From 169a540692b244b19e170bf08a9c116f824ea793 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Fri, 27 Aug 2021 08:20:52 +0000
Subject: [PATCH] Use punycode for HTTP header for radicale and create
 changelog

---
 core/admin/mailu/internal/views/auth.py | 2 +-
 towncrier/newsfragments/1952.bugfix     | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/1952.bugfix

diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py
index 9c3e6a85..1686e1cb 100644
--- a/core/admin/mailu/internal/views/auth.py
+++ b/core/admin/mailu/internal/views/auth.py
@@ -67,7 +67,7 @@ def basic_authentication():
         user = models.User.query.get(user_email.decode("utf8"))
         if nginx.check_credentials(user, password.decode('utf-8'), flask.request.remote_addr, "web"):
             response = flask.Response()
-            response.headers["X-User"] = user.email
+            response.headers["X-User"] = models.IdnaEmail.process_bind_param(flask_login, user.email, "")
             return response
     response = flask.Response(status=401)
     response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
diff --git a/towncrier/newsfragments/1952.bugfix b/towncrier/newsfragments/1952.bugfix
new file mode 100644
index 00000000..655715f1
--- /dev/null
+++ b/towncrier/newsfragments/1952.bugfix
@@ -0,0 +1,3 @@
+Webmail and Radicale (webdav) were not useable with domains with special characters such as umlauts.
+Webmail and radicale now use punycode for logging in.
+Punycode was not used in the HTTP headers. This resulted in illegal non-ASCII HTTP headers.