external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity

Migrate TOTP secrets

Browse Source
This commit is contained in:
downtownallday 2020-09-15 07:51:27 -04:00
parent b6ba3a054c
commit b3e789a4e2
1 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
setup/migration_13.py
View File

@ -8,7 +8,7 @@
import uuid, os, sqlite3, ldap3, hashlib import uuid, os, sqlite3, ldap3, hashlib
def add_user(env, ldapconn, search_base, users_base, domains_base, email, password, privs, cn=None): def add_user(env, ldapconn, search_base, users_base, domains_base, email, password, privs, totp_secret, totp_mru_token, cn=None):
# Add a sqlite user to ldap # Add a sqlite user to ldap
# env are the environment variables # env are the environment variables
# ldapconn is the bound ldap connection # ldapconn is the bound ldap connection
@ -18,6 +18,8 @@ def add_user(env, ldapconn, search_base, users_base, domains_base, email, passwo
# email is the user's email # email is the user's email
# password is the user's current sqlite password hash # password is the user's current sqlite password hash
# privs is an array of privilege names for the user # privs is an array of privilege names for the user
# totp_secret is the TOTP secret or None
# totp_mru_token is the TOP most recently used token or None
# cn is the user's common name [optional] # cn is the user's common name [optional]
# #
# the email address should be as-is from sqlite (encoded as # the email address should be as-is from sqlite (encoded as
@ -37,6 +39,7 @@ def add_user(env, ldapconn, search_base, users_base, domains_base, email, passwo
uid = m.hexdigest() uid = m.hexdigest()
# Attributes to apply to the new ldap entry # Attributes to apply to the new ldap entry
objectClasses = [ 'inetOrgPerson','mailUser','shadowAccount' ]
attrs = { attrs = {
"mail" : email, "mail" : email,
"maildrop" : email, "maildrop" : email,
@ -73,12 +76,18 @@ def add_user(env, ldapconn, search_base, users_base, domains_base, email, passwo
# Choose a surname for the user (required attribute) # Choose a surname for the user (required attribute)
attrs["sn"] = cn[cn.find(' ')+1:] attrs["sn"] = cn[cn.find(' ')+1:]
# add TOTP, if enabled
if totp_secret:
objectClasses.append('totpUser')
attrs['totpSecret'] = totp_secret
if totp_mru_token:
attrs['totpMruToken'] = totp_mru_token
# Add user # Add user
dn = "uid=%s,%s" % (uid, users_base) dn = "uid=%s,%s" % (uid, users_base)
print("adding user %s" % email) print("adding user %s" % email)
ldapconn.add(dn, ldapconn.add(dn, objectClasses, attrs)
[ 'inetOrgPerson','mailUser','shadowAccount' ],
attrs);
# Create domain entry indicating that we are handling # Create domain entry indicating that we are handling
# mail for that domain # mail for that domain
@ -95,14 +104,24 @@ def add_user(env, ldapconn, search_base, users_base, domains_base, email, passwo
def create_users(env, conn, ldapconn, ldap_base, ldap_users_base, ldap_domains_base): def create_users(env, conn, ldapconn, ldap_base, ldap_users_base, ldap_domains_base):
# iterate through sqlite 'users' table and create each user in # iterate through sqlite 'users' table and create each user in
# ldap. returns a map of email->dn # ldap. returns a map of email->dn
c = conn.cursor()
c.execute("SELECT email,password,privileges from users") try:
c = conn.cursor()
c.execute("select users.email, users.password, users.privileges, totp_credentials.secret, totp_credentials.mru_token from users left join totp_credentials on users.email = totp_credentials.user_email")
except:
# old version of miab
c = conn.cursor()
c.execute("SELECT email, password, privileges, NULL as secret, NULL as mru_token from users")
users = {} users = {}
for row in c: for row in c:
email=row[0] email=row[0]
password=row[1] password=row[1]
privs=row[2] privs=row[2]
dn = add_user(env, ldapconn, ldap_base, ldap_users_base, ldap_domains_base, email, password, privs.split("\n")) totp_secret=row[3]
totp_mru_token=row[4]
dn = add_user(env, ldapconn, ldap_base, ldap_users_base, ldap_domains_base, email, password, privs.split("\n"), totp_secret, totp_mru_token)
users[email] = dn users[email] = dn
return users return users