Merge branch 'authentication' of github.com:cristen/Radicale into authentication

This commit is contained in:
Jean-Marc Martins
2013-09-13 17:41:21 +02:00
8 changed files with 48 additions and 52 deletions

View File

@ -55,13 +55,6 @@ VERSION = "git"
# tries to access information they don't have rights to
NOT_ALLOWED = (client.FORBIDDEN, {}, None)
# Standard "authenticate" response that is returned when a user tries to access
# non-public information w/o submitting proper authentication credentials
WRONG_CREDENTIALS = (
client.UNAUTHORIZED,
{"WWW-Authenticate": "Basic realm=\"%s\"" % config.get("server", "realm")},
None)
class HTTPServer(wsgiref.simple_server.WSGIServer, object):
"""HTTP server."""
@ -285,25 +278,28 @@ class Application(object):
else:
user = password = None
if not items or function == self.options or \
auth.is_authenticated(user, password):
read_allowed_items, write_allowed_items = \
self.collect_allowed_items(items, user)
read_allowed_items, write_allowed_items = \
self.collect_allowed_items(items, user)
if read_allowed_items or write_allowed_items or \
function == self.options or not items:
# Collections found, or OPTIONS request, or no items at all
status, headers, answer = function(
environ, read_allowed_items, write_allowed_items, content,
user)
else:
# Good user but has no rights to any of the given collections
status, headers, answer = NOT_ALLOWED
if ((read_allowed_items or write_allowed_items)
and auth.is_authenticated(user, password)) or \
function == self.options or not items:
# Collections found, or OPTIONS request, or no items at all
status, headers, answer = function(
environ, read_allowed_items, write_allowed_items, content,
user)
else:
status, headers, answer = NOT_ALLOWED
if (status, headers, answer) == NOT_ALLOWED and \
not auth.is_authenticated(user, password):
# Unknown or unauthorized user
log.LOGGER.info("%s refused" % (user or "Anonymous user"))
status, headers, answer = WRONG_CREDENTIALS
status = client.UNAUTHORIZED
headers = {
"WWW-Authenticate":
"Basic realm=\"%s\"" % config.get("server", "realm")}
answer = None
# Set content length
if answer:

View File

@ -53,8 +53,6 @@ INITIAL_CONFIG = {
"stock": "utf-8"},
"auth": {
"type": "None",
"public_users": "public",
"private_users": "private",
"htpasswd_filename": "/etc/radicale/users",
"htpasswd_encryption": "crypt",
"imap_hostname": "localhost",

View File

@ -50,8 +50,6 @@ except ImportError:
# pylint: enable=F0401
FILENAME = os.path.expanduser(config.get("rights", "file"))
TYPE = config.get("rights", "type").lower()
DEFINED_RIGHTS = {
"owner_write": "[r]\nuser:.*\ncollection:.*\npermission:r\n"
"[w]\nuser:.*\ncollection:^%(login)s/.+$\npermission:w",
@ -60,17 +58,19 @@ DEFINED_RIGHTS = {
def _read_from_sections(user, collection, permission):
"""Get regex sections."""
filename = os.path.expanduser(config.get("rights", "file"))
rights_type = config.get("rights", "type").lower()
regex = ConfigParser({"login": user, "path": collection})
if TYPE in DEFINED_RIGHTS:
log.LOGGER.debug("Rights type '%s'" % TYPE)
regex.readfp(io.BytesIO(DEFINED_RIGHTS[TYPE]))
elif TYPE == "from_file":
log.LOGGER.debug("Reading rights from file %s" % FILENAME)
if not regex.read(FILENAME):
log.LOGGER.error("File '%s' not found for rights" % FILENAME)
if rights_type in DEFINED_RIGHTS:
log.LOGGER.debug("Rights type '%s'" % rights_type)
regex.readfp(io.BytesIO(DEFINED_RIGHTS[rights_type]))
elif rights_type == "from_file":
log.LOGGER.debug("Reading rights from file %s" % filename)
if not regex.read(filename):
log.LOGGER.error("File '%s' not found for rights" % filename)
return False
else:
log.LOGGER.error("Unknown rights type '%s'" % TYPE)
log.LOGGER.error("Unknown rights type '%s'" % rights_type)
return False
for section in regex.sections():
@ -91,6 +91,10 @@ def _read_from_sections(user, collection, permission):
def authorized(user, collection, right):
"""Check if the user is allowed to read or write the collection."""
return TYPE == "none" or (user and _read_from_sections(
user, collection.url.rstrip("/") or "/", right))
"""Check if the user is allowed to read or write the collection.
If the user is empty it checks for anonymous rights
"""
rights_type = config.get("rights", "type").lower()
return rights_type == "none" or (_read_from_sections(
user or "", collection.url.rstrip("/") or "/", right))

View File

@ -78,10 +78,10 @@ class DBLine(Base):
"""Table of item's lines."""
__tablename__ = "line"
key = Column(String, primary_key=True)
key = Column(String)
value = Column(String)
item_name = Column(String, ForeignKey("item.name"), primary_key=True)
timestamp = Column(DateTime, default=datetime.now)
item_name = Column(String, ForeignKey("item.name"))
timestamp = Column(DateTime, default=datetime.now, primary_key=True)
item = relationship(
"DBItem", backref="lines", order_by=timestamp)
@ -116,7 +116,7 @@ class Collection(ical.Collection):
items = (
self.session.query(DBItem)
.filter_by(collection_path=self.path, tag=item_type.tag)
.order_by("name").all())
.order_by(DBItem.name).all())
for item in items:
text = "\n".join(
"%s:%s" % (line.key, line.value) for line in item.lines)
@ -189,7 +189,7 @@ class Collection(ical.Collection):
headers = (
self.session.query(DBHeader)
.filter_by(collection_path=self.path)
.order_by("key").all())
.order_by(DBHeader.key).all())
return [
ical.Header("%s:%s" % (header.key, header.value))
for header in headers]