close #2451: prevent an auth-loop on webmails

2 years ago · 00f07ef533
parent a366116cae
commit 00f07ef533
2 changed files with 5 additions and 2 deletions
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@ -26,12 +26,14 @@ STATUSES = {
    }),
 }

+WEBMAIL_PORTS = ['10143', '10025']
+
 def check_credentials(user, password, ip, protocol=None, auth_port=None):
-    if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop):
+    if not user or not user.enabled or (protocol == "imap" and not user.enable_imap and not auth_port in WEBMAIL_PORTS) or (protocol == "pop3" and not user.enable_pop):
        return False
    is_ok = False
    # webmails
-    if auth_port in ['10143', '10025'] and password.startswith('token-'):
+    if auth_port in WEBMAIL_PORTS and password.startswith('token-'):
        if utils.verify_temp_token(user.get_id(), password):
            is_ok = True
    # All tokens are 32 characters hex lowercase
--- a/towncrier/newsfragments/2451.bugfix
+++ b/towncrier/newsfragments/2451.bugfix
@ -0,0 +1 @@
+Fix a bug preventing users without IMAP access to access the webmails
				`@ -0,0 +1 @@`
				`Fix a bug preventing users without IMAP access to access the webmails`