[fix] Improve the message w.a. when admins tries to create users with a reserved Email Address (Issue 1216) (#553)

* Try to fix issue 1216
* typo
* Update fr.json
* Update en.json
* [typo] When admin create an user
* Update fr.json
* [enh] explanation why admin can't create this mail addresses
* [mod] Improve message

locales/en.json

@@ -255,6 +255,7 @@
     "mail_domain_unknown": "Unknown mail address domain '{domain:s}'",
     "mail_forward_remove_failed": "Unable to remove mail forward '{mail:s}'",
     "mailbox_used_space_dovecot_down": "Dovecot mailbox service need to be up, if you want to get mailbox used space",
+    "mail_unavailable": "This email address is reserved and shall be automatically allocated to the very first user",
     "maindomain_change_failed": "Unable to change the main domain",
     "maindomain_changed": "The main domain has been changed",
     "migrate_tsig_end": "Migration to hmac-sha512 finished",

src/yunohost/user.py

@@ -127,6 +127,17 @@ def user_create(operation_logger, auth, username, firstname, lastname, mail, pas
     all_existing_usernames = {x.pw_name for x in pwd.getpwall()}
     if username in all_existing_usernames:
         raise MoulinetteError(errno.EEXIST, m18n.n('system_username_exists'))
+        
+    main_domain = _get_maindomain()
+    aliases = [
+        'root@' + main_domain,
+        'admin@' + main_domain,
+        'webmaster@' + main_domain,
+        'postmaster@' + main_domain,
+    ]
+    
+    if mail in aliases:
+        raise MoulinetteError(errno.EEXIST,m18n.n('mail_unavailable'))    
 
     # Check that the mail domain exists
     if mail.split("@")[1] not in domain_list(auth)['domains']:
@@ -166,13 +177,6 @@ def user_create(operation_logger, auth, username, firstname, lastname, mail, pas
 
     # If it is the first user, add some aliases
     if not auth.search(base='ou=users,dc=yunohost,dc=org', filter='uid=*'):
-        main_domain = _get_maindomain()
-        aliases = [
-            'root@' + main_domain,
-            'admin@' + main_domain,
-            'webmaster@' + main_domain,
-            'postmaster@' + main_domain,
-        ]
         attr_dict['mail'] = [attr_dict['mail']] + aliases
 
         # If exists, remove the redirection from the SSO
@@ -306,11 +310,21 @@ def user_update(operation_logger, auth, username, firstname=None, lastname=None,
         new_attr_dict['userPassword'] = _hash_user_password(change_password)
 
     if mail:
+        main_domain = _get_maindomain()
+        aliases = [
+            'root@' + main_domain,
+            'admin@' + main_domain,
+            'webmaster@' + main_domain,
+            'postmaster@' + main_domain,
+        ]
         auth.validate_uniqueness({'mail': mail})
         if mail[mail.find('@') + 1:] not in domains:
             raise MoulinetteError(errno.EINVAL,
                                   m18n.n('mail_domain_unknown',
                                          domain=mail[mail.find('@') + 1:]))
+        if mail in aliases:
+            raise MoulinetteError(errno.EEXIST,m18n.n('mail_unavailable'))
+            
         del user['mail'][0]
         new_attr_dict['mail'] = [mail] + user['mail']