Fix Webmail token check. Fix Auth-Port for Webmail. #2079

3 years ago · f26fa8da84
parent dbbfa44461
commit f26fa8da84
3 changed files with 6 additions and 4 deletions
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@ -27,12 +27,12 @@ STATUSES = {
    }),
 }

-def check_credentials(user, password, ip, protocol=None):
+def check_credentials(user, password, ip, protocol=None, auth_port=None):
    if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop):
        return False
    is_ok = False
    # webmails
-    if len(password) == 64 and ip == app.config['WEBMAIL_ADDRESS']:
+    if len(password) == 64 and auth_port == '10143':
        if user.verify_temp_token(password):
            is_ok = True
    # All tokens are 32 characters hex lowercase
@ -100,7 +100,7 @@ def handle_authentication(headers):
                app.logger.warn(f'Invalid user {user_email!r}: {exc}')
            else:
                ip = urllib.parse.unquote(headers["Client-Ip"])
-                if check_credentials(user, password, ip, protocol):
+                if check_credentials(user, password, ip, protocol, headers["Auth-Port"]):
                    server, port = get_server(headers["Auth-Protocol"], True)
                    return {
                        "Auth-Status": "OK",
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -277,7 +277,7 @@ mail {
      listen 10143;
      protocol imap;
      smtp_auth plain;
-      auth_http_header Auth-Port 10043;
+      auth_http_header Auth-Port 10143;
    }

    # SMTP is always enabled, to avoid losing emails when TLS is failing
--- a/towncrier/newsfragments/2079.fix
+++ b/towncrier/newsfragments/2079.fix
@ -0,0 +1,2 @@
+#2079 Webmail token check does not work if WEBMAIL_ADDRESS is set to a hostname.
+#2081 Fix typo in nginx config for webmail port (10043 to 10143)