From 4f5cb0974ef4a776c43893658fc6e779468bc3b6 Mon Sep 17 00:00:00 2001 From: Dimitri Huisman Date: Thu, 26 Aug 2021 15:11:35 +0000 Subject: [PATCH 1/2] Make sure HTTP header only contains ASCII --- core/admin/mailu/internal/views/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py index 2baeddce..9c3e6a85 100644 --- a/core/admin/mailu/internal/views/auth.py +++ b/core/admin/mailu/internal/views/auth.py @@ -50,7 +50,7 @@ def user_authentication(): if (not flask_login.current_user.is_anonymous and flask_login.current_user.enabled): response = flask.Response() - response.headers["X-User"] = flask_login.current_user.get_id() + response.headers["X-User"] = models.IdnaEmail.process_bind_param(flask_login, flask_login.current_user.get_id(), "") response.headers["X-User-Token"] = models.User.get_temp_token(flask_login.current_user.get_id()) return response return flask.abort(403) From 169a540692b244b19e170bf08a9c116f824ea793 Mon Sep 17 00:00:00 2001 From: Dimitri Huisman Date: Fri, 27 Aug 2021 08:20:52 +0000 Subject: [PATCH 2/2] Use punycode for HTTP header for radicale and create changelog --- core/admin/mailu/internal/views/auth.py | 2 +- towncrier/newsfragments/1952.bugfix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 towncrier/newsfragments/1952.bugfix diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py index 9c3e6a85..1686e1cb 100644 --- a/core/admin/mailu/internal/views/auth.py +++ b/core/admin/mailu/internal/views/auth.py @@ -67,7 +67,7 @@ def basic_authentication(): user = models.User.query.get(user_email.decode("utf8")) if nginx.check_credentials(user, password.decode('utf-8'), flask.request.remote_addr, "web"): response = flask.Response() - response.headers["X-User"] = user.email + response.headers["X-User"] = models.IdnaEmail.process_bind_param(flask_login, user.email, "") return response response = flask.Response(status=401) response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"' diff --git a/towncrier/newsfragments/1952.bugfix b/towncrier/newsfragments/1952.bugfix new file mode 100644 index 00000000..655715f1 --- /dev/null +++ b/towncrier/newsfragments/1952.bugfix @@ -0,0 +1,3 @@ +Webmail and Radicale (webdav) were not useable with domains with special characters such as umlauts. +Webmail and radicale now use punycode for logging in. +Punycode was not used in the HTTP headers. This resulted in illegal non-ASCII HTTP headers.