optimize handle_authentication

- catch decoding of nginx headers (utf-8 exception)
- re-ordered function
master
Alexander Graf 3 years ago
parent 71cc8b0a81
commit 90c96bdddc

@ -71,16 +71,6 @@ def handle_authentication(headers):
} }
# Authenticated user # Authenticated user
elif method == "plain": elif method == "plain":
server, port = get_server(headers["Auth-Protocol"], True)
# According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
# be ASCII and are generally considered ISO8859-1. However when passing
# the password, nginx does not transcode the input UTF string, thus
# we need to manually decode.
raw_user_email = urllib.parse.unquote(headers["Auth-User"])
user_email = raw_user_email.encode("iso8859-1").decode("utf8")
raw_password = urllib.parse.unquote(headers["Auth-Pass"])
password = raw_password.encode("iso8859-1").decode("utf8")
ip = urllib.parse.unquote(headers["Client-Ip"])
service_port = int(urllib.parse.unquote(headers["Auth-Port"])) service_port = int(urllib.parse.unquote(headers["Auth-Port"]))
if service_port == 25: if service_port == 25:
return { return {
@ -88,20 +78,33 @@ def handle_authentication(headers):
"Auth-Error-Code": "502 5.5.1", "Auth-Error-Code": "502 5.5.1",
"Auth-Wait": 0 "Auth-Wait": 0
} }
user = models.User.query.get(user_email) # According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
if check_credentials(user, password, ip, protocol): # be ASCII and are generally considered ISO8859-1. However when passing
return { # the password, nginx does not transcode the input UTF string, thus
"Auth-Status": "OK", # we need to manually decode.
"Auth-Server": server, raw_user_email = urllib.parse.unquote(headers["Auth-User"])
"Auth-Port": port raw_password = urllib.parse.unquote(headers["Auth-Pass"])
} try:
user_email = raw_user_email.encode("iso8859-1").decode("utf8")
password = raw_password.encode("iso8859-1").decode("utf8")
except:
app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}')
else: else:
status, code = get_status(protocol, "authentication") user = models.User.query.get(user_email)
return { ip = urllib.parse.unquote(headers["Client-Ip"])
"Auth-Status": status, if check_credentials(user, password, ip, protocol):
"Auth-Error-Code": code, server, port = get_server(headers["Auth-Protocol"], True)
"Auth-Wait": 0 return {
} "Auth-Status": "OK",
"Auth-Server": server,
"Auth-Port": port
}
status, code = get_status(protocol, "authentication")
return {
"Auth-Status": status,
"Auth-Error-Code": code,
"Auth-Wait": 0
}
# Unexpected # Unexpected
return {} return {}

Loading…
Cancel
Save