diff --git a/core/admin/mailu/__init__.py b/core/admin/mailu/__init__.py index 20acf360..1c4ded4c 100644 --- a/core/admin/mailu/__init__.py +++ b/core/admin/mailu/__init__.py @@ -25,6 +25,7 @@ def create_app_from_config(config): utils.babel.init_app(app) utils.login.init_app(app) utils.login.user_loader(models.User.get) + utils.proxy.init_app(app) utils.migrate.init_app(app, models.db) app.device_cookie_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('DEVICE_COOKIE_KEY', 'utf-8'), 'sha256').digest() diff --git a/core/admin/mailu/sso/forms.py b/core/admin/mailu/sso/forms.py index d5124804..fb48d9f9 100644 --- a/core/admin/mailu/sso/forms.py +++ b/core/admin/mailu/sso/forms.py @@ -11,8 +11,9 @@ LOCALPART_REGEX = "^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_` class LoginForm(flask_wtf.FlaskForm): class Meta: csrf = False - target = fields.SelectField( _('Go to') ) - email = fields.StringField(_('E-mail'), [validators.Email()]) + email = fields.StringField(_('E-mail'), [validators.Email(), validators.DataRequired()]) pw = fields.PasswordField(_('Password'), [validators.DataRequired()]) - submit = fields.SubmitField(_('Sign in')) + submitAdmin = fields.SubmitField(_('Sign in')) + submitWebmail = fields.SubmitField(_('Sign in')) + diff --git a/core/admin/mailu/sso/templates/form_sso.html b/core/admin/mailu/sso/templates/form_sso.html index 7759ae3f..8ab3101f 100644 --- a/core/admin/mailu/sso/templates/form_sso.html +++ b/core/admin/mailu/sso/templates/form_sso.html @@ -2,6 +2,10 @@ {%- block content %} {%- call macros.card() %} -{{ macros.form(form) }} +
+ {{ macros.form_field(form.email) }} + {{ macros.form_field(form.pw) }} + {{ macros.form_fields( fields, label=False, class="btn btn-default", spacing=False) }} +
{%- endcall %} -{%- endblock %} +{%- endblock %} \ No newline at end of file diff --git a/core/admin/mailu/sso/views/base.py b/core/admin/mailu/sso/views/base.py index 301f67e7..e5d2cd45 100644 --- a/core/admin/mailu/sso/views/base.py +++ b/core/admin/mailu/sso/views/base.py @@ -10,22 +10,20 @@ import flask_login @sso.route('/login', methods=['GET', 'POST']) def login(): form = forms.LoginForm() - endpoint = flask.request.args.get('next', 'ui.index') - - form.target.choices = [] + form.submitAdmin.label.text = form.submitAdmin.label.text + ' Admin' + form.submitWebmail.label.text = form.submitWebmail.label.text + ' Webmail' + + fields = [] if str(app.config["ADMIN"]).upper() != "FALSE": - form.target.choices += [("Admin", "Admin")] + fields.append(form.submitAdmin) if str(app.config["WEBMAIL"]).upper() != "NONE": - form.target.choices += [("Webmail", "Webmail")] - if endpoint == "ui.webmail": - form.target.choices.reverse() + fields.append(form.submitWebmail) + fields = tuple(fields) if form.validate_on_submit(): - if str(form.target.data) == 'Admin': - endpoint = 'ui.user_settings' + if form.submitAdmin.data: destination = app.config['WEB_ADMIN'] - elif str(form.target.data) == 'Webmail': - endpoint = 'ui.webmail' + elif form.submitWebmail.data: destination = app.config['WEB_WEBMAIL'] user = models.User.login(form.email.data, form.pw.data) @@ -37,7 +35,7 @@ def login(): flask.flash('Wrong e-mail or password', 'error') client_ip = flask.request.headers["X-Real-IP"] if 'X-Real-IP' in flask.request.headers else flask.request.remote_addr flask.current_app.logger.warn(f'Login failed for {str(form.email.data)} from {client_ip}.') - return flask.render_template('login.html', form=form, endpoint=endpoint) + return flask.render_template('login.html', form=form, fields=fields) @sso.route('/logout', methods=['GET']) @access.authenticated diff --git a/core/admin/mailu/ui/templates/macros.html b/core/admin/mailu/ui/templates/macros.html index 4080c1e4..d18e6584 100644 --- a/core/admin/mailu/ui/templates/macros.html +++ b/core/admin/mailu/ui/templates/macros.html @@ -18,8 +18,12 @@ {%- endif %} {%- endmacro %} -{%- macro form_fields(fields, prepend='', append='', label=True) %} +{%- macro form_fields(fields, prepend='', append='', label=True, spacing=True) %} + {%- if spacing %} {%- set width = (12 / fields|length)|int %} + {%- else %} + {%- set width = 0 %} + {% endif %}
{%- for field in fields %} diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py index 8d790d0c..56344b8b 100644 --- a/core/admin/mailu/utils.py +++ b/core/admin/mailu/utils.py @@ -38,7 +38,7 @@ login.login_view = "sso.login" def handle_needs_login(): """ redirect unauthorized requests to login page """ return flask.redirect( - flask.url_for('sso.login', next=flask.request.endpoint) + flask.url_for('sso.login') ) # DNS stub configured to do DNSSEC enabled queries @@ -95,6 +95,23 @@ def get_locale(): flask.session['language'] = language return language + +# Proxy fixer +class PrefixMiddleware(object): + """ fix proxy headers """ + def __init__(self): + self.app = None + + def __call__(self, environ, start_response): + return self.app(environ, start_response) + + def init_app(self, app): + self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1) + app.wsgi_app = self + +proxy = PrefixMiddleware() + + # Data migrate migrate = flask_migrate.Migrate() diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index fd6cffd2..ec6ecac2 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -176,7 +176,7 @@ http { } location @webmail_login { - return 302 /sso/login?next=ui.webmail; + return 302 /sso/login; } {% else %}