Respond to all authenticated PROPFIND requests

radicale/__init__.py

@@ -283,10 +283,14 @@ class Application(object):
         read_allowed_items, write_allowed_items = \
             self.collect_allowed_items(items, user)
 
+        is_authenticated = auth.is_authenticated(user, password)
+
         if ((read_allowed_items or write_allowed_items)
-            and (not user or auth.is_authenticated(user, password))) or \
+            and (not user or is_authenticated)) or \
+                (is_authenticated and function == self.propfind) or \
                 function == self.options or not items:
-            # Collections found, or OPTIONS request, or no items at all
+            # Collections found, or authenticated PROPFIND request,
+            # or OPTIONS request, or no items at all
             status, headers, answer = function(
                 environ, read_allowed_items, write_allowed_items, content,
                 user)
@@ -294,7 +298,7 @@ class Application(object):
             status, headers, answer = NOT_ALLOWED
 
         if ((status, headers, answer) == NOT_ALLOWED and
-                not auth.is_authenticated(user, password) and
+                not is_authenticated and
                 config.get("auth", "type") != "None"):
             # Unknown or unauthorized user
             log.LOGGER.info("%s refused" % (user or "Anonymous user"))

radicale/xmlutils.py

@@ -234,9 +234,13 @@ def propfind(path, xml_request, collections, user=None):
     # Writing answer
     multistatus = ET.Element(_tag("D", "multistatus"))
 
+    if collections:
         for collection in collections:
             response = _propfind_response(path, collection, props, user)
             multistatus.append(response)
+    else:
+        response = _propfind_response(path, None, props, user)
+        multistatus.append(response)
 
     return _pretty_xml(multistatus)
 
@@ -251,8 +255,11 @@ def _propfind_response(path, item, props, user):
     response = ET.Element(_tag("D", "response"))
 
     href = ET.Element(_tag("D", "href"))
+    if item:
         uri = item.url if is_collection else "%s/%s" % (path, item.name)
         href.text = _href(uri.replace("//", "/"))
+    else:
+        href.text = _href(path)
     response.append(href)
 
     propstat404 = ET.Element(_tag("D", "propstat"))
@@ -268,9 +275,7 @@ def _propfind_response(path, item, props, user):
     for tag in props:
         element = ET.Element(tag)
         is404 = False
-        if tag == _tag("D", "getetag"):
+        if tag in (_tag("D", "principal-URL"),
-            element.text = item.etag
-        elif tag in (_tag("D", "principal-URL"),
                    _tag("D", "current-user-principal")):
             if user:
                 tag = ET.Element(_tag("D", "href"))
@@ -317,6 +322,10 @@ def _propfind_response(path, item, props, user):
                 report_tag.text = report_name
                 supported.append(report_tag)
                 element.append(supported)
+        # item related properties
+        elif item:
+            if tag == _tag("D", "getetag"):
+                element.text = item.etag
             elif is_collection:
                 if tag == _tag("D", "getcontenttype"):
                     element.text = item.mimetype
@@ -361,6 +370,12 @@ def _propfind_response(path, item, props, user):
                 pass
             else:
                 is404 = True
+        # Not for items
+        elif tag == _tag("D", "resourcetype"):
+            # resourcetype must be returned empty for non-collection elements
+            pass
+        else:
+            is404 = True
 
         if is404:
             prop404.append(element)