From 9b7a027d6f7945c4945c8003b89c297f9eb261d6 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Fri, 20 Dec 2019 17:01:17 +0100 Subject: [PATCH 1/2] Fix the encoding of incoming user email and password --- core/admin/mailu/internal/nginx.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py index e9e3c21a..fa127584 100644 --- a/core/admin/mailu/internal/nginx.py +++ b/core/admin/mailu/internal/nginx.py @@ -37,8 +37,14 @@ def handle_authentication(headers): # Authenticated user elif method == "plain": server, port = get_server(headers["Auth-Protocol"], True) - user_email = urllib.parse.unquote(headers["Auth-User"]) - password = urllib.parse.unquote(headers["Auth-Pass"]) + # According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should + # be ASCII and are generally considered ISO8859-1. However when passing + # the password, nginx does not transcode the input UTF string, thus + # we need to manually decode. + raw_user_email = urllib.parse.unquote(headers["Auth-User"]) + user_email = raw_user_email.encode("iso8859-1").decode("utf8") + raw_password = urllib.parse.unquote(headers["Auth-Pass"]) + password = raw_password.encode("iso8859-1").decode("utf8") ip = urllib.parse.unquote(headers["Client-Ip"]) user = models.User.query.get(user_email) status = False From e80589dda4d28df6b4ae7e6b15b78e87bd13f320 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Mon, 13 Jan 2020 20:42:51 +0100 Subject: [PATCH 2/2] Add the newsfragment --- towncrier/newsfragments/1139.fix | 1 + 1 file changed, 1 insertion(+) create mode 100644 towncrier/newsfragments/1139.fix diff --git a/towncrier/newsfragments/1139.fix b/towncrier/newsfragments/1139.fix new file mode 100644 index 00000000..a096a718 --- /dev/null +++ b/towncrier/newsfragments/1139.fix @@ -0,0 +1 @@ +Fix the password encoding upon authentication