From 546884d10cc5ba995044891051a4c3278f7d686d Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 24 Nov 2022 09:31:27 +0100
Subject: [PATCH] ghost's requested changes

---
 core/admin/mailu/sso/views/base.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/sso/views/base.py b/core/admin/mailu/sso/views/base.py
index 600f62f4..b7fe9c97 100644
--- a/core/admin/mailu/sso/views/base.py
+++ b/core/admin/mailu/sso/views/base.py
@@ -67,7 +67,7 @@ def proxy(target='webmail'):
     if not any(ip in cidr for cidr in app.config['PROXY_AUTH_WHITELIST']):
         return flask.abort(500, '%s is not on PROXY_AUTH_WHITELIST' % flask.request.remote_addr)
 
-    email = flask.request.headers.get(app.config['PROXY_AUTH_HEADER'], None)
+    email = flask.request.headers.get(app.config['PROXY_AUTH_HEADER'])
     if not email:
         return flask.abort(500, 'No %s header' % app.config['PROXY_AUTH_HEADER'])
 
@@ -76,8 +76,13 @@ def proxy(target='webmail'):
         flask.session.regenerate()
         flask_login.login_user(user)
         return flask.redirect(app.config['WEB_ADMIN'] if target=='admin' else app.config['WEB_WEBMAIL'])
-    elif app.config['PROXY_AUTH_CREATE']:
-        localpart, desireddomain = email.split('@')
+
+    if not app.config['PROXY_AUTH_CREATE']:
+        return flask.abort(500, 'You don\'t exist. Go away! (%s)' % email)
+
+    client_ip = flask.request.headers.get('X-Real-IP', flask.request.remote_addr)
+    try:
+        localpart, desireddomain = email.rsplit('@')
         domain = models.Domain.query.get(desireddomain) or flask.abort(500, 'You don\'t exist. Go away! (domain=%s)' % desireddomain)
         if not domain.max_users == -1 and len(domain.users) >= domain.max_users:
             flask.current_app.logger.warning('Too many users for domain %s' % domain)
@@ -87,8 +92,8 @@ def proxy(target='webmail'):
         models.db.session.add(user)
         models.db.session.commit()
         user.send_welcome()
-        client_ip = flask.request.headers.get('X-Real-IP', flask.request.remote_addr)
         flask.current_app.logger.info(f'Login succeeded by proxy created user: {user} from {client_ip} through {flask.request.remote_addr}.')
         return flask.redirect(app.config['WEB_ADMIN'] if target=='admin' else app.config['WEB_WEBMAIL'])
-    else:
+    except Exception as e:
+        flask.current_app.logger.error('Error creating a new user via proxy for %s from %s: %s' % (email, client_ip, str(e)), e)
         return flask.abort(500, 'You don\'t exist. Go away! (%s)' % email)