From 8095798a04cefc6b3c16d765087a59b82db43e65 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sun, 29 Oct 2017 15:39:28 +0100
Subject: [PATCH] Enable token-based authentication

---
 admin/mailu/internal/nginx.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/admin/mailu/internal/nginx.py b/admin/mailu/internal/nginx.py
index 4c5cc334..dc834cb9 100644
--- a/admin/mailu/internal/nginx.py
+++ b/admin/mailu/internal/nginx.py
@@ -35,7 +35,16 @@ def handle_authentication(headers):
         server, port = get_server(headers["Auth-Protocol"], True)
         user_email = urllib.parse.unquote(headers["Auth-User"])
         password = urllib.parse.unquote(headers["Auth-Pass"])
+        ip = urllib.parse.unquote(headers["Client-Ip"])
         user = models.User.query.get(user_email)
+        for token in user.tokens:
+            if (token.check_password(password) and
+                (not token.ip or token.ip == ip)):
+                    return {
+                        "Auth-Status": "OK",
+                        "Auth-Server": server,
+                        "Auth-Port": port
+                    }
         if user and user.check_password(password):
             return {
                 "Auth-Status": "OK",