Fixing manual registration problems

* Properly register names during registration time, instead of
  verification
* Added SMTP setup

Author: dutow

app/controllers/registrations_controller.rb

@@ -14,10 +14,12 @@ def create
       return redirect_to registration_path, alert: "Username and password are required."
     end
 
-    if User.exists?(username: username)
-      return redirect_to registration_path, alert: "Username is already taken."
+    if password != password_confirmation
+      return redirect_to registration_path, alert: "Password confirmation does not match."
     end
 
+    password_digest = BCrypt::Password.create(password)
+
     purpose = 'register'
     ttl = 1.hour
     token, raw = UserToken.issue!(
@@ -27,11 +29,17 @@ def create
       metadata: {
         name: name,
         username: username,
-        password: password,
-        password_confirmation: password_confirmation
+        password_digest: password_digest
       }.to_json
     )
 
+    begin
+      NameReservation.reserve!(name: username, owner: token)
+    rescue ActiveRecord::RecordInvalid
+      token.destroy
+      return redirect_to registration_path, alert: "Username is already taken."
+    end
+
     UserMailer.verification_email(token, raw).deliver_later
     redirect_to root_path, notice: 'Verification email sent. Please check your inbox.'
   end

app/controllers/verifications_controller.rb

@@ -21,7 +21,6 @@ def show
 
   def handle_register(token)
     existing_aliases = Alias.by_email(token.email)
-    # If email already linked to another user, block registration
     if existing_aliases.where.not(user_id: nil).exists?
       return redirect_to new_session_path, alert: 'This email is already claimed. Please sign in.'
     end
@@ -30,27 +29,34 @@ def handle_register(token)
     metadata = JSON.parse(token.metadata || '{}') rescue {}
     desired_username = metadata['username']
     user.username = desired_username
-    if metadata['password'].present?
-      user.password = metadata['password']
-      user.password_confirmation = metadata['password_confirmation']
+    if metadata['password_digest'].present?
+      user.password_digest = metadata['password_digest']
     end
-    begin
+
+    ActiveRecord::Base.transaction do
       user.save!(context: :registration)
-    rescue ActiveRecord::RecordNotUnique, ActiveRecord::RecordInvalid => e
-      if e.message =~ /username/i
-        return redirect_to new_registration_path, alert: "Username is already taken."
+
+      reservation = NameReservation.find_by(
+        owner_type: 'UserToken',
+        owner_id: token.id,
+        name: NameReservation.normalize(desired_username)
+      )
+      if reservation
+        reservation.update!(owner_type: 'User', owner_id: user.id)
       else
-        raise
+        begin
+          NameReservation.reserve!(name: desired_username, owner: user)
+        rescue ActiveRecord::RecordInvalid
+          raise ActiveRecord::RecordInvalid.new(user), "Username is already taken."
+        end
       end
     end
 
     if existing_aliases.exists?
       existing_aliases.update_all(user_id: user.id, verified_at: Time.current)
-      # Ensure one primary alias
       primary = existing_aliases.find_by(primary_alias: true) || existing_aliases.first
       primary.update!(primary_alias: true)
     else
-      # Use provided name if any
       name = metadata['name'] || token.email
       Alias.create!(user: user, name: name, email: token.email, primary_alias: true, verified_at: Time.current)
     end
@@ -63,7 +69,6 @@ def handle_register(token)
   def handle_add_alias(token)
     require_authentication
     email = token.email
-    # Block if email belongs to another active user
     if Alias.by_email(email).where.not(user_id: [nil, current_user.id]).exists?
       return redirect_to settings_path, alert: 'Email is linked to another account. Delete that account first to release it.'
     end

app/models/user_token.rb

@@ -9,6 +9,8 @@ class UserToken < ApplicationRecord
 
   scope :unconsumed, -> { where(consumed_at: nil) }
 
+  after_destroy :release_name_reservation
+
   def consumed?
     consumed_at.present?
   end
@@ -47,4 +49,14 @@ def self.consume!(raw, purpose: nil)
   def self.digest(raw)
     OpenSSL::Digest::SHA256.hexdigest(raw)
   end
+
+  def self.cleanup_expired!(older_than: 1.day)
+    where('expires_at < ? OR consumed_at < ?', older_than.ago, older_than.ago).destroy_all
+  end
+
+  private
+
+  def release_name_reservation
+    NameReservation.release_for(self)
+  end
 end

config/environments/production.rb

@@ -55,21 +55,31 @@
   config.active_job.queue_adapter = :solid_queue
   config.solid_queue.connects_to = { database: { writing: :queue } }
 
-  # Ignore bad email addresses and do not raise email delivery errors.
-  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
-  # config.action_mailer.raise_delivery_errors = false
+  # Raise delivery errors in production
+  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.delivery_method = :smtp
 
   # Set host to be used by links generated in mailer templates.
-  config.action_mailer.default_url_options = { host: "example.com" }
-
-  # Specify outgoing SMTP server. Remember to add smtp/* credentials via rails credentials:edit.
-  # config.action_mailer.smtp_settings = {
-  #   user_name: Rails.application.credentials.dig(:smtp, :user_name),
-  #   password: Rails.application.credentials.dig(:smtp, :password),
-  #   address: "smtp.example.com",
-  #   port: 587,
-  #   authentication: :plain
-  # }
+  config.action_mailer.default_url_options = {
+    host: ENV.fetch("APP_HOST", "example.com"),
+    protocol: "https"
+  }
+
+  # Default from address for all mailers
+  config.action_mailer.default_options = {
+    from: ENV.fetch("MAIL_FROM", "noreply@example.com")
+  }
+
+  # SMTP server configuration
+  config.action_mailer.smtp_settings = {
+    address: ENV.fetch("SMTP_ADDRESS", "mail"),
+    port: ENV.fetch("SMTP_PORT", "587").to_i,
+    domain: ENV.fetch("SMTP_DOMAIN", "example.com"),
+    # No authentication needed for internal mail server
+    authentication: nil,
+    enable_starttls_auto: false,
+    openssl_verify_mode: "none"
+  }
 
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).

deploy/.env.example

@@ -28,3 +28,20 @@ GOOGLE_REDIRECT_URI=https://hackorum.example.com/auth/google_oauth2/callback
 
 # Hostname for Caddy (update deploy/Caddyfile too)
 APP_HOST=hackorum.example.com
+
+# Mail configuration
+MAIL_DOMAIN=example.com
+MAIL_HOSTNAME=mail.example.com
+MAIL_FROM=noreply@example.com
+DKIM_SELECTOR=mail
+
+# Optional: Use a relay host (e.g., SendGrid, Mailgun) instead of direct sending
+# This is recommended for better deliverability
+# MAIL_RELAYHOST=[smtp.sendgrid.net]:587
+# MAIL_RELAYHOST_USERNAME=apikey
+# MAIL_RELAYHOST_PASSWORD=your-sendgrid-api-key
+
+# SMTP settings for Rails
+SMTP_ADDRESS=mail
+SMTP_PORT=587
+SMTP_DOMAIN=example.com

deploy/docker-compose.yml

@@ -102,6 +102,54 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
     restart: unless-stopped
 
+  mail:
+    image: boky/postfix:latest
+    hostname: ${MAIL_HOSTNAME:-mail.example.com}
+    environment:
+      # Domain from which emails will be sent
+      ALLOWED_SENDER_DOMAINS: ${MAIL_DOMAIN:-example.com}
+
+      # Relay host (leave empty for direct sending, or use a relay like SendGrid/Mailgun)
+      # RELAYHOST: ${MAIL_RELAYHOST:-}
+      # RELAYHOST_USERNAME: ${MAIL_RELAYHOST_USERNAME:-}
+      # RELAYHOST_PASSWORD: ${MAIL_RELAYHOST_PASSWORD:-}
+
+      # DKIM signing
+      DKIM_SELECTOR: ${DKIM_SELECTOR:-mail}
+      DKIM_AUTOGENERATE: "true"
+
+      # Logging
+      LOG_LEVEL: ${MAIL_LOG_LEVEL:-info}
+
+      # Override from address (optional, for testing)
+      # OVERWRITE_FROM: ${MAIL_OVERWRITE_FROM:-}
+
+      # TLS configuration
+      TLS: "true"
+
+      # Allow localhost relay (for the web container)
+      ALLOW_EMPTY_SENDER_DOMAINS: "false"
+
+      # Message size limit (default 10MB)
+      MESSAGE_SIZE_LIMIT: ${MAIL_MESSAGE_SIZE_LIMIT:-10240000}
+    volumes:
+      # Persist DKIM keys
+      - mail_dkim:/etc/opendkim/keys
+      # Persist mail queue
+      - mail_spool:/var/spool/postfix
+    expose:
+      - "587"  # Submission port (for authenticated clients)
+    ports:
+      - "25:25"   # SMTP port (for receiving mail)
+    healthcheck:
+      test: ["CMD-SHELL", "postfix status || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+    labels:
+      autoheal: "true"
+
   psql:
     image: postgres:18
     entrypoint: ["psql", "postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-hackorum}"]
@@ -117,3 +165,5 @@ volumes:
   pgbackups:
   caddy_data:
   caddy_config:
+  mail_dkim:
+  mail_spool:

deploy/get-dkim-key.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# Script to extract DKIM public key from the mail container
+# Run this after starting the mail service for the first time
+
+set -e
+
+echo "==================================================================="
+echo "DKIM Public Key for DNS Configuration"
+echo "==================================================================="
+echo ""
+echo "Retrieving DKIM key from mail container..."
+echo ""
+
+# Try to get the DKIM key
+KEY=$(docker compose exec -T mail cat /etc/opendkim/keys/mail.txt 2>/dev/null || \
+      docker compose exec -T mail sh -c 'cat /etc/opendkim/keys/*.txt' 2>/dev/null || \
+      echo "ERROR: Could not retrieve DKIM key")
+
+if [[ "$KEY" == "ERROR:"* ]]; then
+    echo "❌ Failed to retrieve DKIM key!"
+    echo ""
+    echo "Make sure the mail container is running:"
+    echo "  docker compose ps mail"
+    echo ""
+    echo "Check mail container logs:"
+    echo "  docker compose logs mail"
+    exit 1
+fi
+
+echo "Raw key file content:"
+echo "-------------------------------------------------------------------"
+echo "$KEY"
+echo "-------------------------------------------------------------------"
+echo ""
+
+# Extract the DNS record value (remove line breaks, quotes, and extra spaces)
+DNS_VALUE=$(echo "$KEY" | grep -v "^;" | tr -d '\n' | sed 's/.*TXT[[:space:]]*(//' | sed 's/[[:space:]]*)[[:space:]]*;.*//' | tr -d '"' | sed 's/[[:space:]]\+/ /g' | xargs)
+
+echo "DNS Record to add:"
+echo "-------------------------------------------------------------------"
+echo "Type: TXT"
+echo "Name: mail._domainkey"
+echo "Value: $DNS_VALUE"
+echo "TTL: 3600"
+echo "-------------------------------------------------------------------"
+echo ""
+echo "✅ Copy the 'Value' line above and add it to your DNS provider"
+echo ""
+echo "Note: The selector 'mail' must match your DKIM_SELECTOR in .env"
+echo "      If using a different selector, update the Name field accordingly"
+echo ""