[Web] Fix autodiscover triggering fail2ban implementation, fixes #1069

2018-02-22 09:16:16 +01:00 · 2018-02-22 09:16:16 +01:00 · eb4dd632ae
commit eb4dd632ae
parent 035b153445
2 changed files with 74 additions and 76 deletions
--- a/data/conf/rspamd/override.d/worker-controller-password.inc
+++ b/data/conf/rspamd/override.d/worker-controller-password.inc
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@ -36,9 +36,8 @@ $opt = [
 $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 $login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
 $login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
 $login_role = check_login($login_user, $login_pass);
-if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") {
+if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
  try {
    $json = json_encode(
      array(
@ -62,8 +61,9 @@ if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") {
  header('HTTP/1.0 401 Unauthorized');
  exit(0);
 }
-else {
+
-  if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+$login_role = check_login($login_user, $login_pass);
 if ($login_role === "user") {
  header("Content-Type: application/xml");
  echo '<?xml version="1.0" encoding="utf-8" ?>' . PHP_EOL;
@ -215,6 +215,4 @@ else {
 </Autodiscover>
 <?php
 }
  }
 }
 ?>