Compat with Modoboa 2.4.0

2025-07-03 10:43:07 +02:00
parent 5fe3e49b9a
commit 53669b48de
12 changed files with 50 additions and 66 deletions
--- a/modoboa_installer/compatibility_matrix.py
+++ b/modoboa_installer/compatibility_matrix.py
@@ -32,5 +32,8 @@ REMOVED_EXTENSIONS = {
    "modoboa-dmarc": "2.1.0",
    "modoboa-imap-migration": "2.1.0",
    "modoboa-sievefilters": "2.3.0",
-    "modoboa-postfix-autoreply": "2.3.0"
+    "modoboa-postfix-autoreply": "2.3.0",
    "modoboa-contacts": "2.4.0",
    "modoboa-radicale": "2.4.0",
    "modoboa-webmail": "2.4.0",
 }
--- a/modoboa_installer/config_dict_template.py
+++ b/modoboa_installer/config_dict_template.py
@@ -187,11 +187,7 @@ ConfigDictTemplate = [
            },
            {
                "option": "extensions",
-                "default": (
+                "default": ""
                    "modoboa-amavis "
                    "modoboa-webmail modoboa-contacts "
                    "modoboa-radicale"
                ),
            },
            {
                "option": "devmode",
@@ -303,10 +299,6 @@ ConfigDictTemplate = [
                "option": "postmaster_address",
                "default": "postmaster@%(domain)s",
            },
            {
                "option": "radicale_auth_socket_path",
                "default": "/var/run/dovecot/auth-radicale"
            },
        ]
    },
    {
@@ -409,7 +401,7 @@ ConfigDictTemplate = [
            },
            {
                "option": "nb_processes",
-                "default": "2",
+                "default": "4",
            },
        ]
    },
--- a/modoboa_installer/scripts/backup.py
+++ b/modoboa_installer/scripts/backup.py
@@ -142,7 +142,7 @@ class Backup:
        """
        Custom config :
        - DKIM keys: {{keys_storage_dir}}
-        - Radicale collection (calendat, contacts): {{home_dir}}
+        - Radicale collection (calendars, contacts): {{home_dir}}
        - Amavis : /etc/amavis/conf.d/99-custom
        - Postwhite : /etc/postwhite.conf
        Feel free to suggest to add others!
--- a/modoboa_installer/scripts/dovecot.py
+++ b/modoboa_installer/scripts/dovecot.py
@@ -72,24 +72,6 @@ class Dovecot(base.Installer):
            "dovecot-core", "create-ssl-cert", "boolean", "false")
        super().install_packages()
    def create_oauth2_app(self):
        """Create a application for Oauth2 authentication."""
        # FIXME: how can we check that application already exists ?
        venv_path = self.config.get("modoboa", "venv_path")
        python_path = os.path.join(venv_path, "bin", "python")
        instance_path = self.config.get("modoboa", "instance_path")
        script_path = os.path.join(instance_path, "manage.py")
        client_id = "dovecot"
        client_secret = str(uuid.uuid4())
        cmd = (
            f"{python_path} {script_path} createapplication "
            f"--name=Dovecot --skip-authorization "
            f"--client-id={client_id} --client-secret={client_secret} "
            f"confidential client-credentials"
        )
        utils.exec_cmd(cmd)
        return client_id, client_secret
    def get_template_context(self):
        """Additional variables."""
        context = super().get_template_context()
@@ -113,7 +95,8 @@ class Dovecot(base.Installer):
            # Protocols are automatically guessed on debian/ubuntu
            protocols = ""
-        oauth2_client_id, oauth2_client_secret = self.create_oauth2_app()
+        oauth2_client_id, oauth2_client_secret = utils.create_oauth2_app(
            "Dovecot", "dovecot", self.config)
        hostname = self.config.get("general", "hostname")
        oauth2_introspection_url = (
            f"https://{oauth2_client_id}:{oauth2_client_secret}"
@@ -132,9 +115,6 @@ class Dovecot(base.Installer):
            "protocols": protocols,
            "ssl_protocols": ssl_protocols,
            "ssl_protocol_parameter": ssl_protocol_parameter,
            "radicale_user": self.config.get("radicale", "user"),
            "radicale_auth_socket_path": os.path.basename(
                self.config.get("dovecot", "radicale_auth_socket_path")),
            "modoboa_2_2_or_greater": "" if self.modoboa_2_2_or_greater else "#",
            "not_modoboa_2_2_or_greater": "" if not self.modoboa_2_2_or_greater else "#",
            "oauth2_introspection_url": oauth2_introspection_url
--- a/modoboa_installer/scripts/files/dovecot/conf.d/10-master.conf.tpl
+++ b/modoboa_installer/scripts/files/dovecot/conf.d/10-master.conf.tpl
@@ -131,13 +131,6 @@ service auth {
    group = postfix
  }
  # Radicale auth
  %{radicale_enabled}unix_listener %{radicale_auth_socket_path} {
  %{radicale_enabled}  mode = 0666
  %{radicale_enabled}  user = %{radicale_user}
  %{radicale_enabled}  group = %{radicale_user}
  %{radicale_enabled}}
  # Auth process is run as this user.
  #user = $default_internal_user
 }
--- a/modoboa_installer/scripts/files/nginx/modoboa.conf.tpl
+++ b/modoboa_installer/scripts/files/nginx/modoboa.conf.tpl
@@ -37,7 +37,13 @@ server {
        try_files $uri $uri/ =404;
    }
-    location ^~ /new-admin {
+    location ~ ^/(api|accounts) {
        include uwsgi_params;
        uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
        uwsgi_pass modoboa;
    }
    location / {
        alias  %{app_instance_path}/frontend/;
        index  index.html;
@@ -48,10 +54,5 @@ server {
        try_files $uri $uri/ /index.html = 404;
    }
    location / {
        include uwsgi_params;
        uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
        uwsgi_pass modoboa;
    }
    %{extra_config}
 }
--- a/modoboa_installer/scripts/files/postfix/master.cf.tpl
+++ b/modoboa_installer/scripts/files/postfix/master.cf.tpl
@@ -124,11 +124,6 @@ mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
 # Modoboa autoreply service
 #
 autoreply unix        -       n       n       -       -       pipe
  flags= user=%{dovecot_mailboxes_owner}:%{dovecot_mailboxes_owner} argv=%{modoboa_venv_path}/bin/python %{modoboa_instance_path}/manage.py autoreply $sender $mailbox
 # Amavis return path
 #
 %{amavis_enabled}127.0.0.1:10025 inet n    -       n       -       -     smtpd 
--- a/modoboa_installer/scripts/files/radicale/config.tpl
+++ b/modoboa_installer/scripts/files/radicale/config.tpl
@@ -71,7 +71,7 @@
 # Authentication method
 # Value: none | htpasswd | remote_user | http_x_remote_user
-type = dovecot
+type = radicale_modoboa_auth_oauth2
 # Htpasswd filename
 # htpasswd_filename = users
@@ -85,7 +85,7 @@ type = dovecot
 # Incorrect authentication delay (seconds)
 #delay = 1
-dovecot_socket = %{auth_socket_path}
+oauth2_introspection_endpoint = %{oauth2_introspection_url}
 [rights]
--- a/modoboa_installer/scripts/files/uwsgi/modoboa.ini.tpl
+++ b/modoboa_installer/scripts/files/uwsgi/modoboa.ini.tpl
@@ -13,4 +13,5 @@ socket = %uwsgi_socket_path
 chmod-socket = 660
 vacuum = true
 single-interpreter = True
 max-requests = 5000
 buffer-size = 8192
--- a/modoboa_installer/scripts/modoboa.py
+++ b/modoboa_installer/scripts/modoboa.py
@@ -56,9 +56,6 @@ class Modoboa(base.Installer):
                self.amavis_enabled = True
            else:
                self.extensions.remove("modoboa-amavis")
        if "modoboa-radicale" in self.extensions:
            if not self.config.getboolean("radicale", "enabled"):
                self.extensions.remove("modoboa-radicale")
        self.dovecot_enabled = self.config.getboolean("dovecot", "enabled")
        self.opendkim_enabled = self.config.getboolean("opendkim", "enabled")
        self.dkim_cron_enabled = False
@@ -243,8 +240,6 @@ class Modoboa(base.Installer):
            ),
            "dovecot_mailboxes_owner": (
                self.config.get("dovecot", "mailboxes_owner")),
            "radicale_enabled": (
                "" if "modoboa-radicale" in extensions else "#"),
            "opendkim_user": self.config.get("opendkim", "user"),
            "minutes": random.randint(1, 59),
            "hours": f"{random_hour},{random_hour+12}",
@@ -276,7 +271,7 @@ class Modoboa(base.Installer):
            "pdfcredentials": {
                "storage_dir": pdf_storage_dir
            },
-            "modoboa_radicale": {
+            "calendars": {
                "server_location": "https://{}/radicale/".format(
                    self.config.get("general", "hostname")),
                "rights_file_path": "{}/rights".format(
--- a/modoboa_installer/scripts/radicale.py
+++ b/modoboa_installer/scripts/radicale.py
@@ -33,7 +33,7 @@ class Radicale(base.Installer):
        """Prepare a dedicated virtualenv."""
        python.setup_virtualenv(self.venv_path, sudo_user=self.user)
        packages = [
-            "Radicale", "pytz"
+            "Radicale", "pytz", "radicale-modoboa-auth-oauth2"
        ]
        python.install_packages(packages, self.venv_path, sudo_user=self.user)
        python.install_package_from_repository(
@@ -43,17 +43,22 @@ class Radicale(base.Installer):
    def get_template_context(self):
        """Additional variables."""
-        context = super(Radicale, self).get_template_context()
+        context = super().get_template_context()
-        radicale_auth_socket_path = self.config.get(
+        oauth2_client_id, oauth2_client_secret = utils.create_oauth2_app(
-            "dovecot", "radicale_auth_socket_path")
+            "Radicale", "radicale", self.config)
        hostname = self.config.get("general", "hostname")
        oauth2_introspection_url = (
            f"https://{oauth2_client_id}:{oauth2_client_secret}"
            f"@{hostname}/api/o/introspect/"
        )
        context.update({
-            "auth_socket_path": radicale_auth_socket_path
+            "oauth2_introspection_url": oauth2_introspection_url,
        })
        return context
    def get_config_files(self):
        """Return appropriate path."""
-        config_files = super(Radicale, self).get_config_files()
+        config_files = super().get_config_files()
        if package.backend.FORMAT == "deb":
            path = "supervisor=/etc/supervisor/conf.d/radicale.conf"
        else:
--- a/modoboa_installer/utils.py
+++ b/modoboa_installer/utils.py
@@ -12,6 +12,7 @@ import stat
 import string
 import subprocess
 import sys
 import uuid
 try:
    import configparser
 except ImportError:
@@ -485,3 +486,21 @@ def validate_backup_path(path: str, silent_mode: bool):
        mkdir_safe(os.path.join(backup_path, dir),
                   stat.S_IRWXU | stat.S_IRWXG, pw[2], pw[3])
    return backup_path
 def create_oauth2_app(app_name: str, client_id: str, config) -> tuple[str, str]:
    """Create a application for Oauth2 authentication."""
    # FIXME: how can we check that application already exists ?
    venv_path = config.get("modoboa", "venv_path")
    python_path = os.path.join(venv_path, "bin", "python")
    instance_path = config.get("modoboa", "instance_path")
    script_path = os.path.join(instance_path, "manage.py")
    client_secret = str(uuid.uuid4())
    cmd = (
        f"{python_path} {script_path} createapplication "
        f"--name={app_name} --skip-authorization "
        f"--client-id={client_id} --client-secret={client_secret} "
        f"confidential client-credentials"
    )
    exec_cmd(cmd)
    return client_id, client_secret