Configurable default password scheme used for passwords

7 years ago · da7c39263c
parent 1c0717e3db
commit da7c39263c
4 changed files with 11 additions and 6 deletions
--- a/.env.dist
+++ b/.env.dist
@ -32,6 +32,10 @@ POSTMASTER=admin
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu

+# Default password scheme used for newly created accounts and changed passwords
+# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
+PASSWORD_SCHEME=SHA512-CRYPT
+
 ###################################
 # Optional features
 ###################################
--- a/admin/mailu/init.py
+++ b/admin/mailu/init.py
@ -30,7 +30,8 @@ default_config = {
    'BABEL_DEFAULT_LOCALE': 'en',
    'BABEL_DEFAULT_TIMEZONE': 'UTC',
    'ENABLE_CERTBOT': False,
-    'CERTS_PATH': '/certs'
+    'CERTS_PATH': '/certs',
+    'PASSWORD_SCHEME': 'SHA512-CRYPT'
 }

 # Load configuration from the environment if available
--- a/admin/mailu/admin/models.py
+++ b/admin/mailu/admin/models.py
@ -169,14 +169,14 @@ class User(Base, Email):
                   'CRYPT': "des_crypt"}
    pw_context = context.CryptContext(
        schemes = scheme_dict.values(),
-        default='sha512_crypt',
+        default=scheme_dict[app.config['PASSWORD_SCHEME']],
    )

    def check_password(self, password):
        reference = re.match('({[^}]+})?(.*)', self.password).group(2)
        return User.pw_context.verify(password, reference)

-    def set_password(self, password, hash_scheme='SHA512-CRYPT', raw=False):
+    def set_password(self, password, hash_scheme=app.config['PASSWORD_SCHEME'], raw=False):
        """Set password for user with specified encryption scheme
           @password: plain text password to encrypt (if raw == True the hash itself)
        """
--- a/admin/manage.py
+++ b/admin/manage.py
@ -1,4 +1,4 @@
-from mailu import manager, db
+from mailu import app, manager, db
 from mailu.admin import models


@ -35,7 +35,7 @@ def admin(localpart, domain_name, password):


@manager.command
-def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
+def user(localpart, domain_name, password, hash_scheme=app.config['PASSWORD_SCHEME']):
    """ Create a user
    """
    domain = models.Domain.query.get(domain_name)
@ -52,7 +52,7 @@ def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
    db.session.commit()

@manager.command
-def user_import(localpart, domain_name, password_hash, hash_scheme='SHA512-CRYPT'):
+def user_import(localpart, domain_name, password_hash, hash_scheme=app.config['PASSWORD_SCHEME']):
    """ Import a user along with password hash. Available hashes:
                   'SHA512-CRYPT'
                   'SHA256-CRYPT'