From 34766602a87c6feac48b7716a19fae2e8950ae9b Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Tue, 25 Jun 2024 12:48:10 +0200
Subject: [PATCH] define client_ip variable

---
 core/admin/mailu/sso/views/base.py  | 1 +
 towncrier/newsfragments/3314.bugfix | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 towncrier/newsfragments/3314.bugfix

diff --git a/core/admin/mailu/sso/views/base.py b/core/admin/mailu/sso/views/base.py
index b347d3cb..59c4ef04 100644
--- a/core/admin/mailu/sso/views/base.py
+++ b/core/admin/mailu/sso/views/base.py
@@ -130,6 +130,7 @@ https://mailu.io/master/configuration.html#header-authentication-using-an-extern
 def _proxy():
     proxy_ip = flask.request.headers.get('X-Forwarded-By', flask.request.remote_addr)
     ip = ipaddress.ip_address(proxy_ip)
+    client_ip = flask.request.headers.get('X-Real-IP', flask.request.remote_addr)
     if not any(ip in cidr for cidr in app.config['PROXY_AUTH_WHITELIST']):
         flask.current_app.logger.error(f'Login failed by proxy - not on whitelist: from {client_ip} through {flask.request.remote_addr}.')
         return flask.abort(500, '%s is not on PROXY_AUTH_WHITELIST' % proxy_ip)
diff --git a/towncrier/newsfragments/3314.bugfix b/towncrier/newsfragments/3314.bugfix
new file mode 100644
index 00000000..87558ee4
--- /dev/null
+++ b/towncrier/newsfragments/3314.bugfix
@@ -0,0 +1 @@
+Define client_ip variable in _proxy method. Fixes server error when using proxy authentication
\ No newline at end of file