CI: wait with VRFY test until echobot is logged in

CHANGELOG.md

@@ -2,12 +2,6 @@
 
 ## untagged
 
-- Added a config option for an intro to the privacy policy
-  ([#285](https://github.com/deltachat/chatmail/pull/285))
-
-- Move echobot `into /var/lib/echobot`
-  ([#281](https://github.com/deltachat/chatmail/pull/281))
-
 - Accept Let's Encrypt's new Terms of Services
   ([#275](https://github.com/deltachat/chatmail/pull/276))
 

chatmaild/src/chatmaild/config.py

@@ -24,7 +24,6 @@ class Config:
         self.privacy_mail = params.get("privacy_mail")
         self.privacy_pdo = params.get("privacy_pdo")
         self.privacy_supervisor = params.get("privacy_supervisor")
-        self.privacy_intro = params.get("privacy_intro")
 
     def _getbytefile(self):
         return open(self._inipath, "rb")

chatmaild/src/chatmaild/doveauth.py

@@ -4,7 +4,6 @@ import time
 import sys
 import json
 import crypt
-from pathlib import Path
 from socketserver import (
     UnixStreamServer,
     StreamRequestHandler,
@@ -46,32 +45,23 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
         return False
     localpart, domain = parts
 
-    if localpart == "echo":
-        # echobot account should not be created in the database
-        return False
-
     if (
         len(localpart) > config.username_max_length
         or len(localpart) < config.username_min_length
     ):
-        logging.warning(
-            "localpart %s has to be between %s and %s chars long",
-            localpart,
-            config.username_min_length,
-            config.username_max_length,
-        )
+        if localpart != "echo":
+            logging.warning(
+                "localpart %s has to be between %s and %s chars long",
+                localpart,
+                config.username_min_length,
+                config.username_max_length,
+            )
+            return False
 
     return True
 
 
 def get_user_data(db, config: Config, user):
-    if user == f"echo@{config.mail_domain}":
-        return dict(
-            home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}",
-            uid="vmail",
-            gid="vmail",
-        )
-
     with db.read_connection() as conn:
         result = conn.get_user(user)
     if result:
@@ -86,21 +76,6 @@ def lookup_userdb(db, config: Config, user):
 
 
 def lookup_passdb(db, config: Config, user, cleartext_password):
-    if user == f"echo@{config.mail_domain}":
-        # Echobot writes password it wants to log in with into /run/echobot/password
-        try:
-            password = Path("/run/echobot/password").read_text()
-        except Exception:
-            logging.exception("Exception when trying to read /run/echobot/password")
-            return None
-
-        return dict(
-            home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}",
-            uid="vmail",
-            gid="vmail",
-            password=encrypt_password(password),
-        )
-
     with db.write_transaction() as conn:
         userdata = conn.get_user(user)
         if userdata:

chatmaild/src/chatmaild/echo.py

@@ -3,17 +3,14 @@
 
 it will echo back any message that has non-empty text and also supports the /help command.
 """
-
 import logging
 import os
 import sys
-import subprocess
 
 from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
-from pathlib import Path
 
-from chatmaild.config import read_config
 from chatmaild.newemail import create_newemail_dict
+from chatmaild.config import read_config
 
 hooks = events.HookCollection()
 
@@ -78,23 +75,9 @@ def main():
         account = accounts[0] if accounts else deltachat.add_account()
 
         bot = Bot(account, hooks)
-
-        config = read_config(sys.argv[1])
-
-        # Create password file
-        if bot.is_configured():
-            password = bot.account.get_config("mail_pw")
-        else:
-            password = create_newemail_dict(config)["password"]
-        Path("/run/echobot/password").write_text(password)
-
-        # Give the user which doveauth runs as access to the password file.
-        subprocess.run(
-            ["/usr/bin/setfacl", "-m", "user:vmail:r", "/run/echobot/password"],
-            check=True,
-        )
-
         if not bot.is_configured():
+            config = read_config(sys.argv[1])
+            password = create_newemail_dict(config).get("password")
             email = "echo@" + config.mail_domain
             bot.configure(email, password)
         bot.run_forever()

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -61,4 +61,3 @@ privacy_pdo =
 # postal address of the privacy supervisor
 privacy_supervisor =
 
-privacy_intro =

chatmaild/src/chatmaild/ini/override-testrun.ini

@@ -14,7 +14,3 @@ privacy_pdo =
 privacy_supervisor =
     State Commissioner for Data Protection and Freedom of Information of
     Baden-Württemberg in 70173 Stuttgart, Germany.
-privacy_intro =
-    This is the default onboarding server for Delta Chat.
-    If you don't choose to login to an existing email account,
-    you can get one on this server.

cmdeploy/src/cmdeploy/__init__.py

@@ -477,7 +477,6 @@ def deploy_chatmail(config_path: Path) -> None:
         groups=["opendkim"],
         system=True,
     )
-    server.user(name="Create echobot user", user="echobot", system=True)
 
     server.shell(
         name="Fix file owner in /home/vmail",

cmdeploy/src/cmdeploy/service/echobot.service.f

@@ -7,20 +7,6 @@ Environment="PATH={remote_venv_dir}:$PATH"
 Restart=always
 RestartSec=30
 
-User=echobot
-Group=echobot
-
-# Create /var/lib/echobot
-StateDirectory=echobot
-
-# Create /run/echobot
-#
-# echobot stores /run/echobot/password
-# with a password there, which doveauth then reads.
-RuntimeDirectory=echobot
-
-WorkingDirectory=/var/lib/echobot
-
 # Apply security restrictions suggested by
 #   systemd-analyze security echobot.service
 CapabilityBoundingSet=
@@ -30,10 +16,7 @@ NoNewPrivileges=true
 PrivateDevices=true
 PrivateMounts=true
 PrivateTmp=true
-
-# We need to know about doveauth user to give it access to /run/echobot/password
-PrivateUsers=false
-
+PrivateUsers=true
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHostname=true

cmdeploy/src/cmdeploy/tests/online/test_0_login.py

@@ -2,6 +2,7 @@ import pytest
 import threading
 import queue
 import socket
+import time
 
 from chatmaild.config import read_config
 from cmdeploy.cmdeploy import main
@@ -81,7 +82,14 @@ def test_concurrent_logins_same_account(
         assert login_results.get()
 
 
-def test_no_vrfy(chatmail_config):
+def test_no_vrfy(chatmail_config, remote):
+    found = False
+    while not found:
+        for line in remote.iter_output(logcmd="journalctl -u echobot"):
+            print(line)
+            if "successfully logged into imap server" in line:
+                found = True
+                break
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.connect((chatmail_config.mail_domain, 25))
     banner = sock.recv(1024)

www/src/privacy.md

@@ -2,8 +2,6 @@
 
 # Privacy Policy for {{ config.mail_domain }} 
 
-{{ config.privacy_intro }}
-
 We want to show you in a fair and transparent way
 what personal data is processed by us.
 We follow a strict privacy-by-design approach