From 1b666cd25b33ba1b645a51e7dd5686d4cf6ac2e3 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Thu, 12 Apr 2018 19:07:48 +0200 Subject: [PATCH 01/18] Add a sqlalchemy custom type for unicode to idna conersion of domain names --- core/admin/mailu/models.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 48f7b91e..e21afd79 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -38,6 +38,19 @@ class CommaSeparatedList(db.TypeDecorator): return filter(bool, value.split(",")) +class Idna(db.TypeDecorator): + """ Stores a Unicode string in it's IDNA representation (ASCII only) + """ + + impl = db.String + + def process_bind_param(self, value, dialect): + return value.encode("idna") + + def process_result_value(self, value, dialect): + return value.decode("idna") + + class Base(db.Model): """ Base class for all models """ @@ -54,7 +67,7 @@ class Domain(Base): """ __tablename__ = "domain" - name = db.Column(db.String(80), primary_key=True, nullable=False) + name = db.Column(Idna, primary_key=True, nullable=False) managers = db.relationship('User', secondary=managers, backref=db.backref('manager_of'), lazy='dynamic') max_users = db.Column(db.Integer, nullable=False, default=0) From 5a7272ff12ab3b5eac02e2296054470e6b7c5fcd Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Thu, 12 Apr 2018 20:30:19 +0200 Subject: [PATCH 02/18] Replace other occurences of domain names with idna --- core/admin/mailu/models.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index e21afd79..7b58fdac 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -15,7 +15,7 @@ import smtplib # Many-to-many association table for domain managers managers = db.Table('manager', - db.Column('domain_name', db.String(80), db.ForeignKey('domain.name')), + db.Column('domain_name', Idna, db.ForeignKey('domain.name')), db.Column('user_email', db.String(255), db.ForeignKey('user.email')) ) @@ -123,8 +123,8 @@ class Alternative(Base): __tablename__ = "alternative" - name = db.Column(db.String(80), primary_key=True, nullable=False) - domain_name = db.Column(db.String(80), db.ForeignKey(Domain.name)) + name = db.Column(Idna, primary_key=True, nullable=False) + domain_name = db.Column(Idna, db.ForeignKey(Domain.name)) domain = db.relationship(Domain, backref=db.backref('alternatives', cascade='all, delete-orphan')) @@ -139,8 +139,8 @@ class Relay(Base): __tablename__ = "relay" - name = db.Column(db.String(80), primary_key=True, nullable=False) - smtp = db.Column(db.String(80), nullable=True) + name = db.Column(Idna, primary_key=True, nullable=False) + smtp = db.Column(Idna, nullable=True) def __str__(self): return self.name @@ -154,7 +154,7 @@ class Email(object): @declarative.declared_attr def domain_name(cls): - return db.Column(db.String(80), db.ForeignKey(Domain.name), + return db.Column(Idna, db.ForeignKey(Domain.name), nullable=False) # This field is redundant with both localpart and domain name. From d9ea64fac77a29531cb2bfaa9250f7e43c031d35 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Thu, 12 Apr 2018 21:35:38 +0200 Subject: [PATCH 03/18] Import idna library and move code a bit upwards --- core/admin/mailu/models.py | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 7b58fdac..e99d624d 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -11,6 +11,20 @@ import time import os import glob import smtplib +import idna + + +class Idna(db.TypeDecorator): + """ Stores a Unicode string in it's IDNA representation (ASCII only) + """ + + impl = db.String + + def process_bind_param(self, value, dialect): + return idna.encode(value) + + def process_result_value(self, value, dialect): + return idna.decode(value) # Many-to-many association table for domain managers @@ -38,19 +52,6 @@ class CommaSeparatedList(db.TypeDecorator): return filter(bool, value.split(",")) -class Idna(db.TypeDecorator): - """ Stores a Unicode string in it's IDNA representation (ASCII only) - """ - - impl = db.String - - def process_bind_param(self, value, dialect): - return value.encode("idna") - - def process_result_value(self, value, dialect): - return value.decode("idna") - - class Base(db.Model): """ Base class for all models """ From c40e255f3b513fb7846d4a90e5057c69c4b90c72 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Thu, 12 Apr 2018 22:21:28 +0200 Subject: [PATCH 04/18] Reset relay columns to string --- core/admin/mailu/models.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index e99d624d..718134e6 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -140,8 +140,8 @@ class Relay(Base): __tablename__ = "relay" - name = db.Column(Idna, primary_key=True, nullable=False) - smtp = db.Column(Idna, nullable=True) + name = db.Column(db.String(80), primary_key=True, nullable=False) + smtp = db.Column(db.String(80), nullable=True) def __str__(self): return self.name From 792c720c13f213ffe4c27b020f1d1e92ec4937ed Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Fri, 13 Apr 2018 08:13:26 +0200 Subject: [PATCH 05/18] Save user email domain_name as idna representation --- core/admin/mailu/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 718134e6..43853ca7 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -165,7 +165,7 @@ class Email(object): def email(cls): updater = lambda context: "{0}@{1}".format( context.current_parameters["localpart"], - context.current_parameters["domain_name"], + idna.encode(context.current_parameters["domain_name"]).decode('ascii'), ) return db.Column(db.String(255, collation="NOCASE"), primary_key=True, nullable=False, From 93d5254b3f83b4403db6ec7658e6dae182901637 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sat, 14 Apr 2018 13:00:29 +0200 Subject: [PATCH 06/18] Add another type decorator for idna email support --- core/admin/mailu/models.py | 50 +++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 11 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 43853ca7..1f11b0a3 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -14,12 +14,13 @@ import smtplib import idna -class Idna(db.TypeDecorator): +class IdnaDomain(db.TypeDecorator): """ Stores a Unicode string in it's IDNA representation (ASCII only) """ impl = db.String + def process_bind_param(self, value, dialect): return idna.encode(value) @@ -27,10 +28,36 @@ class Idna(db.TypeDecorator): return idna.decode(value) +class IdnaEmail(db.TypeDecorator): + """ Stores a Unicode string in it's IDNA representation (ASCII only) + """ + + impl = db.String + + + def process_bind_param(self, value, dialect): + localpart, domain_name = value.split('@') + + email = "{0}@{1}".format( + localpart, + idna.encode(domain_name).decode('ascii'), + ) + return email + + def process_result_value(self, value, dialect): + localpart, domain_name = value.split('@') + + email = "{0}@{1}".format( + localpart, + idna.decode(domain_name), + ) + return email + + # Many-to-many association table for domain managers managers = db.Table('manager', - db.Column('domain_name', Idna, db.ForeignKey('domain.name')), - db.Column('user_email', db.String(255), db.ForeignKey('user.email')) + db.Column('domain_name', IdnaDomain, db.ForeignKey('domain.name')), + db.Column('user_email', IdnaEmail, db.ForeignKey('user.email')) ) @@ -40,6 +67,7 @@ class CommaSeparatedList(db.TypeDecorator): impl = db.String + def process_bind_param(self, value, dialect): if type(value) is not list: raise TypeError("Shoud be a list") @@ -68,7 +96,7 @@ class Domain(Base): """ __tablename__ = "domain" - name = db.Column(Idna, primary_key=True, nullable=False) + name = db.Column(IdnaDomain, primary_key=True, nullable=False) managers = db.relationship('User', secondary=managers, backref=db.backref('manager_of'), lazy='dynamic') max_users = db.Column(db.Integer, nullable=False, default=0) @@ -124,8 +152,8 @@ class Alternative(Base): __tablename__ = "alternative" - name = db.Column(Idna, primary_key=True, nullable=False) - domain_name = db.Column(Idna, db.ForeignKey(Domain.name)) + name = db.Column(IdnaDomain, primary_key=True, nullable=False) + domain_name = db.Column(IdnaDomain, db.ForeignKey(Domain.name)) domain = db.relationship(Domain, backref=db.backref('alternatives', cascade='all, delete-orphan')) @@ -155,19 +183,19 @@ class Email(object): @declarative.declared_attr def domain_name(cls): - return db.Column(Idna, db.ForeignKey(Domain.name), - nullable=False) + return db.Column(IdnaDomain, db.ForeignKey(Domain.name), + nullable=False, default=IdnaDomain) # This field is redundant with both localpart and domain name. # It is however very useful for quick lookups without joining tables, - # especially when the mail server il reading the database. + # especially when the mail server is reading the database. @declarative.declared_attr def email(cls): updater = lambda context: "{0}@{1}".format( context.current_parameters["localpart"], - idna.encode(context.current_parameters["domain_name"]).decode('ascii'), + context.current_parameters["domain_name"], ) - return db.Column(db.String(255, collation="NOCASE"), + return db.Column(IdnaEmail, primary_key=True, nullable=False, default=updater) From 7f5bd98a2e5bd94f3ac128a05d838a9b98d5b9d6 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sat, 14 Apr 2018 13:02:00 +0200 Subject: [PATCH 07/18] Add parameters to database field --- core/admin/mailu/models.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 1f11b0a3..2029262e 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -18,7 +18,7 @@ class IdnaDomain(db.TypeDecorator): """ Stores a Unicode string in it's IDNA representation (ASCII only) """ - impl = db.String + impl = db.String(80) def process_bind_param(self, value, dialect): @@ -32,7 +32,7 @@ class IdnaEmail(db.TypeDecorator): """ Stores a Unicode string in it's IDNA representation (ASCII only) """ - impl = db.String + impl = db.String(255, collation="NOCASE") def process_bind_param(self, value, dialect): From 3aaecca989735edfd39579b6354168594df646e1 Mon Sep 17 00:00:00 2001 From: Vados Date: Tue, 13 Mar 2018 20:51:36 +0900 Subject: [PATCH 08/18] Update NGINX Ingress controller configuration --- .../kubernetes-nginx-ingress-controller.yaml | 55 +++++++++++-------- 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml b/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml index 3a24cd20..bca2fdc1 100644 --- a/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml +++ b/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml @@ -1,26 +1,40 @@ --- -apiVersion: v1 kind: ConfigMap +apiVersion: v1 metadata: - name: nginx-ingress-conf - namespace: kube-system + name: nginx-configuration + namespace: ingress-nginx labels: - k8s-app: nginx-ingress-controller + app: ingress-nginx + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: udp-services + namespace: ingress-nginx + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: tcp-services + namespace: ingress-nginx data: - 25: "default/smtp:25" - 465: "default/smtp:465" - 587: "default/smtp:587" - 143: "default/imap:143" - 993: "default/imap:993" + 25: "mailu/smtp:25" + 465: "mailu/smtp:465" + 587: "mailu/smtp:587" + 143: "mailu/imap:143" + 993: "mailu/imap:993" --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx-ingress-controller + namespace: kube-system labels: k8s-app: nginx-ingress-controller - namespace: kube-system spec: replicas: 1 template: @@ -38,8 +52,15 @@ spec: # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.11 + - image: gcr.io/google_containers/nginx-ingress-controller:0.11.0 name: nginx-ingress-controller + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend + - --configmap=$(POD_NAMESPACE)/nginx-configuration + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --annotations-prefix=nginx.ingress.kubernetes.io readinessProbe: httpGet: path: /healthz @@ -57,14 +78,6 @@ spec: hostPort: 25 - containerPort: 443 hostPort: 443 - - containerPort: 143 - hostPort: 143 - - containerPort: 465 - hostPort: 465 - - containerPort: 587 - hostPort: 587 - - containerPort: 993 - hostPort: 993 env: - name: POD_NAME valueFrom: @@ -74,7 +87,3 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-conf From 1e609acbaf5e27b829f6adbcba842990be577dc0 Mon Sep 17 00:00:00 2001 From: Vados Date: Tue, 13 Mar 2018 21:06:53 +0900 Subject: [PATCH 09/18] Remove `ports` option completely Not needed since `hostNetwork: true` --- docs/kubernetes/kubernetes-nginx-ingress-controller.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml b/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml index bca2fdc1..5ea9790a 100644 --- a/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml +++ b/docs/kubernetes/kubernetes-nginx-ingress-controller.yaml @@ -73,11 +73,6 @@ spec: scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 - ports: - - containerPort: 25 - hostPort: 25 - - containerPort: 443 - hostPort: 443 env: - name: POD_NAME valueFrom: From 2c2a1ed04293890b23f9dce380e66254c9ac56c0 Mon Sep 17 00:00:00 2001 From: Scott Date: Sat, 14 Apr 2018 16:47:41 -0500 Subject: [PATCH 10/18] Remove stale link to old auto-forward settings. Fixes #450 Also update a reference to 'smtp' to use HOST_AUTHSMTP --- core/admin/mailu/models.py | 2 +- core/admin/mailu/ui/templates/user/list.html | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 2029262e..63817cdc 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -204,7 +204,7 @@ class Email(object): """ from_address = '{}@{}'.format( app.config['POSTMASTER'], app.config['DOMAIN']) - with smtplib.SMTP('smtp', port=10025) as smtp: + with smtplib.SMTP(app.config['HOST_AUTHSMTP'], port=10025) as smtp: msg = text.MIMEText(body) msg['Subject'] = subject msg['From'] = from_address diff --git a/core/admin/mailu/ui/templates/user/list.html b/core/admin/mailu/ui/templates/user/list.html index 7d908fe0..8d3a0304 100644 --- a/core/admin/mailu/ui/templates/user/list.html +++ b/core/admin/mailu/ui/templates/user/list.html @@ -32,7 +32,6 @@   -       From 20d6fbae485b0b384964cabf95f1b42345d76e0f Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 11:23:58 +0200 Subject: [PATCH 11/18] Add enabled flag to user model --- core/admin/mailu/models.py | 1 + .../migrations/versions/49d77a93118e_.py | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 core/admin/migrations/versions/49d77a93118e_.py diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 63817cdc..8e7939af 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -225,6 +225,7 @@ class User(Base, Email): password = db.Column(db.String(255), nullable=False) quota_bytes = db.Column(db.Integer(), nullable=False, default=10**9) global_admin = db.Column(db.Boolean(), nullable=False, default=False) + enabled = db.Column(db.Boolean(), nullable=False, default=True) # Features enable_imap = db.Column(db.Boolean(), nullable=False, default=True) diff --git a/core/admin/migrations/versions/49d77a93118e_.py b/core/admin/migrations/versions/49d77a93118e_.py new file mode 100644 index 00000000..98dd9e34 --- /dev/null +++ b/core/admin/migrations/versions/49d77a93118e_.py @@ -0,0 +1,24 @@ +""" Add enabled flag to user model + +Revision ID: 49d77a93118e +Revises: 423155f8fc15 +Create Date: 2018-04-15 11:17:32.306088 + +""" + +# revision identifiers, used by Alembic. +revision = '49d77a93118e' +down_revision = '423155f8fc15' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(): + with op.batch_alter_table('user') as batch: + batch.add_column(sa.Column('enabled', sa.Boolean(), nullable=False, server_default=sa.sql.expression.true())) + + +def downgrade(): + with op.batch_alter_table('user') as batch: + batch.drop_column('user', 'enabled') From 78f4fa7db97e55989b7265442b243309a50b7242 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 11:35:37 +0200 Subject: [PATCH 12/18] Add field to ui for user enabled flag --- core/admin/mailu/ui/forms.py | 1 + core/admin/mailu/ui/templates/user/create.html | 1 + 2 files changed, 2 insertions(+) diff --git a/core/admin/mailu/ui/forms.py b/core/admin/mailu/ui/forms.py index 22dbb351..c17da724 100644 --- a/core/admin/mailu/ui/forms.py +++ b/core/admin/mailu/ui/forms.py @@ -72,6 +72,7 @@ class UserForm(flask_wtf.FlaskForm): enable_imap = fields.BooleanField(_('Allow IMAP access'), default=True) enable_pop = fields.BooleanField(_('Allow POP3 access'), default=True) comment = fields.StringField(_('Comment')) + enabled = fields.BooleanField(_('Enabled'), default=True) submit = fields.SubmitField(_('Save')) diff --git a/core/admin/mailu/ui/templates/user/create.html b/core/admin/mailu/ui/templates/user/create.html index 053bfba5..09e83155 100644 --- a/core/admin/mailu/ui/templates/user/create.html +++ b/core/admin/mailu/ui/templates/user/create.html @@ -16,6 +16,7 @@ {{ macros.form_field(form.localpart, append='@'+domain.name+'') }} {{ macros.form_fields((form.pw, form.pw2)) }} {{ macros.form_field(form.comment) }} + {{ macros.form_field(form.enabled) }} {% endcall %} {% call macros.box(_("Features and quotas"), theme="success") %} From 5bfdd75738d232bd6529ce825c3d636bf72d5f97 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 13:00:38 +0200 Subject: [PATCH 13/18] Respect user enabled flag on user.login --- core/admin/mailu/models.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 8e7939af..254e9dae 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -263,6 +263,9 @@ class User(Base, Email): default=scheme_dict[app.config['PASSWORD_SCHEME']], ) + def is_enabled(self): + return self.enabled + def check_password(self, password): reference = re.match('({[^}]+})?(.*)', self.password).group(2) return User.pw_context.verify(password, reference) @@ -299,7 +302,7 @@ class User(Base, Email): @classmethod def login(cls, email, password): user = cls.query.get(email) - return user if (user and user.check_password(password)) else None + return user if (user and user.check_password(password) and user.is_enabled()) else None login_manager.user_loader(User.query.get) From d2c6cecca66a193d8c70d1c1a8be4a1d2b24e904 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 13:42:08 +0200 Subject: [PATCH 14/18] Remove is_enabled method and use the enabled attribute instead --- core/admin/mailu/models.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 254e9dae..85cb1ed1 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -263,9 +263,6 @@ class User(Base, Email): default=scheme_dict[app.config['PASSWORD_SCHEME']], ) - def is_enabled(self): - return self.enabled - def check_password(self, password): reference = re.match('({[^}]+})?(.*)', self.password).group(2) return User.pw_context.verify(password, reference) @@ -302,7 +299,7 @@ class User(Base, Email): @classmethod def login(cls, email, password): user = cls.query.get(email) - return user if (user and user.check_password(password) and user.is_enabled()) else None + return user if (user and user.enabled and user.check_password(password)) else None login_manager.user_loader(User.query.get) From 92f485832356fe1a5f1f79c10a3788147143553e Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 13:43:30 +0200 Subject: [PATCH 15/18] Respect user.enabled status in internal authentication --- core/admin/mailu/internal/nginx.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py index 84ee8596..cb6bc9cb 100644 --- a/core/admin/mailu/internal/nginx.py +++ b/core/admin/mailu/internal/nginx.py @@ -51,7 +51,7 @@ def handle_authentication(headers): status = False elif protocol == "pop3" and not user.enable_pop: status = False - if status: + if status and user.enabled: return { "Auth-Status": "OK", "Auth-Server": server, From d3064579f439fabba1c7060109a0160eb0a935fe Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 14:02:15 +0200 Subject: [PATCH 16/18] Respect user enabled flag in basic authentication --- core/admin/mailu/internal/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/internal/views.py b/core/admin/mailu/internal/views.py index 955b5390..2b441ce7 100644 --- a/core/admin/mailu/internal/views.py +++ b/core/admin/mailu/internal/views.py @@ -41,7 +41,7 @@ def basic_authentication(): encoded = authorization.replace("Basic ", "") user_email, password = base64.b64decode(encoded).split(b":") user = models.User.query.get(user_email.decode("utf8")) - if user and user.check_password(password.decode("utf8")): + if user and user.enabled and user.check_password(password.decode("utf8")): response = flask.Response() response.headers["X-User"] = user.email return response From 49b17d31bea4bfe38eb201dc9ada8b91adaf5535 Mon Sep 17 00:00:00 2001 From: Scott Date: Sun, 15 Apr 2018 08:04:54 -0500 Subject: [PATCH 17/18] [Security] Update Roundcube to 1.3.6 Fixes a security issue in roundcube. May also fix the last comment in #391. --- webmails/roundcube/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile index d3e045aa..c779e71a 100644 --- a/webmails/roundcube/Dockerfile +++ b/webmails/roundcube/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get update && apt-get install -y \ libpng12-dev \ && docker-php-ext-install pdo_mysql mcrypt zip -ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.3.4/roundcubemail-1.3.4-complete.tar.gz +ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.3.6/roundcubemail-1.3.6-complete.tar.gz RUN echo date.timezone=UTC > /usr/local/etc/php/conf.d/timezone.ini From c688970b321abe492d97e2e2fa96dafd6e3f6255 Mon Sep 17 00:00:00 2001 From: Stefan Auditor Date: Sun, 15 Apr 2018 19:53:24 +0200 Subject: [PATCH 18/18] Respect user enabled flag in admin authentication --- core/admin/mailu/internal/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/admin/mailu/internal/views.py b/core/admin/mailu/internal/views.py index 2b441ce7..b97d329e 100644 --- a/core/admin/mailu/internal/views.py +++ b/core/admin/mailu/internal/views.py @@ -27,7 +27,8 @@ def admin_authentication(): """ Fails if the user is not an authenticated admin. """ if (not flask_login.current_user.is_anonymous - and flask_login.current_user.global_admin): + and flask_login.current_user.global_admin + and flask_login.current_user.enabled): return "" return flask.abort(403)