodecode.py
+++ b/rhodecode/authentication/plugins/auth_rhodecode.py
@@ -24,6 +24,9 @@ RhodeCode authentication plugin for buil
 
 import logging
 
+import colander
+
+from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
 from rhodecode.translation import _
 
 from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property
@@ -43,6 +46,18 @@ class RhodecodeAuthnResource(AuthnPlugin
     pass
 
 
+class RhodeCodeSettingsSchema(AuthnPluginSettingsSchemaBase):
+
+    superadmin_restriction = colander.SchemaNode(
+        colander.Bool(),
+        default=False,
+        description=_('Only allow super-admins to log-in using this plugin.'),
+        missing=False,
+        title=_('Enabled'),
+        widget='bool',
+    )
+
+
 class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
     uid = 'rhodecode'
 
@@ -64,6 +79,9 @@ class RhodeCodeAuthPlugin(RhodeCodeAuthP
             route_name='auth_home',
             context=RhodecodeAuthnResource)
 
+    def get_settings_schema(self):
+        return RhodeCodeSettingsSchema()
+
     def get_display_name(self):
         return _('RhodeCode Internal')
 
diff --git a/rhodecode/lib/helpers.py b/rhodecode/lib/helpers.py
--- a/rhodecode/lib/helpers.py
+++ b/rhodecode/lib/helpers.py
@@ -650,10 +650,9 @@ flash = Flash()
 # SCM FILTERS available via h.
 #==============================================================================
 from rhodecode.lib.vcs.utils import author_name, author_email
-from rhodecode.lib.utils2 import credentials_filter, age as _age
+from rhodecode.lib.utils2 import credentials_filter, age, age_from_seconds
 from rhodecode.model.db import User, ChangesetStatus
 
-age = _age
 capitalize = lambda x: x.capitalize()
 email = author_email
 short_id = lambda x: x[:12]
diff --git a/rhodecode/lib/utils2.py b/rhodecode/lib/utils2.py
--- a/rhodecode/lib/utils2.py
+++ b/rhodecode/lib/utils2.py
@@ -564,6 +564,12 @@ def age(prevdate, now=None, show_short_v
     return _(u'just now')
 
 
+def age_from_seconds(seconds):
+    seconds = safe_int(seconds) or 0
+    prevdate = time_to_datetime(time.time() + seconds)
+    return age(prevdate, show_suffix=False, show_short_version=True)
+
+
 def cleaned_uri(uri):
     """
     Quotes '[' and ']' from uri if there is only one of them.
diff --git a/rhodecode/public/css/login.less b/rhodecode/public/css/login.less
--- a/rhodecode/public/css/login.less
+++ b/rhodecode/public/css/login.less
@@ -73,9 +73,6 @@
     }
 
     .sign-in-title {
-        h1 {
-            margin: 0;
-        }
 
         h4 {
             margin: @padding*2 0;
diff --git a/rhodecode/templates/base/base.mako b/rhodecode/templates/base/base.mako
--- a/rhodecode/templates/base/base.mako
+++ b/rhodecode/templates/base/base.mako
@@ -299,87 +299,54 @@
 <%def name="usermenu(active=False)">
     ## USER MENU
     <li id="quick_login_li" class="${'active' if active else ''}">
-      <a id="quick_login_link" class="menulink childs">
-        ${gravatar(c.rhodecode_user.email, 20)}
-        <span class="user">
-          %if c.rhodecode_user.username != h.DEFAULT_USER:
-            <span class="menu_link_user">${c.rhodecode_user.username}</span><div class="show_more"></div>
-          %else:
-            <span>${_('Sign in')}</span>
-          %endif
-        </span>
-      </a>
-
-  <div class="user-menu submenu">
-      <div id="quick_login">
-        %if c.rhodecode_user.username == h.DEFAULT_USER:
-            <h4>${_('Sign in to your account')}</h4>
-            ${h.form(h.route_path('login', _query={'came_from': h.current_route_path(request)}), needs_csrf_token=False)}
-            <div class="form form-vertical">
-                <div class="fields">
-                    <div class="field">
-                        <div class="label">
-                            <label for="username">${_('Username')}:</label>
-                        </div>
-                        <div class="input">
-                            ${h.text('username',class_='focus',tabindex=1)}
-                        </div>
-
-                    </div>
-                    <div class="field">
-                        <div class="label">
-                            <label for="password">${_('Password')}:</label>
-                            %if h.HasPermissionAny('hg.password_reset.enabled')():
-                              <span class="forgot_password">${h.link_to(_('(Forgot password?)'),h.route_path('reset_password'), class_='pwd_reset')}</span>
-                            %endif
-                        </div>
-                        <div class="input">
-                            ${h.password('password',class_='focus',tabindex=2)}
-                        </div>
+        % if c.rhodecode_user.username == h.DEFAULT_USER:
+          <a id="quick_login_link" class="menulink childs" href="${h.route_path('login', _query={'came_from': h.current_route_path(request)})}">
+            ${gravatar(c.rhodecode_user.email, 20)}
+            <span class="user">
+                <span>${_('Sign in')}</span>
+            </span>
+          </a>
+        % else:
+          ## logged in user
+          <a id="quick_login_link" class="menulink childs">
+            ${gravatar(c.rhodecode_user.email, 20)}
+            <span class="user">
+                <span class="menu_link_user">${c.rhodecode_user.username}</span>
+                <div class="show_more"></div>
+            </span>
+          </a>
+          ## subnav with menu for logged in user
+          <div class="user-menu submenu">
+              <div id="quick_login">
+                %if c.rhodecode_user.username != h.DEFAULT_USER:
+                    <div class="">
+                        <div class="big_gravatar">${gravatar(c.rhodecode_user.email, 48)}</div>
+                        <div class="full_name">${c.rhodecode_user.full_name_or_username}</div>
+                        <div class="email">${c.rhodecode_user.email}</div>
                     </div>
-                    <div class="buttons">
-                        <div class="register">
-                        %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
-                         ${h.link_to(_("Don't have an account?"),h.route_path('register'))} <br/>
-                        %endif
-                        ${h.link_to(_("Using external auth? Sign In here."),h.route_path('login'))}
-                        </div>
-                        <div class="submit">
-                            ${h.submit('sign_in',_('Sign In'),class_="btn btn-small",tabindex=3)}
-                        </div>
+                    <div class="">
+                    <ol class="links">
+                      <li>${h.link_to(_(u'My account'),h.route_path('my_account_profile'))}</li>
+                      % if c.rhodecode_user.personal_repo_group:
+                      <li>${h.link_to(_(u'My personal group'), h.route_path('repo_group_home', repo_group_name=c.rhodecode_user.personal_repo_group.group_name))}</li>
+                      % endif
+                      <li>${h.link_to(_(u'Pull Requests'), h.route_path('my_account_pullrequests'))}</li>
+
+                      <li class="logout">
+                      ${h.secure_form(h.route_path('logout'), request=request)}
+                          ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
+                      ${h.end_form()}
+                      </li>
+                    </ol>
                     </div>
-                </div>
-            </div>
-            ${h.end_form()}
-        %else:
-            <div class="">
-                <div class="big_gravatar">${gravatar(c.rhodecode_user.email, 48)}</div>
-                <div class="full_name">${c.rhodecode_user.full_name_or_username}</div>
-                <div class="email">${c.rhodecode_user.email}</div>
-            </div>
-            <div class="">
-            <ol class="links">
-              <li>${h.link_to(_(u'My account'),h.route_path('my_account_profile'))}</li>
-              % if c.rhodecode_user.personal_repo_group:
-              <li>${h.link_to(_(u'My personal group'), h.route_path('repo_group_home', repo_group_name=c.rhodecode_user.personal_repo_group.group_name))}</li>
-              % endif
-              <li>${h.link_to(_(u'Pull Requests'), h.route_path('my_account_pullrequests'))}</li>
-
-              <li class="logout">
-              ${h.secure_form(h.route_path('logout'), request=request)}
-                  ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
-              ${h.end_form()}
-              </li>
-            </ol>
-            </div>
-        %endif
-      </div>
-  </div>
-      %if c.rhodecode_user.username != h.DEFAULT_USER:
-        <div class="pill_container">
-          <a class="menu_link_notifications ${'empty' if c.unread_notifications == 0 else ''}" href="${h.route_path('notifications_show_all')}">${c.unread_notifications}</a>
-        </div>
-      % endif
+                %endif
+              </div>
+          </div>
+          ## unread counter
+          <div class="pill_container">
+            <a class="menu_link_notifications ${'empty' if c.unread_notifications == 0 else ''}" href="${h.route_path('notifications_show_all')}">${c.unread_notifications}</a>
+          </div>
+        % endif
     </li>
 </%def>
 
diff --git a/rhodecode/templates/login.mako b/rhodecode/templates/login.mako
--- a/rhodecode/templates/login.mako
+++ b/rhodecode/templates/login.mako
@@ -25,17 +25,16 @@
 
     <div class="loginwrapper">
         <rhodecode-toast id="notifications"></rhodecode-toast>
+
         <div class="left-column">
             <img class="sign-in-image" src="${h.asset('images/sign-in.png')}" alt="RhodeCode"/>
         </div>
+
         <%block name="above_login_button" />
         <div id="login" class="right-column">
             <!-- login -->
             <div class="sign-in-title">
-                <h1>${_('Sign In')}</h1>
-                %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
-                <h4>${h.link_to(_("Go to the registration page to create a new account."), request.route_path('register'))}</h4>
-                %endif
+                <h1>${_('Sign In using username/password')}</h1>
             </div>
             <div class="inner form">
                 ${h.form(request.route_path('login', _query={'came_from': c.came_from}), needs_csrf_token=False)}
@@ -47,7 +46,12 @@
                     <br />
                     %endif
 
-                    <label for="password">${_('Password')}:</label>
+                    <label for="password">${_('Password')}:
+                    %if h.HasPermissionAny('hg.password_reset.enabled')():
+                        <div class="pull-right">${h.link_to(_('Forgot your password?'), h.route_path('reset_password'), class_='pwd_reset', tabindex="-1")}</div>
+                    %endif
+
+                    </label>
                     ${h.password('password', class_='focus')}
                     %if 'password' in errors:
                     <span class="error-message">${errors.get('password')}</span>
@@ -55,15 +59,25 @@
                     %endif
 
                     ${h.checkbox('remember', value=True, checked=defaults.get('remember'))}
-                    <label class="checkbox" for="remember">${_('Remember me')}</label>
+                    <% timeout = request.registry.settings.get('beaker.session.timeout', '0') %>
+                    % if timeout == '0':
+                        <% remember_label = _('Remember my indefinitely') %>
+                    % else:
+                        <% remember_label = _('Remember me for {}').format(h.age_from_seconds(timeout)) %>
+                    % endif
+                    <label class="checkbox" for="remember">${remember_label}</label>
 
-                    %if h.HasPermissionAny('hg.password_reset.enabled')():
-                        <p class="links">
-                            ${h.link_to(_('Forgot your password?'), h.route_path('reset_password'), class_='pwd_reset')}
-                        </p>
-                    %elif h.HasPermissionAny('hg.password_reset.hidden')():
+                    <p class="links">
+                    %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
+                        ${h.link_to(_("Create a new account."), request.route_path('register'))}
+                    %endif
+                    </p>
+
+                    %if not h.HasPermissionAny('hg.password_reset.enabled')():
+                        ## password reset hidden or disabled.
                         <p class="help-block">
-                            ${_('Password reset is disabled. Please contact ')}
+                            ${_('Password reset is disabled.')} <br/>
+                            ${_('Please contact ')}
                             % if c.visual.rhodecode_support_url:
                                 <a href="${c.visual.rhodecode_support_url}" target="_blank">${_('Support')}</a>
                                 ${_('or')}
@@ -72,18 +86,18 @@
                         </p>
                     %endif
 
-                    ${h.submit('sign_in', _('Sign In'), class_="btn sign-in")}
-                    <p class="help-block pull-right">
-                        RhodeCode ${c.rhodecode_edition}
-                    </p>
+                    ${h.submit('sign_in', _('Sign In'), class_="btn sign-in", title=_('Sign in to {}').format(c.rhodecode_edition))}
+
                 ${h.end_form()}
                 <script type="text/javascript">
                     $(document).ready(function(){
                         $('#username').focus();
                     })
                 </script>
+
             </div>
             <!-- end login -->
+
             <%block name="below_login_button" />
         </div>
     </div>
diff --git a/rhodecode/templates/register.mako b/rhodecode/templates/register.mako
--- a/rhodecode/templates/register.mako
+++ b/rhodecode/templates/register.mako
@@ -118,10 +118,7 @@
                         ${register_message|n}
                     </p>
 
-                    ${h.submit('sign_up',_('Create Account'),class_="btn sign-in")}
-                    <p class="help-block pull-right">
-                        RhodeCode ${c.rhodecode_edition}
-                    </p>
+                    ${h.submit('sign_up',_('Create Account'), class_="btn sign-in", title=_('Create Account in {}').format(c.rhodecode_edition))}
                 ${h.end_form()}
             </div>
             <%block name="below_register_button" />