From 56cbd6f35bb1a8f7a207c9938f682a88ac6915d5 Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Tue, 8 Jul 2025 16:30:54 +0200
Subject: [PATCH] doveauth: add invite_token to override nocreate file

---
 chatmaild/src/chatmaild/config.py         | 1 +
 chatmaild/src/chatmaild/doveauth.py       | 7 ++++---
 chatmaild/src/chatmaild/newemail.py       | 5 ++++-
 cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 | 1 +
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/chatmaild/src/chatmaild/config.py b/chatmaild/src/chatmaild/config.py
index ae5f4423..332c1029 100644
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -31,6 +31,7 @@ class Config:
         self.username_min_length = int(params["username_min_length"])
         self.username_max_length = int(params["username_max_length"])
         self.password_min_length = int(params["password_min_length"])
+        self.invite_token = params["invite_token"]
         self.passthrough_senders = params["passthrough_senders"].split()
         self.passthrough_recipients = params["passthrough_recipients"].split()
         self.www_folder = params.get("www_folder", "")
diff --git a/chatmaild/src/chatmaild/doveauth.py b/chatmaild/src/chatmaild/doveauth.py
index e6292a36..70589214 100644
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -24,10 +24,11 @@ def encrypt_password(password: str):
 def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
     """Return True if user and password are admissable."""
     if os.path.exists(NOCREATE_FILE):
-        logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
-        return False
+        if config.invite_token and config.invite_token not in cleartext_password:
+            logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
+            return False
 
-    if len(cleartext_password) < config.password_min_length:
+    if len(cleartext_password.replace(config.invite_token, "")) < config.password_min_length:
         logging.warning(
             "Password needs to be at least %s characters long",
             config.password_min_length,
diff --git a/chatmaild/src/chatmaild/newemail.py b/chatmaild/src/chatmaild/newemail.py
index fbf976af..cf483ff2 100644
--- a/chatmaild/src/chatmaild/newemail.py
+++ b/chatmaild/src/chatmaild/newemail.py
@@ -3,6 +3,7 @@
 """CGI script for creating new accounts."""
 
 import json
+import os
 import random
 import secrets
 import string
@@ -20,7 +21,9 @@ def create_newemail_dict(config: Config):
         secrets.choice(ALPHANUMERIC_PUNCT)
         for _ in range(config.password_min_length + 3)
     )
-    return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")
+    redirect_uri = os.getenv("REQUEST_URI")
+    invite_token = redirect_uri[5:] if redirect_uri != "/new" else ""
+    return dict(email=f"{user}@{config.mail_domain}", password=f"{invite_token}{password}")
 
 
 def print_new_account():
diff --git a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
index 8d27394c..7e72093f 100644
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -90,6 +90,7 @@ http {
 			fastcgi_pass unix:/run/fcgiwrap.socket;
 			include /etc/nginx/fastcgi_params;
 			fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/newemail.py;
+			fastcgi_param QUERY_STRING $query_string;
 		}
 
 		# Old URL for compatibility with e.g. printed QR codes.