From e8d9347443b2254543f734a4072c80cabd50016c Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Mon, 9 Nov 2020 15:52:02 +0100
Subject: [PATCH] use a password field in mailbox instead of raw hash input

---
 backend/multimail/forms.py  | 23 ++++++++++++++++-------
 backend/multimail/models.py | 10 ++++++++++
 backend/requirements.txt    |  2 --
 update.sh                   |  8 +++++---
 4 files changed, 31 insertions(+), 12 deletions(-)
 mode change 100644 => 100755 update.sh

diff --git a/backend/multimail/forms.py b/backend/multimail/forms.py
index 9c28a74..8c9d70d 100644
--- a/backend/multimail/forms.py
+++ b/backend/multimail/forms.py
@@ -1,6 +1,5 @@
 from django.contrib.auth.decorators import login_required
-from django.forms import ModelForm
-from django.forms.utils import ErrorList
+from django.forms import ModelForm, CharField, PasswordInput
 from django.http import HttpResponseRedirect, Http404
 from django.shortcuts import render
 from django.db import IntegrityError
@@ -17,9 +16,19 @@ class DomainForm(ModelForm):
 
 
 class MailboxForm(ModelForm):
+    plain_password = CharField(label='Password', required=False, widget=PasswordInput())
     class Meta:
         model = Mailbox
-        fields = '__all__'
+        # fields = '__all__'
+        fields = ['domain', 'username', 'plain_password', 'sendonly', 'enabled']
+
+    def save(self, commit=True):
+        mailbox = super(MailboxForm, self).save(commit=False)
+        if not self.cleaned_data["plain_password"] == '':
+            mailbox.set_password(self.cleaned_data["plain_password"])
+        if commit:
+            mailbox.save()
+        return mailbox
 
 
 class AliasForm(ModelForm):
@@ -82,7 +91,7 @@ def edit_mailbox(request, mailbox_id):
     if request.method == 'POST':
         form = MailboxForm(request.POST, instance=mailbox)
         try:
-            if form.is_valid():
+            if form.is_valid() and form.cleaned_data['domain'] in domains:
                 form.save()
                 return HttpResponseRedirect('/mailboxes/')
 
@@ -102,7 +111,7 @@ def new_mailbox(request):
         domains = [o.domain for o in Domain.objects.filter(admin__admin=user['name'], admin__source=user['source'])]
         form = MailboxForm(request.POST)
         try:
-            if form.is_valid() and form.domain in domains:
+            if form.is_valid() and form.cleaned_data['domain'] in domains:
                 form.save()
                 return HttpResponseRedirect('/mailboxes/')
 
@@ -126,7 +135,7 @@ def edit_alias(request, alias_id):
     if request.method == 'POST':
         form = AliasForm(request.POST, instance=alias)
         try:
-            if form.is_valid():
+            if form.is_valid() and form.cleaned_data['source_domain'] in domains:
                 form.save()
                 return HttpResponseRedirect('/aliases/')
 
@@ -146,7 +155,7 @@ def new_alias(request):
         domains = [o.domain for o in Domain.objects.filter(admin__admin=user['name'], admin__source=user['source'])]
         form = AliasForm(request.POST)
         try:
-            if form.is_valid() and form.source_domain in domains:
+            if form.is_valid() and form.cleaned_data['source_domain'] in domains:
                 form.save()
                 return HttpResponseRedirect('/aliases/')
 
diff --git a/backend/multimail/models.py b/backend/multimail/models.py
index a8d7313..605f6b9 100644
--- a/backend/multimail/models.py
+++ b/backend/multimail/models.py
@@ -1,3 +1,5 @@
+import crypt
+
 from django.db import models
 
 
@@ -12,6 +14,7 @@ class Alias(models.Model):
     class Meta:
         managed = False
         db_table = 'aliases'
+        unique_together = (('source_domain', 'source_username'),)
 
     def __str__(self):
         return self.source_username + '@' + self.source_domain
@@ -40,6 +43,10 @@ class Mailbox(models.Model):
     class Meta:
         managed = False
         db_table = 'mailboxes'
+        unique_together = (('domain', 'username'),)
+
+    def set_password(self, password):
+        self.password = '{SHA512-CRYPT}' + crypt.crypt(password)
 
     def __str__(self):
         return self.username + '@' + self.domain
@@ -64,5 +71,8 @@ class DomainOwner(models.Model):
     source = models.CharField(max_length=8, choices=[('system', 'system'), ('ldap', 'ldap'), ('mail', 'mail')],
                               default=0)
 
+    class Meta:
+        unique_together = (('domain', 'admin', 'source'),)
+
     def __str__(self):
         return self.admin
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 5021ea6..9c104d1 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -4,6 +4,4 @@ django-ldapdb==1.5.1
 django-static-fontawesome==5.14.0.0
 django-bootstrap4==2.3.1
 mysqlclient==2.0.1
-passlib==1.7.4
 python-ldap==3.3.1
-# djangorestframework==3.12.1
diff --git a/update.sh b/update.sh
old mode 100644
new mode 100755
index cc04f4b..ec3866b
--- a/update.sh
+++ b/update.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-DIR=$(dirname $0)
+export DIR=$(dirname $0)
 
 function prefix_date(){
 	while read line
@@ -10,9 +10,11 @@ function prefix_date(){
 }
 
 function run_update(){
+	cd $DIR
+	echo run autoupdate in $(pwd)
 	git pull
 	cd backend
-	python manage.py migrate 
+	python3 manage.py migrate 
 }
 
-run_update | prefix_date > $DIR/update.log
+run_update | prefix_date >> $DIR/update.log