From 34eb54ac398c4c3846645cf79404d8528869891b Mon Sep 17 00:00:00 2001
From: pitilux <100941507+pitilux@users.noreply.github.com>
Date: Sat, 12 Oct 2024 00:34:20 +0200
Subject: [PATCH] fix: Avoid alias being used as regex during dovecot dummy
 account userdb detection (#4222)

Applies alternative approach previously suggested by @polarathene and adds test cases to prevent future regressions
---
 CHANGELOG.md                                  |  1 +
 target/scripts/helpers/accounts.sh            |  3 ++-
 test/config/postfix-virtual.cf                | 10 ++++++++++
 .../parallel/set3/mta/account_management.bats | 20 ++++++++++++++++++-
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 023758e5..28a97c32 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,7 @@ All notable changes to this project will be documented in this file. The format
 - **Dovecot:**
   - Update logwatch `ignore.conf` to exclude Xapian messages about pending documents ([#4060](https://github.com/docker-mailserver/docker-mailserver/pull/4060))
   - `dovecot-fts-xapian` plugin was updated to `1.7.13`, fixing a regression with indexing ([#4095](https://github.com/docker-mailserver/docker-mailserver/pull/4095))
+  - The Dovecot Quota support "dummy account" workaround no longer treats the alias as a regex when checking the Dovecot UserDB ([#4222](https://github.com/docker-mailserver/docker-mailserver/pull/4222))
 - **LDAP:**
   - A previous compatibility fix for OAuth2 in v13.3.1 had not applied the actual LDAP config changes. This has been corrected ([#4175](https://github.com/docker-mailserver/docker-mailserver/pull/4175))
 - **Internal:**
diff --git a/target/scripts/helpers/accounts.sh b/target/scripts/helpers/accounts.sh
index 78464b88..8510b6af 100644
--- a/target/scripts/helpers/accounts.sh
+++ b/target/scripts/helpers/accounts.sh
@@ -135,7 +135,8 @@ function _create_dovecot_alias_dummy_accounts() {
       fi
 
       DOVECOT_USERDB_LINE="${ALIAS}:${REAL_ACC[1]}:${DMS_VMAIL_UID}:${DMS_VMAIL_GID}::/var/mail/${REAL_DOMAINNAME}/${REAL_USERNAME}/home::${REAL_ACC[2]:-}"
-      if grep -qi "^${ALIAS}:" "${DOVECOT_USERDB_FILE}"; then
+      # Match a full line with `-xF` to avoid regex patterns introducing false positives matching `ALIAS`:
+      if grep -qixF "${DOVECOT_USERDB_LINE}" "${DOVECOT_USERDB_FILE}"; then
         _log 'warn' "Alias '${ALIAS}' will not be added to '${DOVECOT_USERDB_FILE}' twice"
       else
         echo "${DOVECOT_USERDB_LINE}" >>"${DOVECOT_USERDB_FILE}"
diff --git a/test/config/postfix-virtual.cf b/test/config/postfix-virtual.cf
index 4dec6bbb..88e29fb5 100644
--- a/test/config/postfix-virtual.cf
+++ b/test/config/postfix-virtual.cf
@@ -3,3 +3,13 @@ alias1@localhost.localdomain user1@localhost.localdomain
     # this is also a test comment, :O
 alias2@localhost.localdomain external1@otherdomain.tld
 @localdomain2.com user1@localhost.localdomain
+
+## Dovecot "dummy accounts" for quota support (handled in `helpers/accounts.sh`)
+# Do not filter alias by substring condition (longer prefix must be before substring alias):
+# https://github.com/docker-mailserver/docker-mailserver/issues/2639
+prefixtest@localhost.localdomain user2@otherdomain.tld
+test@localhost.localdomain user2@otherdomain.tld
+# Do not filter alias when input be treated as regex tokens (eg `.`):
+# https://github.com/docker-mailserver/docker-mailserver/issues/4170
+first-name@localhost.localdomain user2@otherdomain.tld
+first.name@localhost.localdomain user2@otherdomain.tld
diff --git a/test/tests/parallel/set3/mta/account_management.bats b/test/tests/parallel/set3/mta/account_management.bats
index f8d5f9de..f0d47968 100644
--- a/test/tests/parallel/set3/mta/account_management.bats
+++ b/test/tests/parallel/set3/mta/account_management.bats
@@ -29,7 +29,12 @@ function teardown_file() { _default_teardown ; }
   assert_line --index 5 'alias1@localhost.localdomain'
   # TODO: Probably not intentional?:
   assert_line --index 6 '@localdomain2.com'
-  _should_output_number_of_lines 7
+  # Dovecot "dummy accounts" for quota support, see `test/config/postfix-virtual.cf` for more context
+  assert_line --index 7 'prefixtest@localhost.localdomain'
+  assert_line --index 8 'test@localhost.localdomain'
+  assert_line --index 9 'first-name@localhost.localdomain'
+  assert_line --index 10 'first.name@localhost.localdomain'
+  _should_output_number_of_lines 11
 
   # Relevant log output from scripts/helpers/accounts.sh:_create_dovecot_alias_dummy_accounts():
   # [  DEBUG  ]  Adding alias 'alias1@localhost.localdomain' for user 'user1@localhost.localdomain' to Dovecot's userdb
@@ -37,6 +42,19 @@ function teardown_file() { _default_teardown ; }
   # [  DEBUG  ]  Adding alias '@localdomain2.com' for user 'user1@localhost.localdomain' to Dovecot's userdb
 }
 
+# Dovecot "dummy accounts" for quota support, see `test/config/postfix-virtual.cf` for more context
+@test "should create all dovecot dummy accounts" {
+  run docker logs "${CONTAINER_NAME}"
+  assert_success
+  assert_line --partial "Adding alias 'prefixtest@localhost.localdomain' for user 'user2@otherdomain.tld' to Dovecot's userdb"
+  assert_line --partial "Adding alias 'test@localhost.localdomain' for user 'user2@otherdomain.tld' to Dovecot's userdb"
+  refute_line --partial "Alias 'test@localhost.localdomain' will not be added to '/etc/dovecot/userdb' twice"
+
+  assert_line --partial "Adding alias 'first-name@localhost.localdomain' for user 'user2@otherdomain.tld' to Dovecot's userdb"
+  assert_line --partial "Adding alias 'first.name@localhost.localdomain' for user 'user2@otherdomain.tld' to Dovecot's userdb"
+  refute_line --partial "Alias 'first.name@localhost.localdomain' will not be added to '/etc/dovecot/userdb' twice"
+}
+
 @test "should have created maildir for 'user1@localhost.localdomain'" {
   _run_in_container_bash '[[ -d /var/mail/localhost.localdomain/user1 ]]'
   assert_success