Remove this insanity since we don't use nginx

(cherry picked from commit 148c8f9ede)
2024-12-14 10:53:30 +02:00 · 2024-08-08 10:24:43 +02:00 · 2024-08-08 10:24:43 +02:00 · 00ef3cb950
commit 00ef3cb950
parent 77c7d2f691
2 changed files with 5 additions and 18 deletions
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@ -91,20 +91,14 @@ def handle_authentication(headers):
    # Authenticated user
    elif method in ['plain', 'login']:
        is_valid_user = False
-        # According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
-        # be ASCII and are generally considered ISO8859-1. However when passing
-        # the password, nginx does not transcode the input UTF string, thus
-        # we need to manually decode.
-        raw_user_email = urllib.parse.unquote(headers["Auth-User"])
-        raw_password = urllib.parse.unquote(headers["Auth-Pass"])
        user_email = 'invalid'
        password = 'invalid'
        try:
-            user_email = raw_user_email.encode("iso8859-1").decode("utf8")
-            password = raw_password.encode("iso8859-1").decode("utf8")
+            user_email = urllib.parse.unquote(headers["Auth-User"])
+            password = urllib.parse.unquote(headers["Auth-Pass"])
            ip = urllib.parse.unquote(headers["Client-Ip"])
        except:
-            app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}')
+            app.logger.warn(f'Received undecodable user/password from nginx: {headers["Auth-User"]!r}/{headers["Auth-Pass"]!r}')
        else:
            try:
                user = models.User.query.get(user_email) if '@' in user_email else None
--- a/core/admin/mailu/internal/views/auth.py
+++ b/core/admin/mailu/internal/views/auth.py
@ -29,7 +29,6 @@ def nginx_authentication():
        response.headers['Auth-Status'] = status
        response.headers['Auth-Error-Code'] = code
        return response
-    raw_password = urllib.parse.unquote(headers['Auth-Pass']) if 'Auth-Pass' in headers else ''
    headers = nginx.handle_authentication(flask.request.headers)
    response = flask.Response()
    for key, value in headers.items():
@ -50,14 +49,8 @@ def nginx_authentication():
        if not is_port_25:
            utils.limiter.exempt_ip_from_ratelimits(client_ip)
    elif is_valid_user:
-        password = None
-        try:
-            password = raw_password.encode("iso8859-1").decode("utf8")
-        except:
-            app.logger.warn(f'Received undecodable password for {username} from nginx: {raw_password!r}')
-            utils.limiter.rate_limit_user(username, client_ip, password=None)
-        else:
-            utils.limiter.rate_limit_user(username, client_ip, password=password)
+        password = urllib.parse.unquote(headers['Auth-Pass']) if 'Auth-Pass' in headers else ''
+        utils.limiter.rate_limit_user(username, client_ip, password=password)
    elif not is_from_webmail:
        utils.limiter.rate_limit_ip(client_ip, username)
    return response