self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-08-10 22:31:47 +02:00
Code Issues Releases Activity

Ensure we have an api_token

Browse Source
This commit is contained in:
Florent Daigniere
2024-04-20 08:46:47 +02:00
committed by GitHub
parent 4837a05c71
commit 2db75921a2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/admin/mailu/api/common.py
View File

@@ -25,7 +25,7 @@ def api_token_authorization(func):
abort(429, 'Too many attempts from your IP (rate-limit)' )
if not request.headers.get('Authorization'):
abort(401, 'A valid Authorization header is mandatory')
if (not hmac.compare_digest(request.headers.get('Authorization').removeprefix('Bearer '), v1.api_token)):
if len(v1.api_token) < 4 or not hmac.compare_digest(request.headers.get('Authorization').removeprefix('Bearer '), v1.api_token):
utils.limiter.rate_limit_ip(client_ip)
flask.current_app.logger.warn(f'Invalid API token provided by {client_ip}.')
abort(403, 'Invalid API token')