nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2025-10-09 13:29:47 +08:00
Code Issues Projects Releases Packages Wiki Activity

asp handling update

Browse source
This commit is contained in:
Andris Reinman 2018-10-11 09:44:21 +03:00
parent dde325037a
commit f6797583fe
2 changed files with 444 additions and 405 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config/roles.json
View file

@ -19,6 +19,12 @@
"delete:any": ["*"] "delete:any": ["*"]
}, },
"asps": {
"create:any": ["*"],
"read:any": ["*"],
"delete:any": ["*"]
},
"messages": { "messages": {
"create:any": ["*"], "create:any": ["*"],
"read:any": ["*"], "read:any": ["*"],
@ -58,6 +64,12 @@
"update:own": ["*", "!audit"] "update:own": ["*", "!audit"]
}, },
"asps": {
"create:own": ["*"],
"read:own": ["*"],
"delete:own": ["*"]
},
"messages": { "messages": {
"create:own": ["*"], "create:own": ["*"],
"read:own": ["*"], "read:own": ["*"],

261
lib/api/asps.js
View file

@ -7,8 +7,15 @@ const mobileconfig = require('mobileconfig');
const uuid = require('uuid'); const uuid = require('uuid');
const consts = require('../consts'); const consts = require('../consts');
const certs = require('../certs').get('api.mobileconfig'); const certs = require('../certs').get('api.mobileconfig');
const tools = require('../tools');
const roles = require('../roles');
const util = require('util');
module.exports = (db, server, userHandler) => { module.exports = (db, server, userHandler) => {
const generateASP = util.promisify(userHandler.generateASP.bind(userHandler));
const deleteASP = util.promisify(userHandler.deleteASP.bind(userHandler));
const mobileconfigGetSignedConfig = util.promisify(mobileconfig.getSignedConfig.bind(mobileconfig));
/** /**
* @api {get} /users/:user/asps List Application Passwords * @api {get} /users/:user/asps List Application Passwords
* @apiName GetASPs * @apiName GetASPs
@ -63,7 +70,9 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error" * "error": "Database error"
* } * }
*/ */
server.get('/users/:user/asps', (req, res, next) => { server.get(
'/users/:user/asps',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8'); res.charSet('utf-8');
const schema = Joi.object().keys({ const schema = Joi.object().keys({
@ -92,9 +101,19 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).readOwn('asps'));
} else {
req.validate(roles.can(req.role).readAny('asps'));
}
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
db.users.collection('users').findOne( let userData;
try {
userData = await db.users.collection('users').findOne(
{ {
_id: user _id: user
}, },
@ -102,15 +121,16 @@ module.exports = (db, server, userHandler) => {
projection: { projection: {
address: true address: true
} }
}, }
(err, userData) => { );
if (err) { } catch (err) {
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
}); });
return next(); return next();
} }
if (!userData) { if (!userData) {
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
@ -119,14 +139,16 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
db.users let asps;
try {
asps = await db.users
.collection('asps') .collection('asps')
.find({ .find({
user user
}) })
.sort({ _id: 1 }) .sort({ _id: 1 })
.toArray((err, asps) => { .toArray();
if (err) { } catch (err) {
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -154,10 +176,8 @@ module.exports = (db, server, userHandler) => {
}); });
return next(); return next();
}); })
}
); );
});
/** /**
* @api {get} /users/:user/asps/:asp Request ASP information * @api {get} /users/:user/asps/:asp Request ASP information
@ -209,7 +229,9 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error" * "error": "Database error"
* } * }
*/ */
server.get('/users/:user/asps/:asp', (req, res, next) => { server.get(
'/users/:user/asps/:asp',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8'); res.charSet('utf-8');
const schema = Joi.object().keys({ const schema = Joi.object().keys({
@ -243,16 +265,24 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).readOwn('asps'));
} else {
req.validate(roles.can(req.role).readAny('asps'));
}
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
let asp = new ObjectID(result.value.asp); let asp = new ObjectID(result.value.asp);
db.users.collection('asps').findOne( let aspData;
{
try {
aspData = await db.users.collection('asps').findOne({
_id: asp, _id: asp,
user user
}, });
(err, asp) => { } catch (err) {
if (err) {
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -260,7 +290,7 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
if (!asp) { if (!aspData) {
res.json({ res.json({
error: 'Invalid or unknown ASP key', error: 'Invalid or unknown ASP key',
code: 'AspNotFound' code: 'AspNotFound'
@ -270,20 +300,19 @@ module.exports = (db, server, userHandler) => {
res.json({ res.json({
success: true, success: true,
id: asp._id, id: aspData._id,
description: asp.description, description: aspData.description,
scopes: asp.scopes.includes('*') ? [...consts.SCOPES] : asp.scopes, scopes: aspData.scopes.includes('*') ? [...consts.SCOPES] : aspData.scopes,
lastUse: { lastUse: {
time: asp.used || false, time: aspData.used || false,
event: asp.authEvent || false event: aspData.authEvent || false
}, },
created: asp.created created: aspData.created
}); });
return next(); return next();
} })
); );
});
/** /**
* @api {post} /users/:user/asps Create new Application Password * @api {post} /users/:user/asps Create new Application Password
@ -299,6 +328,7 @@ module.exports = (db, server, userHandler) => {
* @apiParam {String} description Description * @apiParam {String} description Description
* @apiParam {String[]} scopes List of scopes this Password applies to. Special scope "*" indicates that this password can be used for any scope except "master" * @apiParam {String[]} scopes List of scopes this Password applies to. Special scope "*" indicates that this password can be used for any scope except "master"
* @apiParam {Boolean} [generateMobileconfig] If true then result contains a mobileconfig formatted file with account config * @apiParam {Boolean} [generateMobileconfig] If true then result contains a mobileconfig formatted file with account config
* @apiParam {String} [address] E-mail address to be used as the account address in mobileconfig file. Must be one of the listed identity addresses of the user. Defaults to the main address of the user
* @apiParam {String} [sess] Session identifier for the logs * @apiParam {String} [sess] Session identifier for the logs
* @apiParam {String} [ip] IP address for the logs * @apiParam {String} [ip] IP address for the logs
* *
@ -333,7 +363,9 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error" * "error": "Database error"
* } * }
*/ */
server.post('/users/:user/asps', (req, res, next) => { server.post(
'/users/:user/asps',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8'); res.charSet('utf-8');
const schema = Joi.object().keys({ const schema = Joi.object().keys({
@ -353,6 +385,9 @@ module.exports = (db, server, userHandler) => {
.required() .required()
) )
.unique(), .unique(),
address: Joi.string()
.empty('')
.email(),
generateMobileconfig: Joi.boolean() generateMobileconfig: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', '1', 1]) .truthy(['Y', 'true', 'yes', 'on', '1', 1])
.falsy(['N', 'false', 'no', 'off', '0', 0, '']) .falsy(['N', 'false', 'no', 'off', '0', 0, ''])
@ -384,6 +419,13 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).createOwn('asps'));
} else {
req.validate(roles.can(req.role).createAny('asps'));
}
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
let generateMobileconfig = result.value.generateMobileconfig; let generateMobileconfig = result.value.generateMobileconfig;
let scopes = result.value.scopes || ['*']; let scopes = result.value.scopes || ['*'];
@ -401,7 +443,9 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
db.users.collection('users').findOne( let userData;
try {
userData = await db.users.collection('users').findOne(
{ {
_id: user _id: user
}, },
@ -411,15 +455,16 @@ module.exports = (db, server, userHandler) => {
name: true, name: true,
address: true address: true
} }
}, }
(err, userData) => { );
if (err) { } catch (err) {
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
}); });
return next(); return next();
} }
if (!userData) { if (!userData) {
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
@ -428,19 +473,52 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
userHandler.generateASP(user, result.value, (err, result) => { let accountType;
if (err) { let accountHost;
let accountPort;
let accountSecure;
let accountAddress;
let accountName;
if (result.value.address) {
let addressData;
try {
addressData = await db.users.collection('addresses').findOne({
addrview: tools.normalizeAddress(result.value.address, false, {
removeLabel: true,
removeDots: true
})
});
} catch (err) {
res.json({ res.json({
error: err.message error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError'
}); });
return next(); return next();
} }
if (!addressData || !addressData.user.equals(userData._id)) {
res.json({
error: 'Invalid or unknown address',
code: 'AddressNotFound'
});
return next();
}
accountName = addressData.name || userData.name || '';
accountAddress = addressData.address;
} else {
accountName = userData.name || '';
accountAddress = userData.address;
}
let asp = await generateASP(user, result.value);
if (!generateMobileconfig) { if (!generateMobileconfig) {
res.json({ res.json({
success: true, success: true,
id: result.id, id: asp.id,
password: result.password password: asp.password
}); });
return next(); return next();
} }
@ -449,15 +527,11 @@ module.exports = (db, server, userHandler) => {
Object.keys(config.api.mobileconfig || {}).forEach(key => { Object.keys(config.api.mobileconfig || {}).forEach(key => {
profileOpts[key] = (config.api.mobileconfig[key] || '') profileOpts[key] = (config.api.mobileconfig[key] || '')
.toString() .toString()
.replace(/\{email\}/g, userData.address) .replace(/\{email\}/g, accountAddress)
.replace(/\{name\}/g, accountName)
.trim(); .trim();
}); });
let accountType;
let accountHost;
let accountPort;
let accountSecure;
if (scopes.includes('*') || scopes.includes('imap')) { if (scopes.includes('*') || scopes.includes('imap')) {
// prefer IMAP // prefer IMAP
accountType = 'EmailTypeIMAP'; accountType = 'EmailTypeIMAP';
@ -471,7 +545,7 @@ module.exports = (db, server, userHandler) => {
accountSecure = !!config.pop3.setup.secure; accountSecure = !!config.pop3.setup.secure;
} }
mobileconfig.getSignedConfig( let profile = await mobileconfigGetSignedConfig(
{ {
PayloadType: 'Configuration', PayloadType: 'Configuration',
PayloadVersion: 1, PayloadVersion: 1,
@ -492,21 +566,21 @@ module.exports = (db, server, userHandler) => {
PayloadOrganization: profileOpts.organization || 'WildDuck Mail Server', PayloadOrganization: profileOpts.organization || 'WildDuck Mail Server',
EmailAccountDescription: profileOpts.accountDescription, EmailAccountDescription: profileOpts.accountDescription,
EmailAccountName: userData.name || '', EmailAccountName: accountName,
EmailAccountType: accountType, EmailAccountType: accountType,
EmailAddress: userData.address, EmailAddress: accountAddress,
IncomingMailServerAuthentication: 'EmailAuthPassword', IncomingMailServerAuthentication: 'EmailAuthPassword',
IncomingMailServerHostName: accountHost, IncomingMailServerHostName: accountHost,
IncomingMailServerPortNumber: accountPort, IncomingMailServerPortNumber: accountPort,
IncomingMailServerUseSSL: accountSecure, IncomingMailServerUseSSL: accountSecure,
IncomingMailServerUsername: userData.address, IncomingMailServerUsername: accountAddress,
IncomingPassword: result.password, IncomingPassword: asp.password,
OutgoingPasswordSameAsIncomingPassword: true, OutgoingPasswordSameAsIncomingPassword: true,
OutgoingMailServerAuthentication: 'EmailAuthPassword', OutgoingMailServerAuthentication: 'EmailAuthPassword',
OutgoingMailServerHostName: config.smtp.setup.hostname, OutgoingMailServerHostName: config.smtp.setup.hostname,
OutgoingMailServerPortNumber: config.smtp.setup.port || config.smtp.port, OutgoingMailServerPortNumber: config.smtp.setup.port || config.smtp.port,
OutgoingMailServerUseSSL: 'secure' in config.smtp.setup ? !!config.smtp.setup.secure : config.smtp.secure, OutgoingMailServerUseSSL: 'secure' in config.smtp.setup ? !!config.smtp.setup.secure : config.smtp.secure,
OutgoingMailServerUsername: userData.address, OutgoingMailServerUsername: accountAddress,
PreventMove: false, PreventMove: false,
PreventAppSheet: false, PreventAppSheet: false,
SMIMEEnabled: false, SMIMEEnabled: false,
@ -514,72 +588,21 @@ module.exports = (db, server, userHandler) => {
} }
] ]
}, },
certs, certs
(err, data) => { );
if (err) {
res.json({
error: err.message
});
return next();
}
res.json({ res.json({
success: true, success: true,
id: result.id, id: asp.id,
password: result.password, name: accountName,
mobileconfig: data.toString('base64') address: accountAddress,
password: asp.password,
mobileconfig: profile.toString('base64')
}); });
return next(); return next();
} })
); );
/*
let options = {
displayName: description || profileOpts.displayName,
displayDescription: profileOpts.displayDescription,
accountDescription: profileOpts.accountDescription,
emailAddress: userData.address,
emailAccountName: userData.name,
identifier: profileOpts.identifier + '.' + userData.username,
imap: {
hostname: config.imap.setup.hostname,
port: config.imap.setup.port || config.imap.port,
secure: config.imap.setup.secure,
username: userData.username,
password: result.password
},
smtp: {
hostname: config.smtp.setup.hostname,
port: config.smtp.setup.port || config.smtp.port,
secure: true, //config.setup.smtp.secure,
username: userData.username,
password: false // use the same password as for IMAP
},
keys: certs
};
mobileconfig.getSignedEmailConfig(options, (err, data) => {
if (err) {
res.json({
error: err.message
});
return next();
}
res.json({
success: true,
id: result.id,
password: result.password,
mobileconfig: data.toString('base64')
});
return next();
});
*/
});
}
);
});
/** /**
* @api {delete} /users/:user/asps/:asp Delete an Application Password * @api {delete} /users/:user/asps/:asp Delete an Application Password
* @apiName DeleteASP * @apiName DeleteASP
@ -612,7 +635,9 @@ module.exports = (db, server, userHandler) => {
* "error": "Database error" * "error": "Database error"
* } * }
*/ */
server.del('/users/:user/asps/:asp', (req, res, next) => { server.del(
'/users/:user/asps/:asp',
tools.asyncifyJson(async (req, res, next) => {
res.charSet('utf-8'); res.charSet('utf-8');
const schema = Joi.object().keys({ const schema = Joi.object().keys({
@ -646,20 +671,22 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
// permissions check
if (req.user && req.user === result.value.user) {
req.validate(roles.can(req.role).deleteOwn('asps'));
} else {
req.validate(roles.can(req.role).deleteAny('asps'));
}
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
let asp = new ObjectID(result.value.asp); let asp = new ObjectID(result.value.asp);
userHandler.deleteASP(user, asp, result.value, err => { await deleteASP(user, asp, result.value);
if (err) {
res.json({
error: err.message
});
return next();
}
res.json({ res.json({
success: true success: true
}); });
return next(); return next();
}); })
}); );
}; };