Commit Graph

2101 Commits

Author SHA1 Message Date
Christoph Polcin
90d82d044c Fix access to collections
under certain conditions it was possible to pass the final access control
if-clause. the master branch granted access if:

    if ((read_allowed_items or write_allowed_items)
        and (not user or auth.is_authenticated(user, password))) or
        function == self.options or not items:

the easy-connect branch from pull request #95 adds:
    (is_authenticated and function == self.propfind) or

the last `or not items` condition levers out the previous authentication and
access control. that isn't that big secuity issue because in this case there
are no collection and items at all. but "bad" and anonymous users could gather
data and information which not destined for them.

this commit fixes and simplifies the if-clause.
2014-01-19 20:04:37 +01:00
Christoph Polcin
387e1fee76 Fix calendar/addressbook-home-set in PROPFIND response 2014-01-19 19:35:53 +01:00
Christoph Polcin
d09b16c5ad Fix principal-collection-set in PROPFIND response 2014-01-19 19:35:53 +01:00
Christoph Polcin
83db27303f Respond to all authenticated PROPFIND requests 2014-01-19 19:35:46 +01:00
François Schmidts
b9ff564c1f not only apache uses REMOTE_USER
removing the apache mention to make the config more "webserver agnostic"
2014-01-15 23:01:36 +01:00
François Schmidts
18ea7e4942 removing the user and password getting from main __call__ function 2014-01-15 22:40:33 +01:00
François Schmidts
34163c5020 making radicale support authenticated user from apache 2014-01-15 09:50:22 +01:00
Jonas Wielicki
d9df9a36e1 Fix issues if authentication is done by web server
This patch fixes `user` always being None if the authentication is
offloaded to the webserver, as it is suggested in the documentation.

For normal access, this is not a problem, but it becomes a problem if a
client wants to get the current-user-principal, for which the user name
is required.
2014-01-14 20:46:47 +01:00
Guillaume Ayoub
e2dbdd4d96 Merge pull request #97 from rngtng/fix-manifest
Fix wrong filename in Manifest
2014-01-13 04:43:19 -08:00
Tobias Bielohlawek
39efc3b781 fix wrong filename in Manifest 2014-01-10 20:32:22 +01:00
Christoph Polcin
2ddec14535 Fix principal URLs in PROPFIND response 2014-01-05 21:22:53 +01:00
Guillaume Ayoub
97efc1c86f Update NEWS 2013-12-30 13:54:14 +01:00
Guillaume Ayoub
a4a2c7e206 Merge pull request #93 from hovel/master
Custom handlers for auth and storage, simplified tests structure, added rights management backends
2013-12-30 04:45:49 -08:00
Sergey Fursov
1362976400 fixed default config 2013-12-29 18:30:53 +04:00
Sergey Fursov
1d0418594d Allow attach custom rights backend, small fix in default config file 2013-12-29 15:13:35 +04:00
Sergey Fursov
017df0ddcf Simplified tests structure 2013-12-28 14:40:29 +04:00
Sergey Fursov
3b0328ca1e Allow attach custom storage backend 2013-12-28 14:15:35 +04:00
Sergey Fursov
a91a7790c5 Allow attach custom auth handler 2013-12-28 13:31:32 +04:00
Sergey Fursov
dca10fa14e Different rights management backends
Initially only one backend - regular expressions based
2013-12-25 03:44:24 +04:00
Guillaume Ayoub
3ee47dd242 Update NEWS 2013-12-24 12:14:25 +01:00
Guillaume Ayoub
0e566e4c97 Merge branch 'apple' 2013-12-24 11:22:57 +01:00
Guillaume Ayoub
a7be59b9f7 Merge pull request #92 from cristen/master
Fix wrong syntax in config file and fix #58
2013-12-24 02:21:43 -08:00
Jean-Marc Martins
7ac971e022 Fix wrong syntax in config file and fix #58 2013-12-23 16:45:15 +01:00
Guillaume Ayoub
17dc3beadd Merge branch 'master' of github.com:Kozea/Radicale 2013-12-17 14:42:52 +01:00
Guillaume Ayoub
fae2b30ec4 Merge branch 'master' of git://github.com/cristen/Radicale into cristen-master
Conflicts:
	radicale/storage/database.py
	schema.sql
2013-12-17 14:42:20 +01:00
Jean-Marc Martins
56581a998a Fix database Fix bug #77 HELL YEAH ! 2013-12-17 14:35:55 +01:00
Guillaume Ayoub
8969dae12f Merge pull request #90 from cristen/master
Refs #87 Add ssl options
2013-12-13 06:22:16 -08:00
Jean-Marc Martins
f377bd1356 Fix ssl protocol 2013-12-13 15:17:30 +01:00
Guillaume Ayoub
f133b8a588 Add an example for multiple IP addresses in the configuration file 2013-12-13 14:56:03 +01:00
Jean-Marc Martins
d765544edd Add ssl protocol and ciphers in config 2013-12-13 14:31:09 +01:00
Guillaume Ayoub
a957ebf397 Fix schema again 2013-10-31 16:32:19 +01:00
Guillaume Ayoub
30e8d12001 Fix sql schema 2013-10-31 16:09:28 +01:00
Guillaume Ayoub
0c2c9c3a7e Store collection's parent in database (bug #77) 2013-10-31 16:07:37 +01:00
Guillaume Ayoub
a920518a26 Return an int for __hash__ 2013-10-31 14:05:15 +01:00
Guillaume Ayoub
ce8e86af63 Allow read-only access to .well-known/ca(l|rd)av (related to #32) 2013-10-31 13:57:37 +01:00
Guillaume Ayoub
92b3cf41bc Simple try/except import trick 2013-10-29 14:09:46 +01:00
Guillaume Ayoub
830774824e Merge pull request #75 from davidaurelio/master
Fix python 3 problems with default rights
2013-10-29 03:16:09 -07:00
Guillaume Ayoub
94a29992b7 Update NEWS 2013-10-29 10:56:10 +01:00
Guillaume Ayoub
9c59c089ef Remove useless comment 2013-10-29 10:41:23 +01:00
Guillaume Ayoub
337d2719be Cosmetics 2013-10-29 09:30:51 +01:00
Guillaume Ayoub
e5b578d219 Merge pull request #76 from 9m66p93w/hashing
Replace built-in hash function with hashlib.
2013-10-29 01:28:38 -07:00
9m66p93w
6bc745fe45 Replace built-in hash function with hashlib.
The built-in hash function returns inconsistent values in Python 3.
2013-10-27 22:55:01 -04:00
David Aurelio
fb784c28c4 Fix python 3 problem: 'str' does not support the buffer interface 2013-10-27 22:36:56 +01:00
Guillaume Ayoub
fe1cd1d44d Use collection URL instead of main folder as user's main URL (see #32) 2013-10-24 15:31:49 +02:00
Guillaume Ayoub
a617c4db26 Fix authentication with Python 3 (see #70) 2013-10-18 14:06:57 +02:00
Guillaume Ayoub
f253b23a67 Update NEWS 2013-10-01 13:05:39 +02:00
Guillaume Ayoub
659757f173 Style fixes 2013-10-01 13:04:24 +02:00
Guillaume Ayoub
7ce8caa913 Merge pull request #68 from shenek/master
PAM fixes
2013-10-01 04:02:36 -07:00
Štěpán Henek
7c03089601 Bugfix: auth PAM check for membership in primary and supplementary groups 2013-09-27 21:14:27 +02:00
Štěpán Henek
ee687bea18 Bugfix: auth PAM doesn't throw an exception when authenticating without username and password 2013-09-27 20:44:41 +02:00