Merge #2083

2083: Fix Webmail token check. Fix Auth-Port for Webmail. #2079 r=mergify[bot] a=Diman0 ## What type of PR? Bug fix ## What does this PR do? Fixes issues #2079 and #2081. ### Related issue(s) - closes #2079 - closes #2081 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] n/a In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2025-03-05 14:55:20 +02:00 · 2021-12-14 15:04:04 +00:00 · 2021-12-14 15:04:04 +00:00 · 580d079a5e
commit 580d079a5e
parent dbbfa44461 d76773b1df
3 changed files with 6 additions and 4 deletions
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@ -27,12 +27,12 @@ STATUSES = {
    }),
 }

-def check_credentials(user, password, ip, protocol=None):
+def check_credentials(user, password, ip, protocol=None, auth_port=None):
    if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop):
        return False
    is_ok = False
    # webmails
-    if len(password) == 64 and ip == app.config['WEBMAIL_ADDRESS']:
+    if len(password) == 64 and auth_port in ['10143', '10025']:
        if user.verify_temp_token(password):
            is_ok = True
    # All tokens are 32 characters hex lowercase
@ -100,7 +100,7 @@ def handle_authentication(headers):
                app.logger.warn(f'Invalid user {user_email!r}: {exc}')
            else:
                ip = urllib.parse.unquote(headers["Client-Ip"])
-                if check_credentials(user, password, ip, protocol):
+                if check_credentials(user, password, ip, protocol, headers["Auth-Port"]):
                    server, port = get_server(headers["Auth-Protocol"], True)
                    return {
                        "Auth-Status": "OK",
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -277,7 +277,7 @@ mail {
      listen 10143;
      protocol imap;
      smtp_auth plain;
-      auth_http_header Auth-Port 10043;
+      auth_http_header Auth-Port 10143;
    }

    # SMTP is always enabled, to avoid losing emails when TLS is failing
--- a/towncrier/newsfragments/2079.fix
+++ b/towncrier/newsfragments/2079.fix
@ -0,0 +1,2 @@
+#2079 Webmail token check does not work if WEBMAIL_ADDRESS is set to a hostname.
+#2081 Fix typo in nginx config for webmail port (10043 to 10143)