Fix 2125

Make the caller responsible to know whether the rate-limit code should be called or not
3 years ago · 7f89a29790
parent 3453d12ccb
commit 7f89a29790
2 changed files with 6 additions and 6 deletions
--- a/core/admin/mailu/internal/views/auth.py
+++ b/core/admin/mailu/internal/views/auth.py
@ -31,6 +31,7 @@ def nginx_authentication():
    for key, value in headers.items():
        response.headers[key] = str(value)
    is_valid_user = False
    is_from_webmail = headers['Auth-Port'] in ['10143', '10025']
    if response.headers.get("Auth-User-Exists"):
        username = response.headers["Auth-User"]
        if utils.limiter.should_rate_limit_user(username, client_ip):
@ -47,7 +48,7 @@ def nginx_authentication():
        utils.limiter.exempt_ip_from_ratelimits(client_ip)
    elif is_valid_user:
        utils.limiter.rate_limit_user(username, client_ip)
-    else:
+    elif not is_from_webmail:
        utils.limiter.rate_limit_ip(client_ip)
    return response
--- a/core/admin/mailu/limiter.py
+++ b/core/admin/mailu/limiter.py
@ -53,7 +53,6 @@ class LimitWraperFactory(object):
        return is_rate_limited
    def rate_limit_ip(self, ip):
        if ip != app.config['WEBMAIL_ADDRESS']:
        limiter = self.get_limiter(app.config["AUTH_RATELIMIT_IP"], 'auth-ip')
        client_network = utils.extract_network_from_ip(ip)
        if self.is_subject_to_rate_limits(ip):