/app/models/setting.rb

require 'resolv'

class Setting < ApplicationRecord
  audited :except => [:name, :description, :category, :settings_type, :full_name, :encrypted], :on => [:update]
  extend FriendlyId
  friendly_id :name
  include ActiveModel::Validations
  include EncryptValue
  include PermissionName
  self.inheritance_column = 'category'

  graphql_type '::Types::Setting'

  TYPES = %w{integer boolean hash array string}
  FROZEN_ATTRS = %w{name category}
  NONZERO_ATTRS = %w{puppet_interval idle_timeout entries_per_page outofsync_interval}
  BLANK_ATTRS = %w{ host_owner trusted_hosts login_delegation_logout_url root_pass default_location default_organization websockets_ssl_key websockets_ssl_cert oauth_consumer_key oauth_consumer_secret login_text oidc_audience oidc_issuer oidc_algorithm
                    smtp_address smtp_domain smtp_user_name smtp_password smtp_openssl_verify_mode smtp_authentication sendmail_arguments sendmail_location http_proxy http_proxy_except_list default_locale default_timezone ssl_certificate ssl_ca_file ssl_priv_key default_pxe_item_global default_pxe_item_local oidc_jwks_url instance_title }
  ARRAY_HOSTNAMES = %w{trusted_hosts}
  URI_ATTRS = %w{foreman_url unattended_url}
  URI_BLANK_ATTRS = %w{login_delegation_logout_url}
  IP_ATTRS = %w{libvirt_default_console_address}
  REGEXP_ATTRS = %w{remote_addr}
  EMAIL_ATTRS = %w{administrator email_reply_address}
  NOT_STRIPPED = %w{}

  class ValueValidator < ActiveModel::Validator
    def validate(record)
      record.send("validate_#{record.name}", record)
    end
  end

  validates_lengths_from_database

  validates :name, :presence => true, :uniqueness => true
  validates :description, :presence => true
  validates :default, :presence => true, :unless => proc { |s| s.settings_type == "boolean" || BLANK_ATTRS.include?(s.name) }
  validates :default, :inclusion => {:in => [true, false]}, :if => proc { |s| s.settings_type == "boolean" }
  validates :value, :numericality => true, :length => {:maximum => 8}, :if => proc { |s| s.settings_type == "integer" }
  validates :value, :numericality => {:greater_than => 0}, :if => proc { |s| NONZERO_ATTRS.include?(s.name) }
  validates :value, :inclusion => {:in => [true, false]}, :if => proc { |s| s.settings_type == "boolean" }
  validates :value, :presence => true, :if => proc { |s| s.settings_type == "array" && !BLANK_ATTRS.include?(s.name) }
  validates :settings_type, :inclusion => {:in => TYPES}, :allow_nil => true, :allow_blank => true
  validates :value, :url_schema => ['http', 'https'], :if => proc { |s| URI_ATTRS.include?(s.name) }

  validates :value, :url_schema => ['http', 'https'], :if => proc { |s| URI_BLANK_ATTRS.include?(s.name) && s.value.present? }

  validate :validate_host_owner, :if => proc { |s| s.name == "host_owner" }
  validates :value, :format => { :with => Resolv::AddressRegex }, :if => proc { |s| IP_ATTRS.include? s.name }
  validates :value, :regexp => true, :if => proc { |s| REGEXP_ATTRS.include? s.name }
  validates :value, :array_type => true, :if => proc { |s| s.settings_type == "array" }
  validates_with ValueValidator, :if => proc { |s| s.respond_to?("validate_#{s.name}") }
  validates :value, :array_hostnames_ips => true, :if => proc { |s| ARRAY_HOSTNAMES.include? s.name }
  validates :value, :email => true, :if => proc { |s| EMAIL_ATTRS.include? s.name }
  before_validation :set_setting_type_from_value
  before_save :clear_value_when_default
  before_save :clear_cache
  validate :validate_frozen_attributes
  after_find :readonly_when_overridden
  default_scope -> { order(:name) }

  # Filer out settings from disabled plugins
  scope :disabled_plugins, -> { where(:category => descendants.map(&:to_s)) unless Rails.env.development? }

  scope :order_by, ->(attr) { except(:order).order(attr) }

  scoped_search :on => :name, :complete_value => :true
  scoped_search :on => :description, :complete_value => :true

  def self.config_file
    'settings.yaml'
  end

  def self.live_descendants
    disabled_plugins.order_by(:full_name)
  end

  def self.stick_general_first
    sticky_setting = 'Setting::General'
    (where(:category => sticky_setting) + where.not(:category => sticky_setting)).group_by(&:category)
  end

  # can't use our own settings
  def self.per_page
    20
  end

  def self.humanized_category
    nil
  end

  def self.cache_key(name)
    "settings/#{name}"
  end

  def self.[](name)
    name = name.to_s
    cache.fetch(cache_key(name)) do
      find_by(:name => name)&.value
    end
  end

  def self.[]=(name, value)
    name   = name.to_s
    record = where(:name => name).first!
    record.value = value
    record.save!
  end

  def self.setting_type_from_value(value_for_type)
    t = value_for_type.class.to_s.downcase
    return t if TYPES.include?(t)
    return "integer" if value_for_type.is_a?(Integer)
    return "boolean" if value_for_type.is_a?(TrueClass) || value_for_type.is_a?(FalseClass)
  end

  def value=(v)
    v = v.to_yaml unless v.nil?
    # the has_attribute is for enabling DB migrations on older versions
    if has_attribute?(:encrypted) && encrypted
      # Don't re-write the attribute if the current encrypted value is identical to the new one
      current_value = self[:value]
      unless is_decryptable?(current_value) && decrypt_field(current_value) == v
        self[:value] = encrypt_field(v)
      end
    else
      self[:value] = v
    end
  end

  def value
    v = self[:value]
    v = decrypt_field(v)
    v.nil? ? default : YAML.load(v)
  end
  alias_method :value_before_type_cast, :value

  def default
    d = self[:default]
    d.nil? ? nil : YAML.load(d)
  end

  def default=(v)
    self[:default] = v.to_yaml
  end
  alias_method :default_before_type_cast, :default

  def parse_string_value(val)
    case settings_type
    when "boolean"
      boolean = Foreman::Cast.to_bool(val)

      if boolean.nil?
        invalid_value_error _("must be boolean")
        return false
      end

      self.value = boolean

    when "integer"
      if val.to_s =~ /\A\d+\Z/
        self.value = val.to_i
      else
        invalid_value_error _("must be integer")
        return false
      end

    when "array"
      if val =~ /\A\[.*\]\Z/
        begin
          self.value = YAML.load(val.gsub(/(\,)(\S)/, "\\1 \\2"))
        rescue => e
          invalid_value_error e.to_s
          return false
        end
      else
        invalid_value_error _("must be an array")
        return false
      end

    when "string", nil
      # string is taken as default setting type for parsing
      self.value = NOT_STRIPPED.include?(name) ? val : val.to_s.strip

    when "hash"
      raise Foreman::Exception, "parsing hash from string is not supported"

    else
      raise Foreman::Exception.new(N_("parsing settings type '%s' from string is not defined"), settings_type)

    end
    true
  end

  # in order to avoid code duplication, this method was introduced
  def self.create_find_by_name(opts)
    # self.name can be set by default scope, e.g. from first_or_create use
    opts ||= { name: new.name }
    opts.symbolize_keys!

    s = Setting.find_by_name(opts[:name].to_s)
    return create_existing(s, opts) if s

    column_check(opts)
    if block_given?
      yield opts.merge!(value: readonly_value(opts[:name].to_sym) || opts[:value])
    end
  end

  def self.create(opts)
    create_find_by_name(opts) { super }
  end

  def self.create!(opts)
    create_find_by_name(opts) { super }
  end

  def self.regexp_expand_wildcard_string(string, options = {})
    prefix = options[:prefix] || '\A'
    suffix = options[:suffix] || '\Z'
    prefix + Regexp.escape(string).gsub('\*', '.*') + suffix
  end

  def self.convert_array_to_regexp(array, regexp_options = {})
    Regexp.new(array.map { |string| regexp_expand_wildcard_string(string, regexp_options) }.join('|'))
  end

  def has_readonly_value?
    SETTINGS.key?(name.to_sym)
  end

  def self.readonly_value(name)
    SETTINGS[name]
  end

  def read_attribute_before_type_cast(attr_name)
    return value if attr_name == :value
    super(attr_name)
  end

  def self.create_existing(s, opts)
    bypass_readonly(s) do
      attrs = column_check([:default, :description, :full_name, :encrypted])
      to_update = Hash[opts.select { |k, v| attrs.include? k }]
      to_update[:value] = readonly_value(s.name.to_sym) if s.has_readonly_value?
      # default is converted to yaml so we need to convert the yaml here too,
      # in order to check, if the update of default is needed
      # if it is the same, we don't try to update default, it would trigger
      # update query for every setting
      to_update.delete(:default) if to_update[:default].to_yaml.strip == s[:default]
      s.attributes = to_update
      s.save if s.changed? # to bypass name uniqueness validator to query db
      s.update_column :category, opts[:category] if s.category != opts[:category]
      s.update_column :full_name, opts[:full_name] if column_check([:full_name]).present? && s.full_name != opts[:full_name]
      raw_value = s.read_attribute(:value)
      if s.is_encryptable?(raw_value) && attrs.include?(:encrypted) && opts[:encrypted]
        s.update_column :value, s.encrypt_field(raw_value)
      end
      if s.is_decryptable?(raw_value) && attrs.include?(:encrypted) && !opts[:encrypted]
        s.update_column :value, s.decrypt_field(raw_value)
      end
    end
    s
  end

  def self.bypass_readonly(s, &block)
    s.instance_variable_set("@readonly", false) if (old_readonly = s.readonly?)
    yield(s)
  ensure
    s.readonly! if old_readonly
  end

  def self.cache
    Rails.cache
  end

  # Methods for loading default settings

  def self.default_settings
    []
  end

  def self.load_defaults
    return false unless table_exists?
    dbcache = Hash[Setting.where(:category => name).map { |s| [s.name, s] }]
    transaction do
      default_settings.compact.each do |s|
        val = s.update(:category => name).symbolize_keys
        dbcache.key?(val[:name]) ? create_existing(dbcache[val[:name]], s) : create!(s)
      end
    end
    true
  end

  def self.select_collection_registry
    @@select_collection ||= SettingSelectCollection.new
  end

  def self.set(name, description, default, full_name = nil, value = nil, options = {})
    if options.has_key? :collection
      select_collection_registry.add(name, options)
    end
    options[:encrypted] ||= false
    {:name => name, :value => value, :description => description, :default => default, :full_name => full_name, :encrypted => options[:encrypted]}
  end

  def select_collection
    self.class.select_collection_registry.collection_for self
  end

  def self.model_name
    ActiveModel::Name.new(Setting)
  end

  def self.column_check(opts)
    opts.keep_if { |k, v| Setting.column_names.include?(k.to_s) }
  end

  # End methods for loading default settings

  private

  def validate_host_owner
    owner_type_and_id = value
    return if owner_type_and_id.blank?
    owner = OwnerClassifier.new(owner_type_and_id).user_or_usergroup
    errors.add(:value, _("Host owner is invalid")) if owner.nil?
  end

  def invalid_value_error(error)
    errors.add(:value, _("is invalid: %s") % error)
  end

  def set_setting_type_from_value
    self.settings_type ||= self.class.setting_type_from_value(default)
  end

  def validate_frozen_attributes
    return true if new_record?
    changed_attributes.each do |c, old|
      # Allow settings_type to change at first (from nil) since it gets populated during validation
      if FROZEN_ATTRS.include?(c.to_s) || (c.to_s == :settings_type && !old.nil?)
        errors.add(c, _("is not allowed to change"))
        return false
      end
    end
    true
  end

  def clear_value_when_default
    if self[:value] == self[:default]
      self[:value] = nil
    end
  end

  def clear_cache
    # Rails cache returns false if the delete failed and nil if the key is missing
    if Setting.cache.delete(cache_key) == false
      Rails.logger.warn "Failed to remove #{name} from cache"
    end
  end

  def cache_key
    Setting.cache_key(name)
  end

  def readonly_when_overridden
    readonly! if !new_record? && has_readonly_value?
  end
end