close #2451: prevent an auth-loop on webmails

main
Florent Daigniere 2 years ago
parent a366116cae
commit 00f07ef533

@ -26,12 +26,14 @@ STATUSES = {
}), }),
} }
WEBMAIL_PORTS = ['10143', '10025']
def check_credentials(user, password, ip, protocol=None, auth_port=None): def check_credentials(user, password, ip, protocol=None, auth_port=None):
if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop): if not user or not user.enabled or (protocol == "imap" and not user.enable_imap and not auth_port in WEBMAIL_PORTS) or (protocol == "pop3" and not user.enable_pop):
return False return False
is_ok = False is_ok = False
# webmails # webmails
if auth_port in ['10143', '10025'] and password.startswith('token-'): if auth_port in WEBMAIL_PORTS and password.startswith('token-'):
if utils.verify_temp_token(user.get_id(), password): if utils.verify_temp_token(user.get_id(), password):
is_ok = True is_ok = True
# All tokens are 32 characters hex lowercase # All tokens are 32 characters hex lowercase

@ -0,0 +1 @@
Fix a bug preventing users without IMAP access to access the webmails
Loading…
Cancel
Save