From 58b2cdc4288854481e8914b3a1b4318708906e15 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 21 Jan 2021 20:01:57 +0100
Subject: [PATCH] Don't do more work than necessary

---
 core/admin/mailu/internal/nginx.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index 1e0b16c2..de4248fa 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -49,11 +49,14 @@ def handle_authentication(headers):
         user = models.User.query.get(user_email)
         status = False
         if user:
-            for token in user.tokens:
-                if (token.check_password(password) and
-                    (not token.ip or token.ip == ip)):
-                        status = True
-            if user.check_password(password):
+            # All tokens are 32 characters hex lowercase
+            if len(password) == 32:
+                for token in user.tokens:
+                    if (token.check_password(password) and
+                        (not token.ip or token.ip == ip)):
+                            status = True
+                            break
+            if not status and user.check_password(password):
                 status = True
             if status:
                 if protocol == "imap" and not user.enable_imap: