fix(dictproxy): check that user exists and create it in a transaction

Otherwise user may be already created by another connection
as checking if the user exists happens
in a different read-only transaction.
This happens when Delta Chat connects IMAP and SMTP at the same time.

Also update last_login time on login.

chatmaild/src/chatmaild/database.py

@@ -33,13 +33,6 @@ class Connection:
     def cursor(self):
         return self._sqlconn.cursor()
 
-    def create_user(self, addr: str, password: str):
-        """Create a row in the users table."""
-        self.execute("PRAGMA foreign_keys=on")
-        q = """INSERT INTO users (addr, password, last_login)
-               VALUES (?, ?, ?)"""
-        self.execute(q, (addr, password, int(time.time())))
-
     def get_user(self, addr: str) -> {}:
         """Get a row from the users table."""
         q = "SELECT addr, password, last_login from users WHERE addr = ?"

chatmaild/src/chatmaild/dictproxy.py

@@ -1,5 +1,6 @@
 import logging
 import os
+import time
 import sys
 import json
 import crypt
@@ -46,17 +47,6 @@ def is_allowed_to_create(user, cleartext_password) -> bool:
     return True
 
 
-def create_user(db, user, encrypted_password):
-    with db.write_transaction() as conn:
-        conn.create_user(user, encrypted_password)
-    return dict(
-        home=f"/home/vmail/{user}",
-        uid="vmail",
-        gid="vmail",
-        password=encrypted_password,
-    )
-
-
 def get_user_data(db, user):
     with db.read_connection() as conn:
         result = conn.get_user(user)
@@ -71,18 +61,33 @@ def lookup_userdb(db, user):
 
 
 def lookup_passdb(db, user, cleartext_password):
-    userdata = get_user_data(db, user)
+    with db.write_transaction() as conn:
-    if not userdata:
+        userdata = conn.get_user(user)
+        if userdata:
+            # Update last login time.
+            conn.execute(
+                "UPDATE users SET last_login=? WHERE addr=?", (int(time.time()), user)
+            )
+
+            userdata["uid"] = "vmail"
+            userdata["gid"] = "vmail"
+            return userdata
         if not is_allowed_to_create(user, cleartext_password):
             return
+
         encrypted_password = encrypt_password(cleartext_password)
-        userdata = create_user(db=db, user=user, encrypted_password=encrypted_password)
+        q = """INSERT INTO users (addr, password, last_login)
-    userdata["password"] = userdata["password"].strip()
+               VALUES (?, ?, ?)"""
-    return userdata
+        conn.execute(q, (user, encrypted_password, int(time.time())))
+        return dict(
+            home=f"/home/vmail/{user}",
+            uid="vmail",
+            gid="vmail",
+            password=encrypted_password,
+        )
 
 
 def handle_dovecot_request(msg, db, mail_domain):
-    print(f"received msg: {msg!r}", file=sys.stderr)
     short_command = msg[0]
     if short_command == "L":  # LOOKUP
         parts = msg[1:].split("\t")
@@ -105,7 +110,6 @@ def handle_dovecot_request(msg, db, mail_domain):
                     reply_command = "O"
                 else:
                     reply_command = "N"
-        print(f"res: {res!r}", file=sys.stderr)
         json_res = json.dumps(res) if res else ""
         return f"{reply_command}{json_res}\n"
     return None
@@ -130,7 +134,6 @@ def main():
                     break
                 res = handle_dovecot_request(msg, db, mail_domain)
                 if res:
-                    print(f"sending result: {res!r}", file=sys.stderr)
                     self.wfile.write(res.encode("ascii"))
                     self.wfile.flush()
 

deploy-chatmail/src/deploy_chatmail/__init__.py

@@ -202,7 +202,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
     need_restart = False
 
     main_config = files.template(
-        src=importlib.resources.files(__package__).joinpath("nginx.conf.j2"),
+        src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
         dest="/etc/nginx/nginx.conf",
         user="root",
         group="root",
@@ -212,7 +212,7 @@ def _configure_nginx(domain: str, debug: bool = False) -> bool:
     need_restart |= main_config.changed
 
     autoconfig = files.template(
-        src=importlib.resources.files(__package__).joinpath("autoconfig.xml.j2"),
+        src=importlib.resources.files(__package__).joinpath("nginx/autoconfig.xml.j2"),
         dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml",
         user="root",
         group="root",
@@ -277,6 +277,12 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N
     opendkim_need_restart = _configure_opendkim(mail_domain, dkim_selector)
     nginx_need_restart = _configure_nginx(mail_domain)
 
+    # deploy web pages and info if we have them
+    pkg_root = importlib.resources.files(__package__)
+    www_path = pkg_root.joinpath(f"../../../www/{mail_domain}").resolve()
+    if www_path.is_dir():
+        files.rsync(f"{www_path}/", "/var/www/html", flags=["-avz"])
+
     systemd.service(
         name="Start and enable OpenDKIM",
         service="opendkim.service",

www/nine.testrun.org/index.html

@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8" />
+    <title>nine.testrun.org - Experimenting with the Future of Email</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+        .wrapper {
+            width: 100%;
+            max-width: 596px;
+            margin: 0 auto;
+        }
+
+        .section {
+            width: 100%;
+            max-width: 596px;
+        }
+
+        .text {
+            box-sizing: border-box;
+            padding: 9px;
+            font-size: 18px;
+            font-family: "Courier New", monospace;
+            color: white;
+            background-position: left top;
+            background-image: url(collage-bg.png);
+            background-repeat: no-repeat;
+            background-size: 100% 100%;
+        }
+        h1, h2, h3 {
+            font-size: 16px;
+            font-weight: bold;
+        }
+    </style>
+</head>
+<body>
+    <div class="wrapper">
+        <img class="section" src="collage-top.png" />
+        <div class="section text">
+            <h1>welcome  to nine.testrun.org</h1>
+            <p>
+                to get an account,
+                invent a word with <i>exactly</i> nine characters
+                and append @nine.testrun.org to it.
+                eg. <b>hellofits@nine.testrun.org</b>
+            </p>
+            <p>
+                if the email address is not yet taken, you'll get that account.
+                the first login sets your password.
+                that's it.
+            </p>
+        </div>
+        <img class="section" src="collage-down.png" />
+        <div class="section text">
+            <h1>faq</h1>
+            <p><i>why are other email providers 1000 times more complicated?</i></p>
+            <p>because they want to for $reasons</p>
+        </div>
+    </div>
+</body>
+</html>