Compare commits

..

2 Commits

Author SHA1 Message Date
hyzen
483b995270 Fix: uninstall.sh broke mail accounts connectivity 2026-06-19 14:09:22 +02:00
hyzen
e5e37b6b6e Fix: xmpp account for usernames with capital letters 2026-06-19 13:56:47 +02:00
2 changed files with 28 additions and 45 deletions

View File

@@ -499,9 +499,10 @@ if ($action === 'signup') {
// Regenerate session after successful signup (#5) // Regenerate session after successful signup (#5)
session_regenerate_id(true); session_regenerate_id(true);
// Create XMPP account // Create XMPP account (JID localparts are lowercased per XMPP convention)
if (!create_xmpp_account($username, $password)) { $xmpp_username = strtolower($username);
error_log("XMPP account creation failed for new user: {$username}"); if (!create_xmpp_account($xmpp_username, $password)) {
error_log("XMPP account creation failed for new user: {$xmpp_username}");
// Don't fail the signup — user account exists, XMPP can be fixed manually // Don't fail the signup — user account exists, XMPP can be fixed manually
} }
@@ -529,9 +530,9 @@ if ($action === 'signup') {
"Hi {$username},\n\n" . "Hi {$username},\n\n" .
"Welcome aboard!\n\n" . "Welcome aboard!\n\n" .
"Thank you for signing up.\n\n" . "Thank you for signing up.\n\n" .
"Your credentials:\n\n" . "Your credentials for services:\n\n" .
"XMPP JID: {$username}@freedoms4.org\n" . "XMPP JID: {$xmpp_username}@freedoms4.org\n" .
"Email ID: {$username}@freedoms4.org\n\n" . "Email ID: {$username}@freedoms4.org\n" .
"Passwords: Use the same password that you used during registration.\n\n" . "Passwords: Use the same password that you used during registration.\n\n" .
"If you have any questions, I'm here to help:\n" . "If you have any questions, I'm here to help:\n" .
"Email <mailto:hyzen@freedoms4.org> and XMPP <xmpp:hyzen@freedoms4.org>: hyzen@freedoms4.org\n" . "Email <mailto:hyzen@freedoms4.org> and XMPP <xmpp:hyzen@freedoms4.org>: hyzen@freedoms4.org\n" .

View File

@@ -20,11 +20,11 @@ fi
echo "" echo ""
echo -e "${BLUE}================================================${NC}" echo -e "${BLUE}================================================${NC}"
echo -e "${BLUE} freedoms4 uninstall (keeps DB + email accounts)${NC}" echo -e "${BLUE} freedoms4 uninstall (keeps DB + mail working)${NC}"
echo -e "${BLUE}================================================${NC}" echo -e "${BLUE}================================================${NC}"
echo "" echo ""
warn "This removes deployed files and config only." warn "This removes deployed API/nginx files and config only."
warn "Database, email accounts, and mailboxes are preserved." warn "Database, email accounts, mailboxes, and mail client auth are preserved."
echo "" echo ""
# ── 1. Stop php-fpm to release DB connections ── # ── 1. Stop php-fpm to release DB connections ──
@@ -50,42 +50,17 @@ rm -f /usr/local/bin/email-account-create
rm -f /etc/sudoers.d/email-account-create rm -f /etc/sudoers.d/email-account-create
success "email-account-create removed." success "email-account-create removed."
# ── 5. Undo Dovecot passwd-file auth config ── # ── 5. Dovecot auth config: left untouched ──
# NOTE: /var/dovecot/users and /var/vmail are intentionally preserved. # Mail clients must keep working after uninstall, so the auth-passwdfile
info "Reverting Dovecot auth config (preserving user accounts and mailboxes)..." # config in /etc/dovecot/conf.d/10-auth.conf is intentionally NOT reverted.
sed -i '/auth-passwdfile/d' /etc/dovecot/conf.d/10-auth.conf info "Leaving Dovecot auth config untouched (mail clients keep working)..."
cat > /etc/dovecot/conf.d/auth-passwdfile.conf.ext << 'DOVECOT' success "Dovecot config left as-is — existing accounts can still log in."
# passdb and userdb for virtual users — managed by full-setup.sh
# (currently inactive; run full-setup.sh to re-enable)
DOVECOT
rm -f /etc/dovecot/conf.d/99-postfix-auth.conf
systemctl reload dovecot
success "Dovecot config reverted (accounts and mailboxes untouched)."
# ── 6. Undo Postfix SASL and virtual mailbox config ── # ── 6. Postfix SASL / virtual mailbox config: left untouched ──
info "Reverting Postfix config..." # Reverting this previously broke client SMTP auth and mail delivery for
# already-created accounts, so it's intentionally skipped here.
# Use postconf -X to fully remove parameters rather than set them empty. info "Leaving Postfix SASL and virtual transport config untouched..."
postconf -X transport_maps success "Postfix config left as-is — existing accounts keep sending/receiving mail."
postconf -X dovecot_destination_recipient_limit
postconf -X local_recipient_maps
postconf -X smtpd_sasl_type
postconf -X smtpd_sasl_path
postconf -e "smtpd_sasl_auth_enable = no"
postconf -X smtpd_sasl_security_options
postconf -X smtpd_sasl_local_domain
postconf -e "broken_sasl_auth_clients = no"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination"
# Remove the dovecot pipe transport block from master.cf
sed -i '/^dovecot[[:space:]]*unix.*pipe/,/argv=\/usr\/lib\/dovecot\//d' /etc/postfix/master.cf 2>/dev/null || true
# NOTE: /etc/postfix/virtual_transport and its .db are preserved so that
# existing site-created email accounts retain their routing entries when
# full-setup.sh re-enables transport_maps.
success "Postfix config reverted — system users (hyzen etc.) unaffected."
systemctl reload postfix
# ── 7. Restart php-fpm ── # ── 7. Restart php-fpm ──
info "Restarting php8.2-fpm..." info "Restarting php8.2-fpm..."
@@ -103,6 +78,13 @@ echo " - /var/dovecot/users (virtual email accounts)"
echo " - /var/vmail (mailboxes)" echo " - /var/vmail (mailboxes)"
echo " - /etc/postfix/virtual_transport (routing entries)" echo " - /etc/postfix/virtual_transport (routing entries)"
echo " - vmail system user" echo " - vmail system user"
echo " - Dovecot auth-passwdfile config (clients can still log in)"
echo " - Postfix SASL + virtual transport config (mail still sends/receives)"
echo "" echo ""
echo " Run full-setup.sh again to redeploy without losing any data." echo " Removed:"
echo " - API dir (/var/www/freedoms4), env file (/etc/freedoms4)"
echo " - Nginx site for backend.freedoms4.org"
echo " - email-account-create wrapper + sudoers rule (no new accounts via signup)"
echo ""
echo " Run full-setup.sh again to redeploy the API/signup flow."
echo "" echo ""