tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,805 Commits 2 Branches 0 Tags 3 MiB
5371be2b39
Commit Graph

1805 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Guillaume Ayoub
e95d187cbc Merge pull request #509 from Unrud/patch-2 
Set password to empty string instead of None
 2016-09-07 16:08:37 +02:00
Guillaume Ayoub
dc94a5a4b7 Merge pull request #510 from Unrud/log 
Improve formatting of log messages
 2016-09-07 16:08:11 +02:00
Unrud
f7435814fc Repair hreferences in REPORT response 
They were not extended with base_prefix.
 2016-09-06 16:53:20 +02:00
Unrud
eb4b513d63 Quote hreferences 
RFC 4918 states that they are URIs and RFC 3986 says that URIs must always be in percent-encoded form.
 2016-09-06 16:53:20 +02:00
Unrud
83046c80c4 Let reverse proxies overwrite script name 
Reverse proxies can overwrite the script name with the HTTP header field X-Script-Name.
 2016-09-06 16:53:14 +02:00
Unrud
90486f33a5 Log invalid URLs in XML requests 
Before the requests either failed or the invalid hreference was silently dropped.
 2016-09-04 22:28:01 +02:00
Unrud
d5b8ddd71c Check that name is valid in name_from_path 
Before it was possible craft XML requests, so that the storage backend got requests with invalid hrefs.
 2016-09-04 22:28:01 +02:00
Unrud
139076faee Sanitize URLs from XML requests 2016-09-04 22:27:59 +02:00
Unrud
13d652b094 Remove unnecessary module prefix 2016-09-04 22:26:46 +02:00
Unrud
664fa71278 Don't double unquote request URL 
"%2525" was transformed to "%" instead of "%25".
 2016-09-04 22:26:46 +02:00
Unrud
dbaf58dbfe Remove base_prefix and use SCRIPT_NAME instead 
This conforms with the WSGI reference (PEP 333)
 2016-09-04 22:26:40 +02:00
Unrud
03fbb1e68e Don't strip {} in get method 
If someone uploads a file that starts or ends with the chars {}, all REPORT requests on that collection will fail and it's impossible to delete the file.
 2016-09-04 13:35:44 +02:00
Unrud
6df54bf88a Log name of faulty component 
If vobject can't parse a component it raises an exception, but the filename of that component is missing in the logs.
 2016-09-04 13:23:01 +02:00
Unrud
5ccfe16372 Remove Collection.has 
It's the same as BaseCollection.has
 2016-09-04 13:21:57 +02:00
Unrud
de09f6689a Only relevant files for last_modified calculation 
Leftovers from failed transactions etc. should not change that property.
 2016-09-04 13:16:42 +02:00
Unrud
cd9f789294 Name variables for files f 
fd sounds more like file descriptions.
prop doesn't sound like a file at all.
 2016-09-04 13:14:51 +02:00
Unrud
f5650df5f7 Remove checks for existence of collection 
They are unnecessary since the discover methods stopped returning collections that actually don't exist.
 2016-09-04 13:13:35 +02:00
Unrud
e7d8b4816c Duplicate code: Use list and get methods 2016-09-04 13:12:55 +02:00
Unrud
5dbf9df876 Add missing checks for safe fileystem components 
Currently it's not possible to exploit these.
 2016-09-04 13:09:10 +02:00
Unrud
dc501d5dc5 Refactor/Duplicate code: Extract _fsync method 2016-09-04 13:08:12 +02:00
Unrud
77e9ca1252 Remove EtagMismatchError 
Etags are not checked in storage anymore and this is unused.
 2016-09-04 13:06:09 +02:00
Unrud
a12ef69129 Secure is_safe_filesystem_path_component 
On Windows 1/2 would be a safe filesystem path component, but it's not safe to pass it to path_to_filesystem.
Currently only the get method can be called with a href like that and it checked for that.
This just moves the check into the is_safe_filesystem_path_component function.
 2016-09-04 12:55:28 +02:00
Unrud
a4a6a62643 Duplicate code: Use is_safe_path_component 2016-09-04 12:53:07 +02:00
Unrud
8d5f2ded42 Describe encoding of Etag 2016-09-04 12:52:29 +02:00
Unrud
d371179487 thread and level in simple log formatter 
The log messages are a mess without any allocation to threads.
 2016-09-04 11:47:27 +02:00
Unrud
26e58cee56 Use hexadecimal for thread 
Old: ... - 139891659843328 - INFO: Starting Radicale
New: ... - [7f3b10b12700] INFO: Starting Radicale
 2016-09-04 11:43:35 +02:00
Unrud
fe5daf801a Set password to empty string instead of None 
Prevent exception in auth module.
 2016-09-03 10:01:52 +02:00
Guillaume Ayoub
b85fc5bed6 Merge pull request #507 from Unrud/auth 
Repair and test authentication
 2016-09-02 18:36:31 +02:00
Guillaume Ayoub
ae2c447dca Merge pull request #508 from Unrud/testheader 
Test custom header
 2016-09-02 16:05:55 +02:00
Unrud
9e27d4e2a8 Emulate fullmatch with match 
re.fullmatch was introduced in Python 3.4
 2016-09-02 15:06:32 +02:00
Unrud
b25a601e28 Test custom header 2016-09-02 14:52:45 +02:00
Unrud
11df2f1184 Test authentication 
Test for 2a9f37defb
 2016-09-02 14:42:22 +02:00
Unrud
2a9f37defb Repair authentication 2016-09-02 14:41:31 +02:00
Guillaume Ayoub
88d558f9fa Remove useless nested tuples 2016-09-02 11:05:35 +02:00
Guillaume Ayoub
68e1e9dfb2 Don't use mutables in constants or parameters 2016-09-02 11:04:29 +02:00
Guillaume Ayoub
e6433ec970 Merge pull request #506 from Unrud/patch-1 
Move encoding of answer into response function
 2016-09-02 10:58:45 +02:00
Unrud
20b1480399 Make copy of headers before mutating 2016-09-02 04:23:47 +02:00
Unrud
f7e995f9f6 Move encoding of answer into response function 
Fix #505
 2016-09-02 04:10:11 +02:00
Guillaume Ayoub
085c6fcbeb Merge pull request #503 from Unrud/tests2 
Test REPORT on an item and authorization
 2016-09-01 09:43:51 +02:00
Unrud
3df367aad2 Test REPORT on item 
Test for 90e4655a44
 2016-09-01 06:17:18 +02:00
Unrud
9d2743d797 Test authorization 2016-09-01 06:15:31 +02:00
Guillaume Ayoub
e25373fa85 Merge pull request #501 from Unrud/httperrors 
HTTP error messages
 2016-08-31 14:49:19 +02:00
Guillaume Ayoub
8d92b371e4 Merge pull request #502 from Unrud/patch-40 
Plain text for GET / instead of malformed HTML
 2016-08-31 14:42:59 +02:00
Guillaume Ayoub
db681da08e Merge pull request #500 from Unrud/loginuser 
Map logins to internal users in Auth module
 2016-08-31 14:40:08 +02:00
Unrud
f875bcd892 Plain text for GET / instead of malformed HTML 
It's basically the same in browsers and looks nicer in tools that don't support HTML rendering (like curl).
 2016-08-31 02:01:18 +02:00
Unrud
ff2b8f6e5c Use NOT_FOUND instead of GONE 
Thunderbird doesn't recognize the status code correctly and shows an synchronization error.
 2016-08-31 01:54:31 +02:00
Unrud
1ea9b1dca9 Return error for GET requests on directories 
Radicale doesn't support directory listings.
 2016-08-31 00:45:14 +02:00
Unrud
4ac2e68f5c Add HTTP error messages 
Browsers just show a blank page if an error occurs. You have to open the developer tools to see the HTTP status code. E.g. a user wants to download a calendar in the browser and the URL is wrong.

Some tools like curl don't show any indication of an error.
 2016-08-31 00:41:08 +02:00
Unrud
689e5c9dd5 Map logins to internal users in Auth module 
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
 2016-08-30 23:13:33 +02:00
Guillaume Ayoub
5f46cc24bd Merge pull request #497 from Unrud/patch-38 
Add thread id to log
 2016-08-30 19:16:54 +02:00