Commit Graph

980 Commits

Author SHA1 Message Date
Unrud
11c5dfdb53 Improve handling of XML requests and responses
* Move parsing/serialization of XML requests/responses from ``xmlutils.py`` to ``__init__.py``.
  * Log XML requests/responses in pretty-printed form.
      * Previously only the responses were logged in readable form. This is useful for debugging.
      * The XML documents are only converted for pretty-printing if debugging is enabled (it's expensive)
  * Send XML responses in minimized form to clients.
  * Add **encoding** attribute to XML declaration in XML response.
  * Only decode XML requests once. (Previously they were decoded, encoded and decoded again.)
2017-05-30 09:15:51 +02:00
Unrud
f1a9cf7694 Allow already encoded answers 2017-05-30 09:02:37 +02:00
Unrud
bc49542a62 Merge pull request #587 from Unrud/testscapturelogging
Capture log messages during tests
2017-05-30 07:55:05 +02:00
Unrud
9cd9ad9a02 Only register exit function if a PID file was created
The function only deletes the PID file.
2017-05-30 07:41:50 +02:00
Unrud
01ea0a3c40 Capture log messages during tests
The log messages help finding problems with failed tests.
2017-05-30 05:44:02 +02:00
Unrud
6762fc1cad Expand user on PID path 2017-05-30 05:10:07 +02:00
Unrud
fcccb3f7af Daemonize after creation of network sockets
The original process should exit after the server is ready.
See also https://www.freedesktop.org/software/systemd/man/daemon.html#SysV%20Daemons
2017-05-30 05:10:07 +02:00
Unrud
360e88f350 Write PID file in original process
This ensures that the PID is written, when the process exists.
2017-05-30 05:10:07 +02:00
Unrud
6ade44c773 Make relative PID path absolute
The daemon changes the current directory to root.
2017-05-30 05:10:07 +02:00
Unrud
65c53df5b3 Keep original exception when PID file creation fails 2017-05-30 05:10:07 +02:00
Unrud
79bcedd4bc Refactor: Extract daemonize function 2017-05-30 05:10:07 +02:00
Guillaume Ayoub
a94a3bc7c2 Version 2.0.0 2017-05-27 18:10:46 +02:00
Guillaume Ayoub
3e0c8cf285 Update copyright years 2017-05-27 17:28:07 +02:00
Guillaume Ayoub
1825c35bc7 Merge pull request #608 from Unrud/config_file
Fail if config file is not found
2017-05-26 11:08:12 +02:00
Guillaume Ayoub
e4af3fc3cd Merge pull request #604 from Unrud/config_logging_config
Disable logging config by default
2017-05-26 11:06:27 +02:00
Unrud
577d9317d2 Strip script name from path 2017-05-26 11:02:07 +02:00
Unrud
d2a17c36ae Fail if configuration is not found
If a configuration file is passed with a command line argument and the file is not found, Radicale shows a warning and continues with the default configuration.
There is no reason for doing this, Radicale should just fail.

Instead, this PR allows passing an empty string like ``--config ""``. Radicale will use the default configuration in this case, without trying to load the configuration from the common paths. Previously you had to do specify a path that doesn't exist like ``--config /does/not/exist``, which looks a bit ugly and showed a warning message.
2017-05-24 21:01:23 +02:00
Unrud
fed974e018 Disable logging config by default
Radicale always tries to load the system-wide configuration file. To turn this off, the logging-config option has to be added to all configuration files and command line arguments. It's easier to disable it by default and only add it once to the system-wide config file.
2017-05-24 17:03:48 +02:00
Guillaume Ayoub
22d364729b Use "&" instead of "+" to test booleans 2017-05-23 17:11:28 +02:00
Guillaume Ayoub
5066e97c66 Always compare both login and password to avoid timing attacks
Related to #591.
2017-05-23 16:55:43 +02:00
Unrud
cf78a23856 Improve logging
Log failed login attempts more clearly and also log access violations of authenticated users.
2017-05-23 04:16:52 +02:00
Unrud
f2fb07fa84 Move authentication delay into __init__.py and add config
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
fb970246e0 Only query auth backend when a user is set 2017-05-23 04:07:32 +02:00
Unrud
c4537b1f5c Compare passwords and hashes in constant time (Fixes #591) 2017-05-23 04:07:32 +02:00
Unrud
fc309562da Repair SSHA method 2017-05-23 04:07:31 +02:00
Unrud
99bda37839 Repair auth tests, add tests for all methods and cross check
The auth tests were not doing anything because "Basic" was missing in the AUTHORIZATION header.
2017-05-23 04:07:31 +02:00
Guillaume Ayoub
dcb0638538 Version 2.0.0rc2 2017-04-19 14:10:02 +02:00
Guillaume Ayoub
059ba8dec1 Random timer to avoid timing oracles and simple bruteforce attacks
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
Guillaume Ayoub
8293ca5c1c Fix a CLI help description 2017-04-15 16:03:51 +02:00
Guillaume Ayoub
7e2406c778 Version 2.0.0rc1 2017-04-15 15:51:05 +02:00
Guillaume Ayoub
864eb5931a Merge setup.cfg and pytest.ini, fix tests 2017-04-15 10:51:00 +02:00
Guillaume Ayoub
26d8214296 Merge pull request #566 from Unrud/cleanxmlutils
Some small fixes for xmlutils.py
2017-04-15 09:24:38 +02:00
Guillaume Ayoub
b173307f55 Merge pull request #570 from Unrud/patch-5
Fix permissions for REPORT request
2017-04-15 09:20:01 +02:00
Guillaume Ayoub
d74ee7b688 Merge pull request #553 from Kozea/config
Change default values for the config
2017-04-15 09:19:32 +02:00
Unrud
4f6d2e8b58 Only search for filter that are direct children 2017-03-18 04:59:27 +01:00
Unrud
a05cca563a Stop iterating when a component is found 2017-03-18 04:58:55 +01:00
Unrud
8a98f4861d Fix permissions for REPORT request
Only read access is required.
2017-03-13 08:22:14 +01:00
Unrud
c027b68b4f PROPFIND: return all supported report methods
addressbook-multiget, addressbook-query, calendar-multiget and calendar-query were missing.
sync-collection only works for leaf collections.
2017-03-10 22:30:44 +01:00
Unrud
53a7e15833 Return empty result for unsupported report methods 2017-03-10 22:19:10 +01:00
Unrud
2f67da5750 Remove unnecessary conditions 2017-03-10 22:16:46 +01:00
Unrud
a7f12b5fac PROPFIND: only one privilege per privilege element
Before: <privilege><read /><write /></privilege>
After: <privilege><read /></privilege><privilege><write /></privilege>
2017-03-10 22:14:13 +01:00
Unrud
7d687205bd Use logger for WSGIServer
Log exception from the WSGIServer. Exceptions from socket timeouts are currently written to stderr.
2017-03-10 13:39:26 +01:00
Guillaume Ayoub
edebcf03c7 Merge pull request #558 from Unrud/collision
Check for conflicting file names
2017-03-08 15:58:48 +01:00
Guillaume Ayoub
33b27a2e71 Merge pull request #559 from Unrud/remotehostlogging
Cleanup remote host logging
2017-03-08 15:57:07 +01:00
Guillaume Ayoub
9b8fc4ac14 Update and fix some config values 2017-03-08 15:50:24 +01:00
Unrud
5cd5cfe368 Use REMOTE_ADDR if REMOTE_HOST is missing
WSGIRequestHandler doesn't set REMOTE_HOST if dns lookup is disabled.
2017-03-07 20:34:37 +01:00
Unrud
69d39b47ca Also log the forwarding host for forwarded requests 2017-03-07 20:34:36 +01:00
Unrud
c104da28ce Use UNKNOWN if user agent is missing
This is much shorter and doesn't clutter the log as much.
2017-03-07 20:33:37 +01:00
Unrud
266dc608f2 Remove unnecessary if-statements 2017-03-07 20:32:23 +01:00
Unrud
c6c32945a0 Log unsafe paths when discovering collections 2017-03-07 18:24:40 +01:00