From ec6d5acc188c5341a2c24c18056eea824de2fe20 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sun, 22 Oct 2017 10:49:31 +0200 Subject: [PATCH] Unescape passwords before cecking --- admin/mailu/internal/nginx.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/admin/mailu/internal/nginx.py b/admin/mailu/internal/nginx.py index a7a8c5b4..1cd7e652 100644 --- a/admin/mailu/internal/nginx.py +++ b/admin/mailu/internal/nginx.py @@ -1,6 +1,7 @@ from mailu import db, models import socket +import urllib SUPPORTED_AUTH_METHODS = ["none", "plain"] @@ -36,8 +37,8 @@ def handle_authentication(headers): } # Authenticated user elif method == "plain": - user_email = headers["Auth-User"] - password = headers["Auth-Pass"] + user_email = urllib.parse.unquote(headers["Auth-User"]) + password = urllib.parse.unquote(headers["Auth-Pass"]) user = models.User.query.get(user_email) if user and user.check_password(password): return {