mirror of
https://github.com/Mailu/Mailu.git
synced 2024-12-14 10:53:30 +02:00
Merge pull request #667 from kaiyou/fix-password-performance
Improve password checking performance
This commit is contained in:
commit
4a5c0a6d21
@ -12,7 +12,7 @@ import docker
|
|||||||
import socket
|
import socket
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from werkzeug.contrib import fixers
|
from werkzeug.contrib import fixers, profiler
|
||||||
|
|
||||||
# Create application
|
# Create application
|
||||||
app = flask.Flask(__name__)
|
app = flask.Flask(__name__)
|
||||||
@ -62,7 +62,10 @@ default_config = {
|
|||||||
'HOST_IMAP': 'imap',
|
'HOST_IMAP': 'imap',
|
||||||
'HOST_POP3': 'imap',
|
'HOST_POP3': 'imap',
|
||||||
'HOST_SMTP': 'smtp',
|
'HOST_SMTP': 'smtp',
|
||||||
|
'HOST_WEBMAIL': 'webmail',
|
||||||
|
'HOST_FRONT': 'front',
|
||||||
'HOST_AUTHSMTP': os.environ.get('HOST_SMTP', 'smtp'),
|
'HOST_AUTHSMTP': os.environ.get('HOST_SMTP', 'smtp'),
|
||||||
|
'POD_ADDRESS_RANGE': None
|
||||||
}
|
}
|
||||||
|
|
||||||
# Load configuration from the environment if available
|
# Load configuration from the environment if available
|
||||||
@ -80,6 +83,10 @@ if app.config.get("DEBUG"):
|
|||||||
import flask_debugtoolbar
|
import flask_debugtoolbar
|
||||||
toolbar = flask_debugtoolbar.DebugToolbarExtension(app)
|
toolbar = flask_debugtoolbar.DebugToolbarExtension(app)
|
||||||
|
|
||||||
|
# Profiler
|
||||||
|
if app.config.get("DEBUG"):
|
||||||
|
app.wsgi_app = profiler.ProfilerMiddleware(app.wsgi_app, restrictions=[30])
|
||||||
|
|
||||||
# Manager commnad
|
# Manager commnad
|
||||||
manager = flask_script.Manager(app)
|
manager = flask_script.Manager(app)
|
||||||
manager.add_command('db', flask_migrate.MigrateCommand)
|
manager.add_command('db', flask_migrate.MigrateCommand)
|
||||||
@ -129,4 +136,5 @@ class PrefixMiddleware(object):
|
|||||||
environ['SCRIPT_NAME'] = prefix
|
environ['SCRIPT_NAME'] = prefix
|
||||||
return self.app(environ, start_response)
|
return self.app(environ, start_response)
|
||||||
|
|
||||||
|
|
||||||
app.wsgi_app = PrefixMiddleware(fixers.ProxyFix(app.wsgi_app))
|
app.wsgi_app = PrefixMiddleware(fixers.ProxyFix(app.wsgi_app))
|
||||||
|
@ -1,14 +1,24 @@
|
|||||||
from mailu import db, models
|
from mailu import db, models, app
|
||||||
from mailu.internal import internal
|
from mailu.internal import internal
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
|
import socket
|
||||||
|
|
||||||
|
|
||||||
@internal.route("/dovecot/passdb/<user_email>")
|
@internal.route("/dovecot/passdb/<user_email>")
|
||||||
def dovecot_passdb_dict(user_email):
|
def dovecot_passdb_dict(user_email):
|
||||||
user = models.User.query.get(user_email) or flask.abort(404)
|
user = models.User.query.get(user_email) or flask.abort(404)
|
||||||
|
allow_nets = []
|
||||||
|
allow_nets.append(
|
||||||
|
app.config.get("POD_ADDRESS_RANGE") or
|
||||||
|
socket.gethostbyname(app.config["HOST_FRONT"])
|
||||||
|
)
|
||||||
|
allow_nets.append(socket.gethostbyname(app.config["HOST_WEBMAIL"]))
|
||||||
|
print(allow_nets)
|
||||||
return flask.jsonify({
|
return flask.jsonify({
|
||||||
"password": user.password,
|
"password": None,
|
||||||
|
"nopassword": "Y",
|
||||||
|
"allow_nets": ",".join(allow_nets)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
||||||
|
@ -276,7 +276,8 @@ class User(Base, Email):
|
|||||||
else:
|
else:
|
||||||
return self.email
|
return self.email
|
||||||
|
|
||||||
scheme_dict = {'BLF-CRYPT': "bcrypt",
|
scheme_dict = {'PBKDF2': "pbkdf2_sha512",
|
||||||
|
'BLF-CRYPT': "bcrypt",
|
||||||
'SHA512-CRYPT': "sha512_crypt",
|
'SHA512-CRYPT': "sha512_crypt",
|
||||||
'SHA256-CRYPT': "sha256_crypt",
|
'SHA256-CRYPT': "sha256_crypt",
|
||||||
'MD5-CRYPT': "md5_crypt",
|
'MD5-CRYPT': "md5_crypt",
|
||||||
@ -287,8 +288,14 @@ class User(Base, Email):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def check_password(self, password):
|
def check_password(self, password):
|
||||||
|
context = User.pw_context
|
||||||
reference = re.match('({[^}]+})?(.*)', self.password).group(2)
|
reference = re.match('({[^}]+})?(.*)', self.password).group(2)
|
||||||
return User.pw_context.verify(password, reference)
|
result = context.verify(password, reference)
|
||||||
|
if result and context.identify(reference) != context.default_scheme():
|
||||||
|
self.set_password(password)
|
||||||
|
db.session.add(self)
|
||||||
|
db.session.commit()
|
||||||
|
return result
|
||||||
|
|
||||||
def set_password(self, password, hash_scheme=app.config['PASSWORD_SCHEME'], raw=False):
|
def set_password(self, password, hash_scheme=app.config['PASSWORD_SCHEME'], raw=False):
|
||||||
"""Set password for user with specified encryption scheme
|
"""Set password for user with specified encryption scheme
|
||||||
|
@ -130,8 +130,8 @@ LOG_DRIVER=json-file
|
|||||||
COMPOSE_PROJECT_NAME=mailu
|
COMPOSE_PROJECT_NAME=mailu
|
||||||
|
|
||||||
# Default password scheme used for newly created accounts and changed passwords
|
# Default password scheme used for newly created accounts and changed passwords
|
||||||
# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
|
# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
|
||||||
PASSWORD_SCHEME=BLF-CRYPT
|
PASSWORD_SCHEME=PBKDF2
|
||||||
|
|
||||||
# Header to take the real ip from
|
# Header to take the real ip from
|
||||||
REAL_IP_HEADER=
|
REAL_IP_HEADER=
|
||||||
|
Loading…
Reference in New Issue
Block a user