# Add runtime user store for dynamic provisioning
## Summary
Introduce a runtime user store to allow adding users while the server is running.
## Status (2026-02-03)
- [x] Runtime auth store (`AuthStore`) provides `add_user`, `list_users`, and `authenticate`.
- [x] SMTP/IMAP authentication uses `AuthStore`; HTTP `POST /users` adds users at runtime.
- [x] Auth-disabled semantics preserved (`AuthConfig::disabled()` / `ELEKTROMAIL_AUTH_DISABLED`).
- [x] Add an explicit `UserStore` trait (current implementation is a concrete `AuthStore`).
- [x] Tests: runtime add-user login flow and concurrent auth test.
- [x] Docs: update `README.md` user provisioning section for runtime add.
## Motivation
GreenMail’s admin API supports adding users at runtime. Current `AuthConfig` is static and env-driven.
## Scope
- Add a `UserStore` trait with `add_user`, `list_users`, `authenticate`.
- Replace direct `AuthConfig` use in SMTP/IMAP with a shared store.
- Preserve default user behavior and `ELEKTROMAIL_AUTH_DISABLED` semantics.
## Acceptance Criteria
- Users added at runtime can authenticate immediately via SMTP and IMAP.
- Default `user/pass` behavior remains when no users are configured.
- Auth-disabled mode still accepts any credentials.
- Existing tests using `AuthConfig::disabled()` pass.
## Tests
- Add a test that attempts login before/after adding a user at runtime.
- Add a concurrency test for simultaneous IMAP/SMTP auth.
## Implementation Notes
- Keep the public `ServerConfig` API stable.
- Use `Arc<RwLock<...>>` or similar to avoid global mutex bottlenecks.
## Docs
- Update `README.md` user provisioning section to describe runtime add.