tests: other bots could be in passthrough_recipients

Without this option parsing of answer was flaky
as for long records like
_submission._tcp.nine.testrun.org.
dig printed the result with a space rather
than tab as a separator and .split("\t") did not work.

This change makes the `dig` command print the answer
in the form we need so there is no need for complex parsing
other than taking the first line.

`-r` option is added to make sure options are not changed by .digrc
in the root home directory.

chatmaild/src/chatmaild/doveauth.py

@@ -98,6 +98,32 @@ def lookup_passdb(db, config: Config, user, cleartext_password):
         )
 
 
+def split_and_unescape(s):
+    """Split strings using double quote as a separator and backslash as escape character
+    into parts."""
+
+    out = ""
+    i = 0
+    while i < len(s):
+        c = s[i]
+        if c == "\\":
+            # Skip escape character.
+            i += 1
+
+            # This will raise IndexError if there is no character
+            # after escape character. This is expected
+            # as this is an invalid input.
+            out += s[i]
+        elif c == '"':
+            # Separator
+            yield out
+            out = ""
+        else:
+            out += c
+        i += 1
+    yield out
+
+
 def handle_dovecot_request(msg, db, config: Config):
     short_command = msg[0]
     if short_command == "L":  # LOOKUP
@@ -107,7 +133,9 @@ def handle_dovecot_request(msg, db, config: Config):
         # do not attempt to read any other parts for compatibility.
         keyname = parts[0]
 
-        namespace, type, *args = keyname.split("/")
+        namespace, type, args = keyname.split("/", 2)
+        args = list(split_and_unescape(args))
+
         reply_command = "F"
         res = ""
         if namespace == "shared":

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -33,7 +33,7 @@ password_min_length = 9
 passthrough_senders =
 
 # list of e-mail recipients for which to accept outbound un-encrypted mails
-passthrough_recipients =
+passthrough_recipients = xstore@testrun.org groupsbot@hispanilandia.net
 
 #
 # Deployment Details

chatmaild/src/chatmaild/ini/override-testrun.ini

@@ -1,7 +1,7 @@
 
 [privacy]
 
-passthrough_recipients = privacy@testrun.org
+passthrough_recipients = privacy@testrun.org xstore@testrun.org groupsbot@hispanilandia.net
 
 privacy_postal =
     Merlinux GmbH, Represented by the managing director H. Krekel,

chatmaild/src/chatmaild/tests/test_config.py

@@ -28,5 +28,5 @@ def test_read_config_testrun(make_config):
     assert config.username_min_length == 9
     assert config.username_max_length == 9
     assert config.password_min_length == 9
-    assert config.passthrough_recipients == ["privacy@testrun.org"]
+    assert "privacy@testrun.org" in config.passthrough_recipients
     assert config.passthrough_senders == []

chatmaild/src/chatmaild/tests/test_doveauth.py

@@ -52,8 +52,9 @@ def test_too_high_db_version(db):
 
 
 def test_handle_dovecot_request(db, example_config):
+    # Test that password can contain ", ', \ and /
     msg = (
-        "Lshared/passdb/laksjdlaksjdlaksjdlk12j3l1k2j3123/"
+        'Lshared/passdb/laksjdlaksjdlak\\\\sjdlk\\"12j\\\'3l1/k2j3123"'
         "some42123@chat.example.org\tsome42123@chat.example.org"
     )
     res = handle_dovecot_request(msg, db, example_config)

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -1,6 +1,8 @@
 import importlib.resources
 
 from pyinfra.operations import apt, files, systemd, server
+from pyinfra import host
+from pyinfra.facts.systemd import SystemdStatus
 
 
 def deploy_acmetool(nginx_hook=False, email="", domains=[]):
@@ -55,6 +57,13 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
         group="root",
         mode="644",
     )
+    if host.get_fact(SystemdStatus).get("nginx.service"):
+        systemd.service(
+            name="Stop nginx service to free port 80",
+            service="nginx",
+            running=False,
+        )
+
     systemd.service(
         name="Setup acmetool-redirector service",
         service="acmetool-redirector.service",

cmdeploy/src/cmdeploy/dns.py

@@ -37,21 +37,15 @@ class DNS:
 
     def get(self, typ: str, domain: str) -> str | None:
         """Get a DNS entry"""
-        dig_result = self.shell(f"dig {typ} {domain}")
-        line_num = 0
-        for line in dig_result.splitlines():
-            line_num += 1
-            if line.strip() == ";; ANSWER SECTION:":
-                return dig_result.splitlines()[line_num].split("\t")[-1]
+        dig_result = self.shell(f"dig -r -q {domain} -t {typ} +short")
+        line = dig_result.partition("\n")[0]
+        if line:
+            return line
 
-    def check_ptr_record(self, ip: str, mail_domain) -> str:
+    def check_ptr_record(self, ip: str, mail_domain) -> bool:
         """Check the PTR record for an IPv4 or IPv6 address."""
-        result = self.get("-x", ip)
-        if result:
-            if ip_address(ip).version == 6:
-                result = result.split()[-1]
-            if result[:-1] == mail_domain:
-                return result
+        result = self.shell(f"dig -r -x {ip} +short").rstrip()
+        return result == f"{mail_domain}."
 
 
 def show_dns(args, out):

cmdeploy/src/cmdeploy/dovecot/auth.conf

@@ -1,5 +1,10 @@
 uri = proxy:/run/dovecot/doveauth.socket:auth
 iterate_disable = yes
 default_pass_scheme = plain
-password_key = passdb/%w/%u
-user_key = userdb/%u
+# %E escapes characters " (double quote), ' (single quote) and \ (backslash) with \ (backslash).
+# See <https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers>
+# for documentation.
+#
+# We escape user-provided input and use double quote as a separator.
+password_key = passdb/%Ew"%Eu
+user_key = userdb/%Eu

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -11,9 +11,8 @@ append_dot_mydomain = no
 
 readme_directory = no
 
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
+# See http://www.postfix.org/COMPATIBILITY_README.html
+compatibility_level = 3.6
 
 # TLS parameters
 smtpd_tls_cert_file=/var/lib/acme/live/{{ config.mail_domain }}/fullchain

cmdeploy/src/cmdeploy/tests/online/test_0_qr.py

@@ -14,3 +14,12 @@ def test_fastcgi_working(maildomain, chatmail_config):
     res = requests.post(url)
     assert maildomain in res.json().get("email")
     assert len(res.json().get("password")) > chatmail_config.password_min_length
+
+
+def test_newemail_configure(maildomain, rpc):
+    """Test configuring accounts by scanning a QR code works."""
+    url = f"DCACCOUNT:https://{maildomain}/cgi-bin/newemail.py"
+    for i in range(3):
+        account_id = rpc.add_account()
+        rpc.set_config_from_qr(account_id, url)
+        rpc.configure(account_id)