self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-01-20 03:29:50 +02:00
Code Issues Releases Activity

Ensure we have an api_token

Browse Source
This commit is contained in:
Florent Daigniere 2024-04-20 08:46:47 +02:00 committed by GitHub
parent 4837a05c71
commit 2db75921a2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/admin/mailu/api/common.py
View File

@ -25,7 +25,7 @@ def api_token_authorization(func):
abort(429, 'Too many attempts from your IP (rate-limit)' )
if not request.headers.get('Authorization'):
abort(401, 'A valid Authorization header is mandatory')
if (not hmac.compare_digest(request.headers.get('Authorization').removeprefix('Bearer '), v1.api_token)):
if len(v1.api_token) < 4 or not hmac.compare_digest(request.headers.get('Authorization').removeprefix('Bearer '), v1.api_token):
utils.limiter.rate_limit_ip(client_ip)
flask.current_app.logger.warn(f'Invalid API token provided by {client_ip}.')
abort(403, 'Invalid API token')