Fix Webmail token check. Fix Auth-Port for Webmail. #2079

core/admin/mailu/internal/nginx.py

@@ -27,12 +27,12 @@ STATUSES = {
     }),
 }
 
-def check_credentials(user, password, ip, protocol=None):
+def check_credentials(user, password, ip, protocol=None, auth_port=None):
     if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop):
         return False
     is_ok = False
     # webmails
-    if len(password) == 64 and ip == app.config['WEBMAIL_ADDRESS']:
+    if len(password) == 64 and auth_port == '10143':
         if user.verify_temp_token(password):
             is_ok = True
     # All tokens are 32 characters hex lowercase
@@ -100,7 +100,7 @@ def handle_authentication(headers):
                 app.logger.warn(f'Invalid user {user_email!r}: {exc}')
             else:
                 ip = urllib.parse.unquote(headers["Client-Ip"])
-                if check_credentials(user, password, ip, protocol):
+                if check_credentials(user, password, ip, protocol, headers["Auth-Port"]):
                     server, port = get_server(headers["Auth-Protocol"], True)
                     return {
                         "Auth-Status": "OK",

core/nginx/conf/nginx.conf

@@ -277,7 +277,7 @@ mail {
       listen 10143;
       protocol imap;
       smtp_auth plain;
-      auth_http_header Auth-Port 10043;
+      auth_http_header Auth-Port 10143;
     }
 
     # SMTP is always enabled, to avoid losing emails when TLS is failing

towncrier/newsfragments/2079.fix

@@ -0,0 +1,2 @@
+#2079 Webmail token check does not work if WEBMAIL_ADDRESS is set to a hostname.
+#2081 Fix typo in nginx config for webmail port (10043 to 10143)