move doveauth scripts to its own python project

chatmail-pyinfra/src/chatmail/__init__.py

@@ -12,8 +12,8 @@ from .acmetool import deploy_acmetool
 def _install_chatctl() -> None:
     """Setup chatctl."""
     files.put(
-        src=importlib.resources.files(__package__)
-        .joinpath("dovecot/doveauth.py")
+        src=importlib.resources.files("doveauth")
+        .joinpath("doveauth.py")
         .open("rb"),
         dest="/home/vmail/chatctl",
         user="vmail",
@@ -103,7 +103,7 @@ def _configure_dovecot(mail_server: str) -> bool:
 
     # luarocks install http lpeg_patterns fifo
     auth_script = files.put(
-        src=importlib.resources.files(__package__).joinpath("dovecot/doveauth.lua"),
+        src=importlib.resources.files("doveauth").joinpath("doveauth.lua"),
         dest="/etc/dovecot/doveauth.lua",
         user="root",
         group="root",

chatmail-pyinfra/src/chatmail/dovecot/doveauth.lua

@@ -1,57 +0,0 @@
-
--- Escape shell argument by hex encoding it and wrapping in quotes.
-function escape(data)
-   b16 = data:gsub(".", function(char) return string.format("%2X", char:byte()) end)
-   return ("'"..b16.."'")
-end
-
--- call out to python program to actually manage authentication for dovecot
-
-function chatctl_verify(user, password)
-    local cmd = "python3 /home/vmail/chatctl hexauth "..escape(user).." "..escape(password)
-    print("executing: "..cmd)
-    local handle = io.popen(cmd)
-    local result = handle:read("*a")
-    handle:close()
-    return split_chatctl(result)
-end
-
-function chatctl_lookup(user) 
-    assert(user)
-    local handle = io.popen("python3 /home/vmail/chatctl hexlookup "..escape(user))
-    local result = handle:read("*a")
-    handle:close()
-    return split_chatctl(result)
-end
-
-function get_extra_dovecot_output(res)
-    return {home=res.home, uid=res.uid, gid=res.gid}
-end
-
-
-function auth_password_verify(request, password)
-    local res = chatctl_verify(request.user, password)
-    -- request:log_error("auth_password_verify "..request.user.." "..password)
-    if res.status == "ok" then 
-        local extra = get_extra_dovecot_output(res)
-        return dovecot.auth.PASSDB_RESULT_OK, get_extra_dovecot_output(res)
-    end
-    return dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH, ""
-end
-
-
-function auth_userdb_lookup(request)
-    local res = chatctl_lookup(request.user) 
-    if res.status == "ok" then
-        return dovecot.auth.USERDB_RESULT_OK, get_extra_dovecot_output(res)
-    end
-    return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
-end
-
-function split_chatctl(output) 
-    local ret = {}
-    for key, value in output:gmatch "(%w+)%s*=%s*(%w+)" do
-        ret[key] = value
-    end
-    return ret
-end

chatmail-pyinfra/src/chatmail/dovecot/doveauth.py

@@ -1,57 +0,0 @@
-#!/usr/bin/env python3
-import base64
-import sys
-
-
-def get_user_data(user):
-    if user == "link2xt@c1.testrun.org":
-        return dict(
-            uid="vmail",
-            gid="vmail",
-            password="Ahyei6ie",
-        )
-    return {}
-
-
-def create_user(user, password):
-    return dict(home=f"/home/vmail/{user}", uid="vmail", gid="vmail", password=password)
-
-
-def verify_user(user, password):
-    userdata = get_user_data(user)
-    if userdata:
-        if userdata.get("password") == password:
-            userdata["status"] = "ok"
-        else:
-            userdata["status"] = "fail"
-    else:
-        userdata = create_user(user, password)
-        userdata["status"] = "ok"
-
-    return userdata
-
-
-def lookup_user(user):
-    userdata = get_user_data(user)
-    if userdata:
-        userdata["status"] = "ok"
-    else:
-        userdata["status"] = "fail"
-    return userdata
-
-
-def dump_result(res):
-    for key, value in res.items():
-        print(f"{key}={value}")
-
-
-if __name__ == "__main__":
-    if sys.argv[1] == "hexauth":
-        login = base64.b16decode(sys.argv[2]).decode()
-        password = base64.b16decode(sys.argv[3]).decode()
-        res = verify_user(login, password)
-        dump_result(res)
-    elif sys.argv[1] == "hexlookup":
-        login = base64.b16decode(sys.argv[2]).decode()
-        res = lookup_user(login)
-        dump_result(res)

chatmail-pyinfra/src/chatmail/dovecot/test_doveauth.lua

@@ -1,78 +0,0 @@
-
-require "doveauth"
-
--- simulate dovecot defined result codes 
-
-dovecot = {
-    auth = {
-        PASSDB_RESULT_OK="PASSWORD-OK",
-        PASSDB_RESULT_PASSWORD_MISMATCH="PASSWORD-MISMATCH",
-        USERDB_RESULT_OK="USERDB-OK",
-        USERDB_RESULT_USER_UNKNOWN="USERDB-UNKNOWN"
-    }
-}
-
-
--- Tests for testing the lua<->python interaction 
-
-function test_password_verify_ok(user, password) 
-    local res, extra = auth_password_verify({user=user}, password)
-    assert(res==dovecot.auth.PASSDB_RESULT_OK)
-    assert(extra.uid == "vmail")
-    assert(extra.gid == "vmail")
-    -- assert(extra.homedir == "/home/vmail/link2xt")
-    print("OK test_password_verify_ok "..user.." "..password)
-end
-
-function test_password_verify_mismatch(user, password) 
-    local res = auth_password_verify({user=user}, password)
-    assert(res == dovecot.auth.PASSDB_RESULT_PASSWORD_MISMATCH)
-    print("OK test_password_verify_mismatch "..user.." "..password)
-end
-
-function test_userdb_lookup_ok(user)
-    local res, extra = auth_userdb_lookup({user=user})
-    assert(extra.uid == "vmail")
-    assert(extra.gid == "vmail")
-    assert(res == dovecot.auth.USERDB_RESULT_OK)
-    print("OK test_userdb_lookup_ok "..user)
-end
-
-function test_userdb_lookup_mismatch(user)
-    local res, extra = auth_userdb_lookup({user=user})
-    assert(res == dovecot.auth.USERDB_RESULT_USER_UNKNOWN)
-    print("OK test_userdb_lookup_mismatch "..user)
-end
-
-function test_passdb_lookup_ok(user)
-    local res, extra = auth_passdb_lookup({user=user})
-    assert(extra.uid == "vmail")
-    assert(extra.gid == "vmail")
-    assert(res == dovecot.auth.PASSDB_RESULT_OK)
-    print("OK test_passdb_lookup_ok "..user)
-end
-
-function test_passdb_lookup_mismatch(user)
-    local res, extra = auth_passdb_lookup({user=user})
-    assert(res == dovecot.auth.PASSDB_RESULT_USER_UNKNOWN)
-    print("OK test_passdb_lookup_mismatch "..user)
-end
-
-function test_split_chatctl()
-    local res = split_chatctl("a=3 b=4\nc=5")
-    assert(res["a"] == "3")
-    assert(res["b"] == "4")
-    assert(res["c"] == "5")
-    print("OK test_split_chatctl")
-end 
-
-test_split_chatctl()
-test_password_verify_ok("link2xt@c1.testrun.org", "Ahyei6ie")
-test_password_verify_mismatch("link2xt@c1.testrun.org", "Aqwlek")
-test_userdb_lookup_ok("link2xt@c1.testrun.org")
-test_userdb_lookup_mismatch("wlekqjlew@xyz.org")
-
--- probably not needed by dovecot? 
--- test_passdb_lookup_ok("link2xt@c1.testrun.org")
--- test_passdb_lookup_mismatch("llqkwjelqwe@xyz.org")
-

chatmail-pyinfra/src/chatmail/dovecot/test_doveauth.py

@@ -1,23 +0,0 @@
-import subprocess
-import pytest
-
-from doveauth import get_user_data, verify_user
-
-
-def test_basic():
-    data = get_user_data("link2xt@c1.testrun.org")
-    assert data
-
-
-@pytest.mark.xfail(reason="no persistence yet")
-def test_verify_or_create():
-    res = verify_user("newuser1@something.org", "kajdlkajsldk12l3kj1983")
-    assert res["status"] == "ok"
-    res = verify_user("newuser1@something.org", "kajdlqweqwe")
-    assert res["status"] == "fail"
-
-
-def test_lua_integration(request):
-    p = request.fspath.dirpath("test_doveauth.lua")
-    proc = subprocess.run(["lua", str(p)])
-    assert proc.returncode == 0