From 453869d71d04b2bc454126e60515aa09a7bcb8b9 Mon Sep 17 00:00:00 2001 From: James Date: Sun, 19 Sep 2021 14:21:33 -0400 Subject: [PATCH] Remove port from host_from_request check This strips the port from the client requests, comparing only the hostnames or IP addresses, and should alleviate nonstandard port and initial testing issues. Tested on Linux, Mac, and Android clients. Closes #105. Code is from this comment: https://github.com/etesync/server/issues/66#issuecomment-731215345 --- etebase_fastapi/routers/authentication.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etebase_fastapi/routers/authentication.py b/etebase_fastapi/routers/authentication.py index 7ec6bc6..fd21d21 100644 --- a/etebase_fastapi/routers/authentication.py +++ b/etebase_fastapi/routers/authentication.py @@ -161,7 +161,7 @@ def validate_login_request( raise HttpError("challenge_expired", "Login challenge has expired") elif challenge_data["userId"] != user.id: raise HttpError("wrong_user", "This challenge is for the wrong user") - elif not settings.DEBUG and validated_data.host.split(":", 1)[0] != host_from_request: + elif not settings.DEBUG and validated_data.host.split(":", 1)[0] != host_from_request.split(":", 1)[0]: raise HttpError( "wrong_host", f'Found wrong host name. Got: "{validated_data.host}" expected: "{host_from_request}"' )