Encrypt the passwords in the database

There is also no need to compare the passwords manually,
dovecot does it for us.

doveauth/src/doveauth/dictproxy.py

@@ -7,10 +7,25 @@ from socketserver import (
     ThreadingMixIn,
 )
 import pwd
+import subprocess
 
 from .database import Database
 
 
+def encrypt_password(password: str):
+    password = password.encode("ascii")
+    # https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
+    process = subprocess.Popen(
+        ["doveadm", "pw", "-s", "BLF-CRYPT"],
+        stdin=subprocess.PIPE,
+        stdout=subprocess.PIPE,
+    )
+    stdout_data, _stderr_data = process.communicate(
+        input=password + b"\n" + password + b"\n"
+    )
+    return stdout_data.decode("ascii").strip()
+
+
 def create_user(db, user, password):
     with db.write_transaction() as conn:
         conn.create_user(user, password)
@@ -33,11 +48,9 @@ def lookup_userdb(db, user):
 def lookup_passdb(db, user, password):
     userdata = get_user_data(db, user)
     if not userdata:
-        return create_user(db, user, password)
-    if userdata.get("password") == password:
-        return userdata
-    else:
-        return None
+        return create_user(db, user, encrypt_password(password))
+    userdata["password"] = userdata["password"].strip()
+    return userdata
 
 
 def handle_dovecot_request(msg, db):

doveauth/src/doveauth/test_doveauth.py

@@ -1,4 +1,3 @@
-import subprocess
 import pytest
 
 from .dictproxy import get_user_data