Merge pull request #235 from droopy4096/user_raw

User import routine (and selector for ecryption hashing algorithm)
7 years ago · 388d77dec7
parent 128dee0872 e8b62484a9
commit 388d77dec7
6 changed files with 123 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,4 +9,5 @@ pip-selfcheck.json
 /data
 /docker-compose.mac.yml
 /docker-compose.yml
-/.idea
+/.idea
+/.vscode
--- a/admin/.gitignore
+++ b/admin/.gitignore
@ -0,0 +1,4 @@
+.fg/
+lib64
+.vscode
+tags
--- a/admin/mailu/admin/models.py
+++ b/admin/mailu/admin/models.py
@ -163,16 +163,28 @@ class User(Base, Email):
    def get_id(self):
        return self.email

+    scheme_dict = {'SHA512-CRYPT': "sha512_crypt", 
+                   'SHA256-CRYPT': "sha256_crypt", 
+                   'MD5-CRYPT': "md5_crypt", 
+                   'CRYPT': "des_crypt"}
    pw_context = context.CryptContext(
-        ["sha512_crypt", "sha256_crypt", "md5_crypt"]
+        schemes = scheme_dict.values(),
+        default='sha512_crypt',
    )

    def check_password(self, password):
        reference = re.match('({[^}]+})?(.*)', self.password).group(2)
        return User.pw_context.verify(password, reference)

-    def set_password(self, password):
-        self.password = '{SHA512-CRYPT}' + User.pw_context.encrypt(password)
+    def set_password(self, password, hash_scheme='SHA512-CRYPT', raw=False):
+        """Set password for user with specified encryption scheme
+           @password: plain text password to encrypt (if raw == True the hash itself)
+        """
+        # for the list of hash schemes see https://wiki2.dovecot.org/Authentication/PasswordSchemes
+        if raw:
+            self.password = '{'+hash_scheme+'}' + password
+        else:
+            self.password = '{'+hash_scheme+'}' + User.pw_context.encrypt(password, self.scheme_dict[hash_scheme])

    def get_managed_domains(self):
        if self.global_admin:
--- a/admin/mailu/admin/views/init.py
+++ b/admin/mailu/admin/views/init.py
--- a/admin/manage.py
+++ b/admin/manage.py
@ -35,8 +35,8 @@ def admin(localpart, domain_name, password):


@manager.command
-def user(localpart, domain_name, password):
-    """ Create an user
+def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
+    """ Create a user
    """
    domain = models.Domain.query.get(domain_name)
    if not domain:
@ -47,10 +47,108 @@ def user(localpart, domain_name, password):
        domain=domain,
        global_admin=False
    )
-    user.set_password(password)
+    user.set_password(password, hash_scheme=hash_scheme)
    db.session.add(user)
    db.session.commit()

+@manager.command
+def user_import(localpart, domain_name, password_hash, hash_scheme='SHA512-CRYPT'):
+    """ Import a user along with password hash. Available hashes:
+                   'SHA512-CRYPT'
+                   'SHA256-CRYPT'
+                   'MD5-CRYPT'
+                   'CRYPT'
+    """
+    domain = models.Domain.query.get(domain_name)
+    if not domain:
+        domain = models.Domain(name=domain_name)
+        db.session.add(domain)
+    user = models.User(
+        localpart=localpart,
+        domain=domain,
+        global_admin=False
+    )
+    user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
+    db.session.add(user)
+    db.session.commit()
+
+@manager.command
+def config_update(delete_objects=False):
+    """sync configuration with data from YAML-formatted stdin"""
+    import yaml, sys
+    new_config=yaml.load(sys.stdin)
+    # print new_config
+    users=new_config['users']
+    tracked_users=set()
+    for user_config in users:
+        localpart=user_config['localpart']
+        domain_name=user_config['domain']
+        password_hash=user_config['password_hash']
+        hash_scheme=user_config['hash_scheme']
+        domain = models.Domain.query.get(domain_name)
+        email='{0}@{1}'.format(localpart,domain_name)
+        if not domain:
+            domain = models.Domain(name=domain_name)
+            db.session.add(domain)
+        user = models.User.query.get(email)
+        tracked_users.add(email)
+        if not user:
+            user = models.User(
+                localpart=localpart,
+                domain=domain,
+                global_admin=False
+            )
+        user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
+        db.session.add(user)
+
+    aliases=new_config['aliases']
+    tracked_aliases=set()
+    for alias_config in aliases:
+        localpart=alias_config['localpart']
+        domain_name=alias_config['domain']
+        destination=alias_config['destination']
+        domain = models.Domain.query.get(domain_name)
+        email='{0}@{1}'.format(localpart,domain_name)
+        if not domain:
+            domain = models.Domain(name=domain_name)
+            db.session.add(domain)
+        alias = models.Alias.query.get(email)
+        tracked_aliases.add(email)
+        if not alias:
+            alias = models.Alias(
+                localpart=localpart,
+                domain=domain,
+                destination=destination.split(','),
+                email=email
+            )
+        else:
+            alias.destination = destination.split(',')
+        db.session.add(alias)
+    
+    if delete_objects:
+        for user in db.session.query(models.User).all():
+            if not ( user.email in tracked_users ):
+                db.session.delete(user)
+        for alias in db.session.query(models.Alias).all():
+            if not ( alias.email in tracked_aliases ):
+                db.session.delete(alias)
+    db.session.commit()
+
+@manager.command
+def user_delete(email):
+    """delete user"""
+    user = models.User.query.get(email)
+    if user:
+        db.session.delete(user)
+    db.session.commit()
+
+@manager.command
+def alias_delete(email):
+    """delete alias"""
+    alias = models.Alias.query.get(email)
+    if alias:
+        db.session.delete(alias)
+    db.session.commit()

@manager.command
 def alias(localpart, domain_name, destination):
--- a/admin/requirements.txt
+++ b/admin/requirements.txt
@ -14,3 +14,4 @@ docker-py
 tabulate
 apscheduler
 certbot
+PyYAML