Fixed authentication for anonymous users

2013-09-12 17:39:20 +02:00 · 2013-09-12 17:39:20 +02:00 · 58faf725b0
commit 58faf725b0
parent 43785e48a9
2 changed files with 13 additions and 3 deletions
--- a/radicale/init.py
+++ b/radicale/init.py
@ -279,7 +279,7 @@ class Application(object):
            user = password = None

        if not items or function == self.options or \
-                auth.is_authenticated(user, password):
+                auth.is_authenticated(user, password) if user else True:

            read_allowed_items, write_allowed_items = \
                self.collect_allowed_items(items, user)
@ -290,6 +290,14 @@ class Application(object):
                status, headers, answer = function(
                    environ, read_allowed_items, write_allowed_items, content,
                    user)
+            elif not user:
+                # Unknown or unauthorized user
+                log.LOGGER.info("%s refused" % (user or "Anonymous user"))
+                status = client.UNAUTHORIZED
+                headers = {
+                    "WWW-Authenticate":
+                    "Basic realm=\"%s\"" % config.get("server", "realm")}
+                answer = None
            else:
                # Good user but has no rights to any of the given collections
                status, headers, answer = NOT_ALLOWED
--- a/radicale/rights.py
+++ b/radicale/rights.py
@ -93,5 +93,7 @@ def _read_from_sections(user, collection, permission):
 def authorized(user, collection, right):
    """Check if the user is allowed to read or write the collection."""
    rights_type = config.get("rights", "type").lower()
-    return rights_type == "none" or (user and _read_from_sections(
-        user, collection.url.rstrip("/") or "/", right))
+    return rights_type == "none" or (
+        (True if not user else user) and _read_from_sections(
+            user if user else "", collection.url.rstrip("/") or "/", right)
+    )