Unrud
f2fb07fa84
Move authentication delay into __init__.py and add config
...
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
fb970246e0
Only query auth backend when a user is set
2017-05-23 04:07:32 +02:00
Unrud
c4537b1f5c
Compare passwords and hashes in constant time ( Fixes #591 )
2017-05-23 04:07:32 +02:00
Unrud
fc309562da
Repair SSHA method
2017-05-23 04:07:31 +02:00
Unrud
99bda37839
Repair auth tests, add tests for all methods and cross check
...
The auth tests were not doing anything because "Basic" was missing in the AUTHORIZATION header.
2017-05-23 04:07:31 +02:00
Guillaume Ayoub
dcb0638538
Version 2.0.0rc2
2017-04-19 14:10:02 +02:00
Guillaume Ayoub
059ba8dec1
Random timer to avoid timing oracles and simple bruteforce attacks
...
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
Guillaume Ayoub
8293ca5c1c
Fix a CLI help description
2017-04-15 16:03:51 +02:00
Guillaume Ayoub
7e2406c778
Version 2.0.0rc1
2017-04-15 15:51:05 +02:00
Guillaume Ayoub
864eb5931a
Merge setup.cfg and pytest.ini, fix tests
2017-04-15 10:51:00 +02:00
Guillaume Ayoub
26d8214296
Merge pull request #566 from Unrud/cleanxmlutils
...
Some small fixes for xmlutils.py
2017-04-15 09:24:38 +02:00
Guillaume Ayoub
b173307f55
Merge pull request #570 from Unrud/patch-5
...
Fix permissions for REPORT request
2017-04-15 09:20:01 +02:00
Guillaume Ayoub
d74ee7b688
Merge pull request #553 from Kozea/config
...
Change default values for the config
2017-04-15 09:19:32 +02:00
Unrud
4f6d2e8b58
Only search for filter that are direct children
2017-03-18 04:59:27 +01:00
Unrud
a05cca563a
Stop iterating when a component is found
2017-03-18 04:58:55 +01:00
Unrud
8a98f4861d
Fix permissions for REPORT request
...
Only read access is required.
2017-03-13 08:22:14 +01:00
Unrud
c027b68b4f
PROPFIND: return all supported report methods
...
addressbook-multiget, addressbook-query, calendar-multiget and calendar-query were missing.
sync-collection only works for leaf collections.
2017-03-10 22:30:44 +01:00
Unrud
53a7e15833
Return empty result for unsupported report methods
2017-03-10 22:19:10 +01:00
Unrud
2f67da5750
Remove unnecessary conditions
2017-03-10 22:16:46 +01:00
Unrud
a7f12b5fac
PROPFIND: only one privilege per privilege element
...
Before: <privilege><read /><write /></privilege>
After: <privilege><read /></privilege><privilege><write /></privilege>
2017-03-10 22:14:13 +01:00
Unrud
7d687205bd
Use logger for WSGIServer
...
Log exception from the WSGIServer. Exceptions from socket timeouts are currently written to stderr.
2017-03-10 13:39:26 +01:00
Guillaume Ayoub
edebcf03c7
Merge pull request #558 from Unrud/collision
...
Check for conflicting file names
2017-03-08 15:58:48 +01:00
Guillaume Ayoub
33b27a2e71
Merge pull request #559 from Unrud/remotehostlogging
...
Cleanup remote host logging
2017-03-08 15:57:07 +01:00
Guillaume Ayoub
9b8fc4ac14
Update and fix some config values
2017-03-08 15:50:24 +01:00
Unrud
5cd5cfe368
Use REMOTE_ADDR if REMOTE_HOST is missing
...
WSGIRequestHandler doesn't set REMOTE_HOST if dns lookup is disabled.
2017-03-07 20:34:37 +01:00
Unrud
69d39b47ca
Also log the forwarding host for forwarded requests
2017-03-07 20:34:36 +01:00
Unrud
c104da28ce
Use UNKNOWN if user agent is missing
...
This is much shorter and doesn't clutter the log as much.
2017-03-07 20:33:37 +01:00
Unrud
266dc608f2
Remove unnecessary if-statements
2017-03-07 20:32:23 +01:00
Unrud
c6c32945a0
Log unsafe paths when discovering collections
2017-03-07 18:24:40 +01:00
Unrud
9b27d075b6
Always close files when creating collection
...
If an exception occurs we rely on garbage collection to close the files.
2017-03-07 18:13:52 +01:00
Unrud
2d170bd41f
Check for conflicting file names
...
On Windows file systems the user "TESTUS~1" can access the data of the user "testuser".
2017-03-07 18:04:51 +01:00
Guillaume Ayoub
4278cc3443
Set htpasswd encryption type to plain in tests
2017-03-04 14:25:01 +01:00
Guillaume Ayoub
78abe39002
Set authentication method when testing rights
2017-03-04 14:22:28 +01:00
Guillaume Ayoub
b47505d5bd
Don't set rights management when no authentication is set
2017-03-04 14:15:46 +01:00
Guillaume Ayoub
8cc15a3d25
Change default values for the config
...
Fix #346 .
2017-03-04 14:06:09 +01:00
Guillaume Ayoub
fc04e4543b
Remove unused import
2017-02-26 16:41:59 +01:00
Guillaume Ayoub
6b683477cb
Merge branch 'improved-broken-vcard-handling' of https://github.com/pbiering/Radicale into pbiering-improved-broken-vcard-handling
2017-02-26 16:35:44 +01:00
Guillaume Ayoub
5d67257555
Merge branch 'trycatch-broken-objects' of https://github.com/pbiering/Radicale into pbiering-trycatch-broken-objects
2017-02-26 16:24:41 +01:00
Guillaume Ayoub
46fcec8fe0
Cosmetics
2017-02-26 16:19:38 +01:00
Guillaume Ayoub
e6880057a2
Merge pull request #518 from pbiering/improved-access-logging
...
improved request logging
2017-02-26 16:17:44 +01:00
Guillaume Ayoub
9d958e8e51
Remove unused import
2017-02-26 16:13:50 +01:00
Guillaume Ayoub
04764c2af4
Merge branch 'storage' of https://github.com/Unrud/Radicale into Unrud-storage
2017-02-26 15:48:22 +01:00
Guillaume Ayoub
b9db971060
Merge branch 'fixed-propfind-handling' of https://github.com/muggenhor/Radicale into muggenhor-fixed-propfind-handling
2017-02-26 15:33:34 +01:00
Guillaume Ayoub
3213495245
Merge branch 'url' of https://github.com/Unrud/Radicale into Unrud-url
2017-02-26 14:43:59 +01:00
Guillaume Ayoub
78db0072bc
Merge pull request #521 from stephane-martin/fix-support-report-set-xml-element
...
<report> should contain XML elements, not text
2017-02-26 14:37:38 +01:00
Guillaume Ayoub
34a82c9b69
Merge pull request #540 from twoodcock/master
...
remove umask(0) in daemon mode
2017-02-26 14:35:19 +01:00
Tim Woodcock
7f0d717459
remove umask(0) in daemon mode
2016-11-29 16:33:10 -08:00
Guillaume Ayoub
e55d75ce46
Set charsets in headers
2016-10-12 14:50:53 +02:00
Guillaume Ayoub
c459d32a19
Use argparse to parse command arguments
...
This commit also allows users to specify all the config values through
the command line.
Fix #154 .
2016-10-12 14:30:18 +02:00
Yohann Rebattu
6d76cfa5aa
use dash instead of underscore in options as well
2016-10-12 10:48:14 +02:00
Yohann Rebattu
fb3e733596
use dash instead of underscore
2016-10-12 10:44:13 +02:00
Yohann Rebattu
d6ee788ff5
comment…
2016-10-11 18:22:26 +02:00
Yohann Rebattu
ca2d519345
use group exclusively except for config
2016-10-11 18:21:17 +02:00
Yohann Rebattu
11710f75a8
allow config override from commandline
2016-10-11 18:17:01 +02:00
Stephane Martin
5abc8aea43
<report> should contain XML elements, not text
2016-09-20 00:27:03 +02:00
Peter Bieringer
c578470fc3
log depth also on response log line
2016-09-19 20:11:52 +02:00
Peter Bieringer
f52fa73cab
check env first before using HTTP_DEPTH
2016-09-19 20:04:11 +02:00
Peter Bieringer
87061df68f
add conditional logging of given depth
2016-09-19 19:59:47 +02:00
Peter Bieringer
830d6f9305
add examples of broken vcard and vevent
2016-09-18 19:36:54 +02:00
Peter Bieringer
a5e3ffa427
realign change
2016-09-18 19:30:51 +02:00
Peter Bieringer
e05206eec3
Merge branch 'improved-broken-vcard-handling' of github.com:pbiering/Radicale into improved-broken-vcard-handling
2016-09-18 19:28:15 +02:00
Peter Bieringer
af5c1582dc
improved detection of broken vcards
2016-09-18 19:23:24 +02:00
Peter Bieringer
1ffdb03106
simplify patch
2016-09-17 18:16:27 +02:00
Peter Bieringer
ff02d17619
remove temporary debug statements
2016-09-17 17:44:33 +02:00
Peter Bieringer
1cfd3fd95b
filter broken vcard entries before delivered, found on real life system at least 2 cards where vobject claimed about
...
vobject.base.ValidateError: 'VCARD components must contain at least 1 N'
2016-09-17 16:53:24 +02:00
Peter Bieringer
18181374e1
log exception for broken items
2016-09-17 16:29:40 +02:00
Peter Bieringer
d116423458
improved request logging
2016-09-17 15:35:43 +02:00
Peter Bieringer
e6ba31937a
3rd catch
2016-09-17 15:11:02 +02:00
Peter Bieringer
a57fcad270
catch 2nd case for broken object
2016-09-17 13:56:27 +02:00
Peter Bieringer
cd97aab72c
try/catch of objects avoiding not serving any object in case an object has no valid contents
...
also log duration of how many objects are read per folder
2016-09-17 12:52:42 +02:00
Guillaume Ayoub
0c1dbc30bd
Log read objects
2016-09-16 14:13:53 +02:00
Guillaume Ayoub
ecb8a99ed1
Merge branch 'master' of github.com:Kozea/radicale
2016-09-16 14:12:36 +02:00
Guillaume Ayoub
2c938ea67a
Don't log when skipping .Radicale* files
...
Patch proposed by @pbiering.
2016-09-16 14:12:05 +02:00
Unrud
def34b1454
Fix BaseCollection.move
...
The update method doesn't exist.
2016-09-15 11:18:55 +02:00
Guillaume Ayoub
e95d187cbc
Merge pull request #509 from Unrud/patch-2
...
Set password to empty string instead of None
2016-09-07 16:08:37 +02:00
Unrud
f7435814fc
Repair hreferences in REPORT response
...
They were not extended with base_prefix.
2016-09-06 16:53:20 +02:00
Unrud
eb4b513d63
Quote hreferences
...
RFC 4918 states that they are URIs and RFC 3986 says that URIs must always be in percent-encoded form.
2016-09-06 16:53:20 +02:00
Unrud
83046c80c4
Let reverse proxies overwrite script name
...
Reverse proxies can overwrite the script name with the HTTP header field X-Script-Name.
2016-09-06 16:53:14 +02:00
Unrud
90486f33a5
Log invalid URLs in XML requests
...
Before the requests either failed or the invalid hreference was silently dropped.
2016-09-04 22:28:01 +02:00
Unrud
d5b8ddd71c
Check that name is valid in name_from_path
...
Before it was possible craft XML requests, so that the storage backend got requests with invalid hrefs.
2016-09-04 22:28:01 +02:00
Unrud
139076faee
Sanitize URLs from XML requests
2016-09-04 22:27:59 +02:00
Unrud
13d652b094
Remove unnecessary module prefix
2016-09-04 22:26:46 +02:00
Unrud
664fa71278
Don't double unquote request URL
...
"%2525" was transformed to "%" instead of "%25".
2016-09-04 22:26:46 +02:00
Unrud
dbaf58dbfe
Remove base_prefix and use SCRIPT_NAME instead
...
This conforms with the WSGI reference (PEP 333)
2016-09-04 22:26:40 +02:00
Unrud
03fbb1e68e
Don't strip {} in get method
...
If someone uploads a file that starts or ends with the chars {}, all REPORT requests on that collection will fail and it's impossible to delete the file.
2016-09-04 13:35:44 +02:00
Unrud
6df54bf88a
Log name of faulty component
...
If vobject can't parse a component it raises an exception, but the filename of that component is missing in the logs.
2016-09-04 13:23:01 +02:00
Unrud
5ccfe16372
Remove Collection.has
...
It's the same as BaseCollection.has
2016-09-04 13:21:57 +02:00
Unrud
de09f6689a
Only relevant files for last_modified calculation
...
Leftovers from failed transactions etc. should not change that property.
2016-09-04 13:16:42 +02:00
Unrud
cd9f789294
Name variables for files f
...
fd sounds more like file descriptions.
prop doesn't sound like a file at all.
2016-09-04 13:14:51 +02:00
Unrud
f5650df5f7
Remove checks for existence of collection
...
They are unnecessary since the discover methods stopped returning collections that actually don't exist.
2016-09-04 13:13:35 +02:00
Unrud
e7d8b4816c
Duplicate code: Use list and get methods
2016-09-04 13:12:55 +02:00
Unrud
5dbf9df876
Add missing checks for safe fileystem components
...
Currently it's not possible to exploit these.
2016-09-04 13:09:10 +02:00
Unrud
dc501d5dc5
Refactor/Duplicate code: Extract _fsync method
2016-09-04 13:08:12 +02:00
Unrud
77e9ca1252
Remove EtagMismatchError
...
Etags are not checked in storage anymore and this is unused.
2016-09-04 13:06:09 +02:00
Unrud
a12ef69129
Secure is_safe_filesystem_path_component
...
On Windows 1/2 would be a safe filesystem path component, but it's not safe to pass it to path_to_filesystem.
Currently only the get method can be called with a href like that and it checked for that.
This just moves the check into the is_safe_filesystem_path_component function.
2016-09-04 12:55:28 +02:00
Unrud
a4a6a62643
Duplicate code: Use is_safe_path_component
2016-09-04 12:53:07 +02:00
Unrud
8d5f2ded42
Describe encoding of Etag
2016-09-04 12:52:29 +02:00
Unrud
d371179487
thread and level in simple log formatter
...
The log messages are a mess without any allocation to threads.
2016-09-04 11:47:27 +02:00
Unrud
fe5daf801a
Set password to empty string instead of None
...
Prevent exception in auth module.
2016-09-03 10:01:52 +02:00
Guillaume Ayoub
b85fc5bed6
Merge pull request #507 from Unrud/auth
...
Repair and test authentication
2016-09-02 18:36:31 +02:00
Unrud
9e27d4e2a8
Emulate fullmatch with match
...
re.fullmatch was introduced in Python 3.4
2016-09-02 15:06:32 +02:00
Unrud
b25a601e28
Test custom header
2016-09-02 14:52:45 +02:00
Unrud
11df2f1184
Test authentication
...
Test for 2a9f37defb
2016-09-02 14:42:22 +02:00
Unrud
2a9f37defb
Repair authentication
2016-09-02 14:41:31 +02:00
Guillaume Ayoub
88d558f9fa
Remove useless nested tuples
2016-09-02 11:05:35 +02:00
Guillaume Ayoub
68e1e9dfb2
Don't use mutables in constants or parameters
2016-09-02 11:04:29 +02:00
Unrud
20b1480399
Make copy of headers before mutating
2016-09-02 04:23:47 +02:00
Unrud
f7e995f9f6
Move encoding of answer into response function
...
Fix #505
2016-09-02 04:10:11 +02:00
Unrud
3df367aad2
Test REPORT on item
...
Test for 90e4655a44
2016-09-01 06:17:18 +02:00
Unrud
9d2743d797
Test authorization
2016-09-01 06:15:31 +02:00
Guillaume Ayoub
e25373fa85
Merge pull request #501 from Unrud/httperrors
...
HTTP error messages
2016-08-31 14:49:19 +02:00
Guillaume Ayoub
8d92b371e4
Merge pull request #502 from Unrud/patch-40
...
Plain text for GET / instead of malformed HTML
2016-08-31 14:42:59 +02:00
Guillaume Ayoub
db681da08e
Merge pull request #500 from Unrud/loginuser
...
Map logins to internal users in Auth module
2016-08-31 14:40:08 +02:00
Unrud
f875bcd892
Plain text for GET / instead of malformed HTML
...
It's basically the same in browsers and looks nicer in tools that don't support HTML rendering (like curl).
2016-08-31 02:01:18 +02:00
Unrud
ff2b8f6e5c
Use NOT_FOUND instead of GONE
...
Thunderbird doesn't recognize the status code correctly and shows an synchronization error.
2016-08-31 01:54:31 +02:00
Unrud
1ea9b1dca9
Return error for GET requests on directories
...
Radicale doesn't support directory listings.
2016-08-31 00:45:14 +02:00
Unrud
4ac2e68f5c
Add HTTP error messages
...
Browsers just show a blank page if an error occurs. You have to open the developer tools to see the HTTP status code. E.g. a user wants to download a calendar in the browser and the URL is wrong.
Some tools like curl don't show any indication of an error.
2016-08-31 00:41:08 +02:00
Unrud
689e5c9dd5
Map logins to internal users in Auth module
...
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
Unrud
e782808a14
Remove empty line in log
...
Separating requests by an empty line doesn't work any longer with parallel (overlapping) requests.
2016-08-30 14:04:16 +02:00
Markus Unterwaditzer
90e4655a44
Don't return <item>/
for events
2016-08-29 17:29:46 +02:00
Guillaume Ayoub
947c57312c
Fix a variable name
...
Fix #494
2016-08-29 12:09:17 +02:00
Guillaume Ayoub
34ad1b9073
Remove useless import
2016-08-29 12:07:58 +02:00
Guillaume Ayoub
fd1742fcea
Fix typo
2016-08-29 12:07:30 +02:00
Guillaume Ayoub
9e78454da2
Merge branch 'remupdate' of https://github.com/Unrud/Radicale into Unrud-remupdate
2016-08-26 22:50:26 +02:00
Guillaume Ayoub
a3dcfaacd6
Merge pull request #491 from Unrud/uploadall
...
Optimize upload of whole collections
2016-08-26 22:34:46 +02:00
Guillaume Ayoub
ac61b18237
Merge pull request #490 from Unrud/hook
...
Move hook into storage.Collection
2016-08-26 15:58:42 +02:00
Guillaume Ayoub
0e646cdae4
Merge branch 'Unrud-logging'
2016-08-25 11:52:12 +02:00
Unrud
c5342d36d5
Remove BaseCollection.update
...
I don't think that this can be used for optimizations.
It's useless in the filesystem backend, SQL has REPLACE and I doubt that there is much use in any other storage mechanism.
2016-08-25 06:37:12 +02:00
Unrud
ea63f461a8
Rename upload_all to upload_all_nonatomic
2016-08-25 06:03:13 +02:00
Unrud
30d287ce00
Write files nonatomic in upload_all
...
It's only used in temporary collections.
2016-08-25 06:03:13 +02:00
Unrud
e31ea57883
Use upload_all for addressbook
2016-08-25 06:03:13 +02:00
Unrud
bc0f8b0a47
Remove duplicate code
2016-08-25 06:03:13 +02:00
Unrud
c57307c585
Rename collections to vobject_items
...
Like the parameter name of upload_all
2016-08-25 05:52:26 +02:00
Unrud
6045ad97fe
Move upload_all from BaseCollection to Collection
...
This is not used anywhere outside of Collection and probably never will be as WebDAV doesn't support bulk uploads.
2016-08-25 05:47:31 +02:00
Unrud
10786cbad8
Move hook into storage.Collection
...
The hook is only valid for filesystem storage, it's meaningless for other backends like databases.
2016-08-25 05:40:46 +02:00
Unrud
8db580abce
Try to decode URLs with utf-8 ( Fixes #486 )
2016-08-25 05:30:46 +02:00
Unrud
e40e46e164
Don't disable existing loggers
...
The logger is retrieved before configure_from_file is called and gets disabled, the same happens when the logging configuration is reloaded.
2016-08-25 05:24:29 +02:00
Unrud
de8c2f0909
Fix SIGHUP handler
...
The function handler_generator seems useless and the return statement is missing.
2016-08-25 05:24:29 +02:00
Unrud
3b71ab960e
Log exceptions ( Fixes #447 )
...
Exceptions were just written to stderr but not into logs.
2016-08-25 05:24:24 +02:00
Unrud
c091399f5e
Write log to stderr
...
Be consistent with python's default behavior and play nice with CGI.
2016-08-25 05:19:38 +02:00
Unrud
14515cfe27
Fix logger configuration
...
Apply patch from #485
2016-08-25 04:29:02 +02:00
Guillaume Ayoub
79bfa9c1d3
Merge pull request #482 from Unrud/smallimprovements
...
Some small cosmetic improvements for xmlutils
2016-08-24 18:11:06 +02:00
Unrud
f9cabfb20b
Test empty filter
...
Test for d1dbd1df54
2016-08-24 17:52:39 +02:00
Unrud
d1dbd1df54
Fix empty filter
...
DAVdroid sends <CARD:filter />, which causes an exception.
2016-08-24 17:45:10 +02:00
Unrud
469efbb032
Cosmetics
2016-08-13 04:52:51 +02:00
Unrud
453a8ba636
Fix "fix this" in xmlutils
2016-08-13 04:51:42 +02:00
Unrud
ecd0a16214
Remove unused variable path
2016-08-13 04:48:59 +02:00
Unrud
1c6e626979
Simplify name_from_path and add error check
2016-08-13 04:47:35 +02:00
Guillaume Ayoub
3b29a56c81
Merge pull request #480 from Unrud/currentuserprincipal
...
Ask for authentication if current-user-principal is requested
2016-08-13 04:25:55 +02:00
Unrud
c29fd1ca61
Check that item is a collection
2016-08-13 00:19:14 +02:00
Unrud
cf4a6ef749
Revert 1ffc171f35
...
Maybe I misunderstand the RFC, but this properties are related to a principal collection. DAVdroid without preemptive authentication doesn't like this and tries to create calendars and addressbooks in /.
2016-08-13 00:17:50 +02:00
Unrud
4438d2ba9a
Require user for current-user-principal
...
DAVdroid dropped support for preemptive authentication in version 1.2.3.
Returning the DAV:unauthenticated pseudo-principal as specified in RFC 5397 doesn't seem to work for DAVdroid.
2016-08-12 23:41:34 +02:00
Unrud
6515062bcd
Return HTTP status in xmlutils.propfind
2016-08-12 23:34:08 +02:00
Florian Mounier
c95437367f
This is very important
2016-08-12 15:05:05 +02:00
Florian Mounier
416f9ddef1
Add an upload_all method for subsequent optimizations.
2016-08-12 14:58:32 +02:00
Guillaume Ayoub
8d863e52b2
Re-enable properties storage on al collections
...
Fix #475 .
2016-08-11 12:07:19 +02:00
Guillaume Ayoub
d3d29802ad
Merge pull request #474 from Unrud/patch-31
...
PROPFIND rights checking
2016-08-11 11:44:43 +02:00
Guillaume Ayoub
e66a35e996
Merge pull request #476 from Unrud/closelockfile
...
Add option to close lock file
2016-08-11 11:43:40 +02:00
Guillaume Ayoub
f395e256ff
Merge pull request #478 from Unrud/patch-33
...
Correctly write line endings to files
2016-08-11 11:43:18 +02:00
Unrud
9e84b459ae
Correctly write line endings to files
...
vobject uses \r\n as line endings. Writing this to a file is not a problem on Linux and newer versions of MacOS. On Windows \r\r\n gets written to disk and on older versions of MacOS \r\r gets written to disk, because python replaces \n by the system depended line ending.
2016-08-11 05:43:18 +02:00
Unrud
7a01f905de
Enable close_lock_file for tests
2016-08-11 05:20:31 +02:00
Unrud
3f5dd70580
Add option to close lock file
...
Close the lock file, when no more clients are waiting.
This option is not very useful in general, but on Windows files that are opened cannot be deleted. This causes tests to fail, because the deletion of the temporary filesystem folder fails.
2016-08-11 05:19:23 +02:00
Unrud
0060130c3b
Remove etags from raw data
...
Remove all etags that are directly calculated from data that's read from files.
1. They are not used anywhere (luckily).
2. Etags that are send to clients are calculated from the output of vobject's serialize method. If files are edited externally and vobject normalizes them (like wrapping long lines or replacing all line endings by \r\n), the etags that are sent to the client and the etags that are calculated from raw data will never match. If a new version of vobject is released and the formatting changes slightly, the checks will also always fail.
2016-08-11 05:05:10 +02:00
Guillaume Ayoub
35d12ee97e
Merge pull request #472 from Unrud/patch-30
...
Use os.replace instead of os.rename
2016-08-11 04:23:56 +02:00
Guillaume Ayoub
69386410e5
Merge pull request #473 from Unrud/tests
...
Tests
2016-08-11 04:23:23 +02:00
Unrud
4eb04e3526
PROPFIND rights checking
...
Return 404 and 403 only when it's appropriate. Don't ask users for passwords if an item just doesn't exist (e.g. mistyped URL).
2016-08-11 02:19:48 +02:00
Unrud
30b3273efa
Test that the requests fails if the hook fails
2016-08-11 00:37:19 +02:00
Unrud
2b45cffa0e
Test that hook gets executed when the principal collection is created
...
Test for ee5b8facda
2016-08-11 00:37:19 +02:00
Unrud
080ed31d27
Test that storage is locked when hook runs
...
Test for 65af0592d3
2016-08-11 00:37:19 +02:00
Unrud
952609deee
Test that hook gets executed on write accesses
2016-08-11 00:37:19 +02:00
Unrud
893051645e
Test fsync
...
Enable syncing for at least one test.
Test for 5c2075cb6c
.
2016-08-11 00:37:19 +02:00
Unrud
6d80b70b8c
Test that the root collection always exists
...
Test for 6c3e59fd11
2016-08-11 00:37:19 +02:00
Unrud
97edacd71a
Test implicit creation of principal collection
...
Test for 81b04890f1
2016-08-11 00:37:19 +02:00
Unrud
62892e3423
Test PROPPATCH
2016-08-11 00:37:13 +02:00
Unrud
51bf95f00d
Don't run all tests twice
...
Only verify that custom backend loading works with a simple test.
2016-08-11 00:32:24 +02:00
Unrud
c8e8993ec2
Refactor: Move common code into BaseFileSystemTest
2016-08-11 00:32:24 +02:00
Unrud
e2b87d145f
Cosmetics: Don't use % for logging
2016-08-10 23:43:32 +02:00
Unrud
9192a7751b
Remove incorrect argument
...
In rare cases this can cause a crash.
2016-08-10 23:41:19 +02:00
Unrud
b8126f8d24
Use os.replace instead of os.rename
...
On Windows os.replace sets the MOVEFILE_REPLACE_EXISTING flag for MoveFileEx.
On POSIX it's the same as os.rename.
2016-08-10 19:26:07 +02:00
Guillaume Ayoub
5c2075cb6c
Fix _atomic_write
2016-08-08 14:55:01 +02:00
Guillaume Ayoub
5e5b8b844f
Cosmetics
2016-08-08 13:39:01 +02:00
Guillaume Ayoub
1e5c9f63a0
Merge pull request #468 from Unrud/disablefsync
...
Add option to disable syncing to disk
2016-08-08 13:00:12 +02:00
Guillaume Ayoub
c4cf918bf2
Merge pull request #470 from Unrud/readcontent
...
Read content after access checks
2016-08-08 12:57:59 +02:00
Unrud
a9b89be5c7
Read content after access checks
...
Unauthorized users can't fill up RAM with crap anymore.
2016-08-08 07:00:24 +02:00
Unrud
f294b1cf17
Add access check to PROPFIND
2016-08-08 06:59:15 +02:00
Unrud
eb15de0c5b
Test PUT with whole collection
2016-08-08 06:09:24 +02:00
Unrud
68286faa63
Atomic replacement of whole collection by PUT
2016-08-08 06:08:52 +02:00
Unrud
0675328a02
Replace collection in Collection.create_collection
2016-08-08 06:08:01 +02:00
Unrud
6d85a731e5
Disable syncing to disk for tests
...
This reduces test time by almost 70%.
2016-08-08 05:30:16 +02:00
Unrud
f5f52582a1
Add option to disable syncing to disk
...
Disabling syncing increases the risk of data loss when the system crashes or power fails. On the positive it can increase the performance to a great extent.
2016-08-08 05:20:25 +02:00
Unrud
c336e0581e
Remove atomicwrites
...
Unfortunately the library doesn't support disabling of disk syncing, fortunately we only need a small subset of it's functionality which is easy to implement.
2016-08-08 05:02:36 +02:00
Unrud
3c736cade8
Refactor: Move sync_directory into Collection class
...
This is not used anywhere else.
2016-08-08 04:07:01 +02:00
Guillaume Ayoub
9f2cbb81a3
Merge pull request #466 from Unrud/fixpath
...
Set correct path for child collections
2016-08-07 18:43:41 +02:00
Unrud
ce0a2fd01d
Test PROPFIND
...
Regression test for cfa8c7d8b4
2016-08-07 18:08:10 +02:00
Unrud
cfa8c7d8b4
Set correct path for child collections
2016-08-07 17:50:31 +02:00
Unrud
4f37e90e20
Some clients expect collections to end with /
...
Compatibility with InfCloud/CalDavZAP/CardDavMATE
2016-08-07 17:50:04 +02:00
Unrud
ee5b8facda
Always use wrapper to lock collection
...
Also run the hook after creation of the principal collection.
2016-08-07 17:14:47 +02:00
Guillaume Ayoub
4236077b04
Document _makedirs_synced and remove exist_ok
2016-08-06 14:08:21 +02:00
Guillaume Ayoub
4549d1b2db
Merge pull request #462 from Unrud/durabledirs
...
Durable creation of directories and make sure that the root colleciton exists.
2016-08-06 14:02:41 +02:00
Guillaume Ayoub
a7923008ce
Remove unused import
2016-08-06 13:29:07 +02:00
Guillaume Ayoub
0cda9f611d
Merge pull request #463 from Unrud/atomicmove
...
Atomic MOVE
2016-08-06 13:27:38 +02:00
Guillaume Ayoub
071a829af8
Merge pull request #453 from Unrud/delete
...
Delete atomic and durable
2016-08-06 12:52:38 +02:00
Unrud
5f66d009d6
Atomic MOVE in multifilesystem
2016-08-06 05:09:06 +02:00
Unrud
23582c8208
Expose low level MOVE operation in storage.BaseCollection
2016-08-06 05:09:00 +02:00
Unrud
17ff22cae4
Support replacing in MOVE method
2016-08-06 04:45:44 +02:00
Unrud
89ac2fb397
Remove faulty check
...
This should have been (to_path.strip("/")+"/").startswith(path.strip("/")+"/").
But it's not required as we don't support moving collections.
2016-08-06 04:44:18 +02:00
Unrud
07dc71fd73
Update comment
2016-08-06 04:07:55 +02:00
Unrud
6c3e59fd11
Make sure that the root collection exists.
...
Since the collections are not directly in **filesystem_path** anymore,
the folder is not created by ``Collection.acquire_lock``.
2016-08-06 04:07:55 +02:00
Unrud
05a4285f54
Durable creation of intermediate directories
2016-08-06 04:07:50 +02:00
Guillaume Ayoub
9aefc500ec
Merge pull request #461 from Unrud/patch-27
...
Remove old code
2016-08-05 17:48:03 +02:00
Unrud
bfb7aec7be
Test deletion of root collection
2016-08-05 17:40:47 +02:00
Unrud
f4eb143ba8
use tempfile to delete collection
2016-08-05 17:40:47 +02:00
Unrud
5a9d956b49
delete atomic and durable
...
See #440
2016-08-05 17:40:47 +02:00
Unrud
9dd241a54b
Add test for deletion of collection
2016-08-05 17:40:47 +02:00
Unrud
6d77e24028
Remove old code
...
This was missed while merging #457 and #459 .
2016-08-05 17:05:32 +02:00
Unrud
65af0592d3
Run hook while storage is still locked
2016-08-05 16:58:03 +02:00
Guillaume Ayoub
50438bc2c0
Remove fixed TODOs
2016-08-05 02:57:17 +02:00
Guillaume Ayoub
8682504c6e
Strip empty lines from content
2016-08-05 02:25:15 +02:00
Guillaume Ayoub
26e1c9ba89
Fix collection creation with PUT request
2016-08-05 02:24:52 +02:00
Guillaume Ayoub
8ac3ce1a89
Clean many, many things
2016-08-05 02:14:49 +02:00
Guillaume Ayoub
92a0027ae1
Merge branch 'rights' of https://github.com/Unrud/Radicale into Unrud-rights
2016-08-04 23:35:01 +02:00
Guillaume Ayoub
2eaedf448f
Merge pull request #457 from Unrud/atomiccreate
...
Atomic creation of collections and atomic PROPPATCH
2016-08-04 22:55:15 +02:00
Unrud
8ce6d1af30
Use flock locks for storage locking
...
These locks are compatible with the command line utility flock,
which comes preinstalled with most Linux distributions.
2016-08-04 06:15:05 +02:00
Unrud
066b5994d1
Improve rights checking and request handlers
...
* Access rights are checked before the storage is locked and
collections are loaded.
* DELETE sends 410 instead of doing nothing or crashing if the target
doesn't exist.
* GET always returns 404 if the target doesn't exist.
* GET doesn't crash if a collection without tag property is requested.
* MKCOL and MKCALENDAR send 409 if the target already exists.
* MOVE checks if the target collection of an item actually exists and
sends 409 otherwise.
* PUT doesn't crash if a whole collection that doesn't exist yet is
uploaded and ``content-type`` is ``text/vcard`` or
``text/calendar``.
* PUT distinguishes between simple items and whole collections by the
following criteria: Target is a collection; Parent exists; Parent
has the tag property set; Parent contains other items. Before only
the first two criteria where used, which was very unrelieable. #384
* PROPPATCH is only allowed on collections and 409 is send otherwise.
* ``Rights.authorized`` takes a path instead of a collection.
* ``Collection.discover`` only returns items in ``path``, that
actually exist. #442
2016-08-04 06:08:08 +02:00
Unrud
ae89082c24
Atomic creation of collections
2016-08-03 15:50:55 +02:00
Unrud
e34d1c46cd
Move collections into collection-root folder
...
This is required for atomic creation and deletion of the "/" collection.
2016-08-03 15:50:38 +02:00
Unrud
bd7641699e
Atomic PROPPATCH
2016-08-03 14:45:52 +02:00
Unrud
de510148a0
*args and **kwargs for test collection
2016-08-03 14:35:50 +02:00
Unrud
0fc7f787a8
Remove test_folder configuration
...
It's not used.
2016-08-03 14:34:36 +02:00
Guillaume Ayoub
b71664b322
Return UNAUTHORIZED for NOT_FOUND PROPFINDs
2016-08-02 17:24:04 +02:00
Guillaume Ayoub
76b859c28e
Rename .collection.props into .Radicale.props
2016-08-02 16:58:44 +02:00
Guillaume Ayoub
2f202d14e0
Fix .collection.props
2016-08-02 16:57:20 +02:00
Guillaume Ayoub
5b04ba18a8
Hide collection.props
2016-08-02 16:51:50 +02:00
Guillaume Ayoub
da22778ce3
Merge pull request #456 from Unrud/props
...
Properties inside of collection
2016-08-02 16:50:23 +02:00
Unrud
13c693ba35
Properties inside of collection
...
* Creation and deletion of collections can be atomic.
* The properties file of the root collection is not outside of the
filesystem_folder.
* It's easier to delete and move collections by hand.
* This breaks backward compatibility.
2016-08-02 16:35:38 +02:00
Guillaume Ayoub
1ffc171f35
Always return collections home sets
2016-08-02 16:27:18 +02:00
Guillaume Ayoub
5ed60ce09d
Always return current-user-principal
2016-08-02 15:43:31 +02:00
Guillaume Ayoub
3e52f34309
Remove pylint
2016-08-02 14:39:20 +02:00
Guillaume Ayoub
301bb552d7
Cosmetics
2016-08-02 14:37:39 +02:00
Guillaume Ayoub
d322d3f394
Clean the user's collection creation code
2016-08-02 14:00:42 +02:00
Guillaume Ayoub
04010ff8d3
Merge pull request #455 from Unrud/home
...
Creating addressbooks and calendars in DAVdroid
2016-08-02 13:51:29 +02:00
Guillaume Ayoub
71be1a56b8
Change find_available_file_name into private method
2016-08-02 12:11:38 +02:00
Guillaume Ayoub
a7f078eb54
Change find_available_file_name into a method
2016-08-02 11:16:24 +02:00
Guillaume Ayoub
880744ada7
Merge pull request #454 from Unrud/uniq
...
Check if file name already exists
2016-08-02 11:12:30 +02:00
Unrud
81b04890f1
Create principal collection automatically
2016-08-02 08:04:12 +02:00
Unrud
39d38f36a5
Check if file name already exists
...
The chances are pretty low but maybe the RNG is bad or something
2016-08-02 07:33:47 +02:00
Unrud
d5008672c5
Principal associated properties only on principal collections
...
This misguides DAVdroid into creating new calendars and addressbooks in /
2016-08-01 20:48:57 +02:00
Unrud
03cbcee5cd
/ is not a principal
2016-08-01 20:46:57 +02:00
Unrud
7aa481aaa1
Return / for principal-collection-set
...
From RFC3744: This protected property of a resource contains a set of URLs that identify the root collections that contain the principals that are available on the server that implements this resource.
2016-08-01 20:44:04 +02:00
Unrud
8f91190949
Remove duplicate code
2016-08-01 20:42:03 +02:00
Guillaume Ayoub
6b30870be5
Minor cleanups
...
Everything works fine with Apple clients now.
2016-08-01 19:00:57 +02:00
Guillaume Ayoub
b517818749
Don't reject everybody from "/" with owner_only
...
Fix 407.
2016-08-01 18:59:47 +02:00
Guillaume Ayoub
6bfdcbafec
Cosmetics
2016-08-01 12:50:51 +02:00
Guillaume Ayoub
711ecf5df2
Merge pull request #451 from Unrud/removewellknown
...
Remove /.well-known
2016-08-01 12:20:55 +02:00
Guillaume Ayoub
9d3086427d
Merge pull request #450 from Unrud/safeusernames
...
Prevent unsafe usernames
2016-08-01 12:14:40 +02:00
Unrud
9dd8c65d65
Always match full username/collection with regex
...
It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not.
2016-08-01 10:07:21 +02:00
Unrud
fd977891e8
Remove /.well-known
...
I can't think of a sane use-case for this.
2016-08-01 09:31:25 +02:00
Unrud
da1a693620
Prevent unsafe usernames
...
If an attacker is able to create an account with a username like "user/calendar.ics", he can access collections of other users.
2016-08-01 09:10:23 +02:00
Guillaume Ayoub
b3d8833779
Normalize the version number
2016-07-30 16:43:29 +02:00
Guillaume Ayoub
dc406c17fd
Merge pull request #425 from Unrud/patch-19
...
Don't silently drop files
2016-07-30 15:28:35 +02:00
Guillaume Ayoub
62588477f6
Merge pull request #429 from Unrud/hook
...
Add hook for storage changes
2016-07-30 15:26:17 +02:00
Guillaume Ayoub
0a2d12a4a3
Merge pull request #445 from Unrud/patch-24
...
Point well-known to /
2016-07-30 15:25:01 +02:00
Unrud
0306ee6dcc
Point well-known to /
...
Fixes #431
2016-07-14 10:13:20 +02:00
Unrud
21d7d5a453
Hide temporary files
...
Fixes #443
2016-07-14 09:09:10 +02:00
Unrud
0a32e46295
Improve error message
2016-07-14 08:08:08 +02:00
Unrud
e3d7d08eab
Don't silently drop files
2016-07-14 08:08:08 +02:00
Unrud
0263251ecf
Add hook for storage changes
2016-07-14 07:57:46 +02:00
Guillaume Ayoub
ef63865e31
Merge pull request #428 from Unrud/patch-22
...
Add timeout to connections, limit size of request body and limit number of parallel connections
2016-07-14 02:06:24 +02:00
Guillaume Ayoub
5bd80d8d13
Don't crash when getting unknown collections
...
Fix #422 .
2016-07-14 01:39:57 +02:00
Guillaume Ayoub
4c91ee8906
Atomic writes ( fix #440 )
2016-07-14 01:14:42 +02:00
Guillaume Ayoub
5e5427f987
Cosmetics
2016-07-13 17:59:52 +02:00
Florian Mounier
eb1f964ee2
Fix docstring
2016-07-12 18:12:42 +02:00
Florian Mounier
9225fd5fbd
Add a test for update
2016-07-12 18:08:01 +02:00
Florian Mounier
6f9e9f21dd
Merge branch 'optimize_storage_collection'
2016-07-08 15:35:43 +02:00
Florian Mounier
2ff47620f8
Merge branch 'date_indexed_collection'
2016-07-08 11:39:15 +02:00
Florian Mounier
36333765d6
Merge branch 'test_in_radicale'
2016-07-08 11:38:09 +02:00
Florian Mounier
39823f8909
Add a pre_filtered_list method in collection. This allow filters optimizations
2016-07-08 11:37:30 +02:00
Florian Mounier
a2d6977cd6
Fix logic in loops
2016-07-07 17:53:35 +02:00
Florian Mounier
10e7a776fc
Merge branch 'master' into optimize_storage_collection
2016-07-07 17:52:16 +02:00
Guillaume Ayoub
8c225f019c
Fix support of recurring events
2016-07-07 17:49:56 +02:00
Florian Mounier
364ed3689d
Optimise collection creation by avoiding nested_loop
2016-07-07 16:13:32 +02:00
Florian Mounier
9056561211
Move test inside radicale
2016-07-07 14:30:10 +02:00
Guillaume Ayoub
21461ddb4e
Fix name_from_path
2016-07-06 17:11:12 +02:00
Guillaume Ayoub
6a4fe6beb5
Add a very, very important full stop.
2016-07-05 18:07:36 +02:00
Florian Mounier
a7549bc652
Split the main run function to allow the use of radicale serving programatically. Add an extra_config parameter to the config load to override config.
2016-07-05 17:50:40 +02:00
Florian Mounier
383409213e
deflate seems to be problematic with different implementations ( http://stackoverflow.com/questions/388595/why-use-deflate-instead-of-gzip-for-text-files-served-by-apache/388633#388633 ). Using gzip instead.
2016-07-04 17:00:43 +02:00
Guillaume Ayoub
9300d25d61
Update __main__.py
2016-07-04 14:35:38 +02:00
Florian Mounier
221379ef85
Sort imports
2016-07-04 14:32:33 +02:00
Guillaume Ayoub
fd3b0718fd
Fix coding style
2016-07-01 16:44:12 +02:00
Guillaume Ayoub
c294477aee
Support recurring items in time filters
...
Fix #33 .
2016-07-01 16:40:43 +02:00
Guillaume Ayoub
5b5edaac2f
Fix FCGI and WSGI scripts
2016-07-01 10:28:51 +02:00
Guillaume Ayoub
4e8f518cbb
Remove spaces from empty lines
2016-06-26 21:23:29 +02:00
Nicolas Bonfante
dfc215b63f
solving bug when trying to filter an Event on a DATETIME which have no timezone
2016-06-24 14:02:35 +02:00
Nicolas Bonfante
4872ea5d58
correcting bug in test vjournal
2016-06-15 18:09:09 +02:00
Cedric Boscher
e4e1d81f9f
debug on tests
2016-06-15 18:01:19 +02:00
Nicolas Bonfante
1613c4955f
adding test for Vjournal filtering
2016-06-15 16:17:51 +02:00
Nicolas Bonfante
38845da762
solve bug in vjournal time filter
2016-06-15 15:48:35 +02:00
Cedric Boscher
a5d5cc8b2c
debug VTODO and first tests running
2016-06-15 15:45:27 +02:00
Cedric Boscher
2957b40473
clean code
2016-06-15 10:16:44 +02:00
Cedric Boscher
21ea648a44
Merge branch 'master' of github.com:Kozea/Radicale
2016-06-15 09:56:16 +02:00
Cedric Boscher
7de63f8335
VTODO first implementation
2016-06-15 09:56:05 +02:00
Nicolas Bonfante
e1f3045f1f
adding VJournal method
2016-06-15 09:55:30 +02:00
Guillaume Ayoub
40406359e5
Merge pull request #423 from Unrud/patch-17
...
Resolve naming conflict
2016-06-13 15:08:33 +02:00
Guillaume Ayoub
9592ec3a66
Merge pull request #424 from Unrud/patch-18
...
Fix time range matching
2016-06-13 15:08:01 +02:00
Guillaume Ayoub
caa4c16dfd
Merge pull request #426 from Unrud/patch-20
...
Ignore hidden files
2016-06-13 15:07:24 +02:00
Unrud
83ea9da2b4
Limit number of parallel connections
2016-06-11 13:19:26 +02:00
Unrud
e438d9fd4b
Limit size of request body
2016-06-11 13:16:45 +02:00
Unrud
b55d2181ed
Add timeout to integrated sever
2016-06-11 13:14:58 +02:00
Unrud
d4e6205745
Don't include passwords in logs
2016-06-11 12:58:28 +02:00
Unrud
54b47c4a3e
Refactor: Move response code into function
2016-06-10 14:55:32 +02:00
Unrud
39379413d1
Use hidden file for locking
2016-06-10 01:18:02 +02:00
Unrud
3479e76690
Ignore hidden files
2016-06-10 01:17:57 +02:00
Unrud
3e1e680bbc
Use correct attribute name
2016-06-10 00:02:07 +02:00
Unrud
74d84e0c91
Resolve naming conflict
2016-06-09 23:52:05 +02:00
Guillaume Ayoub
063e827588
Revert "Try to use UID as filename"
...
This reverts commit 0b25c82d9d
.
See #419 .
2016-05-30 19:05:58 +02:00
Guillaume Ayoub
f1f716b0c7
Merge pull request #419 from Unrud/patch-16
...
Save all items with the same UID in the same file
2016-05-30 19:03:25 +02:00
Guillaume Ayoub
5b6f0784d0
Merge branch 'master' of github.com:Kozea/radicale
2016-05-30 14:53:41 +02:00
Guillaume Ayoub
248fc7e9e3
Implement time-range filters for events
2016-05-30 14:53:20 +02:00
Guillaume Ayoub
13a7f2f9af
Merge pull request #417 from Unrud/patch-14
...
Allow creation of empty collection via PUT
2016-05-30 11:23:27 +02:00
Guillaume Ayoub
b0ed18af05
Merge pull request #416 from Unrud/patch-13
...
Always release lock
2016-05-30 11:08:48 +02:00
Unrud
0b25c82d9d
Try to use UID as filename
2016-05-29 03:38:35 +02:00
Unrud
5c90f5b2af
Save all items with the same UID in the same file
...
If recurrences are not in the same file, they are not correctly shown by clients.
2016-05-29 03:32:06 +02:00
Unrud
4861b79878
Allow creation of empty collection via PUT
2016-05-29 01:18:29 +02:00
Unrud
af1dce1504
Fix crash on unknown content type
2016-05-28 23:49:15 +02:00
Unrud
28e643dec1
Don't pass None to vobject.readComponents
...
If an empty collections is created with PUT, content is None.
2016-05-28 22:46:20 +02:00
Unrud
9ade92c026
Always release lock
2016-05-28 22:36:40 +02:00
Guillaume Ayoub
656680d998
Merge branch 'master' of github.com:Kozea/radicale
2016-05-27 14:45:43 +02:00
Guillaume Ayoub
fef9f0abc6
Support param-filter
2016-05-27 14:44:59 +02:00
Unrud
ecbffe69dc
Veify Authorization Scheme
2016-05-26 12:21:09 +02:00
Guillaume Ayoub
da1363f026
Revert "Limit duration of file locks"
...
This reverts commit 6b1acd14d7
.
2016-05-25 14:05:34 +02:00
Guillaume Ayoub
69ec2891fa
Remove at_once
2016-05-25 14:05:05 +02:00
Guillaume Ayoub
a3c32ee77f
Merge pull request #402 from Unrud/locking
...
Implement locking of whole storage
2016-05-25 14:03:48 +02:00
Guillaume Ayoub
4fc5e3135a
Update documentation of path_to_filesystem
2016-05-24 14:39:41 +02:00
Guillaume Ayoub
f8c8bd9d9b
Merge pull request #403 from Unrud/patch-9
...
Don't sanitize local paths using posixpath
2016-05-24 14:36:34 +02:00
Unrud
6b1acd14d7
Limit duration of file locks
...
This prevents starvation of writers in other processes
2016-05-22 23:44:21 +02:00
Unrud
14daa88772
Use FIFO for storage locking
...
This prevents starvation of writers in the current process
2016-05-22 23:29:00 +02:00
Unrud
1ea9a33101
Reuse lock file
2016-05-22 10:29:56 +02:00
Unrud
49bc0728e3
Only one lock file per process (lockf() works now)
...
lockf() is more portable than flock()
2016-05-22 10:29:56 +02:00
Unrud
eb9218354c
Always use readers-writer lock in storage locking
2016-05-22 10:29:56 +02:00
Unrud
bca6cec6b3
Use context manager for locking
2016-05-22 10:29:50 +02:00
Unrud
a24613da9c
Compress answer
...
The protocol uses verbose XML and compression reduces the size significantly.
2016-05-21 02:26:03 +02:00
Unrud
de2f411820
Use nonlocal instead of container
...
Python 3
2016-05-21 01:49:22 +02:00
Unrud
b810d61ce3
Don't sanitize local paths using posixpath
...
This doesn't work as expected on Windows.
2016-05-21 01:41:00 +02:00
Unrud
ff3b31fed6
Use threading in integrated webserver
2016-05-21 01:26:52 +02:00
Unrud
2c45b1998c
Implement locking of whole storage
2016-05-21 01:26:45 +02:00
Guillaume Ayoub
68b72f55eb
Merge pull request #398 from untitaker/unbound
...
Fix UnboundLocalError
2016-05-18 22:47:37 +02:00
Markus Unterwaditzer
eea6ccb573
Fix UnboundLocalError
2016-05-18 22:43:56 +02:00
Guillaume Ayoub
a8fda1aedf
Cut long lines
2016-05-18 22:41:05 +02:00
Guillaume Ayoub
6769629314
Remove useless empty function
2016-05-18 20:22:36 +02:00
Guillaume Ayoub
45576d7474
Handle text-match filters
...
Related to #33 .
2016-05-18 20:21:03 +02:00
Guillaume Ayoub
20ff5444fb
Don't explicitely inherit from object
2016-05-12 18:57:59 +02:00
Guillaume Ayoub
ca056dea9f
Don't return 404 for GET requests on collections
2016-05-12 18:55:03 +02:00
Guillaume Ayoub
2ce9fceaff
Merge branch 'master' of github.com:Kozea/radicale
2016-05-06 17:57:58 +02:00
Guillaume Ayoub
a28df4dd4b
Reorganize filters
...
Related to #33 and #372 .
2016-05-06 17:53:02 +02:00
Markus Unterwaditzer
2dee66133d
Flake8 fixes
2016-05-04 19:25:58 +02:00
Markus Unterwaditzer
0de3ad36be
Fixes to Rights
...
- BaseRights expects the config and logger params
- user may be None, which leads to errors when trying to use it with
regexes.
2016-04-22 20:30:40 +02:00
Guillaume Ayoub
2f97d7d1e1
Remove global state about configuration and logs
...
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.
Related to #122 .
2016-04-22 11:37:02 +09:00
Jasper Bryant-Greene
0670aa9fb4
Corrected calendar-timezone code in xmlutils.py
2016-04-21 10:40:36 +05:30
Guillaume Ayoub
6db946080e
Cosmetics
2016-04-21 09:12:00 +09:00
Markus Unterwaditzer
7f2d1c00c4
Unbreak tag filters
2016-04-20 20:17:05 +02:00
Guillaume Ayoub
303a53eede
Return Items in upload and update methods
...
Related to #380
2016-04-20 08:09:00 +09:00
Guillaume Ayoub
ecf53c5e1e
Merge branch 'master' of github.com:Kozea/radicale
2016-04-20 07:50:58 +09:00
Guillaume Ayoub
3a9bcc7555
Add etag property to items
...
Related to #380 .
2016-04-20 07:49:03 +09:00
Markus Unterwaditzer
1b1ba421ff
Fix double slash in REPORT responses
...
When doing REPORTs with absolute paths as hrefs, the response hrefs
contain a double slash at the beginning. This breaks URL parsers and
makes them assume they have a URL without protocol of the format
`//example.com/foo/bar/`.
2016-04-19 23:19:22 +02:00
Guillaume Ayoub
bf8bd90bcb
Fix removal of base_prefix in multiget requests
2016-04-19 10:44:02 +09:00
Guillaume Ayoub
6adc7f5fed
Enhance collection discovering
...
When the request path leads to a non-existing item, try to create the
Collection object according to an existing collection at request path's
parent.
This change means that the requests whose path leads to a collection
that doesn't exist (at least MKCOL, MKCALENDAR and PUT) need to rely on
the request path more than on the Collection path. It was already done
for PUT, it's been fixed for MKCOL and MKCALENDAR.
Fix #378 .
2016-04-19 10:39:52 +09:00
Guillaume Ayoub
65659fc909
Improve WebDAV compatibility
...
Add getlastmodified and getcontentlength properties, and fix nested
collections support. Fix #321 .
2016-04-18 09:11:00 +09:00
Guillaume Ayoub
99544fcf80
Allow the creation of empty collections
...
Fix #201
2016-04-17 13:58:56 +09:00
Markus Unterwaditzer
e8c1defe6a
Update PROPPATCH to new storage API
2016-04-13 23:02:00 +02:00
Markus Unterwaditzer
472d016d1e
Fix crash when fetching nonexistent href
2016-04-13 22:56:57 +02:00
Markus Unterwaditzer
f169f2f19b
Don't crash if collection doesn't exist yet
2016-04-13 22:09:00 +02:00
Markus Unterwaditzer
a1cdcf2fba
Don't crash if propsfile doesn't exist
2016-04-12 22:43:10 +02:00
Guillaume Ayoub
e586569b31
Fix a lot of details
2016-04-12 18:21:18 +02:00
Guillaume Ayoub
406027f3c9
Change the Collection API
...
The new API used comes from vdirsyncer, as proposed by @untitaker in
issue #130 .
The code has been tested and works with the (too simple) unit tests, and
with Lightning and DAVdroid. Many things are broken and a good part of
the code has not be ported to the new API yet. TODOs have been added
where the application is known to be broken.
2016-04-11 20:11:35 +02:00
Guillaume Ayoub
2408097ab9
Clean the storage module
2016-04-10 02:37:43 +02:00
Guillaume Ayoub
41e319a8b8
Merge ical and storage modules
2016-04-10 02:08:07 +02:00
Guillaume Ayoub
73d39ea572
Use vobject
2016-04-10 01:36:45 +02:00
Guillaume Ayoub
b495bfa59f
Remove pathutils
2016-04-09 22:45:14 +02:00
Guillaume Ayoub
12ddd64884
Fix the management of paths
2016-04-09 22:44:34 +02:00
Guillaume Ayoub
7a0e267f19
Better collection discovery
2016-04-09 15:11:47 +02:00
Guillaume Ayoub
44ba2c36a7
Merge branch 'master' of https://github.com/hadleyrich/Radicale
2016-04-08 15:05:56 +02:00
Guillaume Ayoub
7e493f73cd
Remove backslash
2016-04-08 14:46:38 +02:00
Guillaume Ayoub
e2b6bc3008
Remove old workaround
2016-04-08 14:46:17 +02:00
Guillaume Ayoub
54dee0c7c4
Clean tests
2016-04-07 19:25:10 +02:00
Guillaume Ayoub
595e2329ea
Don't create collections on GET requests
2016-04-07 19:03:27 +02:00
Guillaume Ayoub
1001bcb676
Remove extra auth, rights and storage modules
2016-04-07 19:02:52 +02:00
Guillaume Ayoub
434cb533e9
Remove Python 2 support
2016-03-31 19:57:40 +02:00
Guillaume Ayoub
fa4eaef08e
Merge pull request #353 from Unrud/patch-7
...
Integrated server without busy waiting
2016-03-31 19:24:43 +02:00
Guillaume Ayoub
f27ed8e6ff
Merge pull request #363 from igogold/readonly-collections
...
Fix privilege set for read only collection
2016-03-31 19:23:47 +02:00
Guillaume Ayoub
2ea35a2fc3
Merge pull request #209 from vuntz/no-autocreate-multifilesystem
...
Do not autocreate .props files for multifilesystem backend
2016-03-10 18:48:29 +01:00
igogold
aa04aa04b7
Fix privilege set for read only collection
2016-03-04 11:05:13 +05:00
Unrud
bbe71c1ad1
Integrated server without threads and busy waiting
2016-01-27 07:17:38 +01:00
Guillaume Ayoub
3a4184d1ab
Merge pull request #351 from Unrud/patch-6
...
Quick fix for multifilesystem
2016-01-15 10:54:47 +01:00
Guillaume Ayoub
060d265129
Merge branch 'master' of github.com:Kozea/radicale
2016-01-15 10:51:24 +01:00
Guillaume Ayoub
9a2668e425
Fix the Collection._parse docstring
2016-01-15 10:50:36 +01:00
Unrud
a55cff8eb6
Also remove items from the collections itself
2016-01-15 01:13:18 +01:00
Unrud
5081fcbcd1
Use component names to filter duplicates
2016-01-15 01:09:43 +01:00
Unrud
6be7dab03f
Correct function name
2016-01-14 23:07:53 +01:00
Guillaume Ayoub
f8b068e9fe
Version 1.1.1
2016-01-07 23:31:19 +01:00
Guillaume Ayoub
83304c1378
Stupid me, that was PEP 20 (fix 347 for Python 2 too)
2016-01-06 21:44:20 +01:00
Guillaume Ayoub
620d9f8316
Readability counts - PEP8™ ( fix #347 )
2016-01-06 20:19:12 +01:00
Guillaume Ayoub
e47b50421e
Version 1.1
2015-12-31 12:51:23 +01:00
Guillaume Ayoub
e7ce00d54f
Style
2015-12-31 12:49:41 +01:00
Guillaume Ayoub
b484d42547
Merge pull request #335 from Kozea/permissions
...
Use the first matching section for getting rights
2015-12-31 11:30:29 +01:00
Guillaume Ayoub
20960bee84
Merge pull request #339 from Unrud/patch-2
...
Improve daemonization
2015-12-24 16:00:39 +01:00
Unrud
eed37792ae
Convert filesystem paths safely to paths
...
This only becomes a problem if the OS/filesystem
allows / in filenames or . respectively
.. as filenames.
2015-12-24 14:39:29 +01:00
Unrud
bcaf452e51
Convert component names safely to filenames
...
Component names are controlled by the user and
without this checks access to arbitrary files is
possible if the multifilesystem backend is used.
2015-12-24 14:39:29 +01:00
Unrud
b4b3d51f33
Convert paths safely to file system paths
...
With the old implementation on Windows a path like
"/c:/file/ignore" got converted to "c:\file" and
allowed access to files outside of FOLDER
2015-12-24 14:39:29 +01:00
Unrud
6b7e79a368
Use sanitize_path instead of normpath
...
See a7b47f075499a1e1b40539bc1fa872a3ab77a204
The check for "." is now needless because the sane
path is always absolute.
```path.replace(os.sep, "/")``` is only relevant
for the (multi)filesystem backend and should be
there.
2015-12-24 14:39:24 +01:00
Unrud
1ad994cadf
Move sanitize_path into pathutils.py
2015-12-24 14:39:15 +01:00
Unrud
ed44830447
Error message if path not starting with prefix
...
Before the program crashed implicitly
2015-12-24 14:32:21 +01:00
Unrud
780cecc0f2
Always sanitize request URI
...
Do no rely on the HTTP server
2015-12-24 14:32:21 +01:00
Unrud
ee095a463d
Improve URI sanitation
...
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
2015-12-24 14:32:21 +01:00
Unrud
592537e37c
Introduce naming scheme for request handlers
...
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
2015-12-24 07:22:55 +01:00
Unrud
4bfe7c9f79
Prevent "regex injection"
...
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
2015-12-23 07:05:20 +01:00
Unrud
7cb31fe22b
Improve regex for Well-Known URIs
...
Example to show the problem:
/Xwell-known/carddavXX
2015-12-22 12:44:19 +01:00
Unrud
367ca6fcbf
Replace standard file descriptors of daemon
...
Overwriting ```sys.stdout``` and ```sys.stderr``` is not sufficient.
(e.g. the logger still uses the old file descriptors)
2015-12-22 08:50:16 +01:00
Unrud
ecb8ad747e
Decouple the daemon from its parent environment
2015-12-22 08:50:16 +01:00
Unrud
3a9238f670
Check and create PID file in a race-free manner
2015-12-22 08:50:16 +01:00
Unrud
0a09804821
Close PID file
2015-12-22 08:49:58 +01:00
Unrud
80ecae40cb
Assign new items to correct key
2015-12-10 09:46:38 +01:00
Guillaume Ayoub
e807c3d35b
Use the first matching section for getting rights
2015-12-03 15:22:12 +01:00
Guillaume Ayoub
7b82121c12
Encode message and committer for git commits ( fix #313 )
2015-09-22 11:01:33 +02:00
Guillaume Ayoub
6babebd315
Version 1.0.1
2015-09-21 12:14:51 +02:00
Guillaume Ayoub
377762e23c
Version 1.0
2015-09-14 11:49:34 +02:00
Guillaume Ayoub
f112a9b390
Merge pull request #305 from untitaker/database-props
...
Don't discard PROPPATCH on empty collections.
2015-08-28 11:26:10 +02:00
Markus Unterwaditzer
57b1ccdea5
Fix crash on empty values
2015-08-21 20:11:44 +02:00
Markus Unterwaditzer
213cb40480
Don't discard PROPPATCH on empty collections.
2015-08-21 20:08:56 +02:00
Markus Unterwaditzer
d300949fe8
Improve errorhandling in multifilesystem
...
If the collection doesn't exist yet, OSError(2, 'No such file or
directory') is raised.
https://travis-ci.org/untitaker/vdirsyncer/jobs/42540595
2015-08-21 16:17:00 +02:00
Guillaume Ayoub
ce9fd74d98
Merge pull request #260 from deronnax/not_found_instead_of_gone
...
change GET response from GONE to NOT FOUND when item is not found
2015-08-21 15:34:59 +02:00
Stephen Paul Weber
2de4f53fc3
Use PAM service
...
This allows authentication types to be customised for radicale.
2015-08-11 16:46:46 -05:00
Guillaume Ayoub
b4438d25f7
Cosmetics in htpasswd
2015-07-29 14:00:49 +02:00
Jan-Philip Gehrcke
3abbdcf671
htpasswd.py: add optional MD5-APR1 and BCRYPT support via passlib.
...
- Update docstring for optional MD5-APR1/BCRYPT support via passlib.
- Support the "md5" and "bcrypt" htpasswd_encryption config values.
- Conditionally import the required passlib components if either
"md5" or "bcrypt" is requested in the configuration file.
- Test bcrypt backend availability upon import.
- First define verification functions, then conditionally import
external dependencies.
- Consolidate: use context manager for reading credential file.
- Consolidate: save one call to strip() while parsing.
- Consolidate: break long lines, clarify comments and docstrings.
- Consolidate: use verification function mapping for improving maintainability.
2015-07-29 13:12:18 +02:00
Guillaume Ayoub
22a356bd06
Merge branch 'master' of github.com:Kozea/radicale
2015-07-24 16:01:38 +02:00
Guillaume Ayoub
8604593512
Fix many tests and database storage
2015-07-24 16:01:03 +02:00
Giel van Schijndel
a06e4ef075
PROPFIND: correctly handle 'propall' and 'propnames'
...
* Handle both the explicit <propall/> and its implicit variants
- the missing request-body case was already handled
- the empty request-body case wasn't
- the explicit (a request-body containing <propall/>) wasn't either
* <propnames/> now lists all retrievable properties
Signed-off-by: Giel van Schijndel <me@mortis.eu>
2015-06-26 13:33:10 +02:00
Hadley Rich
54d71355d1
Change xmlutils propfind to return readonly calendars
2015-06-04 11:23:01 +12:00
Liam
ba5d38d09b
Fix typo
2015-05-15 13:47:44 +01:00
Matthew Monaco
bf96d4a1fa
Use path for git commit message
...
The hard-coded message isn't very helpful, and that info is shown by the
author when looking at single line logs.
2015-05-04 13:33:52 -06:00
Guillaume Ayoub
ced7e76ba0
Small style fixes
2015-05-01 10:31:25 +02:00
Guillaume Ayoub
675f9d1f87
Merge pull request #255 from jspricke/fix_FutureWarning
...
Fix FutureWarning, explicitly test prop_element for None
2015-05-01 10:22:38 +02:00
Guillaume Ayoub
4cbabd2840
Merge pull request #259 from untitaker/issue258
...
Fully fix #258
2015-04-29 19:13:25 +02:00
Guillaume Ayoub
c249e080af
Merge pull request #273 from untitaker/issue117
...
Fix another instance of #117
2015-04-29 19:09:38 +02:00
Guillaume Ayoub
a0fc07a894
Allow content-types with ';' in charset, fix #279
2015-04-29 19:08:20 +02:00
Guillaume Ayoub
e69bec1272
Don't rely on case-sensitive imports, fix #282
...
We should burn PEP 235, bicameral scripts, encodings, Python2/3 compatibility,
Windows, MacOS X, filenames, unicode (including composite characters), and the
whole world. And LF/CR too, of course.
Let's recreate a language relying on only two characters. Anyone interested?
2015-04-29 18:55:56 +02:00
Markus Unterwaditzer
baa958c81f
Fix compatibility for PAM auth
...
PR #280 invoked `pam.authenticate().authenticate()` for older versions
of python-pam. Also, this version avoids monkeypatching the PAM module.
2015-04-25 11:14:04 +02:00
Jeremy Archer
dd01087520
Add compatibility patch for .authenticate().
...
Current version of python-pam (https://pypi.python.org/pypi/python-pam/1.8.1 ) have changed the API slightly; this patch fixes these bugs.
2015-04-19 22:41:58 -05:00
Markus Unterwaditzer
78e203a2b9
Fix another instance of #117
2015-03-22 12:25:54 +01:00
deronnax
5b8333c2b0
change GET response from GONE to NOT FOUND when item is not found
2015-02-09 11:03:06 +01:00
Markus Unterwaditzer
1126f318af
Fully fix #258
...
If I do REPORT requests, the following line would raise a KeyError:
items = [collection.items[name]]
Wrapping it with a try-except block obviously fixes that issue.
At least for REPORT requests, Radicale now also returns proper HTTP
status codes when items or just its properties couldn't be found.
2015-02-08 17:52:55 +01:00