Unescape passwords before cecking

2025-11-02 02:57:56 +00:00 · 2017-10-22 10:49:31 +02:00
parent 0a74213eae
commit ec6d5acc18
1 changed files with 3 additions and 2 deletions
--- a/admin/mailu/internal/nginx.py
+++ b/admin/mailu/internal/nginx.py
@@ -1,6 +1,7 @@
 from mailu import db, models

 import socket
+import urllib


 SUPPORTED_AUTH_METHODS = ["none", "plain"]
@@ -36,8 +37,8 @@ def handle_authentication(headers):
        }
    # Authenticated user
    elif method == "plain":
-        user_email = headers["Auth-User"]
-        password = headers["Auth-Pass"]
+        user_email = urllib.parse.unquote(headers["Auth-User"])
+        password = urllib.parse.unquote(headers["Auth-Pass"])
        user = models.User.query.get(user_email)
        if user and user.check_password(password):
            return {