Guillaume Ayoub
41e319a8b8
Merge ical and storage modules
2016-04-10 02:08:07 +02:00
Guillaume Ayoub
73d39ea572
Use vobject
2016-04-10 01:36:45 +02:00
Guillaume Ayoub
b495bfa59f
Remove pathutils
2016-04-09 22:45:14 +02:00
Guillaume Ayoub
12ddd64884
Fix the management of paths
2016-04-09 22:44:34 +02:00
Guillaume Ayoub
7a0e267f19
Better collection discovery
2016-04-09 15:11:47 +02:00
Guillaume Ayoub
44ba2c36a7
Merge branch 'master' of https://github.com/hadleyrich/Radicale
2016-04-08 15:05:56 +02:00
Guillaume Ayoub
7e493f73cd
Remove backslash
2016-04-08 14:46:38 +02:00
Guillaume Ayoub
e2b6bc3008
Remove old workaround
2016-04-08 14:46:17 +02:00
Guillaume Ayoub
54dee0c7c4
Clean tests
2016-04-07 19:25:10 +02:00
Guillaume Ayoub
595e2329ea
Don't create collections on GET requests
2016-04-07 19:03:27 +02:00
Guillaume Ayoub
1001bcb676
Remove extra auth, rights and storage modules
2016-04-07 19:02:52 +02:00
Guillaume Ayoub
434cb533e9
Remove Python 2 support
2016-03-31 19:57:40 +02:00
Guillaume Ayoub
fa4eaef08e
Merge pull request #353 from Unrud/patch-7
...
Integrated server without busy waiting
2016-03-31 19:24:43 +02:00
Guillaume Ayoub
f27ed8e6ff
Merge pull request #363 from igogold/readonly-collections
...
Fix privilege set for read only collection
2016-03-31 19:23:47 +02:00
Guillaume Ayoub
2ea35a2fc3
Merge pull request #209 from vuntz/no-autocreate-multifilesystem
...
Do not autocreate .props files for multifilesystem backend
2016-03-10 18:48:29 +01:00
igogold
aa04aa04b7
Fix privilege set for read only collection
2016-03-04 11:05:13 +05:00
Unrud
bbe71c1ad1
Integrated server without threads and busy waiting
2016-01-27 07:17:38 +01:00
Guillaume Ayoub
3a4184d1ab
Merge pull request #351 from Unrud/patch-6
...
Quick fix for multifilesystem
2016-01-15 10:54:47 +01:00
Guillaume Ayoub
060d265129
Merge branch 'master' of github.com:Kozea/radicale
2016-01-15 10:51:24 +01:00
Guillaume Ayoub
9a2668e425
Fix the Collection._parse docstring
2016-01-15 10:50:36 +01:00
Unrud
a55cff8eb6
Also remove items from the collections itself
2016-01-15 01:13:18 +01:00
Unrud
5081fcbcd1
Use component names to filter duplicates
2016-01-15 01:09:43 +01:00
Unrud
6be7dab03f
Correct function name
2016-01-14 23:07:53 +01:00
Guillaume Ayoub
f8b068e9fe
Version 1.1.1
2016-01-07 23:31:19 +01:00
Guillaume Ayoub
83304c1378
Stupid me, that was PEP 20 (fix 347 for Python 2 too)
2016-01-06 21:44:20 +01:00
Guillaume Ayoub
620d9f8316
Readability counts - PEP8™ ( fix #347 )
2016-01-06 20:19:12 +01:00
Guillaume Ayoub
e47b50421e
Version 1.1
2015-12-31 12:51:23 +01:00
Guillaume Ayoub
e7ce00d54f
Style
2015-12-31 12:49:41 +01:00
Guillaume Ayoub
b484d42547
Merge pull request #335 from Kozea/permissions
...
Use the first matching section for getting rights
2015-12-31 11:30:29 +01:00
Guillaume Ayoub
20960bee84
Merge pull request #339 from Unrud/patch-2
...
Improve daemonization
2015-12-24 16:00:39 +01:00
Unrud
eed37792ae
Convert filesystem paths safely to paths
...
This only becomes a problem if the OS/filesystem
allows / in filenames or . respectively
.. as filenames.
2015-12-24 14:39:29 +01:00
Unrud
bcaf452e51
Convert component names safely to filenames
...
Component names are controlled by the user and
without this checks access to arbitrary files is
possible if the multifilesystem backend is used.
2015-12-24 14:39:29 +01:00
Unrud
b4b3d51f33
Convert paths safely to file system paths
...
With the old implementation on Windows a path like
"/c:/file/ignore" got converted to "c:\file" and
allowed access to files outside of FOLDER
2015-12-24 14:39:29 +01:00
Unrud
6b7e79a368
Use sanitize_path instead of normpath
...
See a7b47f075499a1e1b40539bc1fa872a3ab77a204
The check for "." is now needless because the sane
path is always absolute.
```path.replace(os.sep, "/")``` is only relevant
for the (multi)filesystem backend and should be
there.
2015-12-24 14:39:24 +01:00
Unrud
1ad994cadf
Move sanitize_path into pathutils.py
2015-12-24 14:39:15 +01:00
Unrud
ed44830447
Error message if path not starting with prefix
...
Before the program crashed implicitly
2015-12-24 14:32:21 +01:00
Unrud
780cecc0f2
Always sanitize request URI
...
Do no rely on the HTTP server
2015-12-24 14:32:21 +01:00
Unrud
ee095a463d
Improve URI sanitation
...
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
2015-12-24 14:32:21 +01:00
Unrud
592537e37c
Introduce naming scheme for request handlers
...
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
2015-12-24 07:22:55 +01:00
Unrud
4bfe7c9f79
Prevent "regex injection"
...
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
2015-12-23 07:05:20 +01:00
Unrud
7cb31fe22b
Improve regex for Well-Known URIs
...
Example to show the problem:
/Xwell-known/carddavXX
2015-12-22 12:44:19 +01:00
Unrud
367ca6fcbf
Replace standard file descriptors of daemon
...
Overwriting ```sys.stdout``` and ```sys.stderr``` is not sufficient.
(e.g. the logger still uses the old file descriptors)
2015-12-22 08:50:16 +01:00
Unrud
ecb8ad747e
Decouple the daemon from its parent environment
2015-12-22 08:50:16 +01:00
Unrud
3a9238f670
Check and create PID file in a race-free manner
2015-12-22 08:50:16 +01:00
Unrud
0a09804821
Close PID file
2015-12-22 08:49:58 +01:00
Unrud
80ecae40cb
Assign new items to correct key
2015-12-10 09:46:38 +01:00
Guillaume Ayoub
e807c3d35b
Use the first matching section for getting rights
2015-12-03 15:22:12 +01:00
Guillaume Ayoub
7b82121c12
Encode message and committer for git commits ( fix #313 )
2015-09-22 11:01:33 +02:00
Guillaume Ayoub
6babebd315
Version 1.0.1
2015-09-21 12:14:51 +02:00
Guillaume Ayoub
377762e23c
Version 1.0
2015-09-14 11:49:34 +02:00
Guillaume Ayoub
f112a9b390
Merge pull request #305 from untitaker/database-props
...
Don't discard PROPPATCH on empty collections.
2015-08-28 11:26:10 +02:00
Markus Unterwaditzer
57b1ccdea5
Fix crash on empty values
2015-08-21 20:11:44 +02:00
Markus Unterwaditzer
213cb40480
Don't discard PROPPATCH on empty collections.
2015-08-21 20:08:56 +02:00
Markus Unterwaditzer
d300949fe8
Improve errorhandling in multifilesystem
...
If the collection doesn't exist yet, OSError(2, 'No such file or
directory') is raised.
https://travis-ci.org/untitaker/vdirsyncer/jobs/42540595
2015-08-21 16:17:00 +02:00
Guillaume Ayoub
ce9fd74d98
Merge pull request #260 from deronnax/not_found_instead_of_gone
...
change GET response from GONE to NOT FOUND when item is not found
2015-08-21 15:34:59 +02:00
Stephen Paul Weber
2de4f53fc3
Use PAM service
...
This allows authentication types to be customised for radicale.
2015-08-11 16:46:46 -05:00
Guillaume Ayoub
b4438d25f7
Cosmetics in htpasswd
2015-07-29 14:00:49 +02:00
Jan-Philip Gehrcke
3abbdcf671
htpasswd.py: add optional MD5-APR1 and BCRYPT support via passlib.
...
- Update docstring for optional MD5-APR1/BCRYPT support via passlib.
- Support the "md5" and "bcrypt" htpasswd_encryption config values.
- Conditionally import the required passlib components if either
"md5" or "bcrypt" is requested in the configuration file.
- Test bcrypt backend availability upon import.
- First define verification functions, then conditionally import
external dependencies.
- Consolidate: use context manager for reading credential file.
- Consolidate: save one call to strip() while parsing.
- Consolidate: break long lines, clarify comments and docstrings.
- Consolidate: use verification function mapping for improving maintainability.
2015-07-29 13:12:18 +02:00
Guillaume Ayoub
22a356bd06
Merge branch 'master' of github.com:Kozea/radicale
2015-07-24 16:01:38 +02:00
Guillaume Ayoub
8604593512
Fix many tests and database storage
2015-07-24 16:01:03 +02:00
Hadley Rich
54d71355d1
Change xmlutils propfind to return readonly calendars
2015-06-04 11:23:01 +12:00
Liam
ba5d38d09b
Fix typo
2015-05-15 13:47:44 +01:00
Matthew Monaco
bf96d4a1fa
Use path for git commit message
...
The hard-coded message isn't very helpful, and that info is shown by the
author when looking at single line logs.
2015-05-04 13:33:52 -06:00
Guillaume Ayoub
ced7e76ba0
Small style fixes
2015-05-01 10:31:25 +02:00
Guillaume Ayoub
675f9d1f87
Merge pull request #255 from jspricke/fix_FutureWarning
...
Fix FutureWarning, explicitly test prop_element for None
2015-05-01 10:22:38 +02:00
Guillaume Ayoub
4cbabd2840
Merge pull request #259 from untitaker/issue258
...
Fully fix #258
2015-04-29 19:13:25 +02:00
Guillaume Ayoub
c249e080af
Merge pull request #273 from untitaker/issue117
...
Fix another instance of #117
2015-04-29 19:09:38 +02:00
Guillaume Ayoub
a0fc07a894
Allow content-types with ';' in charset, fix #279
2015-04-29 19:08:20 +02:00
Guillaume Ayoub
e69bec1272
Don't rely on case-sensitive imports, fix #282
...
We should burn PEP 235, bicameral scripts, encodings, Python2/3 compatibility,
Windows, MacOS X, filenames, unicode (including composite characters), and the
whole world. And LF/CR too, of course.
Let's recreate a language relying on only two characters. Anyone interested?
2015-04-29 18:55:56 +02:00
Markus Unterwaditzer
baa958c81f
Fix compatibility for PAM auth
...
PR #280 invoked `pam.authenticate().authenticate()` for older versions
of python-pam. Also, this version avoids monkeypatching the PAM module.
2015-04-25 11:14:04 +02:00
Jeremy Archer
dd01087520
Add compatibility patch for .authenticate().
...
Current version of python-pam (https://pypi.python.org/pypi/python-pam/1.8.1 ) have changed the API slightly; this patch fixes these bugs.
2015-04-19 22:41:58 -05:00
Markus Unterwaditzer
78e203a2b9
Fix another instance of #117
2015-03-22 12:25:54 +01:00
deronnax
5b8333c2b0
change GET response from GONE to NOT FOUND when item is not found
2015-02-09 11:03:06 +01:00
Markus Unterwaditzer
1126f318af
Fully fix #258
...
If I do REPORT requests, the following line would raise a KeyError:
items = [collection.items[name]]
Wrapping it with a try-except block obviously fixes that issue.
At least for REPORT requests, Radicale now also returns proper HTTP
status codes when items or just its properties couldn't be found.
2015-02-08 17:52:55 +01:00
Guillaume Ayoub
a7700f9805
Don't crash when getting unknown events ( fix #258 )
2015-02-08 17:11:29 +01:00
Guillaume Ayoub
2c4b335fad
Clean the ical API
2015-02-07 17:26:20 +01:00
Guillaume Ayoub
46628b7a19
Add missing blank line
2015-02-07 16:06:41 +01:00
Guillaume Ayoub
99575d69ca
Clean some ical methods
2015-02-07 15:39:57 +01:00
deronnax
fbbbaae646
indexed items storage
...
Conflicts:
radicale/storage/filesystem.py
2015-02-07 14:23:51 +01:00
deronnax
240125aca7
don't pick timezones when asking for contacts
2015-02-07 14:11:43 +01:00
deronnax
0456d166cc
simpler and faster unfold function
2015-02-07 14:11:18 +01:00
Jochen Sprickerhof
c43b473c4a
Fix FutureWarning, explicitly test prop_element for None
2015-01-23 14:41:41 +01:00
Guillaume Ayoub
727b686089
Merge branch 'master' of github.com:Kozea/radicale
2015-01-12 18:43:07 +01:00
Guillaume Ayoub
7135367640
Version 0.10
2015-01-12 18:40:42 +01:00
Guillaume Ayoub
7772d11565
Merge pull request #202 from muggenhor/less-verbose-imap-ssl-warn
...
IMAP: don't spam the logs about non-SSL connections to localhost
2015-01-12 18:30:43 +01:00
Guillaume Ayoub
abb1de883b
Allow PUT requests to change the whole calendar (see #250 )
2015-01-05 15:45:24 +01:00
Guillaume Ayoub
6e715912f6
Handle headers other than PRODID and VERSION ( fix #250 )
2015-01-05 12:32:22 +01:00
Guillaume Ayoub
f2fc02501c
Merge pull request #226 from meyerd/master
...
Only iterate props in REPORT request if they are there
2014-12-14 16:50:22 +01:00
Felix Lange
20b1a29149
fix color support
...
5f2245c35f
introduced an additional alias for the
http://apple.com/ns/ical namespace. this can cause problems.
2014-11-11 21:26:29 +01:00
Marc Kleine-Budde
13c61bf936
auth/htpasswd: add support for salted sha1 passwords
...
This patch adds support for salted sha1 passwords.
2014-11-09 01:00:23 +01:00
Guillaume Ayoub
ea97c014b7
Don't crash because of missing SIGHUP on Windows
...
Fix #229 .
2014-11-03 11:21:12 +01:00
Dominik
b561d1428b
only iterate props in REPORT request if they are there
2014-10-25 20:28:50 +02:00
Guillaume Ayoub
c932ba230e
Fix Python 3 compatibility
2014-10-22 16:28:08 +02:00
Guillaume Ayoub
33bee79f73
Merge pull request #191 from bouttier/reload-logger-config
...
Reload logger config on SIGHUP
2014-10-22 14:17:23 +02:00
Guillaume Ayoub
1c4c41ad0e
Merge pull request #211 from vuntz/delete-multifilesystem
...
Remove props file when deleting a collection with multifilesystem
2014-10-22 14:15:02 +02:00
Guillaume Ayoub
1f9c568720
Don't recreate the regular expression for each request
2014-10-22 11:32:25 +02:00
Guillaume Ayoub
2cf34a0d67
Cosmetic changes
2014-10-21 13:13:16 +02:00
Guillaume Ayoub
4e59d734a1
Merge pull request #225 from deronnax/well-known
...
Support "well known" URLs
2014-10-21 13:03:18 +02:00
deronnax
8ec00f08df
throw 401 in case of failed variable substition for .well-known url
2014-10-21 12:30:14 +02:00
deronnax
f846f107e6
now with regex
2014-10-21 11:57:42 +02:00