Add NOTIFY capability

Delta Chat does not use it now,
but should: <https://github.com/deltachat/deltachat-core-rust/issues/4983>
Having no capability will confuse whoever develops it.

chatmaild/src/chatmaild/database.py

@@ -33,13 +33,6 @@ class Connection:
     def cursor(self):
         return self._sqlconn.cursor()
 
-    def create_user(self, addr: str, password: str):
-        """Create a row in the users table."""
-        self.execute("PRAGMA foreign_keys=on")
-        q = """INSERT INTO users (addr, password, last_login)
-               VALUES (?, ?, ?)"""
-        self.execute(q, (addr, password, int(time.time())))
-
     def get_user(self, addr: str) -> {}:
         """Get a row from the users table."""
         q = "SELECT addr, password, last_login from users WHERE addr = ?"

chatmaild/src/chatmaild/dictproxy.py

@@ -1,5 +1,6 @@
 import logging
 import os
+import time
 import sys
 import json
 import crypt
@@ -21,27 +22,29 @@ def encrypt_password(password: str):
     return "{SHA512-CRYPT}" + passhash
 
 
-def check_password(password) -> bool:
-    """Check password policy"""
-    if len(password) < 10:
-        return False
-    return True
-
-
-def create_user(db, user, encrypted_password):
+def is_allowed_to_create(user, cleartext_password) -> bool:
+    """Return True if user and password are admissable."""
     if os.path.exists(NOCREATE_FILE):
-        logging.warning(
-            f"Didn't create account: {NOCREATE_FILE} exists. Delete the file to enable account creation."
-        )
-        return
-    with db.write_transaction() as conn:
-        conn.create_user(user, encrypted_password)
-    return dict(
-        home=f"/home/vmail/{user}",
-        uid="vmail",
-        gid="vmail",
-        password=encrypted_password,
-    )
+        logging.warning(f"blocked account creation because {NOCREATE_FILE!r} exists.")
+        return False
+
+    if len(cleartext_password) < 10:
+        logging.warning("Password needs to be at least 10 characters long")
+        return False
+
+    parts = user.split("@")
+    if len(parts) != 2:
+        logging.warning(f"user {user!r} is not a proper e-mail address")
+        return False
+    localpart, domain = parts
+
+    if domain == "nine.testrun.org":
+        # nine.testrun.org policy, username has to be exactly nine chars
+        if len(localpart) != 9:
+            logging.warning(f"localpart {localpart!r} has not exactly nine chars")
+            return False
+
+    return True
 
 
 def get_user_data(db, user):
@@ -57,19 +60,34 @@ def lookup_userdb(db, user):
     return get_user_data(db, user)
 
 
-def lookup_passdb(db, user, password):
-    userdata = get_user_data(db, user)
-    if not userdata:
-        if not check_password(password):
-            logging.warning("Attempt to create an account with a weak password.")
+def lookup_passdb(db, user, cleartext_password):
+    with db.write_transaction() as conn:
+        userdata = conn.get_user(user)
+        if userdata:
+            # Update last login time.
+            conn.execute(
+                "UPDATE users SET last_login=? WHERE addr=?", (int(time.time()), user)
+            )
+
+            userdata["uid"] = "vmail"
+            userdata["gid"] = "vmail"
+            return userdata
+        if not is_allowed_to_create(user, cleartext_password):
             return
-        return create_user(db, user, encrypt_password(password))
-    userdata["password"] = userdata["password"].strip()
-    return userdata
+
+        encrypted_password = encrypt_password(cleartext_password)
+        q = """INSERT INTO users (addr, password, last_login)
+               VALUES (?, ?, ?)"""
+        conn.execute(q, (user, encrypted_password, int(time.time())))
+        return dict(
+            home=f"/home/vmail/{user}",
+            uid="vmail",
+            gid="vmail",
+            password=encrypted_password,
+        )
 
 
 def handle_dovecot_request(msg, db, mail_domain):
-    print(f"received msg: {msg!r}", file=sys.stderr)
     short_command = msg[0]
     if short_command == "L":  # LOOKUP
         parts = msg[1:].split("\t")
@@ -87,12 +105,11 @@ def handle_dovecot_request(msg, db, mail_domain):
                     reply_command = "N"
             elif type == "passdb":
                 if user.endswith(f"@{mail_domain}"):
-                    res = lookup_passdb(db, user, password=args[0])
+                    res = lookup_passdb(db, user, cleartext_password=args[0])
                 if res:
                     reply_command = "O"
                 else:
                     reply_command = "N"
-        print(f"res: {res!r}", file=sys.stderr)
         json_res = json.dumps(res) if res else ""
         return f"{reply_command}{json_res}\n"
     return None
@@ -117,7 +134,6 @@ def main():
                     break
                 res = handle_dovecot_request(msg, db, mail_domain)
                 if res:
-                    print(f"sending result: {res!r}", file=sys.stderr)
                     self.wfile.write(res.encode("ascii"))
                     self.wfile.flush()
 

deploy-chatmail/src/deploy_chatmail/__init__.py

@@ -202,7 +202,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
     need_restart = False
 
     main_config = files.template(
-        src=importlib.resources.files(__package__).joinpath("nginx.conf.j2"),
+        src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
         dest="/etc/nginx/nginx.conf",
         user="root",
         group="root",
@@ -212,7 +212,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
     need_restart |= main_config.changed
 
     autoconfig = files.template(
-        src=importlib.resources.files(__package__).joinpath("autoconfig.xml.j2"),
+        src=importlib.resources.files(__package__).joinpath("nginx/autoconfig.xml.j2"),
         dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml",
         user="root",
         group="root",
@@ -277,6 +277,12 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
     opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
     nginx_need_restart = _configure_nginx(mail_domain)
 
+    # deploy web pages and info if we have them
+    pkg_root = importlib.resources.files(__package__)
+    www_path = pkg_root.joinpath(f"../../../www/{mail_domain}").resolve()
+    if www_path.is_dir():
+        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz"])
+
     systemd.service(
         name="Start and enable OpenDKIM",
         service="opendkim.service",

deploy-chatmail/src/deploy_chatmail/dovecot/dovecot.conf.j2

@@ -19,7 +19,7 @@ mail_plugins = quota
 # these are the capabilities Delta Chat cares about actually 
 # so let's keep the network overhead per login small
 # https://github.com/deltachat/deltachat-core-rust/blob/master/src/imap/capabilities.rs
-imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE
+imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE NOTIFY
 
 
 # Authentication for system users.

scripts/bench.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 set -e
 
-venv/bin/pytest online-tests/benchmark.py -vrx 
+venv/bin/pytest tests/online/benchmark.py -vrx

scripts/test.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 venv/bin/tox -c chatmaild
 venv/bin/tox -c deploy-chatmail
-venv/bin/pytest tests/online -vrx --durations=5 $@
+venv/bin/pytest tests/online -rs -vrx --durations=5 $@

tests/chatmaild/test_dictproxy.py

@@ -1,26 +1,21 @@
-import os
+import json
 
 import pytest
+import threading
+import queue
+import traceback
 
 import chatmaild.dictproxy
-from chatmaild.dictproxy import get_user_data, lookup_passdb
+from chatmaild.dictproxy import get_user_data, lookup_passdb, handle_dovecot_request
 from chatmaild.database import Database, DBError
 
 
-@pytest.fixture()
-def db(tmpdir):
-    db_path = tmpdir / "passdb.sqlite"
-    print("database path:", db_path)
-    return Database(db_path)
-
-
 def test_basic(db):
-    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
-    if os.path.exists(chatmaild.dictproxy.NOCREATE_FILE):
-        os.remove(chatmaild.dictproxy.NOCREATE_FILE)
     lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
     data = get_user_data(db, "link2xt@c1.testrun.org")
     assert data
+    data2 = lookup_passdb(db, "link2xt@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
+    assert data == data2
 
 
 def test_dont_overwrite_password_on_wrong_login(db):
@@ -32,14 +27,12 @@ def test_dont_overwrite_password_on_wrong_login(db):
     assert res["password"] == res2["password"]
 
 
-def test_nocreate_file(db):
-    chatmaild.dictproxy.NOCREATE_FILE = "/tmp/nocreate"
-    with open(chatmaild.dictproxy.NOCREATE_FILE, "w+") as f:
-        f.write("")
-    assert os.path.exists(chatmaild.dictproxy.NOCREATE_FILE)
+def test_nocreate_file(db, monkeypatch, tmpdir):
+    p = tmpdir.join("nocreate")
+    p.write("")
+    monkeypatch.setattr(chatmaild.dictproxy, "NOCREATE_FILE", str(p))
     lookup_passdb(db, "newuser1@something.org", "zequ0Aimuchoodaechik")
     assert not get_user_data(db, "newuser1@something.org")
-    os.remove(chatmaild.dictproxy.NOCREATE_FILE)
 
 
 def test_db_version(db):
@@ -51,3 +44,43 @@ def test_too_high_db_version(db):
         conn.execute("PRAGMA user_version=%s;" % (999,))
     with pytest.raises(DBError):
         db.ensure_tables()
+
+
+def test_handle_dovecot_request(db):
+    msg = (
+        "Lshared/passdb/laksjdlaksjdlaksjdlk12j3l1k2j3123/"
+        "some42@c3.testrun.org\tsome42@c3.testrun.org"
+    )
+    res = handle_dovecot_request(msg, db, "c3.testrun.org")
+    assert res
+    assert res[0] == "O" and res.endswith("\n")
+    userdata = json.loads(res[1:].strip())
+    assert userdata["home"] == "/home/vmail/some42@c3.testrun.org"
+    assert userdata["uid"] == userdata["gid"] == "vmail"
+    assert userdata["password"].startswith("{SHA512-CRYPT}")
+
+
+def test_100_concurrent_lookups(db):
+    num = 100
+    dbs = [Database(db.path) for i in range(num)]
+    print(f"created {num} databases")
+    results = queue.Queue()
+
+    def lookup(db):
+        try:
+            lookup_passdb(db, "something@c1.testrun.org", "Pieg9aeToe3eghuthe5u")
+        except Exception:
+            results.put(traceback.format_exc())
+        else:
+            results.put(None)
+
+    threads = [threading.Thread(target=lookup, args=(db,), daemon=True) for db in dbs]
+
+    print(f"created {num} threads, starting them and waiting for results")
+    for thread in threads:
+        thread.start()
+
+    for _ in dbs:
+        res = results.get()
+        if res is not None:
+            pytest.fail(f"concurrent lookup failed\n{res}")

tests/conftest.py

@@ -9,9 +9,10 @@ import itertools
 from email.parser import BytesParser
 from email import policy
 from pathlib import Path
-from math import ceil
 import pytest
 
+from chatmaild.database import Database
+
 
 conftestdir = Path(__file__).parent
 
@@ -71,7 +72,7 @@ def pytest_report_header():
 
 @pytest.fixture
 def benchmark(request):
-    def bench(func, num, name=None):
+    def bench(func, num, name=None, reportfunc=None):
         if name is None:
             name = func.__name__
         durations = []
@@ -80,7 +81,7 @@ def benchmark(request):
             func()
             durations.append(time.time() - now)
         durations.sort()
-        request.config._benchresults[name] = durations
+        request.config._benchresults[name] = (reportfunc, durations)
 
     return bench
 
@@ -101,7 +102,9 @@ def pytest_terminal_summary(terminalreporter):
     headers = f"{'benchmark name': <30} " + fcol(float_names)
     tr.write_line(headers)
     tr.write_line("-" * len(headers))
-    for name, durations in results.items():
+    summary_lines = []
+
+    for name, (reportfunc, durations) in results.items():
         measures = [
             sorted(durations)[len(durations) // 2],
             min(durations),
@@ -110,6 +113,16 @@ def pytest_terminal_summary(terminalreporter):
         line = f"{name: <30} "
         line += fcol(f"{float: 2.2f}" for float in measures)
         tr.write_line(line)
+        vmedian, vmin, vmax = measures
+        if reportfunc:
+            for line in reportfunc(vmin=vmin, vmedian=vmedian, vmax=vmax):
+                summary_lines.append(line)
+
+    if summary_lines:
+        tr.write_line("")
+        tr.section("benchmark summary measures")
+        for line in summary_lines:
+            tr.write_line(line)
 
 
 @pytest.fixture
@@ -117,6 +130,16 @@ def imap(maildomain):
     return ImapConn(maildomain)
 
 
+@pytest.fixture
+def make_imap_connection(maildomain):
+    def make_imap_connection():
+        conn = ImapConn(maildomain)
+        conn.connect()
+        return conn
+
+    return make_imap_connection
+
+
 class ImapConn:
     AuthError = imaplib.IMAP4.error
     logcmd = "journalctl -f -u dovecot"
@@ -157,6 +180,16 @@ def smtp(maildomain):
     return SmtpConn(maildomain)
 
 
+@pytest.fixture
+def make_smtp_connection(maildomain):
+    def make_smtp_connection():
+        conn = SmtpConn(maildomain)
+        conn.connect()
+        return conn
+
+    return make_smtp_connection
+
+
 class SmtpConn:
     AuthError = smtplib.SMTPAuthenticationError
     logcmd = "journalctl -f -t postfix/smtpd -t postfix/smtp -t postfix/lmtp"
@@ -195,13 +228,20 @@ def gencreds(maildomain):
             num = next(count)
             alphanumeric = "abcdefghijklmnopqrstuvwxyz1234567890"
             user = "".join(random.choices(alphanumeric, k=10))
-            user = f"ac{num}_{user}"
-            password = "".join(random.choices(alphanumeric, k=10))
+            user = f"ac{num}_{user}"[:9]
+            password = "".join(random.choices(alphanumeric, k=12))
             yield f"{user}@{domain}", f"{password}"
 
     return lambda domain=None: next(gen(domain))
 
 
+@pytest.fixture()
+def db(tmpdir):
+    db_path = tmpdir / "passdb.sqlite"
+    print("database path:", db_path)
+    return Database(db_path)
+
+
 #
 # Delta Chat testplugin re-use
 # use the cmfactory fixture to get chatmail instance accounts
@@ -272,7 +312,7 @@ class Remote:
         self.sshdomain = sshdomain
 
     def iter_output(self, logcmd=""):
-        getjournal = f"journalctl -f" if not logcmd else logcmd
+        getjournal = "journalctl -f" if not logcmd else logcmd
         self.popen = subprocess.Popen(
             ["ssh", f"root@{self.sshdomain}", getjournal],
             stdout=subprocess.PIPE,

tests/online/test_0_login.py

@@ -1,5 +1,6 @@
 import pytest
-import smtplib
+import threading
+import queue
 
 
 def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
@@ -23,7 +24,7 @@ def test_login_basic_functioning(imap_or_smtp, gencreds, lp):
     with pytest.raises(imap_or_smtp.AuthError):
         imap_or_smtp.login(user, password + "wrong")
 
-    lp.sec(f"creating users with a short password is not allowed")
+    lp.sec("creating users with a short password is not allowed")
     user, _password = gencreds()
     with pytest.raises(imap_or_smtp.AuthError):
         imap_or_smtp.login(user, "admin")
@@ -40,3 +41,30 @@ def test_login_same_password(imap_or_smtp, gencreds):
     imap_or_smtp.login(user1, password1)
     imap_or_smtp.connect()
     imap_or_smtp.login(user2, password1)
+
+
+def test_concurrent_logins_same_account(
+    make_imap_connection, make_smtp_connection, gencreds
+):
+    """Test concurrent smtp and imap logins
+    and check remote server succeeds on each connection.
+    """
+    user1, password1 = gencreds()
+    login_results = queue.Queue()
+
+    def login_smtp_imap(smtp, imap):
+        try:
+            imap.login(user1, password1)
+        except Exception:
+            login_results.put(False)
+        else:
+            login_results.put(True)
+
+    conns = [(make_smtp_connection(), make_imap_connection()) for i in range(10)]
+
+    for args in conns:
+        thread = threading.Thread(target=login_smtp_imap, args=args, daemon=True)
+        thread.start()
+
+    for _ in conns:
+        assert login_results.get()

tests/online/test_2_deltachat.py

@@ -91,7 +91,7 @@ class TestEndToEndDeltaChat:
 
         lp.sec("setup encrypted comms between ac1 and ac2 on different instances")
         qr = ac1.get_setup_contact_qr()
-        ch = ac2.qr_setup_contact(qr)
+        ac2.qr_setup_contact(qr)
         msg = ac2.wait_next_incoming_message()
         assert "verified" in msg.text
 

www/nine.testrun.org/index.html

@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8" />
+    <title>nine.testrun.org - Experimenting with the Future of Email</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+        .wrapper {
+            width: 100%;
+            max-width: 596px;
+            margin: 0 auto;
+        }
+
+        .section {
+            width: 100%;
+            max-width: 596px;
+        }
+
+        .text {
+            box-sizing: border-box;
+            padding: 9px;
+            font-size: 18px;
+            font-family: "Courier New", monospace;
+            color: white;
+            background-position: left top;
+            background-image: url(collage-bg.png);
+            background-repeat: no-repeat;
+            background-size: 100% 100%;
+        }
+        h1, h2, h3 {
+            font-size: 16px;
+            font-weight: bold;
+        }
+    </style>
+</head>
+<body>
+    <div class="wrapper">
+        <img class="section" src="collage-top.png" />
+        <div class="section text">
+            <h1>welcome  to nine.testrun.org</h1>
+            <p>
+                to get an account,
+                invent a word with <i>exactly</i> nine characters
+                and append @nine.testrun.org to it.
+                eg. <b>hellofits@nine.testrun.org</b>
+            </p>
+            <p>
+                if the email address is not yet taken, you'll get that account.
+                the first login sets your password.
+                that's it.
+            </p>
+        </div>
+        <img class="section" src="collage-down.png" />
+        <div class="section text">
+            <h1>faq</h1>
+            <p><i>why are other email providers 1000 times more complicated?</i></p>
+            <p>because they want to for $reasons</p>
+        </div>
+    </div>
+</body>
+</html>