Commit Graph

1775 Commits

Author SHA1 Message Date
Unrud
1bc53ec113 Merge pull request #610 from Unrud/emptypath
Preserve empty PATH_INFO from WSGI and strip base prefix from destination
2017-05-31 00:35:24 +02:00
Unrud
8536ffee44 Preserve empty PATH_INFO from WSGI and strip base prefix from destination 2017-05-30 22:58:57 +02:00
Unrud
0601b81aa7 Merge pull request #586 from Unrud/xmlrequestresponse
Improve handling of XML requests and responses
2017-05-30 09:28:05 +02:00
Unrud
11c5dfdb53 Improve handling of XML requests and responses
* Move parsing/serialization of XML requests/responses from ``xmlutils.py`` to ``__init__.py``.
  * Log XML requests/responses in pretty-printed form.
      * Previously only the responses were logged in readable form. This is useful for debugging.
      * The XML documents are only converted for pretty-printing if debugging is enabled (it's expensive)
  * Send XML responses in minimized form to clients.
  * Add **encoding** attribute to XML declaration in XML response.
  * Only decode XML requests once. (Previously they were decoded, encoded and decoded again.)
2017-05-30 09:15:51 +02:00
Unrud
f1a9cf7694 Allow already encoded answers 2017-05-30 09:02:37 +02:00
Unrud
bc49542a62 Merge pull request #587 from Unrud/testscapturelogging
Capture log messages during tests
2017-05-30 07:55:05 +02:00
Unrud
f2bfcfd406 Merge pull request #588 from Unrud/daemon
Daemon: Exit first process after server is ready
2017-05-30 07:50:44 +02:00
Unrud
9cd9ad9a02 Only register exit function if a PID file was created
The function only deletes the PID file.
2017-05-30 07:41:50 +02:00
Unrud
01ea0a3c40 Capture log messages during tests
The log messages help finding problems with failed tests.
2017-05-30 05:44:02 +02:00
Unrud
6762fc1cad Expand user on PID path 2017-05-30 05:10:07 +02:00
Unrud
fcccb3f7af Daemonize after creation of network sockets
The original process should exit after the server is ready.
See also https://www.freedesktop.org/software/systemd/man/daemon.html#SysV%20Daemons
2017-05-30 05:10:07 +02:00
Unrud
360e88f350 Write PID file in original process
This ensures that the PID is written, when the process exists.
2017-05-30 05:10:07 +02:00
Unrud
6ade44c773 Make relative PID path absolute
The daemon changes the current directory to root.
2017-05-30 05:10:07 +02:00
Unrud
65c53df5b3 Keep original exception when PID file creation fails 2017-05-30 05:10:07 +02:00
Unrud
79bcedd4bc Refactor: Extract daemonize function 2017-05-30 05:10:07 +02:00
Guillaume Ayoub
a94a3bc7c2 Version 2.0.0 2017-05-27 18:10:46 +02:00
Guillaume Ayoub
3e0c8cf285 Update copyright years 2017-05-27 17:28:07 +02:00
Guillaume Ayoub
d9b6750145 Merge branch 'master' of github.com:Kozea/radicale 2017-05-27 11:16:37 +02:00
Guillaume Ayoub
95ab6ee415 Add a news entry about 1.1.3 2017-05-27 11:15:57 +02:00
Guillaume Ayoub
1825c35bc7 Merge pull request #608 from Unrud/config_file
Fail if config file is not found
2017-05-26 11:08:12 +02:00
Guillaume Ayoub
e4af3fc3cd Merge pull request #604 from Unrud/config_logging_config
Disable logging config by default
2017-05-26 11:06:27 +02:00
Unrud
577d9317d2 Strip script name from path 2017-05-26 11:02:07 +02:00
Unrud
d2a17c36ae Fail if configuration is not found
If a configuration file is passed with a command line argument and the file is not found, Radicale shows a warning and continues with the default configuration.
There is no reason for doing this, Radicale should just fail.

Instead, this PR allows passing an empty string like ``--config ""``. Radicale will use the default configuration in this case, without trying to load the configuration from the common paths. Previously you had to do specify a path that doesn't exist like ``--config /does/not/exist``, which looks a bit ugly and showed a warning message.
2017-05-24 21:01:23 +02:00
Unrud
fed974e018 Disable logging config by default
Radicale always tries to load the system-wide configuration file. To turn this off, the logging-config option has to be added to all configuration files and command line arguments. It's easier to disable it by default and only add it once to the system-wide config file.
2017-05-24 17:03:48 +02:00
Guillaume Ayoub
22d364729b Use "&" instead of "+" to test booleans 2017-05-23 17:11:28 +02:00
Guillaume Ayoub
85e8336361 Add python_requires into setup.py 2017-05-23 17:02:41 +02:00
Guillaume Ayoub
5066e97c66 Always compare both login and password to avoid timing attacks
Related to #591.
2017-05-23 16:55:43 +02:00
Guillaume Ayoub
1b5bfee96c Merge pull request #600 from Unrud/auth
Test and fix auth module. Configurable delay. Improve logging.
2017-05-23 12:22:16 +02:00
Unrud
cf78a23856 Improve logging
Log failed login attempts more clearly and also log access violations of authenticated users.
2017-05-23 04:16:52 +02:00
Unrud
f2fb07fa84 Move authentication delay into __init__.py and add config
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
fb970246e0 Only query auth backend when a user is set 2017-05-23 04:07:32 +02:00
Unrud
c4537b1f5c Compare passwords and hashes in constant time (Fixes #591) 2017-05-23 04:07:32 +02:00
Unrud
fc309562da Repair SSHA method 2017-05-23 04:07:31 +02:00
Unrud
99bda37839 Repair auth tests, add tests for all methods and cross check
The auth tests were not doing anything because "Basic" was missing in the AUTHORIZATION header.
2017-05-23 04:07:31 +02:00
Guillaume Ayoub
2e8cd09c02 Merge pull request #581 from jre-wine/patch-1
Add git init to config hook example
2017-05-05 01:03:15 +02:00
jre
1c357a5636 Add git init to config hook example
The example code previously required to manually create a git repo first.
Above change automates this.
2017-04-22 17:40:29 +02:00
Guillaume Ayoub
dcb0638538 Version 2.0.0rc2 2017-04-19 14:10:02 +02:00
Guillaume Ayoub
059ba8dec1 Random timer to avoid timing oracles and simple bruteforce attacks
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
Guillaume Ayoub
78e0bfd449 Correctly initialize the logger in the WSGI and FastCGI scripts
Fix #574.
2017-04-15 18:11:47 +02:00
Guillaume Ayoub
7ad1f985a6 Use flup instead of flipflop to create the FastCGI application 2017-04-15 18:05:42 +02:00
Guillaume Ayoub
8293ca5c1c Fix a CLI help description 2017-04-15 16:03:51 +02:00
Guillaume Ayoub
7e2406c778 Version 2.0.0rc1 2017-04-15 15:51:05 +02:00
Guillaume Ayoub
864eb5931a Merge setup.cfg and pytest.ini, fix tests 2017-04-15 10:51:00 +02:00
Guillaume Ayoub
26d8214296 Merge pull request #566 from Unrud/cleanxmlutils
Some small fixes for xmlutils.py
2017-04-15 09:24:38 +02:00
Guillaume Ayoub
b173307f55 Merge pull request #570 from Unrud/patch-5
Fix permissions for REPORT request
2017-04-15 09:20:01 +02:00
Guillaume Ayoub
d74ee7b688 Merge pull request #553 from Kozea/config
Change default values for the config
2017-04-15 09:19:32 +02:00
Unrud
4f6d2e8b58 Only search for filter that are direct children 2017-03-18 04:59:27 +01:00
Unrud
a05cca563a Stop iterating when a component is found 2017-03-18 04:58:55 +01:00
Unrud
8a98f4861d Fix permissions for REPORT request
Only read access is required.
2017-03-13 08:22:14 +01:00
Unrud
c027b68b4f PROPFIND: return all supported report methods
addressbook-multiget, addressbook-query, calendar-multiget and calendar-query were missing.
sync-collection only works for leaf collections.
2017-03-10 22:30:44 +01:00