mirror of
https://github.com/Mailu/Mailu.git
synced 2025-01-28 03:56:43 +02:00
Handle nginx authentication requests in the admin container
This commit is contained in:
parent
a4851914d0
commit
94a13aabf0
admin/mailu
@ -74,8 +74,9 @@ def inject_user():
|
||||
return dict(current_user=flask_login.current_user)
|
||||
|
||||
# Import views
|
||||
from mailu import ui
|
||||
from mailu import ui, internal
|
||||
app.register_blueprint(ui.ui, url_prefix='/ui')
|
||||
app.register_blueprint(internal.internal, url_prefix='/internal')
|
||||
|
||||
# Create the prefix middleware
|
||||
class PrefixMiddleware(object):
|
||||
|
6
admin/mailu/internal/__init__.py
Normal file
6
admin/mailu/internal/__init__.py
Normal file
@ -0,0 +1,6 @@
|
||||
from flask import Blueprint
|
||||
|
||||
|
||||
internal = Blueprint('internal', __name__)
|
||||
|
||||
from mailu.internal import views
|
64
admin/mailu/internal/nginx.py
Normal file
64
admin/mailu/internal/nginx.py
Normal file
@ -0,0 +1,64 @@
|
||||
from mailu import db, models
|
||||
|
||||
|
||||
SUPPORTED_AUTH_METHODS = ["none", "plain"]
|
||||
|
||||
STATUSES = {
|
||||
"authentication": ("Authentication credentials invalid", {
|
||||
"imap": "AUTHENTICATIONFAILED",
|
||||
"smtp": "535 5.7.8",
|
||||
"pop3": ""
|
||||
}),
|
||||
}
|
||||
|
||||
|
||||
def handle_authentication(headers):
|
||||
""" Handle an HTTP nginx authentication request
|
||||
See: http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
|
||||
"""
|
||||
method = headers["Auth-Method"]
|
||||
protocol = headers["Auth-Protocol"]
|
||||
server, port = get_server(headers["Auth-Protocol"])
|
||||
# Incoming mail, no authentication
|
||||
if method == "none" and protocol == "smtp":
|
||||
return {
|
||||
"Auth-Status": "OK",
|
||||
"Auth-Server": server,
|
||||
"Auth-Port": port
|
||||
}
|
||||
# Authenticated user
|
||||
elif method == "plain":
|
||||
user_email = headers["Auth-User"]
|
||||
password = headers["Auth-Pass"]
|
||||
user = models.User.query.get(user_email)
|
||||
if user and user.check_password(password):
|
||||
return {
|
||||
"Auth-Status": "OK",
|
||||
"Auth-Server": server,
|
||||
"Auth-Port": port
|
||||
}
|
||||
else:
|
||||
status, code = get_status(protocol, "authentication")
|
||||
return {
|
||||
"Auth-Status": status,
|
||||
"Auth-Error-Code": code,
|
||||
"Auth-Wait": 0
|
||||
}
|
||||
# Unexpected
|
||||
else:
|
||||
return {}
|
||||
|
||||
|
||||
def get_status(protocol, status):
|
||||
""" Return the proper error code depending on the protocol
|
||||
"""
|
||||
status, codes = STATUSES[status]
|
||||
return status, codes[protocol]
|
||||
|
||||
|
||||
def get_server(protocol):
|
||||
servers = {
|
||||
"imap": ("172.18.0.12", 143),
|
||||
"smtp": ("172.18.0.9", 25)
|
||||
}
|
||||
return servers[protocol]
|
14
admin/mailu/internal/views.py
Normal file
14
admin/mailu/internal/views.py
Normal file
@ -0,0 +1,14 @@
|
||||
from mailu import db, models
|
||||
from mailu.internal import internal, nginx
|
||||
|
||||
import flask
|
||||
|
||||
|
||||
@internal.route("/nginx")
|
||||
def nginx_authentication():
|
||||
headers = nginx.handle_authentication(flask.request.headers)
|
||||
response = flask.Response()
|
||||
for key, value in headers.items():
|
||||
response.headers[key] = str(value)
|
||||
return response
|
||||
|
Loading…
x
Reference in New Issue
Block a user