Mailu/core/admin/mailu/ui/views/domains.py

from mailu import app, db, models
from mailu.ui import ui, forms, access

import flask
import flask_login
import wtforms_components
import dns.resolver


@ui.route('/domain', methods=['GET'])
@access.authenticated
def domain_list():
    return flask.render_template('domain/list.html')


@ui.route('/domain/create', methods=['GET', 'POST'])
@access.global_admin
def domain_create():
    form = forms.DomainForm()
    if form.validate_on_submit():
        conflicting_domain = models.Domain.query.get(form.name.data)
        conflicting_alternative = models.Alternative.query.get(form.name.data)
        conflicting_relay = models.Relay.query.get(form.name.data)
        if conflicting_domain or conflicting_alternative or conflicting_relay:
            flask.flash('Domain %s is already used' % form.name.data, 'error')
        else:
            domain = models.Domain()
            form.populate_obj(domain)
            db.session.add(domain)
            db.session.commit()
            flask.flash('Domain %s created' % domain)
            return flask.redirect(flask.url_for('.domain_list'))
    return flask.render_template('domain/create.html', form=form)


@ui.route('/domain/edit/<domain_name>', methods=['GET', 'POST'])
@access.global_admin
def domain_edit(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    form = forms.DomainForm(obj=domain)
    wtforms_components.read_only(form.name)
    form.name.validators = []
    if form.validate_on_submit():
        form.populate_obj(domain)
        db.session.commit()
        flask.flash('Domain %s saved' % domain)
        return flask.redirect(flask.url_for('.domain_list'))
    return flask.render_template('domain/edit.html', form=form,
        domain=domain)


@ui.route('/domain/delete/<domain_name>', methods=['GET', 'POST'])
@access.global_admin
@access.confirmation_required("delete {domain_name}")
def domain_delete(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    db.session.delete(domain)
    db.session.commit()
    flask.flash('Domain %s deleted' % domain)
    return flask.redirect(flask.url_for('.domain_list'))


@ui.route('/domain/details/<domain_name>', methods=['GET'])
@access.domain_admin(models.Domain, 'domain_name')
def domain_details(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    return flask.render_template('domain/details.html', domain=domain)


@ui.route('/domain/genkeys/<domain_name>', methods=['GET', 'POST'])
@access.domain_admin(models.Domain, 'domain_name')
@access.confirmation_required("regenerate keys for {domain_name}")
def domain_genkeys(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    domain.generate_dkim_key()
    return flask.redirect(
        flask.url_for(".domain_details", domain_name=domain_name))


@ui.route('/domain/signup', methods=['GET', 'POST'])
def domain_signup(domain_name=None):
    if not app.config['DOMAIN_REGISTRATION']:
        flask.abort(403)
    form = forms.DomainSignupForm()
    if flask_login.current_user.is_authenticated:
        del form.localpart
        del form.pw
        del form.pw2
    if form.validate_on_submit():
        conflicting_domain = models.Domain.query.get(form.name.data)
        conflicting_alternative = models.Alternative.query.get(form.name.data)
        conflicting_relay = models.Relay.query.get(form.name.data)
        hostnames = app.config['HOSTNAMES'].split(',')
        if conflicting_domain or conflicting_alternative or conflicting_relay:
            flask.flash('Domain %s is already used' % form.name.data, 'error')
        else:
            # Check if the domain MX actually points to this server
            try:
                mxok = any(str(rset).split()[-1][:-1] in hostnames
                           for rset in dns.resolver.query(form.name.data, 'MX'))
            except Exception as e:
                mxok = False
            if mxok:
                # Actually create the domain
                domain = models.Domain()
                form.populate_obj(domain)
                domain.max_quota_bytes = app.config['DEFAULT_QUOTA']
                domain.max_users = 10
                domain.max_aliases = 10
                db.session.add(domain)
                if flask_login.current_user.is_authenticated:
                    user = models.User.query.get(flask_login.current_user.email)
                else:
                    user = models.User()
                    user.domain = domain
                    form.populate_obj(user)
                    user.set_password(form.pw.data)
                    user.quota_bytes = domain.max_quota_bytes
                db.session.add(user)
                domain.managers.append(user)
                db.session.commit()
                flask.flash('Domain %s created' % domain)
                return flask.redirect(flask.url_for('.domain_list'))
            else:
                flask.flash('The MX record was not properly set', 'error')
    return flask.render_template('domain/signup.html', form=form)
Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`from mailu import app, db, models`
			`from mailu.ui import ui, forms, access`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00
			`import flask`
Add self-service domain registration 2018-04-18 20:31:32 +02:00			`import flask_login`
Use a single domain form 2016-03-22 22:22:49 +02:00			`import wtforms_components`
Add self-service domain registration 2018-04-18 20:31:32 +02:00			`import dns.resolver`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/domain', methods=['GET'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.authenticated`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def domain_list():`
			`return flask.render_template('domain/list.html')`


Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/domain/create', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.global_admin`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def domain_create():`
Use a single domain form 2016-03-22 22:22:49 +02:00			`form = forms.DomainForm()`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
Add the ability to configure alternative domains 2017-09-03 18:30:00 +02:00			`conflicting_domain = models.Domain.query.get(form.name.data)`
			`conflicting_alternative = models.Alternative.query.get(form.name.data)`
Avoid duplicating relays with alternatives or domains 2017-09-10 20:49:49 +02:00			`conflicting_relay = models.Relay.query.get(form.name.data)`
			`if conflicting_domain or conflicting_alternative or conflicting_relay:`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('Domain %s is already used' % form.name.data, 'error')`
			`else:`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`domain = models.Domain()`
			`form.populate_obj(domain)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`db.session.add(domain)`
			`db.session.commit()`
			`flask.flash('Domain %s created' % domain)`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(flask.url_for('.domain_list'))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('domain/create.html', form=form)`


Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/domain/edit/<domain_name>', methods=['GET', 'POST'])`
Fix domain deletion permissions 2016-08-29 20:22:44 +02:00			`@access.global_admin`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def domain_edit(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
Use a single domain form 2016-03-22 22:22:49 +02:00			`form = forms.DomainForm(obj=domain)`
			`wtforms_components.read_only(form.name)`
Fix the behaviour from Wtforms Components regarding readonly, related to #152 2017-01-25 01:05:03 +02:00			`form.name.validators = []`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(domain)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`db.session.commit()`
			`flask.flash('Domain %s saved' % domain)`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(flask.url_for('.domain_list'))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('domain/edit.html', form=form,`
			`domain=domain)`


Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/domain/delete/<domain_name>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.global_admin`
Clean imports and remove calls to the utils module 2016-08-29 19:35:09 +02:00			`@access.confirmation_required("delete {domain_name}")`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def domain_delete(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`db.session.delete(domain)`
			`db.session.commit()`
			`flask.flash('Domain %s deleted' % domain)`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(flask.url_for('.domain_list'))`
Display domain SPF and DMARC example entries, fixes #15 2016-06-25 14:51:02 +02:00

Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/domain/details/<domain_name>', methods=['GET'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.Domain, 'domain_name')`
Display domain SPF and DMARC example entries, fixes #15 2016-06-25 14:51:02 +02:00			`def domain_details(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
Improve the sidebar, display site title and website link 2017-10-29 19:13:59 +02:00			`return flask.render_template('domain/details.html', domain=domain)`
Handle DKIM key generation and storage 2016-06-25 15:50:05 +02:00

Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/domain/genkeys/<domain_name>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.Domain, 'domain_name')`
Clean imports and remove calls to the utils module 2016-08-29 19:35:09 +02:00			`@access.confirmation_required("regenerate keys for {domain_name}")`
Handle DKIM key generation and storage 2016-06-25 15:50:05 +02:00			`def domain_genkeys(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
Handle DKIM key generation and storage 2016-06-25 15:50:05 +02:00			`domain.generate_dkim_key()`
			`return flask.redirect(`
			`flask.url_for(".domain_details", domain_name=domain_name))`
Add self-service domain registration 2018-04-18 20:31:32 +02:00

			`@ui.route('/domain/signup', methods=['GET', 'POST'])`
			`def domain_signup(domain_name=None):`
			`if not app.config['DOMAIN_REGISTRATION']:`
			`flask.abort(403)`
			`form = forms.DomainSignupForm()`
			`if flask_login.current_user.is_authenticated:`
			`del form.localpart`
			`del form.pw`
			`del form.pw2`
			`if form.validate_on_submit():`
			`conflicting_domain = models.Domain.query.get(form.name.data)`
			`conflicting_alternative = models.Alternative.query.get(form.name.data)`
			`conflicting_relay = models.Relay.query.get(form.name.data)`
			`hostnames = app.config['HOSTNAMES'].split(',')`
			`if conflicting_domain or conflicting_alternative or conflicting_relay:`
			`flask.flash('Domain %s is already used' % form.name.data, 'error')`
			`else:`
			`# Check if the domain MX actually points to this server`
			`try:`
			`mxok = any(str(rset).split()[-1][:-1] in hostnames`
			`for rset in dns.resolver.query(form.name.data, 'MX'))`
			`except Exception as e:`
			`mxok = False`
			`if mxok:`
			`# Actually create the domain`
			`domain = models.Domain()`
			`form.populate_obj(domain)`
			`domain.max_quota_bytes = app.config['DEFAULT_QUOTA']`
			`domain.max_users = 10`
			`domain.max_aliases = 10`
			`db.session.add(domain)`
			`if flask_login.current_user.is_authenticated:`
			`user = models.User.query.get(flask_login.current_user.email)`
			`else:`
			`user = models.User()`
			`user.domain = domain`
			`form.populate_obj(user)`
			`user.set_password(form.pw.data)`
			`user.quota_bytes = domain.max_quota_bytes`
			`db.session.add(user)`
			`domain.managers.append(user)`
			`db.session.commit()`
			`flask.flash('Domain %s created' % domain)`
			`return flask.redirect(flask.url_for('.domain_list'))`
			`else:`
			`flask.flash('The MX record was not properly set', 'error')`
			`return flask.render_template('domain/signup.html', form=form)`