Merge pull request #235 from droopy4096/user_raw

User import routine (and selector for ecryption hashing algorithm)
master
kaiyou 7 years ago committed by GitHub
commit 388d77dec7

3
.gitignore vendored

@ -9,4 +9,5 @@ pip-selfcheck.json
/data
/docker-compose.mac.yml
/docker-compose.yml
/.idea
/.idea
/.vscode

4
admin/.gitignore vendored

@ -0,0 +1,4 @@
.fg/
lib64
.vscode
tags

@ -163,16 +163,28 @@ class User(Base, Email):
def get_id(self):
return self.email
scheme_dict = {'SHA512-CRYPT': "sha512_crypt",
'SHA256-CRYPT': "sha256_crypt",
'MD5-CRYPT': "md5_crypt",
'CRYPT': "des_crypt"}
pw_context = context.CryptContext(
["sha512_crypt", "sha256_crypt", "md5_crypt"]
schemes = scheme_dict.values(),
default='sha512_crypt',
)
def check_password(self, password):
reference = re.match('({[^}]+})?(.*)', self.password).group(2)
return User.pw_context.verify(password, reference)
def set_password(self, password):
self.password = '{SHA512-CRYPT}' + User.pw_context.encrypt(password)
def set_password(self, password, hash_scheme='SHA512-CRYPT', raw=False):
"""Set password for user with specified encryption scheme
@password: plain text password to encrypt (if raw == True the hash itself)
"""
# for the list of hash schemes see https://wiki2.dovecot.org/Authentication/PasswordSchemes
if raw:
self.password = '{'+hash_scheme+'}' + password
else:
self.password = '{'+hash_scheme+'}' + User.pw_context.encrypt(password, self.scheme_dict[hash_scheme])
def get_managed_domains(self):
if self.global_admin:

@ -35,8 +35,8 @@ def admin(localpart, domain_name, password):
@manager.command
def user(localpart, domain_name, password):
""" Create an user
def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
""" Create a user
"""
domain = models.Domain.query.get(domain_name)
if not domain:
@ -47,10 +47,108 @@ def user(localpart, domain_name, password):
domain=domain,
global_admin=False
)
user.set_password(password)
user.set_password(password, hash_scheme=hash_scheme)
db.session.add(user)
db.session.commit()
@manager.command
def user_import(localpart, domain_name, password_hash, hash_scheme='SHA512-CRYPT'):
""" Import a user along with password hash. Available hashes:
'SHA512-CRYPT'
'SHA256-CRYPT'
'MD5-CRYPT'
'CRYPT'
"""
domain = models.Domain.query.get(domain_name)
if not domain:
domain = models.Domain(name=domain_name)
db.session.add(domain)
user = models.User(
localpart=localpart,
domain=domain,
global_admin=False
)
user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
db.session.add(user)
db.session.commit()
@manager.command
def config_update(delete_objects=False):
"""sync configuration with data from YAML-formatted stdin"""
import yaml, sys
new_config=yaml.load(sys.stdin)
# print new_config
users=new_config['users']
tracked_users=set()
for user_config in users:
localpart=user_config['localpart']
domain_name=user_config['domain']
password_hash=user_config['password_hash']
hash_scheme=user_config['hash_scheme']
domain = models.Domain.query.get(domain_name)
email='{0}@{1}'.format(localpart,domain_name)
if not domain:
domain = models.Domain(name=domain_name)
db.session.add(domain)
user = models.User.query.get(email)
tracked_users.add(email)
if not user:
user = models.User(
localpart=localpart,
domain=domain,
global_admin=False
)
user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
db.session.add(user)
aliases=new_config['aliases']
tracked_aliases=set()
for alias_config in aliases:
localpart=alias_config['localpart']
domain_name=alias_config['domain']
destination=alias_config['destination']
domain = models.Domain.query.get(domain_name)
email='{0}@{1}'.format(localpart,domain_name)
if not domain:
domain = models.Domain(name=domain_name)
db.session.add(domain)
alias = models.Alias.query.get(email)
tracked_aliases.add(email)
if not alias:
alias = models.Alias(
localpart=localpart,
domain=domain,
destination=destination.split(','),
email=email
)
else:
alias.destination = destination.split(',')
db.session.add(alias)
if delete_objects:
for user in db.session.query(models.User).all():
if not ( user.email in tracked_users ):
db.session.delete(user)
for alias in db.session.query(models.Alias).all():
if not ( alias.email in tracked_aliases ):
db.session.delete(alias)
db.session.commit()
@manager.command
def user_delete(email):
"""delete user"""
user = models.User.query.get(email)
if user:
db.session.delete(user)
db.session.commit()
@manager.command
def alias_delete(email):
"""delete alias"""
alias = models.Alias.query.get(email)
if alias:
db.session.delete(alias)
db.session.commit()
@manager.command
def alias(localpart, domain_name, destination):

@ -14,3 +14,4 @@ docker-py
tabulate
apscheduler
certbot
PyYAML

Loading…
Cancel
Save