From 00f07ef533d6aaa4188f59eecb44132610840f34 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Tue, 29 Nov 2022 13:25:50 +0100 Subject: [PATCH] close #2451: prevent an auth-loop on webmails --- core/admin/mailu/internal/nginx.py | 6 ++++-- towncrier/newsfragments/2451.bugfix | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 towncrier/newsfragments/2451.bugfix diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py index 43e4dd6a..5b321ad3 100644 --- a/core/admin/mailu/internal/nginx.py +++ b/core/admin/mailu/internal/nginx.py @@ -26,12 +26,14 @@ STATUSES = { }), } +WEBMAIL_PORTS = ['10143', '10025'] + def check_credentials(user, password, ip, protocol=None, auth_port=None): - if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop): + if not user or not user.enabled or (protocol == "imap" and not user.enable_imap and not auth_port in WEBMAIL_PORTS) or (protocol == "pop3" and not user.enable_pop): return False is_ok = False # webmails - if auth_port in ['10143', '10025'] and password.startswith('token-'): + if auth_port in WEBMAIL_PORTS and password.startswith('token-'): if utils.verify_temp_token(user.get_id(), password): is_ok = True # All tokens are 32 characters hex lowercase diff --git a/towncrier/newsfragments/2451.bugfix b/towncrier/newsfragments/2451.bugfix new file mode 100644 index 00000000..d7e821ea --- /dev/null +++ b/towncrier/newsfragments/2451.bugfix @@ -0,0 +1 @@ +Fix a bug preventing users without IMAP access to access the webmails