doveauth: add invite_token to override nocreate file

2026-05-19 12:28:06 +00:00 · 2025-07-08 16:30:54 +02:00
parent 7bf2dfd62e
commit 56cbd6f35b
4 changed files with 10 additions and 4 deletions
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -31,6 +31,7 @@ class Config:
        self.username_min_length = int(params["username_min_length"])
        self.username_max_length = int(params["username_max_length"])
        self.password_min_length = int(params["password_min_length"])
        self.invite_token = params["invite_token"]
        self.passthrough_senders = params["passthrough_senders"].split()
        self.passthrough_recipients = params["passthrough_recipients"].split()
        self.www_folder = params.get("www_folder", "")
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -24,10 +24,11 @@ def encrypt_password(password: str):
 def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
    """Return True if user and password are admissable."""
    if os.path.exists(NOCREATE_FILE):
-        logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
+        if config.invite_token and config.invite_token not in cleartext_password:
-        return False
+            logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
            return False
-    if len(cleartext_password) < config.password_min_length:
+    if len(cleartext_password.replace(config.invite_token, "")) < config.password_min_length:
        logging.warning(
            "Password needs to be at least %s characters long",
            config.password_min_length,
--- a/chatmaild/src/chatmaild/newemail.py
+++ b/chatmaild/src/chatmaild/newemail.py
@@ -3,6 +3,7 @@
 """CGI script for creating new accounts."""
 import json
 import os
 import random
 import secrets
 import string
@@ -20,7 +21,9 @@ def create_newemail_dict(config: Config):
        secrets.choice(ALPHANUMERIC_PUNCT)
        for _ in range(config.password_min_length + 3)
    )
-    return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")
+    redirect_uri = os.getenv("REQUEST_URI")
    invite_token = redirect_uri[5:] if redirect_uri != "/new" else ""
    return dict(email=f"{user}@{config.mail_domain}", password=f"{invite_token}{password}")
 def print_new_account():
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -90,6 +90,7 @@ http {
 			fastcgi_pass unix:/run/fcgiwrap.socket;
 			include /etc/nginx/fastcgi_params;
 			fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/newemail.py;
 			fastcgi_param QUERY_STRING $query_string;
 		}
 		# Old URL for compatibility with e.g. printed QR codes.