Merge remote-tracking branch 'upstream/main' into merge-upstream

# Conflicts: # .gitignore # management/auth.py # management/daemon.py # management/mail_log.py # management/mailconfig.py # management/mfa.py # management/ssl_certificates.py # management/status_checks.py # management/utils.py # management/web_update.py # setup/mail-postfix.sh # setup/migrate.py # setup/preflight.sh # setup/webmail.sh # tests/test_mail.py # tools/editconf.py
2026-03-18 18:07:22 +01:00 · 2024-03-12 07:41:14 -04:00
parent c884d63dda 18b8f9ab4b
commit d349150dd0
33 changed files with 582 additions and 571 deletions
--- a/management/auth.py
+++ b/management/auth.py
@@ -8,7 +8,7 @@
 ##### details.
 #####

-import base64, os, os.path, hmac, json, secrets
+import base64, hmac, json, secrets
 from datetime import timedelta

 from expiringdict import ExpiringDict
@@ -32,7 +32,7 @@ class AuthService:
 	def init_system_api_key(self):
 		"""Write an API key to a local file so local processes can use the API"""

-		with open(self.key_path, 'r') as file:
+		with open(self.key_path, encoding='utf-8') as file:
 			self.key = file.read()

 	def authenticate(self, request, env, login_only=False, logout=False):
@@ -58,11 +58,13 @@ class AuthService:
 			return username, password

 		username, password = parse_http_authorization_basic(request.headers.get('Authorization', ''))
-		if username in (None, ""):
-			raise ValueError("Authorization header invalid.")
+		if username in {None, ""}:
+			msg = "Authorization header invalid."
+			raise ValueError(msg)

 		if username.strip() == "" and password.strip() == "":
-			raise ValueError("No email address, password, session key, or API key provided.")
+			msg = "No email address, password, session key, or API key provided."
+			raise ValueError(msg)

 		# If user passed the system API key, grant administrative privs. This key
 		# is not associated with a user.
@@ -82,7 +84,8 @@ class AuthService:

 		# If no password was given, but a username was given, we're missing some information.
 		elif password.strip() == "":
-			raise ValueError("Enter a password.")
+			msg = "Enter a password."
+			raise ValueError(msg)

 		else:
 			# The user is trying to log in with a username and a password
@@ -109,7 +112,8 @@ class AuthService:
 		# Authenticate.
 		if not validate_login(email, pw, env):
 			# Login failed.
-			raise ValueError("Incorrect email address or password.")
+			msg = "Incorrect email address or password."
+			raise ValueError(msg)

 		# If MFA is enabled, check that MFA passes.
 		status, hints = validate_auth_mfa(email, request, env)