PEP8 and cleanup for the new IMAP ACL module
This commit is contained in:
parent
0daad0b6b2
commit
83baebd750
@ -2,8 +2,6 @@
|
|||||||
#
|
#
|
||||||
# This file is part of Radicale Server - Calendar Server
|
# This file is part of Radicale Server - Calendar Server
|
||||||
# Copyright © 2012 Daniel Aleksandersen
|
# Copyright © 2012 Daniel Aleksandersen
|
||||||
# Copyright © 2011 Corentin Le Bail
|
|
||||||
# Copyright © 2011 Guillaume Ayoub
|
|
||||||
#
|
#
|
||||||
# This library is free software: you can redistribute it and/or modify
|
# This library is free software: you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
@ -39,45 +37,53 @@ from radicale import acl, config, log
|
|||||||
IMAP_SERVER = config.get("acl", "imap_auth_host_name")
|
IMAP_SERVER = config.get("acl", "imap_auth_host_name")
|
||||||
IMAP_SERVER_PORT = config.get("acl", "imap_auth_host_port")
|
IMAP_SERVER_PORT = config.get("acl", "imap_auth_host_port")
|
||||||
|
|
||||||
|
|
||||||
def has_right(owner, user, password):
|
def has_right(owner, user, password):
|
||||||
"""Check if ``user``/``password`` couple is valid."""
|
"""Check if ``user``/``password`` couple is valid."""
|
||||||
|
|
||||||
if not user or (owner not in acl.PRIVATE_USERS and user != owner):
|
if not user or (owner not in acl.PRIVATE_USERS and user != owner):
|
||||||
# No user given, or owner is not private and is not user, forbidden
|
# No user given, or owner is not private and is not user, forbidden
|
||||||
return False
|
return False
|
||||||
|
|
||||||
log.LOGGER.debug("[IMAP ACL] Connecting to %s:%s." % (IMAP_SERVER, IMAP_SERVER_PORT,))
|
log.LOGGER.debug(
|
||||||
|
"[IMAP ACL] Connecting to %s:%s." % (IMAP_SERVER, IMAP_SERVER_PORT,))
|
||||||
connection = imaplib.IMAP4(host=IMAP_SERVER, port=IMAP_SERVER_PORT)
|
connection = imaplib.IMAP4(host=IMAP_SERVER, port=IMAP_SERVER_PORT)
|
||||||
|
|
||||||
def secure_connection():
|
server_is_local = (IMAP_SERVER == "localhost")
|
||||||
|
|
||||||
|
connection_is_secure = False
|
||||||
try:
|
try:
|
||||||
connection.starttls()
|
connection.starttls()
|
||||||
log.LOGGER.debug("[IMAP ACL] Server connection changed to TLS.")
|
log.LOGGER.debug("[IMAP ACL] Server connection changed to TLS.")
|
||||||
return True
|
connection_is_secure = True
|
||||||
except (IMAP4.error, IAMP4.abort) as err:
|
except AttributeError:
|
||||||
import sys
|
if not server_is_local:
|
||||||
PY_MIN = float(3.2)
|
log.LOGGER.error(
|
||||||
PY_SYS = float("%s.%s" % (sys.version_info.major, sys.version_info.minor))
|
"[IMAP ACL] Python 3.2 or newer is required for TLS.")
|
||||||
if PY_SYS < PY_MIN:
|
except (imaplib.IMAP4.error, imaplib.IMAP4.abort) as exception:
|
||||||
log.LOGGER.error("[IMAP ACL] Python 3.2 or newer is required for TLS.")
|
log.LOGGER.warning(
|
||||||
log.LOGGER.warning("[IMAP ACL] Server at %s failed to accept TLS connection because of: %s" % (IMAP_SERVER, str(err)))
|
"[IMAP ACL] Server at %s failed to accept TLS connection "
|
||||||
return False # server is not secure
|
"because of: %s" % (IMAP_SERVER, exception))
|
||||||
|
|
||||||
def server_is_local():
|
if server_is_local and not connection_is_secure:
|
||||||
if IMAP_HOST == "localhost":
|
log.LOGGER.warning(
|
||||||
log.LOGGER.warning("[IMAP ACL] Server is local. Will allow transmitting unencrypted credentials.")
|
"[IMAP ACL] Server is local. "
|
||||||
return True
|
"Will allow transmitting unencrypted credentials.")
|
||||||
return False # server is not local
|
|
||||||
|
|
||||||
"""Enforcing security policy of only transmitting credentials over TLS or to local server."""
|
if connection_is_secure or server_is_local:
|
||||||
if secure_connection() or server_is_local():
|
|
||||||
try:
|
try:
|
||||||
connection.login( user, password )
|
connection.login(user, password)
|
||||||
connection.logout()
|
connection.logout()
|
||||||
log.LOGGER.debug("[IMAP ACL] Authenticated user %s via %s." % (user, IMAP_SERVER))
|
log.LOGGER.debug(
|
||||||
|
"[IMAP ACL] Authenticated user %s "
|
||||||
|
"via %s." % (user, IMAP_SERVER))
|
||||||
return True
|
return True
|
||||||
except ( imaplib.IMAP4.error, imaplib.IMAP4.abort, Exception ) as err:
|
except (imaplib.IMAP4.error, imaplib.IMAP4.abort) as exception:
|
||||||
log.LOGGER.error("[IMAP ACL] Server could not authenticate user %s because of: %s" % (user, str(err)))
|
log.LOGGER.error(
|
||||||
|
"[IMAP ACL] Server could not authenticate user %s "
|
||||||
|
"because of: %s" % (user, exception))
|
||||||
else:
|
else:
|
||||||
log.LOGGER.critical("[IMAP ACL] Server did not support TLS and is not ``localhost``. Refusing to transmit passwords under these conditions. Authentication attempt aborted.")
|
log.LOGGER.critical(
|
||||||
|
"[IMAP ACL] Server did not support TLS and is not ``localhost``. "
|
||||||
|
"Refusing to transmit passwords under these conditions. "
|
||||||
|
"Authentication attempt aborted.")
|
||||||
return False # authentication failed
|
return False # authentication failed
|
||||||
|
Loading…
Reference in New Issue
Block a user