mirror of
https://github.com/Mailu/Mailu.git
synced 2025-01-18 03:21:36 +02:00
Merge #2130
2130: Fix 2125: Make the caller responsible to know whether the rate-limit code should be called or not r=mergify[bot] a=nextgens ## What type of PR? bug-fix ## What does this PR do? Make the caller responsible to know whether the rate-limit code should be called or not. If the webmail isn't configured its address can't be determined. The rate limiting code should always be called except when we are verifying temporary tokens from the webmail. ### Related issue(s) - close #2125 - close #2129 - close #2128 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
commit
393b28a420
@ -31,6 +31,7 @@ def nginx_authentication():
|
|||||||
for key, value in headers.items():
|
for key, value in headers.items():
|
||||||
response.headers[key] = str(value)
|
response.headers[key] = str(value)
|
||||||
is_valid_user = False
|
is_valid_user = False
|
||||||
|
is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
|
||||||
if response.headers.get("Auth-User-Exists"):
|
if response.headers.get("Auth-User-Exists"):
|
||||||
username = response.headers["Auth-User"]
|
username = response.headers["Auth-User"]
|
||||||
if utils.limiter.should_rate_limit_user(username, client_ip):
|
if utils.limiter.should_rate_limit_user(username, client_ip):
|
||||||
@ -47,7 +48,7 @@ def nginx_authentication():
|
|||||||
utils.limiter.exempt_ip_from_ratelimits(client_ip)
|
utils.limiter.exempt_ip_from_ratelimits(client_ip)
|
||||||
elif is_valid_user:
|
elif is_valid_user:
|
||||||
utils.limiter.rate_limit_user(username, client_ip)
|
utils.limiter.rate_limit_user(username, client_ip)
|
||||||
else:
|
elif not is_from_webmail:
|
||||||
utils.limiter.rate_limit_ip(client_ip)
|
utils.limiter.rate_limit_ip(client_ip)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
@ -53,11 +53,10 @@ class LimitWraperFactory(object):
|
|||||||
return is_rate_limited
|
return is_rate_limited
|
||||||
|
|
||||||
def rate_limit_ip(self, ip):
|
def rate_limit_ip(self, ip):
|
||||||
if ip != app.config['WEBMAIL_ADDRESS']:
|
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_IP"], 'auth-ip')
|
||||||
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_IP"], 'auth-ip')
|
client_network = utils.extract_network_from_ip(ip)
|
||||||
client_network = utils.extract_network_from_ip(ip)
|
if self.is_subject_to_rate_limits(ip):
|
||||||
if self.is_subject_to_rate_limits(ip):
|
limiter.hit(client_network)
|
||||||
limiter.hit(client_network)
|
|
||||||
|
|
||||||
def should_rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None):
|
def should_rate_limit_user(self, username, ip, device_cookie=None, device_cookie_name=None):
|
||||||
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user')
|
limiter = self.get_limiter(app.config["AUTH_RATELIMIT_USER"], 'auth-user')
|
||||||
|
1
towncrier/newsfragments/2125.bugfix
Normal file
1
towncrier/newsfragments/2125.bugfix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Fix a bug preventing mailu from being usable when no webmail is configured
|
Loading…
Reference in New Issue
Block a user