Handle nginx authentication requests in the admin container

master
kaiyou 7 years ago
parent a4851914d0
commit 94a13aabf0

@ -74,8 +74,9 @@ def inject_user():
return dict(current_user=flask_login.current_user) return dict(current_user=flask_login.current_user)
# Import views # Import views
from mailu import ui from mailu import ui, internal
app.register_blueprint(ui.ui, url_prefix='/ui') app.register_blueprint(ui.ui, url_prefix='/ui')
app.register_blueprint(internal.internal, url_prefix='/internal')
# Create the prefix middleware # Create the prefix middleware
class PrefixMiddleware(object): class PrefixMiddleware(object):

@ -0,0 +1,6 @@
from flask import Blueprint
internal = Blueprint('internal', __name__)
from mailu.internal import views

@ -0,0 +1,64 @@
from mailu import db, models
SUPPORTED_AUTH_METHODS = ["none", "plain"]
STATUSES = {
"authentication": ("Authentication credentials invalid", {
"imap": "AUTHENTICATIONFAILED",
"smtp": "535 5.7.8",
"pop3": ""
}),
}
def handle_authentication(headers):
""" Handle an HTTP nginx authentication request
See: http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
"""
method = headers["Auth-Method"]
protocol = headers["Auth-Protocol"]
server, port = get_server(headers["Auth-Protocol"])
# Incoming mail, no authentication
if method == "none" and protocol == "smtp":
return {
"Auth-Status": "OK",
"Auth-Server": server,
"Auth-Port": port
}
# Authenticated user
elif method == "plain":
user_email = headers["Auth-User"]
password = headers["Auth-Pass"]
user = models.User.query.get(user_email)
if user and user.check_password(password):
return {
"Auth-Status": "OK",
"Auth-Server": server,
"Auth-Port": port
}
else:
status, code = get_status(protocol, "authentication")
return {
"Auth-Status": status,
"Auth-Error-Code": code,
"Auth-Wait": 0
}
# Unexpected
else:
return {}
def get_status(protocol, status):
""" Return the proper error code depending on the protocol
"""
status, codes = STATUSES[status]
return status, codes[protocol]
def get_server(protocol):
servers = {
"imap": ("172.18.0.12", 143),
"smtp": ("172.18.0.9", 25)
}
return servers[protocol]

@ -0,0 +1,14 @@
from mailu import db, models
from mailu.internal import internal, nginx
import flask
@internal.route("/nginx")
def nginx_authentication():
headers = nginx.handle_authentication(flask.request.headers)
response = flask.Response()
for key, value in headers.items():
response.headers[key] = str(value)
return response
Loading…
Cancel
Save