Merge remote-tracking branch 'chadfurman/master' into chads-quota

# Conflicts: # management/daemon.py # management/mailconfig.py # management/templates/users.html # setup/bootstrap.sh # setup/mail-postfix.sh # setup/mail-users.sh # setup/migrate.py
2026-03-15 17:37:22 +01:00 · 2024-09-06 12:03:08 -04:00
parent 158c7f8921 4bb4d2a796
commit a6f69f297b
13 changed files with 379 additions and 57 deletions
--- a/management/cli.py
+++ b/management/cli.py
@@ -18,13 +18,13 @@
 import sys, getpass, urllib.request, urllib.error, json, csv
 import contextlib

-def mgmt(cmd, data=None, is_json=False):
+def mgmt(cmd, data=None, is_json=False, method='GET'):
 	# The base URL for the management daemon. (Listens on IPv4 only.)
 	mgmt_uri = 'http://127.0.0.1:10222'

 	setup_key_auth(mgmt_uri)

-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:
@@ -74,6 +74,7 @@ if len(sys.argv) < 2:
  {cli} user password user@domain.com [password]
  {cli} user remove user@domain.com
  {cli} user make-admin user@domain.com
+  {cli} user quota user@domain [new-quota]       (get or set user quota)
  {cli} user remove-admin user@domain.com
  {cli} user admins                              (lists admins)
  {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -97,6 +98,10 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
+			if user['quota'] == '0':
+				print(" unlimited", end='')
+			else:
+				print(" " + user['quota'], end='')
 			print()

 elif sys.argv[1] == "user" and sys.argv[2] in {"add", "password"}:
@@ -126,6 +131,14 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 			if "admin" in user['privileges']:
 				print(user['email'])

+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
+	# Get a user's quota
+	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
+
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
+	# Set a user's quota
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] }, method='POST')
+
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
 	status = mgmt("/mfa/status", { "user": sys.argv[4] }, is_json=True)
@@ -150,4 +163,3 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
-
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -30,6 +30,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, set_mail_display_name, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
+from mailconfig import get_mail_quota, set_mail_quota
 from mfa import get_public_mfa_state, enable_mfa, disable_mfa
 import mfa_totp
 import contextlib
@@ -201,8 +202,31 @@ def mail_users():
@app.route('/mail/users/add', methods=['POST'])
@authorized_personnel_only
 def mail_users_add():
+	quota = request.form.get('quota', '0')
 	try:
-		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), request.form.get('display_name', ''), env)
+		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, request.form.get('display_name', ''), env)
+	except ValueError as e:
+		return (str(e), 400)
+
+@app.route('/mail/users/quota', methods=['GET'])
+@authorized_personnel_only
+def get_mail_users_quota():
+	email = request.values.get('email', '')
+	quota = get_mail_quota(email, env)
+
+	if request.values.get('text'):
+		return quota
+
+	return json_response({
+		"email": email,
+		"quota": quota
+	})
+
+@app.route('/mail/users/quota', methods=['POST'])
+@authorized_personnel_only
+def mail_users_quota():
+	try:
+		return set_mail_quota(request.form.get('email', ''), request.form.get('quota'), env)
 	except ValueError as e:
 		return (str(e), 400)

--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -19,8 +19,11 @@
 # Python 3 in setup/questions.sh to validate the email
 # address entered by the user.

-import subprocess, shutil, os, sqlite3, re, ldap3, uuid, hashlib
-import utils, backend
+import os, sqlite3, re
+import subprocess
+import ldap3, uuid, hashlib, backend
+
+import utils
 from email_validator import validate_email as validate_email_, EmailNotValidError
 import idna
 import socket
@@ -283,6 +286,18 @@ def get_mail_users(env, as_map=False, map_by="maildrop"):
 		return utils.sort_email_addresses(users, env)


+def sizeof_fmt(num):
+	for unit in ['','K','M','G','T']:
+		if abs(num) < 1024.0:
+			if abs(num) > 99:
+				return "%3.0f%s" % (num, unit)
+			else:
+				return "%2.1f%s" % (num, unit)
+
+		num /= 1024.0
+
+	return str(num)
+
 def get_mail_users_ex(env, with_archived=False):
 	# Returns a complex data structure of all user accounts, optionally
 	# including archived (status="inactive") accounts.
@@ -307,20 +322,52 @@ def get_mail_users_ex(env, with_archived=False):
 	users = []
 	active_accounts = set()
 	c = open_database(env)
-	response = c.wait( c.search(env.LDAP_USERS_BASE, "(objectClass=mailUser)", attributes=['mail','maildrop','mailaccess','cn']) )
+	response = c.wait( c.search(env.LDAP_USERS_BASE, "(objectClass=mailUser)", attributes=['mail','maildrop','mailaccess','mailboxQuota','cn']) )

 	for rec in response:
 		#email = rec['maildrop'][0]
 		email = rec['mail'][0]
 		privileges = rec['mailaccess']
+		quota = rec['mailboxQuota'][0] if len(rec['mailboxQuota']>0) else '0'
 		display_name = rec['cn'][0]
 		active_accounts.add(email)
+
+		(user, domain) = email.split('@')
+		box_size = 0
+		box_quota = 0
+		percent = ''
+		try:
+			dirsize_file = os.path.join(env['STORAGE_ROOT'], 'mail/mailboxes/%s/%s/maildirsize' % (domain, user))
+			with open(dirsize_file, 'r') as f:
+				box_quota = int(f.readline().split('S')[0])
+				for line in f.readlines():
+					(size, count) = line.split(' ')
+					box_size += int(size)
+
+			try:
+				percent = (box_size / box_quota) * 100
+			except:
+				percent = 'Error'
+
+		except:
+			box_size = '?'
+			box_quota = '?'
+			percent = '?'
+
+		if quota == '0':
+			percent = ''
+
 		user = {
 			"email": email,
 			"privileges": privileges,
+			"quota": quota,
 			"status": "active",
-			"display_name": display_name
+			"display_name": display_name,
+			"box_quota": box_quota,
+			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
+			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
 		}
+
 		users.append(user)

 	# Add in archived accounts.
@@ -338,6 +385,9 @@ def get_mail_users_ex(env, with_archived=False):
 						"status": "inactive",
 						"mailbox": mbox,
 						"display_name": ""
+                        "box_size": '?',
+                        "box_quota": '?',
+                        "percent": '?',
 					}
 					users.append(user)

@@ -697,12 +747,13 @@ def remove_mail_domain(env, domain_idna, validate=True):
 	return True


-def add_mail_user(email, pw, privs, display_name, env):
+def add_mail_user(email, pw, privs, quota, display_name, env):
 	# Add a new mail user.
 	#
 	# email: the new user's email address (idna)
 	# pw: the new user's password
 	# privs: either an array of privilege strings, or a newline
+	# quota: a string (number | number 'M' | number 'G') or None
 	# separated string of privilege names
 	# display_name: a string with users givenname and surname (eg "Al Woods")
 	#
@@ -735,6 +786,14 @@ def add_mail_user(email, pw, privs, display_name, env):
 		validation = validate_privilege(p)
 		if validation: return validation

+	if quota is None:
+		quota = '0'
+
+	try:
+		quota = validate_quota(quota)
+	except ValueError as e:
+		return (str(e), 400)
+
 	# get the database
 	conn = open_database(env)

@@ -773,6 +832,7 @@ def add_mail_user(email, pw, privs, display_name, env):
 		"maildrop" : email.lower(),
 		"uid" : uid,
 		"mailaccess": privs,
+		"mailboxQuota": quota,
 		"cn": cn,
 		"sn": sn,
 		"shadowLastChange": backend.get_shadowLastChanged()
@@ -805,6 +865,8 @@ def add_mail_user(email, pw, privs, display_name, env):
 	# convert alias's mailMember to member
 	convert_mailMember(env, conn, dn, email)

+	dovecot_quota_recalc(email)
+
 	# Update things in case any new domains are added.
 	if domain_added:
 		return kick(env, return_status)
@@ -867,6 +929,53 @@ def validate_login(email, pw, env):
 		return False


+
+def get_mail_quota(email, env):
+	user = find_mail_user(env, email, ['mailboxQuota'])
+	if user is None:
+		return ("That's not a user (%s)." % email, 400)
+	if len(user['mailboxQuota'])==0:
+		return '0'
+	else:
+		return user['mailboxQuota'][0]
+
+def set_mail_quota(email, quota, env):
+	# validate that password is acceptable
+	quota = validate_quota(quota)
+
+	# update the database
+	conn = open_database(env)
+	user = find_mail_user(env, email, ['mailboxQuota'], conn)
+	if user is None:
+		return ("That's not a user (%s)." % email, 400)
+
+	conn.modify_record(user, { 'mailboxQuota': quota })
+	dovecot_quota_recalc(email)
+	return "OK"
+
+def dovecot_quota_recalc(email):
+	# dovecot processes running for the user will not recognize the new quota setting
+	# a reload is necessary to reread the quota setting, but it will also shut down
+	# running dovecot processes.  Email clients generally log back in when they lose
+	# a connection.
+	# subprocess.call(['doveadm', 'reload'])
+
+	# force dovecot to recalculate the quota info for the user.
+	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
+
+def validate_quota(quota):
+	# validate quota
+	quota = quota.strip().upper()
+
+	if quota == "":
+		raise ValueError("No quota provided.")
+	if re.search(r"[\s,.]", quota):
+		raise ValueError("Quotas cannot contain spaces, commas, or decimal points.")
+	if not re.match(r'^[\d]+[GMK]?$', quota):
+		raise ValueError("Invalid quota.")
+
+	return quota
+
 def get_mail_password(email, env):
 	# Gets the hashed passwords for a user. In ldap, userPassword is
 	# multi-valued and each value can have different hash. This
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -6,6 +6,7 @@
 #user_table .account_inactive .if_active { display: none; }
 #user_table .account_active .if_inactive { display: none; }
 #user_table .account_active.if_inactive { display: none; }
+.row-center { text-align: center; }
 </style>

 <h3>Add a mail user</h3>
@@ -31,11 +32,13 @@
    </select>
  </div>
  <div class="form-group">
+    <label class="sr-only" for="adduserQuota">Quota</label>
+    <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;" value="0">
    <div>Display Name</div>
    <input id="adduserDisplayName" class="form-control" type="text" placeholder="eg: John Smith">
  </div>
  <div class="text-center">
-    <div>&nbsp;</div>    
+    <div>&nbsp;</div>
    <button type="submit" class="btn btn-primary">Add User</button>
  </div>
 </form>
@@ -44,13 +47,17 @@
  <li>Use <a href="#aliases">aliases</a> to create email addresses that forward to existing accounts.</li>
  <li>Administrators get access to this control panel.</li>
  <li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#aliases">aliases</a> can.</li>
+  <li>Quotas may not contain any spaces, commas or decimal points. Suffixes of G (gigabytes) and M (megabytes) are allowed.  For unlimited storage enter 0 (zero)</li>
 </ul>

 <h3>Existing mail users</h3>
 <table id="user_table" class="table" style="width: auto">
  <thead>
    <tr>
-      <th width="50%">Email Address</th>
+      <th width="35%">Email Address</th>
+      <th class="row-center">Size</th>
+      <th class="row-center">Used</th>
+      <th class="row-center">Quota</th>
      <th>Actions</th>
    </tr>
  </thead>
@@ -64,10 +71,21 @@
    <td>
      <span class="address"></span> <span class="display_name_wrapper">(<a class="display_name" href="#" onclick="users_set_displayname(this); return false;" title="Change display name"></a>)</span>
    </td>
+    <td class="box-size row-center"></td>
+    <td class="percent row-center"></td>
+	<td class="quota row-center">
+	</td>
    <td class='actions'>
        <span class='privs'>
        </span>

+        <span class="if_active">
+          <a href="#" onclick="users_set_quota(this); return false;" class='setquota' title="Set Quota">
+              set quota
+          </a>
+          |
+        </span>
+
        <span class="if_active">
          <a href="#" onclick="users_set_password(this); return false;" class='setpw' title="Set Password">
            set password
@@ -108,10 +126,28 @@
 <table class="table" style="margin-top: .5em">
 <thead><th>Verb</th> <th>Action</th><th></th></thead>
 <tr><td>GET</td><td><i>(none)</i></td> <td>Returns a list of existing mail users. Adding <code>?format=json</code> to the URL will give JSON-encoded results.</td></tr>
-<tr><td>POST</td><td>/add</td> <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>.</td></tr>
-<tr><td>POST</td><td>/remove</td> <td>Removes a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>POST</td>
+    <td>/add</td>
+    <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>. Optional parameters: <code>privilege=admin</code> and <code>quota</code></td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/remove</td>
+    <td>Removes a mail user. Required POST-by parameter is <code>email</code>.</td>
+</tr>
 <tr><td>POST</td><td>/privileges/add</td> <td>Used to make a mail user an admin. Required POST-body parameters are <code>email</code> and <code>privilege=admin</code>.</td></tr>
 <tr><td>POST</td><td>/privileges/remove</td> <td>Used to remove the admin privilege from a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>GET</td>
+    <td>/quota</td>
+    <td>Get the quota for a mail user. Required POST-body parameters are <code>email</code> and will return JSON result</td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/quota</td>
+    <td>Set the quota for a mail user. Required POST-body parameters are <code>email</code> and <code>quota</code>.</td>
+</tr>
 </table>

 <h4>Examples:</h4>
@@ -144,7 +180,7 @@ function show_users() {
    function(r) {
      $('#user_table tbody').html("");
      for (var i = 0; i < r.length; i++) {
-        var hdr = $("<tr><th colspan='2' style='background-color: #EEE'></th></tr>");
+        var hdr = $("<tr><th colspan='6' style='background-color: #EEE'></th></tr>");
        hdr.find('th').text(r[i].domain);
        $('#user_table tbody').append(hdr);

@@ -162,7 +198,14 @@ function show_users() {
          n2.addClass("account_" + user.status);

          n.attr('data-email', user.email);
+          n.attr('data-quota', user.quota);
          n.find('.address').text(user.email);
+          n.find('.box-size').text(user.box_size);
+          if (user.box_size == '?') {
+            n.find('.box-size').attr('title', 'Mailbox size is unkown')
+          }
+          n.find('.percent').text(user.percent);
+          n.find('.quota').text((user.quota == '0') ? 'unlimited' : user.quota);
          if (user.status == "inactive") {
            n.find('.display_name_wrapper').text('[archived]');
          }
@@ -197,6 +240,7 @@ function do_add_user() {
  var email = $("#adduserEmail").val();
  var pw = $("#adduserPassword").val();
  var privs = $("#adduserPrivs").val();
+  var quota = $("#adduserQuota").val();
  var display_name = $("#adduserDisplayName").val();
  api(
    "/mail/users/add",
@@ -205,6 +249,7 @@ function do_add_user() {
      email: email,
      password: pw,
      privileges: privs,
+      quota: quota
      display_name: display_name
    },
    function(r) {
@@ -272,6 +317,36 @@ function users_set_displayname(elem) {
      });
 }

+function users_set_quota(elem) {
+    var email = $(elem).parents('tr').attr('data-email');
+    var quota = $(elem).parents('tr').attr('data-quota');
+
+    show_modal_confirm(
+        "Set Quota",
+        $("<p>Set quota for <b>" + email + "</b>?</p>" +
+            "<p>" +
+            "<label for='users_set_quota' style='display: block; font-weight: normal'>Quota:</label>" +
+            "<input type='text' id='users_set_quota' value='" + quota + "'></p>" +
+            "<p><small>Quotas may not contain any spaces or commas.  Suffixes of G (gigabytes) and M (megabytes) are allowed.</small></p>" +
+            "<p><small>For unlimited storage enter 0 (zero)</small></p>"),
+        "Set Quota",
+        function() {
+            api(
+                "/mail/users/quota",
+                "POST",
+                {
+                    email: email,
+                    quota: $('#users_set_quota').val()
+                },
+                function(r) {
+                    show_users();
+                },
+                function(r) {
+                    show_modal_error("Set Quota", r);
+                });
+        });
+}
+
 function users_remove(elem) {
  var email = $(elem).parents('tr').attr('data-email');

@@ -337,7 +412,7 @@ function generate_random_password() {
  var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped
  for (var i = 0; i < 12; i++)
    pw += charset.charAt(Math.floor(Math.random() * charset.length));
-  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr");
+  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></p>");
  return false; // cancel click
 }
 </script>