postfix_admin 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8a15e49758d586d12c05d2e0f15f04b123345942d9de889a3617d9cb13ca25bb
-  data.tar.gz: 9b0a5e9d4741ad9dc8562347c4ca63616bddf97b5e20e6669ae7088bbb04bb29
+  metadata.gz: a9877c43c00661c60c1fee5e200211c97cd4cdc8d53593985c3e49f8296d27b9
+  data.tar.gz: 9d9744f09e0a9e3ccdc72af138a4879824f3cd00bc3a1a111d0320a30007ee84
 SHA512:
-  metadata.gz: eeee12bb7ba7e2d3530878a431f82bfd0c239f64b96225577d46a20e90d60f870a6df73fe96a3dbc02cc69363b380f63976074d8d0e4debd465ae0c014d337a4
-  data.tar.gz: 257ad43dfbb601927501abab85a6ecf8c0c1bc2d353f2bf7f6be93db81a50c6f27eaf685cc9c6386c5c734a0989e3909346e8aa66247dbabb77c1fb66562b40e
+  metadata.gz: 86dfd30f6793fd6c13d09e532d7499f2e040dbe654f1bf86299d79b518a96906b6e208fd87c9bbda631d577ccfe39fb08f910e9cc41617be00425c84860d03f2
+  data.tar.gz: f553b648aefc912877d3bcc149258a1d529caa457827f24b04bc4c5d4b45d7fc1397c4189c56ba0e800360320b6295b92abbde0ff344dc56d764995d8d88c448

data/.github/workflows/ci.yml

@@ -38,9 +38,9 @@ jobs:
       - name: Install dovecotpw
         run: sudo apt-get install -y dovecot-core
       - name: Copy configure file
-        run: cp ./test/misc/postfix_admin.conf ~/.postfix_admin.conf
+        run: cp ./spec/misc/postfix_admin.conf ~/.postfix_admin.conf
       - name: Copy my.cnf (for `rake setup_test_db`)
-        run: cp ./test/misc/ci.my.cnf ~/.my.cnf
+        run: cp ./spec/misc/ci.my.cnf ~/.my.cnf
       - name: docker-compose up
         run: docker-compose up -d db
       - name: Sleep (work around)
@@ -48,7 +48,5 @@ jobs:
         run: sleep 10
       - name: Set up test database
         run: bundle exec rake setup_test_db
-      - name: Run tests
-        run: bundle exec rake test
       - name: Run specs
         run: bundle exec rake spec

data/CHANGELOG.md

@@ -1,29 +1,36 @@
 # CHANGELOG
 
+## 0.3.1
+  + Added `admins`, `domains`, `accounts`, `aliases` and `forwards` subcommands
+  * Added `teardown` subcommand for the opposite operation of `setup`
+  * `delete_domain` subcommand removes logs associated with the domain
+  * Added `-s` (scheme) and `-r` (rounds) options for subcommands that require password arguments
+    + Encryption rounds are supported only for `BLF-CRYPT`, `SHA256-CRYPT`, and `SHA512-CRYPT` schemes
+
 ## 0.3.0
- * Added support for table display format
- * No longer supports `dovecotpw` for password hash generation
-   + Only `doveadm pw` is supported
+  * Added support for table display format
+  * No longer supports `dovecotpw` for password hash generation
+    + Only `doveadm pw` is supported
 
 ## 0.2.1
- * Added support for the `superadmin` column in the `admin` table
- * Added `passwordhash_prefix` keyword in the configuration format for backward compatibility
+  * Added support for the `superadmin` column in the `admin` table
+  * Added `passwordhash_prefix` keyword in the configuration format for backward compatibility
 
 ## 0.2.0
- * Switched the object-relational mapper from DataMapper to ActiveRecord
- * Stored password hashes now include scheme prefixes, such as `{CRAM-MD5}` and `{PLAIN}`
+  * Switched the object-relational mapper from DataMapper to ActiveRecord
+  * Stored password hashes now include scheme prefixes, such as `{CRAM-MD5}` and `{PLAIN}`
 
 ## 0.1.4
- * Added "log" subcommand
+  * Added `log` subcommand
 
 ## 0.1.3
- * Added support for activation and deactivation of domains, admins, and accounts
- * Added "edit_admin" subcommand
+  * Added support for activation and deactivation of domains, admins, and accounts
+  * Added `edit_admin` subcommand
 
 ## 0.1.2
- * Added support for password hashing by doveadm (external subcommand)
- * Display active status
- * Hide passwords in list format
+  * Added support for password hashing by doveadm (external subcommand)
+  * Display active status
+  * Hide passwords in list format
 
 ## 0.1.1, released 2013-05-10
- * Fixed string length issue for passwords
+  * Fixed string length issue for passwords

data/Rakefile

@@ -2,6 +2,11 @@ require "bundler/gem_tasks"
 require "rake/testtask"
 require "rspec/core/rake_task"
 
+require "bundler/setup"
+Bundler.require(:default, :development)
+require "postfix_admin"
+require "postfix_admin/cli"
+
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"
@@ -22,3 +27,27 @@ task :setup_test_db do
   puts import_db_cmd
   puts `#{import_db_cmd}`
 end
+
+namespace :db do
+  desc "Loads the seed data from db/seeds.rb"
+  task :seed do
+    establish_db_connection
+    require_relative "db/seeds"
+  end
+
+  namespace :seed do
+    desc "Truncates tables of each database for current environment and loads the seeds"
+    task :replant do
+      establish_db_connection
+
+      require_relative "db/reset"
+      require_relative "db/seeds"
+    end
+  end
+
+  def establish_db_connection
+    FactoryBot.find_definitions
+
+    PostfixAdmin::CLI.new.db_setup
+  end
+end

data/db/reset.rb

@@ -0,0 +1,7 @@
+DomainAdmin.delete_all
+Mailbox.delete_all
+Alias.delete_all
+Domain.without_all.delete_all
+Admin.delete_all
+Quota2.delete_all
+Log.delete_all

data/db/seeds.rb

@@ -0,0 +1,26 @@
+include FactoryBot::Syntax::Methods
+
+create(:domain, domain: "example.com", description: "example.com Description")
+create(:domain, domain: "example.org", description: "example.org Description")
+
+all_admin = create(:admin, username: "all@example.com")
+all_admin.rel_domains << Domain.find('ALL')
+all_admin.superadmin = true if all_admin.has_superadmin_column?
+all_admin.save!
+
+admin = create(:admin, username: "admin@example.com")
+domain = Domain.find('example.com')
+domain.admins << admin
+domain.rel_aliases   << build(:alias, address: "alias@example.com")
+domain.rel_mailboxes << build(:mailbox, local_part: "user")
+domain.rel_mailboxes << build(:mailbox, local_part: "user2")
+domain.save!
+
+# forward
+user = Alias.find("user2@example.com").update(goto: "user2@example.com,forward@example.com")
+
+create(:quota2, username: "user@example.com", bytes: 75 * PostfixAdmin::KB_TO_MB)
+
+create(:log)
+create(:log, action: "delete_domain", data: "user@example.com")
+create(:log, domain: "example.org", data: "example.org")

data/docker-admin/config.local.php

@@ -16,9 +16,11 @@ $CONF['password_validation'] = array(
 
 $CONF['encrypt'] = 'dovecot:CRAM-MD5';
 
+$CONF['default_aliases'] = array();
 $CONF['domain_quota'] = 'NO';
 $CONF['quota'] = 'YES';
+$CONF['emailcheck_resolve_domain']='NO';
 
 // setup_password: 'password'
 $CONF['setup_password'] = '87745eb0269b2f42813b23601be3231a:6e41880f73d97321f2f0b25a5ee30f57f5ab3be8';
-?>
+?>

data/docker-compose.yml

@@ -1,10 +1,12 @@
 # docker compose up -d
 #
 # Run tests on service app
-# You may need to run tests on Docker because of its requirement of doveadm
+# You may need to run tests on Docker because of its requirement of `doveadm` command.
 # docker compose exec app bundle exec rake setup_test_db
 # docker compose exec app bundle exec rake test
 # docker compose exec app bundle exec rake spec
+#
+# rspec spec/runner_spec.rb
 
 services:
   app:
@@ -26,12 +28,6 @@ services:
       - ./docker-admin/config.local.php:/var/www/html/config.local.php
     depends_on:
       - db
-#    environment:
-#      - POSTFIXADMIN_DB_TYPE=mysqli
-#      - POSTFIXADMIN_DB_HOST=db
-#      - POSTFIXADMIN_DB_USER=postfix
-#      - POSTFIXADMIN_DB_PASSWORD=password
-#      - POSTFIXADMIN_DB_NAME=postfix
   db:
     image: mariadb:10
     ports:

data/lib/postfix_admin/base.rb

@@ -100,7 +100,7 @@ module PostfixAdmin
         domain: domain_name,
         password: password,
         name: name,
-        quota_mb: @config[:maxquota]
+        quota: @config[:maxquota] * KB_TO_MB
       }
 
       # An Alias also will be added when a Mailbox is saved.
@@ -121,7 +121,7 @@ module PostfixAdmin
       domain = find_domain(domain_name)
 
       attributes = {
-        local_part: local_part,
+        address: address,
         goto: goto
       }
 
@@ -174,18 +174,6 @@ module PostfixAdmin
       admin_names = domain.admins.map(&:username)
 
       domain.destroy!
-
-      # Remove admins who had the deleted domain only
-      admin_names.each do |name|
-        next unless Admin.exists?(name)
-
-        admin = Admin.find(name)
-
-        # check if the admin is needed or not
-        if admin.rel_domains.empty?
-          admin.destroy!
-        end
-      end
     end
 
     def delete_admin(user_name)
@@ -194,7 +182,6 @@ module PostfixAdmin
       end
 
       admin = Admin.find(user_name)
-      admin.rel_domains.delete_all
       admin.destroy!
     end
 
@@ -203,8 +190,8 @@ module PostfixAdmin
         raise_error "Could not find account: #{address}"
       end
 
-      Mailbox.where(username: address).delete_all
-      Alias.where(address: address).delete_all
+      mailbox = Mailbox.find(address)
+      mailbox.destroy!
     end
 
     private

data/lib/postfix_admin/cli.rb

@@ -57,9 +57,9 @@ module PostfixAdmin
         show_domain_details(name)
       else
         # no argument: show all domains and admins
-        show_domain
+        show_domains
         puts
-        show_admin
+        show_admins
       end
     end
 
@@ -73,13 +73,21 @@ module PostfixAdmin
 
     # Set up a domain
     # Add a domain, add an admin, and grant the admin access to the domain
-    def setup_domain(domain_name, password)
+    def setup_domain(domain_name, password, scheme: nil, rounds: nil)
       admin = "admin@#{domain_name}"
       add_domain(domain_name)
-      add_admin(admin, password)
+      add_admin(admin, password, scheme: scheme, rounds: rounds)
       add_admin_domain(admin, domain_name)
     end
 
+    # Tear down a domain
+    # Delete a domain and delete an admin user for it
+    def teardown_domain(domain_name)
+      admin = "admin@#{domain_name}"
+      delete_domain(domain_name)
+      delete_admin(admin)
+    end
+
     def show_account_details(user_name, display_password: false)
       account_check(user_name)
       mailbox    = Mailbox.find(user_name)
@@ -90,7 +98,7 @@ module PostfixAdmin
       rows << ["Address", mailbox.username]
       rows << ["Name", mailbox.name]
       rows << ["Password", mailbox.password] if display_password
-      rows << ["Quota (MB)", mailbox.quota_mb_str]
+      rows << ["Quota (MB)", mailbox.quota_display_str(format: "%.1f")]
       rows << ["Go to", mail_alias.goto]
       rows << ["Active", mailbox.active_str]
 
@@ -125,7 +133,7 @@ module PostfixAdmin
       puts_table(rows: rows)
     end
 
-    def show_domain
+    def show_domains
       rows = []
       headings = ["No.", "Domain", "Aliases", "Mailboxes","Max Quota (MB)",
                   "Active", "Description"]
@@ -152,12 +160,12 @@ module PostfixAdmin
       puts_registered(domain_name, "a domain")
     end
 
-    def change_admin_password(user_name, password)
-      change_password(Admin, user_name, password)
+    def change_admin_password(user_name, password, scheme: nil, rounds: nil)
+      change_password(Admin, user_name, password, scheme: scheme, rounds: rounds)
     end
 
-    def change_account_password(user_name, password)
-      change_password(Mailbox, user_name, password)
+    def change_account_password(user_name, password, scheme: nil, rounds: nil)
+      change_password(Mailbox, user_name, password, scheme: scheme, rounds: rounds)
     end
 
     def edit_admin(admin_name, options)
@@ -171,7 +179,7 @@ module PostfixAdmin
       admin.active = options[:active] unless options[:active].nil?
       admin.save!
 
-      puts "Successfully updated #{admin_name}"
+      puts "successfully updated #{admin_name}"
       show_admin_details(admin_name)
     end
 
@@ -185,7 +193,7 @@ module PostfixAdmin
       domain.description  = options[:description] if options[:description]
       domain.save!
 
-      puts "Successfully updated #{domain_name}"
+      puts "successfully updated #{domain_name}"
       show_summary(domain_name)
     end
 
@@ -194,9 +202,9 @@ module PostfixAdmin
       puts_deleted(domain_name)
     end
 
-    def show_admin(domain_name = nil)
+    def show_admins(domain_name = nil)
       admins = domain_name ? Admin.select { |a| a.rel_domains.exists?(domain_name) } : Admin.all
-      headings = %w[No. Admin Domains Active]
+      headings = ["No.", "Admin", "Domains", "Active", "Scheme Prefix"]
 
       puts_title("Admins")
       if admins.empty?
@@ -208,45 +216,60 @@ module PostfixAdmin
       admins.each_with_index do |a, i|
         no = i + 1
         domains = a.super_admin? ? 'Super Admin' : a.rel_domains.count
-        rows << [no.to_s, a.username, domains.to_s, a.active_str]
+        rows << [no.to_s, a.username, domains.to_s, a.active_str, a.scheme_prefix]
       end
 
       puts_table(headings: headings, rows: rows)
     end
 
-    def show_address(domain_name)
-      domain_check(domain_name)
+    def show_accounts(domain_name=nil)
+      domain_check(domain_name) if domain_name
 
       rows = []
-      mailboxes = Domain.find(domain_name).rel_mailboxes
-      headings = ["No.", "Email", "Name", "Quota (MB)", "Active", "Maildir"]
-
-      puts_title("Addresses")
+      mailboxes = if domain_name
+                    Domain.find(domain_name).rel_mailboxes
+                  else
+                    Mailbox.all
+                  end
+      headings = ["No.", "Email", "Name", "Quota (MB)", "Active",
+                  "Scheme Prefix", "Maildir"]
+
+      puts_title("Accounts")
       if mailboxes.empty?
-        puts "No addresses"
+        puts "No accounts"
         return
       end
 
       mailboxes.each_with_index do |m, i|
         no = i + 1
-        rows << [no.to_s, m.username, m.name, m.quota_mb_str,
-                 m.active_str, m.maildir]
+        rows << [no.to_s, m.username, m.name, m.quota_display_str,
+                 m.active_str, m.scheme_prefix, m.maildir]
       end
 
       puts_table(headings: headings, rows: rows)
     end
 
-    def show_alias(domain_name)
-      domain_check(domain_name)
-
-      forwards, aliases = Domain.find(domain_name).rel_aliases.partition { |a| a.mailbox? }
+    def show_forwards(domain_name=nil)
+      domain_check(domain_name) if domain_name
 
-      forwards.delete_if do |f|
-        f.address == f.goto
-      end
+      forwards = if domain_name
+                   Domain.find(domain_name).rel_aliases.forward
+                 else
+                   Alias.forward
+                 end
 
       show_alias_base("Forwards", forwards)
-      puts
+    end
+
+    def show_aliases(domain_name=nil)
+      domain_check(domain_name) if domain_name
+
+      aliases = if domain_name
+                  Domain.find(domain_name).rel_aliases.pure
+                else
+                  db_aliases = Alias.pure
+                end
+
       show_alias_base("Aliases",  aliases)
     end
 
@@ -266,10 +289,14 @@ module PostfixAdmin
       puts_table(rows: rows, headings: %w[No. Domain])
     end
 
-    def add_admin(user_name, password, super_admin = false, scheme = nil)
+    def add_admin(user_name, password, super_admin: false,
+                  scheme: nil, rounds: nil)
       validate_password(password)
 
-      @base.add_admin(user_name, hashed_password(password, scheme))
+      h_password = hashed_password(password, user_name: user_name,
+                                   scheme: scheme, rounds: rounds)
+      @base.add_admin(user_name, h_password)
+
       if super_admin
         Admin.find(user_name).super_admin = true
         puts_registered(user_name, "a super admin")
@@ -288,10 +315,12 @@ module PostfixAdmin
       puts "#{domain_name} was successfully deleted from #{user_name}"
     end
 
-    def add_account(address, password, scheme = nil, name = nil)
+    def add_account(address, password, name: nil, scheme: nil, rounds: nil)
       validate_password(password)
 
-      @base.add_account(address, hashed_password(password, scheme), name: name)
+      h_password = hashed_password(password, user_name: address,
+                                   scheme: scheme, rounds: rounds)
+      @base.add_account(address, h_password, name: name)
       puts_registered(address, "an account")
     end
 
@@ -301,10 +330,13 @@ module PostfixAdmin
     end
 
     def edit_account(address, options)
+      quota = options[:quota]
+      raise "Invalid Quota value: #{quota}" if quota && quota <= 0
+
       mailbox_check(address)
       mailbox = Mailbox.find(address)
       mailbox.name = options[:name] if options[:name]
-      mailbox.quota = options[:quota] * KB_TO_MB if options[:quota]
+      mailbox.quota_mb = quota if quota
       mailbox.active = options[:active] unless options[:active].nil?
       mailbox.save!
 
@@ -314,7 +346,7 @@ module PostfixAdmin
         mail_alias.save!
       end
 
-      puts "Successfully updated #{address}"
+      puts "successfully updated #{address}"
       show_account_details(address)
     end
 
@@ -325,7 +357,7 @@ module PostfixAdmin
       mail_alias.active = options[:active] unless options[:active].nil?
       mail_alias.save or raise "Could not save Alias"
 
-      puts "Successfully updated #{address}"
+      puts "successfully updated #{address}"
       show_alias_details(address)
     end
 
@@ -428,11 +460,13 @@ module PostfixAdmin
     end
 
     def show_domain_details(domain_name)
-      show_admin(domain_name)
+      show_admins(domain_name)
       puts
-      show_address(domain_name)
+      show_accounts(domain_name)
       puts
-      show_alias(domain_name)
+      show_forwards(domain_name)
+      puts
+      show_aliases(domain_name)
     end
 
     def show_alias_base(title, addresses)
@@ -524,24 +558,44 @@ module PostfixAdmin
       end
     end
 
-    def change_password(klass, user_name, password)
+    def change_password(klass, user_name, password, scheme: nil, rounds: nil)
       raise Error, "Could not find #{user_name}" unless klass.exists?(user_name)
 
       validate_password(password)
 
       obj = klass.find(user_name)
+      h_password = hashed_password(password, scheme: scheme, rounds: rounds,
+                                   user_name: user_name)
 
-      if obj.update(password: hashed_password(password))
-        puts "the password of #{user_name} was successfully changed."
+      if obj.update(password: h_password)
+        puts "the password of #{user_name} was successfully updated."
       else
         raise "Could not change password of #{klass.name}"
       end
     end
 
-    def hashed_password(password, in_scheme = nil)
+    # The default number of rounds for BLF-CRYPT in `doveadm pw` is 5.
+    # However, this method uses 10 rounds by default, similar to
+    # the password_hash() function in PHP.
+    #
+    # https://www.php.net/manual/en/function.password-hash.php
+    # <?php
+    #   echo password_hash("password", PASSWORD_BCRYPT);
+    #
+    # $2y$10$qzRgjWZWfH4VsNQGvp/DNObFSaMiZxXJSzgXqOOS/qtF68qIhhwFe
+    DEFAULT_BLF_CRYPT_ROUNDS = 10
+
+    # Generate a hashed password
+    def hashed_password(password, scheme: nil, rounds: nil, user_name: nil)
       prefix = @base.config[:passwordhash_prefix]
-      scheme = in_scheme || @base.config[:scheme]
-      PostfixAdmin::Doveadm.password(password, scheme, prefix)
+      new_scheme = scheme || @base.config[:scheme]
+      new_rounds = if rounds
+                     rounds
+                   elsif new_scheme == "BLF-CRYPT"
+                     DEFAULT_BLF_CRYPT_ROUNDS
+                   end
+      PostfixAdmin::Doveadm.password(password, new_scheme, rounds: new_rounds,
+                                     user_name: user_name, prefix: prefix)
     end
   end
 end

data/lib/postfix_admin/doveadm.rb

@@ -1,33 +1,49 @@
-
 require 'open3'
 require 'shellwords'
 
 module PostfixAdmin
   class Doveadm
+    # doveadm-pw: https://doc.dovecot.org/3.0/man/doveadm-pw.1/
+    CMD_DOVEADM_PW = "doveadm pw"
+
+    # List all supported password schemes
     def self.schemes
-      result = `#{self.command_name} -l`
+      result = `#{CMD_DOVEADM_PW} -l`
       result.split
     end
 
-    def self.password(in_password, in_scheme, prefix)
-      password = Shellwords.escape(in_password)
-      scheme = Shellwords.escape(in_scheme)
-      _stdin, stdout, stderr = Open3.popen3("#{self.command_name} -s #{scheme} -p #{password}")
+    # Generate a password hash using `doveadm pw` command
+    def self.password(password, scheme, rounds: nil, user_name: nil,
+                      prefix: true)
+      escaped_password = Shellwords.escape(password)
+      escaped_scheme   = Shellwords.escape(scheme)
 
-      if stderr.readlines.to_s =~ /Fatal:/
-        raise Error, stderr.readlines
-      else
-        res = stdout.readlines.first.chomp
+      cmd = "#{CMD_DOVEADM_PW} -s #{escaped_scheme} -p #{escaped_password}"
+
+      # DIGEST-MD5 requires -u option (user name)
+      if scheme == "DIGEST-MD5"
+        escaped_user_name = Shellwords.escape(user_name)
+        cmd << " -u #{escaped_user_name}"
+      end
+
+      if rounds
+        escaped_rounds   = Shellwords.escape(rounds.to_s)
+        cmd << " -r #{rounds}"
+      end
+
+      output, error, status = Open3.capture3(cmd)
+
+      if status.success?
+        res = output.chomp
         if prefix
           res
         else
-          res.gsub("{#{scheme}}", "")
+          # Remove the prefix
+          res.gsub("{#{escaped_scheme}}", "")
         end
+      else
+        raise Error, "#{CMD_DOVEADM_PW}: #{error}"
       end
     end
-
-    def self.command_name
-      "doveadm pw"
-    end
   end
 end

data/lib/postfix_admin/{admin.rb → models/admin.rb}

@@ -1,16 +1,34 @@
-require 'postfix_admin/concerns/dovecot_cram_md5_password'
+require 'postfix_admin/models/concerns/has_password'
 
 module PostfixAdmin
   class Admin < ApplicationRecord
+    # version: 1841
+    # > describe admin;
+    # +----------------+--------------+------+-----+---------------------+-------+
+    # | Field          | Type         | Null | Key | Default             | Extra |
+    # +----------------+--------------+------+-----+---------------------+-------+
+    # | username       | varchar(255) | NO   | PRI | NULL                |       |
+    # | password       | varchar(255) | NO   |     | NULL                |       |
+    # | created        | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # | modified       | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # | active         | tinyint(1)   | NO   |     | 1                   |       |
+    # | superadmin     | tinyint(1)   | NO   |     | 0                   |       |
+    # | phone          | varchar(30)  | NO   |     |                     |       |
+    # | email_other    | varchar(255) | NO   |     |                     |       |
+    # | token          | varchar(255) | NO   |     |                     |       |
+    # | token_validity | datetime     | NO   |     | 2000-01-01 00:00:00 |       |
+    # +----------------+--------------+------+-----+---------------------+-------+
+
     self.table_name = :admin
     self.primary_key = :username
 
-    include DovecotCramMD5Password
+    include HasPassword
 
     validates :username, presence: true, uniqueness: { case_sensitive: false },
                          format: { with: RE_EMAIL_LIKE_WITH_ANCHORS,
                                    message: "must be a valid email address" }
 
+    # Admin <-> DomainAdmin <-> Domain
     has_many :domain_admins, foreign_key: :username, dependent: :delete_all
     has_many :rel_domains, through: :domain_admins