Reintroduce ProxyFix. Use two buttons for logging in.

3 years ago · 503044ef6e
parent c42ad8e71e
commit 503044ef6e
7 changed files with 45 additions and 20 deletions
--- a/core/admin/mailu/init.py
+++ b/core/admin/mailu/init.py
@ -25,6 +25,7 @@ def create_app_from_config(config):
    utils.babel.init_app(app)
    utils.login.init_app(app)
    utils.login.user_loader(models.User.get)
+    utils.proxy.init_app(app)
    utils.migrate.init_app(app, models.db)

    app.device_cookie_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('DEVICE_COOKIE_KEY', 'utf-8'), 'sha256').digest()
--- a/core/admin/mailu/sso/forms.py
+++ b/core/admin/mailu/sso/forms.py
@ -11,8 +11,9 @@ LOCALPART_REGEX = "^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`
 class LoginForm(flask_wtf.FlaskForm):
    class Meta:
        csrf = False
-    target = fields.SelectField( _('Go to') )
-    email = fields.StringField(_('E-mail'), [validators.Email()])
+    email = fields.StringField(_('E-mail'), [validators.Email(), validators.DataRequired()])
    pw = fields.PasswordField(_('Password'), [validators.DataRequired()])
-    submit = fields.SubmitField(_('Sign in'))
+    submitAdmin = fields.SubmitField(_('Sign in'))
+    submitWebmail = fields.SubmitField(_('Sign in'))
+

--- a/core/admin/mailu/sso/templates/form_sso.html
+++ b/core/admin/mailu/sso/templates/form_sso.html
@ -2,6 +2,10 @@

 {%- block content %}
 {%- call macros.card() %}
-{{ macros.form(form) }}
+<form class="form" method="post" role="form">
+    {{ macros.form_field(form.email) }}
+    {{ macros.form_field(form.pw) }}
+    {{ macros.form_fields( fields, label=False, class="btn btn-default", spacing=False) }}
+</form>
 {%- endcall %}
-{%- endblock %}
+{%- endblock %}
--- a/core/admin/mailu/sso/views/base.py
+++ b/core/admin/mailu/sso/views/base.py
@ -10,22 +10,20 @@ import flask_login
@sso.route('/login', methods=['GET', 'POST'])
 def login():
    form = forms.LoginForm()
-    endpoint = flask.request.args.get('next', 'ui.index')
-
-    form.target.choices = []
+    form.submitAdmin.label.text = form.submitAdmin.label.text + ' Admin'
+    form.submitWebmail.label.text = form.submitWebmail.label.text + ' Webmail'
+    
+    fields = []
    if str(app.config["ADMIN"]).upper() != "FALSE":
-        form.target.choices += [("Admin", "Admin")]
+        fields.append(form.submitAdmin)
    if str(app.config["WEBMAIL"]).upper() != "NONE":
-        form.target.choices += [("Webmail", "Webmail")]
-    if endpoint == "ui.webmail":
-        form.target.choices.reverse()
+        fields.append(form.submitWebmail)
+    fields = tuple(fields)

    if form.validate_on_submit():
-        if str(form.target.data) == 'Admin':
-            endpoint = 'ui.user_settings'
+        if form.submitAdmin.data:
            destination = app.config['WEB_ADMIN']
-        elif str(form.target.data) == 'Webmail':
-            endpoint = 'ui.webmail'
+        elif form.submitWebmail.data:
            destination = app.config['WEB_WEBMAIL']

        user = models.User.login(form.email.data, form.pw.data)
@ -37,7 +35,7 @@ def login():
            flask.flash('Wrong e-mail or password', 'error')
            client_ip = flask.request.headers["X-Real-IP"] if 'X-Real-IP' in flask.request.headers else flask.request.remote_addr
            flask.current_app.logger.warn(f'Login failed for {str(form.email.data)} from {client_ip}.')
-    return flask.render_template('login.html', form=form, endpoint=endpoint)
+    return flask.render_template('login.html', form=form, fields=fields)
    
@sso.route('/logout', methods=['GET'])
@access.authenticated
--- a/core/admin/mailu/ui/templates/macros.html
+++ b/core/admin/mailu/ui/templates/macros.html
@ -18,8 +18,12 @@
  {%- endif %}
 {%- endmacro %}

-{%- macro form_fields(fields, prepend='', append='', label=True) %}
+{%- macro form_fields(fields, prepend='', append='', label=True, spacing=True) %}
+  {%- if spacing %}
  {%- set width = (12 / fields|length)|int %}
+  {%- else %}
+  {%- set width = 0 %}
+  {% endif %}
  <div class="form-group">
    <div class="row">
      {%- for field in fields %}
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@ -38,7 +38,7 @@ login.login_view = "sso.login"
 def handle_needs_login():
    """ redirect unauthorized requests to login page """
    return flask.redirect(
-        flask.url_for('sso.login', next=flask.request.endpoint)
+        flask.url_for('sso.login')
    )

 # DNS stub configured to do DNSSEC enabled queries
@ -95,6 +95,23 @@ def get_locale():
        flask.session['language'] = language
    return language

+
+# Proxy fixer
+class PrefixMiddleware(object):
+    """ fix proxy headers """
+    def __init__(self):
+        self.app = None
+
+    def __call__(self, environ, start_response):
+        return self.app(environ, start_response)       
+
+    def init_app(self, app):
+        self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
+        app.wsgi_app = self
+
+proxy = PrefixMiddleware()
+
+
 # Data migrate
 migrate = flask_migrate.Migrate()

--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -176,7 +176,7 @@ http {
      }

      location @webmail_login {       
-        return 302 /sso/login?next=ui.webmail;
+        return 302 /sso/login;
      }         
      {% else %}