From 1d98604e8826cf256dd05fb878fdab92f8a65b3c Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Mon, 5 Sep 2022 17:39:08 +0200
Subject: [PATCH] admins: moar fixes

---
 .gitlab/ci/test.gitlab-ci.yml           | 2 +-
 src/migrations/0026_new_admins_group.py | 5 +++++
 src/tests/test_user-group.py            | 5 +++--
 src/tools.py                            | 5 +++--
 src/user.py                             | 5 +++--
 5 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/.gitlab/ci/test.gitlab-ci.yml b/.gitlab/ci/test.gitlab-ci.yml
index 519ae427a..d7ccbc807 100644
--- a/.gitlab/ci/test.gitlab-ci.yml
+++ b/.gitlab/ci/test.gitlab-ci.yml
@@ -34,7 +34,7 @@ full-tests:
     PYTEST_ADDOPTS: "--color=yes"
   before_script:
     - *install_debs
-    - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace
+    - yunohost tools postinstall -d domain.tld -u syssa -f Syssa -l Mine -p the_password --ignore-dyndns --force-diskspace
   script:
     - python3 -m pytest --cov=yunohost tests/ src/tests/ src/diagnosers/ --junitxml=report.xml
     - cd tests
diff --git a/src/migrations/0026_new_admins_group.py b/src/migrations/0026_new_admins_group.py
index 5601c8bf7..227a30730 100644
--- a/src/migrations/0026_new_admins_group.py
+++ b/src/migrations/0026_new_admins_group.py
@@ -52,6 +52,11 @@ yunohost tools migrations run""",
 
         self.ldap_migration_started = True
 
+        aliases = user_info(new_admin_user).get("mail-aliases", [])
+        old_admin_aliases_to_remove = [alias for alias in aliases if any(alias.startswith(a) for a in ["root@", "admin@", "admins@", "webmaster@", "postmaster@", "abuse@"])]
+
+        user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove)
+
         stuff_to_delete = [
             "cn=admin,ou=sudo",
             "cn=admin",
diff --git a/src/tests/test_user-group.py b/src/tests/test_user-group.py
index 8ef732d61..30bb89162 100644
--- a/src/tests/test_user-group.py
+++ b/src/tests/test_user-group.py
@@ -38,7 +38,7 @@ def setup_function(function):
     global maindomain
     maindomain = _get_maindomain()
 
-    user_create("alice", "Alice", "White", maindomain, "test123Ynh")
+    user_create("alice", "Alice", "White", maindomain, "test123Ynh", admin=True)
     user_create("bob", "Bob", "Snow", maindomain, "test123Ynh")
     user_create("jack", "Jack", "Black", maindomain, "test123Ynh")
 
@@ -79,6 +79,7 @@ def test_list_groups():
     assert "alice" in res
     assert "bob" in res
     assert "jack" in res
+    assert "alice" in res["admins"]["members"]
     for u in ["alice", "bob", "jack"]:
         assert u in res
         assert u in res[u]["members"]
@@ -176,7 +177,7 @@ def test_export_user(mocker):
     result = user_export()
     should_be = (
         "username;firstname;lastname;password;mail;mail-alias;mail-forward;mailbox-quota;groups\r\n"
-        f"alice;Alice;White;;alice@{maindomain};{aliases};;0;dev\r\n"
+        f"alice;Alice;White;;alice@{maindomain};;;0;admins,dev\r\n"
         f"bob;Bob;Snow;;bob@{maindomain};;;0;apps\r\n"
         f"jack;Jack;Black;;jack@{maindomain};;;0;"
     )
diff --git a/src/tools.py b/src/tools.py
index e21dd585d..ccc2b4a32 100644
--- a/src/tools.py
+++ b/src/tools.py
@@ -60,7 +60,7 @@ def tools_versions():
     return ynh_packages_version()
 
 
-def tools_rootpw(new_password):
+def tools_rootpw(new_password, check_strength=True):
 
     from yunohost.user import _hash_user_password
     from yunohost.utils.password import (
@@ -70,7 +70,8 @@ def tools_rootpw(new_password):
     import spwd
 
     assert_password_is_compatible(new_password)
-    assert_password_is_strong_enough("admin", new_password)
+    if check_strength:
+        assert_password_is_strong_enough("admin", new_password)
 
     new_hash = _hash_user_password(new_password)
 
diff --git a/src/user.py b/src/user.py
index 3fabc78c5..3b980e89e 100644
--- a/src/user.py
+++ b/src/user.py
@@ -381,7 +381,7 @@ def user_update(
 
     # Populate user informations
     ldap = _get_ldap_interface()
-    attrs_to_fetch = ["givenName", "sn", "mail", "maildrop"]
+    attrs_to_fetch = ["givenName", "sn", "mail", "maildrop", "memberOf"]
     result = ldap.search(
         base="ou=users",
         filter="uid=" + username,
@@ -425,7 +425,8 @@ def user_update(
 
         # Ensure compatibility and sufficiently complex password
         assert_password_is_compatible(change_password)
-        assert_password_is_strong_enough("user", change_password)    # FIXME FIXME FIXME : gotta use admin profile if user is admin
+        is_admin = "cn=admins,ou=groups,dc=yunohost,dc=org" in result["memberOf"]
+        assert_password_is_strong_enough("admin" if is_admin else "user", change_password)
 
         new_attr_dict["userPassword"] = [_hash_user_password(change_password)]
         env_dict["YNH_USER_PASSWORD"] = change_password