1
0
mirror of https://github.com/Mailu/Mailu.git synced 2025-01-18 03:21:36 +02:00
2130: Fix 2125: Make the caller responsible to know whether the rate-limit code should be called or not r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make the caller responsible to know whether the rate-limit code should be called or not. If the webmail isn't configured its address can't be determined.

The rate limiting code should always be called except when we are verifying temporary tokens from the webmail.

### Related issue(s)
- close #2125 
- close #2129 
- close #2128

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
bors[bot] 2022-01-04 15:05:44 +00:00 committed by GitHub
commit 393b28a420
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 6 deletions

View File

@ -31,6 +31,7 @@ def nginx_authentication():
for key, value in headers.items():
response.headers[key] = str(value)
is_valid_user = False
is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
if response.headers.get("Auth-User-Exists"):
username = response.headers["Auth-User"]
if utils.limiter.should_rate_limit_user(username, client_ip):
@ -47,7 +48,7 @@ def nginx_authentication():
utils.limiter.exempt_ip_from_ratelimits(client_ip)
elif is_valid_user:
utils.limiter.rate_limit_user(username, client_ip)
else:
elif not is_from_webmail:
utils.limiter.rate_limit_ip(client_ip)
return response

View File

@ -53,11 +53,10 @@ class LimitWraperFactory(object):
return is_rate_limited
def rate_limit_ip(self, ip):
if ip != app.config['WEBMAIL_ADDRESS']:
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_IP"], 'auth-ip')
client_network = utils.extract_network_from_ip(ip)
if self.is_subject_to_rate_limits(ip):
limiter.hit(client_network)
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_IP"], 'auth-ip')
client_network = utils.extract_network_from_ip(ip)
if self.is_subject_to_rate_limits(ip):
limiter.hit(client_network)
def should_rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None):
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user')

View File

@ -0,0 +1 @@
Fix a bug preventing mailu from being usable when no webmail is configured