From b71664b322b1f97863511430eec666a89867b528 Mon Sep 17 00:00:00 2001
From: Guillaume Ayoub <guillaume.ayoub@kozea.fr>
Date: Tue, 2 Aug 2016 17:24:04 +0200
Subject: [PATCH] Return UNAUTHORIZED for NOT_FOUND PROPFINDs

---
 radicale/__init__.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index bbf6104..8cee0de 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -364,7 +364,8 @@ class Application:
         else:
             status, headers, answer = NOT_ALLOWED
 
-        if (status, headers, answer) == NOT_ALLOWED and not is_authenticated:
+        if (status, headers, answer) == NOT_ALLOWED and not (
+                user and is_authenticated):
             # Unknown or unauthorized user
             self.logger.info("%s refused" % (user or "Anonymous user"))
             status = client.UNAUTHORIZED
@@ -545,7 +546,7 @@ class Application:
                     content, user):
         """Manage PROPFIND request."""
         if not read_collections:
-            return client.NOT_FOUND, {}, None
+            return (client.NOT_FOUND, {}, None) if user else NOT_ALLOWED
         headers = {
             "DAV": "1, 2, 3, calendar-access, addressbook, extended-mkcol",
             "Content-Type": "text/xml"}