def nginx_authentication(): """ Main authentication endpoint for Nginx email server """ limiter = utils.limiter.get_limiter(app.config["AUTH_RATELIMIT"], "auth-ip") client_ip = flask.request.headers["Client-Ip"] print(flask.request.headers) if not limiter.test(client_ip): response = flask.Response() response.headers['Auth-Status'] = 'Authentication rate limit from one source exceeded' response.headers['Auth-Error-Code'] = '451 4.3.2' if int(flask.request.headers['Auth-Login-Attempt']) < 10: response.headers['Auth-Wait'] = '3' return response headers = nginx.handle_authentication(flask.request.headers) response = flask.Response() for key, value in headers.items(): response.headers[key] = str(value) if ("Auth-Status" not in headers) or (headers["Auth-Status"] != "OK"): limit_subnet = str(app.config["AUTH_RATELIMIT_SUBNET"]) != 'False' subnet = ipaddress.ip_network(app.config["SUBNET"]) if limit_subnet or ipaddress.ip_address(client_ip) not in subnet: limiter.hit(flask.request.headers["Client-Ip"]) return response
def nginx_authentication(): """ Main authentication endpoint for Nginx email server """ headers = nginx.handle_authentication(flask.request.headers) response = flask.Response() for key, value in headers.items(): response.headers[key] = str(value) return response
def nginx_authentication(): """ Main authentication endpoint for Nginx email server """ utils.limiter.check(flask.request.headers["Client-Ip"]) headers = nginx.handle_authentication(flask.request.headers) response = flask.Response() for key, value in headers.items(): response.headers[key] = str(value) if ("Auth-Status" not in headers) or (headers["Auth-Status"]!="OK"): utils.limiter.hit(flask.request.headers["Client-Ip"]) return response
def nginx_authentication(): """ Main authentication endpoint for Nginx email server """ client_ip = flask.request.headers["Client-Ip"] headers = flask.request.headers if headers["Auth-Port"] == '25' and headers['Auth-Method'] != 'none': response = flask.Response() response.headers['Auth-Status'] = 'AUTH not supported' response.headers['Auth-Error-Code'] = '502 5.5.1' utils.limiter.rate_limit_ip(client_ip) return response is_from_webmail = headers['Auth-Port'] in ['10143', '10025'] if not is_from_webmail and utils.limiter.should_rate_limit_ip(client_ip): status, code = nginx.get_status(flask.request.headers['Auth-Protocol'], 'ratelimit') response = flask.Response() response.headers['Auth-Status'] = status response.headers['Auth-Error-Code'] = code if int(flask.request.headers['Auth-Login-Attempt']) < 10: response.headers['Auth-Wait'] = '3' return response headers = nginx.handle_authentication(flask.request.headers) response = flask.Response() for key, value in headers.items(): response.headers[key] = str(value) is_valid_user = False if response.headers.get("Auth-User-Exists") == "True": username = response.headers["Auth-User"] if utils.limiter.should_rate_limit_user(username, client_ip): # FIXME could be done before handle_authentication() status, code = nginx.get_status( flask.request.headers['Auth-Protocol'], 'ratelimit') response = flask.Response() response.headers['Auth-Status'] = status response.headers['Auth-Error-Code'] = code if int(flask.request.headers['Auth-Login-Attempt']) < 10: response.headers['Auth-Wait'] = '3' return response is_valid_user = True if headers.get("Auth-Status") == "OK": utils.limiter.exempt_ip_from_ratelimits(client_ip) elif is_valid_user: utils.limiter.rate_limit_user(username, client_ip) elif not is_from_webmail: utils.limiter.rate_limit_ip(client_ip) return response