Test current-user-principal prop authentication workaround

radicale/app/propfind.py

@@ -56,7 +56,7 @@ def xml_propfind(base_prefix, path, xml_request, allowed_items, user,
     if xmlutils.make_clark("D:current-user-principal") in props and not user:
         # Ask for authentication
         # Returning the DAV:unauthenticated pseudo-principal as specified in
-        # RFC 5397 doesn't seem to work with DAVdroid.
+        # RFC 5397 doesn't seem to work with DAVx5.
         return client.FORBIDDEN, None
 
     # Writing answer
@@ -372,6 +372,6 @@ class ApplicationPropfindMixin:
             status, xml_answer = xml_propfind(
                 base_prefix, path, xml_content, allowed_items, user,
                 self._encoding)
-            if status == client.FORBIDDEN:
+            if status == client.FORBIDDEN and xml_answer is None:
                 return httputils.NOT_ALLOWED
             return status, headers, self._write_xml_content(xml_answer)

radicale/tests/test_base.py

@@ -1303,6 +1303,19 @@ class BaseRequestsMixIn:
         """Verify existence of the principal collection."""
         self.propfind("/user/", login="user:")
 
+    def test_authentication_current_user_principal_workaround(self):
+        """Test if server sends authentication request when accessing
+           current-user-principal prop (workaround for DAVx5)."""
+        status, headers, _ = self.request("PROPFIND", "/", """\
+<?xml version="1.0" encoding="utf-8"?>
+<propfind xmlns="DAV:">
+    <prop>
+        <current-user-principal />
+    </prop>
+</propfind>""")
+        assert status in (401, 403)
+        assert headers.get("WWW-Authenticate")
+
     def test_existence_of_root_collections(self):
         """Verify that the root collection always exists."""
         # Use PROPFIND because GET returns message