From 6515062bcd833851b23cb6e14bd187085fd35256 Mon Sep 17 00:00:00 2001
From: Unrud <unrud@openaliasbox.org>
Date: Fri, 12 Aug 2016 23:34:08 +0200
Subject: [PATCH 1/2] Return HTTP status in xmlutils.propfind

---
 radicale/__init__.py | 7 +++++--
 radicale/xmlutils.py | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index 94003b8..0bc8d1d 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -532,9 +532,12 @@ class Application:
             items = itertools.chain([item], items)
             read_items, write_items = self.collect_allowed_items(items, user)
             headers = {"DAV": DAV_HEADERS, "Content-Type": "text/xml"}
-            answer = xmlutils.propfind(
+            status, answer = xmlutils.propfind(
                 path, content, read_items, write_items, user)
-            return client.MULTI_STATUS, headers, answer
+            if status == client.FORBIDDEN:
+                return NOT_ALLOWED
+            else:
+                return status, headers, answer
 
     def do_PROPPATCH(self, environ, path, user):
         """Manage PROPPATCH request."""
diff --git a/radicale/xmlutils.py b/radicale/xmlutils.py
index f195aeb..68c76d5 100644
--- a/radicale/xmlutils.py
+++ b/radicale/xmlutils.py
@@ -524,7 +524,7 @@ def propfind(path, xml_request, read_collections, write_collections, user):
             path, collection, props, user, write=False)
         multistatus.append(response)
 
-    return _pretty_xml(multistatus)
+    return client.MULTI_STATUS, _pretty_xml(multistatus)
 
 
 def _propfind_response(path, item, props, user, write=False):

From 4438d2ba9ac549f32275beac046f40f927431af7 Mon Sep 17 00:00:00 2001
From: Unrud <unrud@openaliasbox.org>
Date: Fri, 12 Aug 2016 23:41:34 +0200
Subject: [PATCH 2/2] Require user for current-user-principal

DAVdroid dropped support for preemptive authentication in version 1.2.3.
Returning the DAV:unauthenticated pseudo-principal as specified in RFC 5397 doesn't seem to work for DAVdroid.
---
 radicale/xmlutils.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/radicale/xmlutils.py b/radicale/xmlutils.py
index 68c76d5..5ef4b88 100644
--- a/radicale/xmlutils.py
+++ b/radicale/xmlutils.py
@@ -510,6 +510,12 @@ def propfind(path, xml_request, read_collections, write_collections, user):
             _tag("ICAL", "calendar-color"),
             _tag("CS", "getctag")]
 
+    if _tag("D", "current-user-principal") in props and not user:
+        # Ask for authentication
+        # Returning the DAV:unauthenticated pseudo-principal as specified in
+        # RFC 5397 doesn't seem to work with DAVdroid.
+        return client.FORBIDDEN, None
+
     multistatus = ET.Element(_tag("D", "multistatus"))
     collections = []
     for collection in write_collections: