Merge pull request #235 from droopy4096/user_raw

User import routine (and selector for ecryption hashing algorithm)

.gitignore

@@ -9,4 +9,5 @@ pip-selfcheck.json
 /data
 /docker-compose.mac.yml
 /docker-compose.yml
-/.idea
+/.idea
+/.vscode

admin/.gitignore

@@ -0,0 +1,4 @@
+.fg/
+lib64
+.vscode
+tags

admin/mailu/admin/models.py

@@ -163,16 +163,28 @@ class User(Base, Email):
     def get_id(self):
         return self.email
 
+    scheme_dict = {'SHA512-CRYPT': "sha512_crypt", 
+                   'SHA256-CRYPT': "sha256_crypt", 
+                   'MD5-CRYPT': "md5_crypt", 
+                   'CRYPT': "des_crypt"}
     pw_context = context.CryptContext(
-        ["sha512_crypt", "sha256_crypt", "md5_crypt"]
+        schemes = scheme_dict.values(),
+        default='sha512_crypt',
     )
 
     def check_password(self, password):
         reference = re.match('({[^}]+})?(.*)', self.password).group(2)
         return User.pw_context.verify(password, reference)
 
-    def set_password(self, password):
-        self.password = '{SHA512-CRYPT}' + User.pw_context.encrypt(password)
+    def set_password(self, password, hash_scheme='SHA512-CRYPT', raw=False):
+        """Set password for user with specified encryption scheme
+           @password: plain text password to encrypt (if raw == True the hash itself)
+        """
+        # for the list of hash schemes see https://wiki2.dovecot.org/Authentication/PasswordSchemes
+        if raw:
+            self.password = '{'+hash_scheme+'}' + password
+        else:
+            self.password = '{'+hash_scheme+'}' + User.pw_context.encrypt(password, self.scheme_dict[hash_scheme])
 
     def get_managed_domains(self):
         if self.global_admin:

admin/manage.py

@@ -35,8 +35,8 @@ def admin(localpart, domain_name, password):
 
 
 @manager.command
-def user(localpart, domain_name, password):
-    """ Create an user
+def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
+    """ Create a user
     """
     domain = models.Domain.query.get(domain_name)
     if not domain:
@@ -47,10 +47,108 @@ def user(localpart, domain_name, password):
         domain=domain,
         global_admin=False
     )
-    user.set_password(password)
+    user.set_password(password, hash_scheme=hash_scheme)
     db.session.add(user)
     db.session.commit()
 
+@manager.command
+def user_import(localpart, domain_name, password_hash, hash_scheme='SHA512-CRYPT'):
+    """ Import a user along with password hash. Available hashes:
+                   'SHA512-CRYPT'
+                   'SHA256-CRYPT'
+                   'MD5-CRYPT'
+                   'CRYPT'
+    """
+    domain = models.Domain.query.get(domain_name)
+    if not domain:
+        domain = models.Domain(name=domain_name)
+        db.session.add(domain)
+    user = models.User(
+        localpart=localpart,
+        domain=domain,
+        global_admin=False
+    )
+    user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
+    db.session.add(user)
+    db.session.commit()
+
+@manager.command
+def config_update(delete_objects=False):
+    """sync configuration with data from YAML-formatted stdin"""
+    import yaml, sys
+    new_config=yaml.load(sys.stdin)
+    # print new_config
+    users=new_config['users']
+    tracked_users=set()
+    for user_config in users:
+        localpart=user_config['localpart']
+        domain_name=user_config['domain']
+        password_hash=user_config['password_hash']
+        hash_scheme=user_config['hash_scheme']
+        domain = models.Domain.query.get(domain_name)
+        email='{0}@{1}'.format(localpart,domain_name)
+        if not domain:
+            domain = models.Domain(name=domain_name)
+            db.session.add(domain)
+        user = models.User.query.get(email)
+        tracked_users.add(email)
+        if not user:
+            user = models.User(
+                localpart=localpart,
+                domain=domain,
+                global_admin=False
+            )
+        user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
+        db.session.add(user)
+
+    aliases=new_config['aliases']
+    tracked_aliases=set()
+    for alias_config in aliases:
+        localpart=alias_config['localpart']
+        domain_name=alias_config['domain']
+        destination=alias_config['destination']
+        domain = models.Domain.query.get(domain_name)
+        email='{0}@{1}'.format(localpart,domain_name)
+        if not domain:
+            domain = models.Domain(name=domain_name)
+            db.session.add(domain)
+        alias = models.Alias.query.get(email)
+        tracked_aliases.add(email)
+        if not alias:
+            alias = models.Alias(
+                localpart=localpart,
+                domain=domain,
+                destination=destination.split(','),
+                email=email
+            )
+        else:
+            alias.destination = destination.split(',')
+        db.session.add(alias)
+    
+    if delete_objects:
+        for user in db.session.query(models.User).all():
+            if not ( user.email in tracked_users ):
+                db.session.delete(user)
+        for alias in db.session.query(models.Alias).all():
+            if not ( alias.email in tracked_aliases ):
+                db.session.delete(alias)
+    db.session.commit()
+
+@manager.command
+def user_delete(email):
+    """delete user"""
+    user = models.User.query.get(email)
+    if user:
+        db.session.delete(user)
+    db.session.commit()
+
+@manager.command
+def alias_delete(email):
+    """delete alias"""
+    alias = models.Alias.query.get(email)
+    if alias:
+        db.session.delete(alias)
+    db.session.commit()
 
 @manager.command
 def alias(localpart, domain_name, destination):

admin/requirements.txt

@@ -14,3 +14,4 @@ docker-py
 tabulate
 apscheduler
 certbot
+PyYAML