self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Code Issues Releases Activity

Remove this insanity since we don't use nginx

Browse Source 
(cherry picked from commit 148c8f9ede)
This commit is contained in:
Florent Daigniere 2024-08-08 10:24:43 +02:00 committed by Mergify
parent 77c7d2f691
commit 00ef3cb950
2 changed files with 5 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
core/admin/mailu/internal/nginx.py
View File

@ -91,20 +91,14 @@ def handle_authentication(headers):
# Authenticated user # Authenticated user
elif method in ['plain', 'login']: elif method in ['plain', 'login']:
is_valid_user = False is_valid_user = False
# According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
# be ASCII and are generally considered ISO8859-1. However when passing
# the password, nginx does not transcode the input UTF string, thus
# we need to manually decode.
raw_user_email = urllib.parse.unquote(headers["Auth-User"])
raw_password = urllib.parse.unquote(headers["Auth-Pass"])
user_email = 'invalid' user_email = 'invalid'
password = 'invalid' password = 'invalid'
try: try:
user_email = raw_user_email.encode("iso8859-1").decode("utf8") user_email = urllib.parse.unquote(headers["Auth-User"])
password = raw_password.encode("iso8859-1").decode("utf8") password = urllib.parse.unquote(headers["Auth-Pass"])
ip = urllib.parse.unquote(headers["Client-Ip"]) ip = urllib.parse.unquote(headers["Client-Ip"])
except: except:
app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}') app.logger.warn(f'Received undecodable user/password from nginx: {headers["Auth-User"]!r}/{headers["Auth-Pass"]!r}')
else: else:
try: try:
user = models.User.query.get(user_email) if '@' in user_email else None user = models.User.query.get(user_email) if '@' in user_email else None

11
core/admin/mailu/internal/views/auth.py
View File

@ -29,7 +29,6 @@ def nginx_authentication():
response.headers['Auth-Status'] = status response.headers['Auth-Status'] = status
response.headers['Auth-Error-Code'] = code response.headers['Auth-Error-Code'] = code
return response return response
raw_password = urllib.parse.unquote(headers['Auth-Pass']) if 'Auth-Pass' in headers else ''
headers = nginx.handle_authentication(flask.request.headers) headers = nginx.handle_authentication(flask.request.headers)
response = flask.Response() response = flask.Response()
for key, value in headers.items(): for key, value in headers.items():
@ -50,14 +49,8 @@ def nginx_authentication():
if not is_port_25: if not is_port_25:
utils.limiter.exempt_ip_from_ratelimits(client_ip) utils.limiter.exempt_ip_from_ratelimits(client_ip)
elif is_valid_user: elif is_valid_user:
password = None password = urllib.parse.unquote(headers['Auth-Pass']) if 'Auth-Pass' in headers else ''
try: utils.limiter.rate_limit_user(username, client_ip, password=password)
password = raw_password.encode("iso8859-1").decode("utf8")
except:
app.logger.warn(f'Received undecodable password for {username} from nginx: {raw_password!r}')
utils.limiter.rate_limit_user(username, client_ip, password=None)
else:
utils.limiter.rate_limit_user(username, client_ip, password=password)
elif not is_from_webmail: elif not is_from_webmail:
utils.limiter.rate_limit_ip(client_ip, username) utils.limiter.rate_limit_ip(client_ip, username)
return response return response