|
|
|
@ -71,16 +71,6 @@ def handle_authentication(headers):
|
|
|
|
}
|
|
|
|
}
|
|
|
|
# Authenticated user
|
|
|
|
# Authenticated user
|
|
|
|
elif method == "plain":
|
|
|
|
elif method == "plain":
|
|
|
|
server, port = get_server(headers["Auth-Protocol"], True)
|
|
|
|
|
|
|
|
# According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
|
|
|
|
|
|
|
|
# be ASCII and are generally considered ISO8859-1. However when passing
|
|
|
|
|
|
|
|
# the password, nginx does not transcode the input UTF string, thus
|
|
|
|
|
|
|
|
# we need to manually decode.
|
|
|
|
|
|
|
|
raw_user_email = urllib.parse.unquote(headers["Auth-User"])
|
|
|
|
|
|
|
|
user_email = raw_user_email.encode("iso8859-1").decode("utf8")
|
|
|
|
|
|
|
|
raw_password = urllib.parse.unquote(headers["Auth-Pass"])
|
|
|
|
|
|
|
|
password = raw_password.encode("iso8859-1").decode("utf8")
|
|
|
|
|
|
|
|
ip = urllib.parse.unquote(headers["Client-Ip"])
|
|
|
|
|
|
|
|
service_port = int(urllib.parse.unquote(headers["Auth-Port"]))
|
|
|
|
service_port = int(urllib.parse.unquote(headers["Auth-Port"]))
|
|
|
|
if service_port == 25:
|
|
|
|
if service_port == 25:
|
|
|
|
return {
|
|
|
|
return {
|
|
|
|
@ -88,14 +78,27 @@ def handle_authentication(headers):
|
|
|
|
"Auth-Error-Code": "502 5.5.1",
|
|
|
|
"Auth-Error-Code": "502 5.5.1",
|
|
|
|
"Auth-Wait": 0
|
|
|
|
"Auth-Wait": 0
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
|
|
|
|
|
|
|
|
# be ASCII and are generally considered ISO8859-1. However when passing
|
|
|
|
|
|
|
|
# the password, nginx does not transcode the input UTF string, thus
|
|
|
|
|
|
|
|
# we need to manually decode.
|
|
|
|
|
|
|
|
raw_user_email = urllib.parse.unquote(headers["Auth-User"])
|
|
|
|
|
|
|
|
raw_password = urllib.parse.unquote(headers["Auth-Pass"])
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
user_email = raw_user_email.encode("iso8859-1").decode("utf8")
|
|
|
|
|
|
|
|
password = raw_password.encode("iso8859-1").decode("utf8")
|
|
|
|
|
|
|
|
except:
|
|
|
|
|
|
|
|
app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}')
|
|
|
|
|
|
|
|
else:
|
|
|
|
user = models.User.query.get(user_email)
|
|
|
|
user = models.User.query.get(user_email)
|
|
|
|
|
|
|
|
ip = urllib.parse.unquote(headers["Client-Ip"])
|
|
|
|
if check_credentials(user, password, ip, protocol):
|
|
|
|
if check_credentials(user, password, ip, protocol):
|
|
|
|
|
|
|
|
server, port = get_server(headers["Auth-Protocol"], True)
|
|
|
|
return {
|
|
|
|
return {
|
|
|
|
"Auth-Status": "OK",
|
|
|
|
"Auth-Status": "OK",
|
|
|
|
"Auth-Server": server,
|
|
|
|
"Auth-Server": server,
|
|
|
|
"Auth-Port": port
|
|
|
|
"Auth-Port": port
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else:
|
|
|
|
|
|
|
|
status, code = get_status(protocol, "authentication")
|
|
|
|
status, code = get_status(protocol, "authentication")
|
|
|
|
return {
|
|
|
|
return {
|
|
|
|
"Auth-Status": status,
|
|
|
|
"Auth-Status": status,
|
|
|
|
|
Alexander Graf
3 years ago