search

Mailu / helm-charts

Development repo for helm charts
120 stars 125 forks source link

[BUG] Proxyauthentication creates 500 server response in admin container #353

Open Sacerdoss opened 1 week ago

Sacerdoss commented 1 week ago

Describe the bug

When enabling proxy authentication a call to /sso/login creates an error in the admin container. This is a regression. Proxy authentication did not produce such error in a previous version.

Environment

Additional context

Log:

[2024-06-25 11:45:19,386] ERROR in app: Exception on /sso/login [GET]
Traceback (most recent call last):
  File "/app/venv/lib/python3.12/site-packages/flask/app.py", line 1473, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/venv/lib/python3.12/site-packages/flask/app.py", line 882, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/venv/lib/python3.12/site-packages/flask_restx/api.py", line 672, in error_router
    return original_handler(e)
           ^^^^^^^^^^^^^^^^^^^
  File "/app/venv/lib/python3.12/site-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/venv/lib/python3.12/site-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/mailu/sso/views/base.py", line 17, in login
    return _proxy()
           ^^^^^^^^
  File "/app/mailu/sso/views/base.py", line 148, in _proxy
    flask.current_app.logger.info(f'Login succeeded by proxy created user: {user} from {client_ip} through {flask.request.remote_addr}.')
                                                                                        ^^^^^^^^^
UnboundLocalError: cannot access local variable 'client_ip' where it is not associated with a value
Sacerdoss commented 1 week ago

Additional context: If I open up /webmail/ I will authenticate within my oauth proxy and get redirected to /sso/login which throws a 500 error. But if I then manually open up /webmail/ again I am authenticated and use the webmail. It seems to be only the /sso/login route which does not work.

Sacerdoss commented 1 week ago

This is probably not a problem in this repo. Rather it is a problem in Mailu/Mailu. The python variable client_ip was not defined in the new _proxy function at: https://github.com/Mailu/Mailu/blob/e4c4498ba8af0b6676678612adba9ccc8d04d124/core/admin/mailu/sso/views/base.py#L148

Sacerdoss commented 1 week ago

I have created a PR which should fix this issue: Mailu/Mailu#3314