From 3d4a9ac29cf10f545bd68772156265ad6bc94d2c Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Thu, 8 Aug 2024 09:35:27 +0200 Subject: [PATCH] Fix #3364 (cherry picked from commit ee243ea735744b296bb90b2c1e6a1fded8915c8d) --- core/nginx/dovecot/login.lua | 13 +++++++++++-- towncrier/newsfragments/3364.bugfix | 1 + 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 towncrier/newsfragments/3364.bugfix diff --git a/core/nginx/dovecot/login.lua b/core/nginx/dovecot/login.lua index d24de149..a93b4b29 100644 --- a/core/nginx/dovecot/login.lua +++ b/core/nginx/dovecot/login.lua @@ -10,15 +10,24 @@ local http_client = dovecot.http.client { max_attempts = 3; } +-- on the other end we use urllib.parse.unquote() +function urlEncode(str) + return str:gsub("[^%w_.-~]", function(c) + return string.format("%%%02X", string.byte(c)) + end) +end + function auth_passdb_lookup(req) local auth_request = http_client:request { url = "http://{{ ADMIN_ADDRESS }}:8080/internal/auth/email"; } auth_request:add_header('Auth-Port', req.local_port) - auth_request:add_header('Auth-User', req.user) + local user = urlEncode(req.user) + auth_request:add_header('Auth-User', user) if req.password ~= nil then - auth_request:add_header('Auth-Pass', req.password) + local password = urlEncode(req.password) + auth_request:add_header('Auth-Pass', password) end auth_request:add_header('Auth-Protocol', req.service) auth_request:add_header('Client-IP', req.remote_ip) diff --git a/towncrier/newsfragments/3364.bugfix b/towncrier/newsfragments/3364.bugfix new file mode 100644 index 00000000..10e56cf3 --- /dev/null +++ b/towncrier/newsfragments/3364.bugfix @@ -0,0 +1 @@ +Fix a bug preventing percent characters from being used in passwords