postfix_admin 0.3.0 → 0.3.2

data/lib/postfix_admin/cli.rb

@@ -57,9 +57,11 @@ module PostfixAdmin
         show_domain_details(name)
       else
         # no argument: show all domains and admins
-        show_domain
+        show_domains
         puts
-        show_admin
+        show_admins
+        puts
+        show_recent_logs
       end
     end
 
@@ -71,15 +73,35 @@ module PostfixAdmin
       end
     end
 
+    def show_recent_logs
+      if Log.count.zero?
+        puts "No logs"
+        return
+      end
+
+      logs = Log.last(10)
+      puts_title("Recent Logs")
+      puts_log_table(logs)
+    end
+
     # Set up a domain
     # Add a domain, add an admin, and grant the admin access to the domain
-    def setup_domain(domain_name, password)
+    def setup_domain(domain_name, password, description: nil,
+                     scheme: nil, rounds: nil)
       admin = "admin@#{domain_name}"
-      add_domain(domain_name)
-      add_admin(admin, password)
+      add_domain(domain_name, description: description)
+      add_admin(admin, password, scheme: scheme, rounds: rounds)
       add_admin_domain(admin, domain_name)
     end
 
+    # Tear down a domain
+    # Delete a domain and delete an admin user for it
+    def teardown_domain(domain_name)
+      admin = "admin@#{domain_name}"
+      delete_domain(domain_name)
+      delete_admin(admin)
+    end
+
     def show_account_details(user_name, display_password: false)
       account_check(user_name)
       mailbox    = Mailbox.find(user_name)
@@ -90,7 +112,7 @@ module PostfixAdmin
       rows << ["Address", mailbox.username]
       rows << ["Name", mailbox.name]
       rows << ["Password", mailbox.password] if display_password
-      rows << ["Quota (MB)", mailbox.quota_mb_str]
+      rows << ["Quota (MB)", mailbox.quota_display_str(format: "%.1f")]
       rows << ["Go to", mail_alias.goto]
       rows << ["Active", mailbox.active_str]
 
@@ -125,12 +147,13 @@ module PostfixAdmin
       puts_table(rows: rows)
     end
 
-    def show_domain
+    def show_domains
       rows = []
       headings = ["No.", "Domain", "Aliases", "Mailboxes","Max Quota (MB)",
                   "Active", "Description"]
 
       puts_title("Domains")
+
       if Domain.without_all.empty?
         puts "No domains"
         return
@@ -138,9 +161,7 @@ module PostfixAdmin
 
       Domain.without_all.each_with_index do |d, i|
         no = i + 1
-        aliases_str = "%4d / %4s" % [d.pure_aliases.count, d.aliases_str]
-        mailboxes_str = "%4d / %4s" % [d.rel_mailboxes.count, d.mailboxes_str]
-        rows << [no.to_s, d.domain, aliases_str, mailboxes_str,
+        rows << [no.to_s, d.domain, d.alias_usage_display_str, d.mailbox_usage_display_str,
                  d.maxquota_str, d.active_str, d.description]
       end
 
@@ -152,12 +173,12 @@ module PostfixAdmin
       puts_registered(domain_name, "a domain")
     end
 
-    def change_admin_password(user_name, password)
-      change_password(Admin, user_name, password)
+    def change_admin_password(user_name, password, scheme: nil, rounds: nil)
+      change_password(Admin, user_name, password, scheme: scheme, rounds: rounds)
     end
 
-    def change_account_password(user_name, password)
-      change_password(Mailbox, user_name, password)
+    def change_account_password(user_name, password, scheme: nil, rounds: nil)
+      change_password(Mailbox, user_name, password, scheme: scheme, rounds: rounds)
     end
 
     def edit_admin(admin_name, options)
@@ -171,7 +192,7 @@ module PostfixAdmin
       admin.active = options[:active] unless options[:active].nil?
       admin.save!
 
-      puts "Successfully updated #{admin_name}"
+      puts "successfully updated #{admin_name}"
       show_admin_details(admin_name)
     end
 
@@ -185,7 +206,7 @@ module PostfixAdmin
       domain.description  = options[:description] if options[:description]
       domain.save!
 
-      puts "Successfully updated #{domain_name}"
+      puts "successfully updated #{domain_name}"
       show_summary(domain_name)
     end
 
@@ -194,11 +215,12 @@ module PostfixAdmin
       puts_deleted(domain_name)
     end
 
-    def show_admin(domain_name = nil)
+    def show_admins(domain_name = nil)
       admins = domain_name ? Admin.select { |a| a.rel_domains.exists?(domain_name) } : Admin.all
-      headings = %w[No. Admin Domains Active]
+      headings = ["No.", "Admin", "Domains", "Active", "Scheme Prefix"]
 
       puts_title("Admins")
+
       if admins.empty?
         puts "No admins"
         return
@@ -208,51 +230,68 @@ module PostfixAdmin
       admins.each_with_index do |a, i|
         no = i + 1
         domains = a.super_admin? ? 'Super Admin' : a.rel_domains.count
-        rows << [no.to_s, a.username, domains.to_s, a.active_str]
+        rows << [no.to_s, a.username, domains.to_s, a.active_str, a.scheme_prefix]
       end
 
       puts_table(headings: headings, rows: rows)
     end
 
-    def show_address(domain_name)
-      domain_check(domain_name)
+    def show_accounts(domain_name=nil)
+      domain_check(domain_name) if domain_name
 
       rows = []
-      mailboxes = Domain.find(domain_name).rel_mailboxes
-      headings = ["No.", "Email", "Name", "Quota (MB)", "Active", "Maildir"]
+      mailboxes = if domain_name
+                    Domain.find(domain_name).rel_mailboxes
+                  else
+                    Mailbox.all
+                  end
+      headings = ["No.", "Email", "Name", "Quota (MB)", "Active",
+                  "Scheme Prefix", "Maildir"]
+
+      puts_title("Accounts")
 
-      puts_title("Addresses")
       if mailboxes.empty?
-        puts "No addresses"
+        puts "No accounts"
         return
       end
 
       mailboxes.each_with_index do |m, i|
         no = i + 1
-        rows << [no.to_s, m.username, m.name, m.quota_mb_str,
-                 m.active_str, m.maildir]
+        rows << [no.to_s, m.username, m.name, m.quota_display_str,
+                 m.active_str, m.scheme_prefix, m.maildir]
       end
 
       puts_table(headings: headings, rows: rows)
     end
 
-    def show_alias(domain_name)
-      domain_check(domain_name)
+    def show_forwards(domain_name=nil)
+      domain_check(domain_name) if domain_name
 
-      forwards, aliases = Domain.find(domain_name).rel_aliases.partition { |a| a.mailbox? }
-
-      forwards.delete_if do |f|
-        f.address == f.goto
-      end
+      forwards = if domain_name
+                   Domain.find(domain_name).rel_aliases.forward
+                 else
+                   Alias.forward
+                 end
 
       show_alias_base("Forwards", forwards)
-      puts
+    end
+
+    def show_aliases(domain_name=nil)
+      domain_check(domain_name) if domain_name
+
+      aliases = if domain_name
+                  Domain.find(domain_name).rel_aliases.pure
+                else
+                  db_aliases = Alias.pure
+                end
+
       show_alias_base("Aliases",  aliases)
     end
 
     def show_admin_domain(user_name)
       admin = Admin.find(user_name)
       puts_title("Admin Domains (#{user_name})")
+
       if admin.rel_domains.empty?
         puts "\nNo domains for #{user_name}"
         return
@@ -263,13 +302,18 @@ module PostfixAdmin
         no = i + 1
         rows << [no.to_s, d.domain]
       end
+
       puts_table(rows: rows, headings: %w[No. Domain])
     end
 
-    def add_admin(user_name, password, super_admin = false, scheme = nil)
+    def add_admin(user_name, password, super_admin: false,
+                  scheme: nil, rounds: nil)
       validate_password(password)
 
-      @base.add_admin(user_name, hashed_password(password, scheme))
+      h_password = hashed_password(password, user_name: user_name,
+                                   scheme: scheme, rounds: rounds)
+      @base.add_admin(user_name, h_password)
+
       if super_admin
         Admin.find(user_name).super_admin = true
         puts_registered(user_name, "a super admin")
@@ -288,10 +332,12 @@ module PostfixAdmin
       puts "#{domain_name} was successfully deleted from #{user_name}"
     end
 
-    def add_account(address, password, scheme = nil, name = nil)
+    def add_account(address, password, name: nil, scheme: nil, rounds: nil)
       validate_password(password)
 
-      @base.add_account(address, hashed_password(password, scheme), name: name)
+      h_password = hashed_password(password, user_name: address,
+                                   scheme: scheme, rounds: rounds)
+      @base.add_account(address, h_password, name: name)
       puts_registered(address, "an account")
     end
 
@@ -301,10 +347,13 @@ module PostfixAdmin
     end
 
     def edit_account(address, options)
+      quota = options[:quota]
+      raise "Invalid Quota value: #{quota}" if quota && quota < 0
+
       mailbox_check(address)
       mailbox = Mailbox.find(address)
       mailbox.name = options[:name] if options[:name]
-      mailbox.quota = options[:quota] * KB_TO_MB if options[:quota]
+      mailbox.quota_mb = quota if quota
       mailbox.active = options[:active] unless options[:active].nil?
       mailbox.save!
 
@@ -314,7 +363,7 @@ module PostfixAdmin
         mail_alias.save!
       end
 
-      puts "Successfully updated #{address}"
+      puts "successfully updated #{address}"
       show_account_details(address)
     end
 
@@ -325,7 +374,7 @@ module PostfixAdmin
       mail_alias.active = options[:active] unless options[:active].nil?
       mail_alias.save or raise "Could not save Alias"
 
-      puts "Successfully updated #{address}"
+      puts "successfully updated #{address}"
       show_alias_details(address)
     end
 
@@ -345,7 +394,7 @@ module PostfixAdmin
     end
 
     def log(domain: nil, last: nil)
-      headings = %w[Timestamp Admin Domain Action Data]
+      headings = %w[No. Timestamp Admin Domain Action Data]
       rows = []
 
       logs = if domain
@@ -356,10 +405,17 @@ module PostfixAdmin
 
       logs = logs.last(last) if last
 
-      logs.each do |l|
+      puts_log_table(logs)
+    end
+
+    def puts_log_table(logs)
+      headings = %w[No. Timestamp Admin Domain Action Data]
+      rows = []
+      logs.each_with_index do |l, i|
+        no = i + 1
         # TODO: Consider if zone should be included ('%Z').
         time = l.timestamp.strftime("%Y-%m-%d %X")
-        rows << [time, l.username, l.domain, l.action, l.data]
+        rows << [no, time, l.username, l.domain, l.action, l.data]
       end
 
       puts_table(headings: headings, rows: rows)
@@ -372,24 +428,28 @@ module PostfixAdmin
         puts [a.username, %Q!"#{a.password}"!, a.super_admin?, a.active].join(',')
       end
       puts
+
       puts "Domains"
       puts "Domain Name,Max Quota,Active"
       Domain.without_all.each do |d|
         puts [d.domain, d.maxquota, d.active].join(',')
       end
       puts
+
       puts "Mailboxes"
       puts "User Name,Name,Password,Quota,Maildir,Active"
       Mailbox.all.each do |m|
         puts [m.username, %Q!"#{m.name}"!, %Q!"#{m.password}"!, m.quota, %Q!"#{m.maildir}"!, m.active].join(',')
       end
       puts
+
       puts "Aliases"
       puts "Address,Go to,Active"
       Alias.all.select { |a| !a.mailbox? }.each do |a|
         puts [a.address, %Q!"#{a.goto}"!, a.active].join(',')
       end
       puts
+
       puts "Forwards"
       puts "Address,Go to,Active"
       Alias.all.select { |a| a.mailbox? && a.goto != a.address }.each do |a|
@@ -406,6 +466,7 @@ module PostfixAdmin
       rows << ["Admins", Admin.count]
       rows << ["Mailboxes", Mailbox.count]
       rows << ["Aliases", Alias.pure.count]
+      rows << ["Logs", Log.count]
 
       puts_title(title)
       puts_table(rows: rows)
@@ -417,8 +478,8 @@ module PostfixAdmin
 
       rows = []
       domain = Domain.find(domain_name)
-      rows << ["Mailboxes", "%4d / %4s" % [domain.rel_mailboxes.count, domain.mailboxes_str]]
-      rows << ["Aliases", "%4d / %4s" % [domain.pure_aliases.count, domain.aliases_str]]
+      rows << ["Mailboxes", domain.mailbox_usage_display_str]
+      rows << ["Aliases", domain.alias_usage_display_str]
       rows << ["Max Quota (MB)", domain.maxquota_str]
       rows << ["Active", domain.active_str]
       rows << ["Description", domain.description]
@@ -428,11 +489,13 @@ module PostfixAdmin
     end
 
     def show_domain_details(domain_name)
-      show_admin(domain_name)
+      show_admins(domain_name)
+      puts
+      show_accounts(domain_name)
       puts
-      show_address(domain_name)
+      show_forwards(domain_name)
       puts
-      show_alias(domain_name)
+      show_aliases(domain_name)
     end
 
     def show_alias_base(title, addresses)
@@ -471,6 +534,7 @@ module PostfixAdmin
         puts "configure file: #{config_file} was generated.\nPlease execute after edit it."
         exit
       end
+
       open(config_file) do |f|
         YAML.load(f.read)
       end
@@ -524,24 +588,44 @@ module PostfixAdmin
       end
     end
 
-    def change_password(klass, user_name, password)
+    def change_password(klass, user_name, password, scheme: nil, rounds: nil)
       raise Error, "Could not find #{user_name}" unless klass.exists?(user_name)
 
       validate_password(password)
 
       obj = klass.find(user_name)
+      h_password = hashed_password(password, scheme: scheme, rounds: rounds,
+                                   user_name: user_name)
 
-      if obj.update(password: hashed_password(password))
-        puts "the password of #{user_name} was successfully changed."
+      if obj.update(password: h_password)
+        puts "the password of #{user_name} was successfully updated."
       else
         raise "Could not change password of #{klass.name}"
       end
     end
 
-    def hashed_password(password, in_scheme = nil)
+    # The default number of rounds for BLF-CRYPT in `doveadm pw` is 5.
+    # However, this method uses 10 rounds by default, similar to
+    # the password_hash() function in PHP.
+    #
+    # https://www.php.net/manual/en/function.password-hash.php
+    # <?php
+    #   echo password_hash("password", PASSWORD_BCRYPT);
+    #
+    # $2y$10$qzRgjWZWfH4VsNQGvp/DNObFSaMiZxXJSzgXqOOS/qtF68qIhhwFe
+    DEFAULT_BLF_CRYPT_ROUNDS = 10
+
+    # Generate a hashed password
+    def hashed_password(password, scheme: nil, rounds: nil, user_name: nil)
       prefix = @base.config[:passwordhash_prefix]
-      scheme = in_scheme || @base.config[:scheme]
-      PostfixAdmin::Doveadm.password(password, scheme, prefix)
+      new_scheme = scheme || @base.config[:scheme]
+      new_rounds = if rounds
+                     rounds
+                   elsif new_scheme == "BLF-CRYPT"
+                     DEFAULT_BLF_CRYPT_ROUNDS
+                   end
+      PostfixAdmin::Doveadm.password(password, new_scheme, rounds: new_rounds,
+                                     user_name: user_name, prefix: prefix)
     end
   end
 end

data/lib/postfix_admin/doveadm.rb

@@ -1,33 +1,49 @@
-
 require 'open3'
 require 'shellwords'
 
 module PostfixAdmin
   class Doveadm
+    # doveadm-pw: https://doc.dovecot.org/3.0/man/doveadm-pw.1/
+    CMD_DOVEADM_PW = "doveadm pw"
+
+    # List all supported password schemes
     def self.schemes
-      result = `#{self.command_name} -l`
+      result = `#{CMD_DOVEADM_PW} -l`
       result.split
     end
 
-    def self.password(in_password, in_scheme, prefix)
-      password = Shellwords.escape(in_password)
-      scheme = Shellwords.escape(in_scheme)
-      _stdin, stdout, stderr = Open3.popen3("#{self.command_name} -s #{scheme} -p #{password}")
+    # Generate a password hash using `doveadm pw` command
+    def self.password(password, scheme, rounds: nil, user_name: nil,
+                      prefix: true)
+      escaped_password = Shellwords.escape(password)
+      escaped_scheme   = Shellwords.escape(scheme)
 
-      if stderr.readlines.to_s =~ /Fatal:/
-        raise Error, stderr.readlines
-      else
-        res = stdout.readlines.first.chomp
+      cmd = "#{CMD_DOVEADM_PW} -s #{escaped_scheme} -p #{escaped_password}"
+
+      # DIGEST-MD5 requires -u option (user name)
+      if scheme == "DIGEST-MD5"
+        escaped_user_name = Shellwords.escape(user_name)
+        cmd << " -u #{escaped_user_name}"
+      end
+
+      if rounds
+        escaped_rounds   = Shellwords.escape(rounds.to_s)
+        cmd << " -r #{rounds}"
+      end
+
+      output, error, status = Open3.capture3(cmd)
+
+      if status.success?
+        res = output.chomp
         if prefix
           res
         else
-          res.gsub("{#{scheme}}", "")
+          # Remove the prefix
+          res.gsub("{#{escaped_scheme}}", "")
         end
+      else
+        raise Error, "#{CMD_DOVEADM_PW}: #{error}"
       end
     end
-
-    def self.command_name
-      "doveadm pw"
-    end
   end
 end

data/lib/postfix_admin/{admin.rb → models/admin.rb}

@@ -1,16 +1,35 @@
-require 'postfix_admin/concerns/dovecot_cram_md5_password'
+require "postfix_admin/models/application_record"
+require "postfix_admin/models/concerns/has_password"
 
 module PostfixAdmin
   class Admin < ApplicationRecord
+    # version: 1841
+    # > describe admin;
+    # +----------------+--------------+------+-----+---------------------+-------+
+    # | Field          | Type         | Null | Key | Default             | Extra |
+    # +----------------+--------------+------+-----+---------------------+-------+
+    # | username       | varchar(255) | NO   | PRI | NULL                |       |
+    # | password       | varchar(255) | NO   |     | NULL                |       |
+    # | created        | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # | modified       | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # | active         | tinyint(1)   | NO   |     | 1                   |       |
+    # | superadmin     | tinyint(1)   | NO   |     | 0                   |       |
+    # | phone          | varchar(30)  | NO   |     |                     |       |
+    # | email_other    | varchar(255) | NO   |     |                     |       |
+    # | token          | varchar(255) | NO   |     |                     |       |
+    # | token_validity | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # +----------------+--------------+------+-----+---------------------+-------+
+
     self.table_name = :admin
     self.primary_key = :username
 
-    include DovecotCramMD5Password
+    include HasPassword
 
     validates :username, presence: true, uniqueness: { case_sensitive: false },
                          format: { with: RE_EMAIL_LIKE_WITH_ANCHORS,
                                    message: "must be a valid email address" }
 
+    # Admin <-> DomainAdmin <-> Domain
     has_many :domain_admins, foreign_key: :username, dependent: :delete_all
     has_many :rel_domains, through: :domain_admins
 

data/lib/postfix_admin/models/alias.rb

@@ -0,0 +1,63 @@
+require "postfix_admin/models/application_record"
+
+module PostfixAdmin
+  class Alias < ApplicationRecord
+    # version: 1841
+    # > describe alias;
+    # +----------+--------------+------+-----+---------------------+-------+
+    # | Field    | Type         | Null | Key | Default             | Extra |
+    # +----------+--------------+------+-----+---------------------+-------+
+    # | address  | varchar(255) | NO   | PRI | NULL                |       |
+    # | goto     | text         | NO   |     | NULL                |       |
+    # | domain   | varchar(255) | NO   | MUL | NULL                |       |
+    # | created  | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # | modified | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # | active   | tinyint(1)   | NO   |     | 1                   |       |
+    # +----------+--------------+------+-----+---------------------+-------+
+
+    self.table_name = :alias
+    self.primary_key = :address
+
+    validate on: :create do |a|
+      domain = a.rel_domain
+
+      if domain.alias_unlimited?
+        # unlimited: do nothing
+      elsif domain.alias_disabled?
+        # disabled
+        a.errors.add(:domain, "has a disabled status for aliases")
+      elsif domain.pure_alias_count >= domain.aliases
+        # exceeding alias limit
+        message = "has already reached the maximum number of aliases " \
+          "(maximum: #{domain.aliases})"
+        a.errors.add(:domain, message)
+      end
+    end
+
+    validates :address, presence: true, uniqueness: { case_sensitive: false },
+                        format: { with: RE_EMAIL_LIKE_WITH_ANCHORS,
+                                  message: "must be a valid email address" }
+    validates :goto, presence: true
+
+    belongs_to :rel_domain, class_name: "Domain", foreign_key: :domain
+    belongs_to :mailbox, foreign_key: :address, optional: true
+
+    # aliases which do not belong to any mailbox
+    scope :pure, -> { joins("LEFT OUTER JOIN mailbox ON alias.address = mailbox.username").where("mailbox.username" => nil) }
+
+    # aliases which belong to a mailbox and have forwardings to other addresses
+    scope :forward, -> { joins("LEFT OUTER JOIN mailbox ON alias.address = mailbox.username").where("mailbox.username <> alias.goto") }
+
+    def mailbox?
+      !!mailbox
+    end
+
+    def pure_alias?
+      !mailbox
+    end
+
+    def gotos
+      goto.split(",")
+    end
+  end
+end

data/lib/postfix_admin/{application_record.rb → models/application_record.rb}

@@ -1,5 +1,5 @@
-require 'active_record'
-require 'postfix_admin/concerns/existing_timestamp'
+require "active_record"
+require "postfix_admin/models/concerns/existing_timestamp"
 
 module PostfixAdmin
   class ApplicationRecord < ActiveRecord::Base

data/lib/postfix_admin/{concerns → models/concerns}/existing_timestamp.rb

@@ -14,5 +14,4 @@ module ExistingTimestamp
       ["modified"]
     end
   end
-
-end
+end

data/lib/postfix_admin/models/concerns/has_password.rb

@@ -0,0 +1,16 @@
+require 'active_support/concern'
+
+module HasPassword
+  extend ActiveSupport::Concern
+
+  # example: {CRAM-MD5}, {BLF-CRYPT}, {PLAIN}
+  # return nil if no scheme prefix
+  def scheme_prefix
+    res = password&.match(/^\{.*?\}/)
+    if res
+      res[0]
+    else
+      nil
+    end
+  end
+end