|
|
@ -5,6 +5,7 @@ from flask import current_app as app
|
|
|
|
import flask
|
|
|
|
import flask
|
|
|
|
import flask_login
|
|
|
|
import flask_login
|
|
|
|
import base64
|
|
|
|
import base64
|
|
|
|
|
|
|
|
import sqlalchemy.exc
|
|
|
|
|
|
|
|
|
|
|
|
@internal.route("/auth/email")
|
|
|
|
@internal.route("/auth/email")
|
|
|
|
def nginx_authentication():
|
|
|
|
def nginx_authentication():
|
|
|
@ -96,13 +97,19 @@ def basic_authentication():
|
|
|
|
response.headers["WWW-Authenticate"] = 'Basic realm="Authentication rate limit for this username exceeded"'
|
|
|
|
response.headers["WWW-Authenticate"] = 'Basic realm="Authentication rate limit for this username exceeded"'
|
|
|
|
response.headers['Retry-After'] = '60'
|
|
|
|
response.headers['Retry-After'] = '60'
|
|
|
|
return response
|
|
|
|
return response
|
|
|
|
user = models.User.query.get(user_email)
|
|
|
|
try:
|
|
|
|
if user and nginx.check_credentials(user, password.decode('utf-8'), client_ip, "web"):
|
|
|
|
user = models.User.query.get(user_email) if '@' in user_email else None
|
|
|
|
response = flask.Response()
|
|
|
|
except sqlalchemy.exc.StatementError as exc:
|
|
|
|
response.headers["X-User"] = models.IdnaEmail.process_bind_param(flask_login, user.email, "")
|
|
|
|
exc = str(exc).split('\n', 1)[0]
|
|
|
|
utils.limiter.exempt_ip_from_ratelimits(client_ip)
|
|
|
|
app.logger.warn(f'Invalid user {user_email!r}: {exc}')
|
|
|
|
return response
|
|
|
|
else:
|
|
|
|
utils.limiter.rate_limit_user(user_email, client_ip) if user else utils.limiter.rate_limit_ip(client_ip)
|
|
|
|
if user is not None and nginx.check_credentials(user, password.decode('utf-8'), client_ip, "web"):
|
|
|
|
|
|
|
|
response = flask.Response()
|
|
|
|
|
|
|
|
response.headers["X-User"] = models.IdnaEmail.process_bind_param(flask_login, user.email, "")
|
|
|
|
|
|
|
|
utils.limiter.exempt_ip_from_ratelimits(client_ip)
|
|
|
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
# We failed check_credentials
|
|
|
|
|
|
|
|
utils.limiter.rate_limit_user(user_email, client_ip) if user else utils.limiter.rate_limit_ip(client_ip)
|
|
|
|
response = flask.Response(status=401)
|
|
|
|
response = flask.Response(status=401)
|
|
|
|
response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
|
|
|
|
response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
|
|
|
|
return response
|
|
|
|
return response
|
|
|
|