lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Merge #2083

Browse Source 
2083: Fix Webmail token check. Fix Auth-Port for Webmail. #2079 r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?
Fixes issues #2079 and #2081. 

### Related issue(s)
- closes #2079 
- closes #2081 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] n/a In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
master
bors[bot] 3 years ago committed by GitHub
parent dbbfa44461 d76773b1df
commit 580d079a5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File

6
core/admin/mailu/internal/nginx.py
Unescape Escape View File

@ -27,12 +27,12 @@ STATUSES = {
}), }),
} }
def check_credentials(user, password, ip, protocol=None): def check_credentials(user, password, ip, protocol=None, auth_port=None):
if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop): if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop):
return False return False
is_ok = False is_ok = False
# webmails # webmails
if len(password) == 64 and ip == app.config['WEBMAIL_ADDRESS']: if len(password) == 64 and auth_port in ['10143', '10025']:
if user.verify_temp_token(password): if user.verify_temp_token(password):
is_ok = True is_ok = True
# All tokens are 32 characters hex lowercase # All tokens are 32 characters hex lowercase
@ -100,7 +100,7 @@ def handle_authentication(headers):
app.logger.warn(f'Invalid user {user_email!r}: {exc}') app.logger.warn(f'Invalid user {user_email!r}: {exc}')
else: else:
ip = urllib.parse.unquote(headers["Client-Ip"]) ip = urllib.parse.unquote(headers["Client-Ip"])
if check_credentials(user, password, ip, protocol): if check_credentials(user, password, ip, protocol, headers["Auth-Port"]):
server, port = get_server(headers["Auth-Protocol"], True) server, port = get_server(headers["Auth-Protocol"], True)
return { return {
"Auth-Status": "OK", "Auth-Status": "OK",

2
core/nginx/conf/nginx.conf
Unescape Escape View File

@ -277,7 +277,7 @@ mail {
listen 10143; listen 10143;
protocol imap; protocol imap;
smtp_auth plain; smtp_auth plain;
auth_http_header Auth-Port 10043; auth_http_header Auth-Port 10143;
} }
# SMTP is always enabled, to avoid losing emails when TLS is failing # SMTP is always enabled, to avoid losing emails when TLS is failing

2
towncrier/newsfragments/2079.fix
Unescape Escape View File

@ -0,0 +1,2 @@
#2079 Webmail token check does not work if WEBMAIL_ADDRESS is set to a hostname.
#2081 Fix typo in nginx config for webmail port (10043 to 10143)
Write Preview
Loading…
Cancel
Save