Commit Graph

1733 Commits

Author SHA1 Message Date
Unrud
066b5994d1 Improve rights checking and request handlers
* Access rights are checked before the storage is locked and
    collections are loaded.
  * DELETE sends 410 instead of doing nothing or crashing if the target
    doesn't exist.
  * GET always returns 404 if the target doesn't exist.
  * GET doesn't crash if a collection without tag property is requested.
  * MKCOL and MKCALENDAR send 409 if the target already exists.
  * MOVE checks if the target collection of an item actually exists and
    sends 409 otherwise.
  * PUT doesn't crash if a whole collection that doesn't exist yet is
    uploaded and ``content-type`` is ``text/vcard`` or
    ``text/calendar``.
  * PUT distinguishes between simple items and whole collections by the
    following criteria: Target is a collection; Parent exists; Parent
    has the tag property set; Parent contains other items. Before only
    the first two criteria where used, which was very unrelieable. #384
  * PROPPATCH is only allowed on collections and 409 is send otherwise.
  * ``Rights.authorized`` takes a path instead of a collection.
  * ``Collection.discover`` only returns items in ``path``, that
    actually exist. #442
2016-08-04 06:08:08 +02:00
Unrud
ae89082c24 Atomic creation of collections 2016-08-03 15:50:55 +02:00
Unrud
e34d1c46cd Move collections into collection-root folder
This is required for atomic creation and deletion of the "/" collection.
2016-08-03 15:50:38 +02:00
Unrud
bd7641699e Atomic PROPPATCH 2016-08-03 14:45:52 +02:00
Unrud
de510148a0 *args and **kwargs for test collection 2016-08-03 14:35:50 +02:00
Unrud
0fc7f787a8 Remove test_folder configuration
It's not used.
2016-08-03 14:34:36 +02:00
Guillaume Ayoub
b71664b322 Return UNAUTHORIZED for NOT_FOUND PROPFINDs 2016-08-02 17:24:04 +02:00
Guillaume Ayoub
76b859c28e Rename .collection.props into .Radicale.props 2016-08-02 16:58:44 +02:00
Guillaume Ayoub
2f202d14e0 Fix .collection.props 2016-08-02 16:57:20 +02:00
Guillaume Ayoub
5b04ba18a8 Hide collection.props 2016-08-02 16:51:50 +02:00
Guillaume Ayoub
da22778ce3 Merge pull request #456 from Unrud/props
Properties inside of collection
2016-08-02 16:50:23 +02:00
Unrud
13c693ba35 Properties inside of collection
* Creation and deletion of collections can be atomic.
  * The properties file of the root collection is not outside of the
    filesystem_folder.
  * It's easier to delete and move collections by hand.
  * This breaks backward compatibility.
2016-08-02 16:35:38 +02:00
Guillaume Ayoub
1ffc171f35 Always return collections home sets 2016-08-02 16:27:18 +02:00
Guillaume Ayoub
5ed60ce09d Always return current-user-principal 2016-08-02 15:43:31 +02:00
Guillaume Ayoub
3e52f34309 Remove pylint 2016-08-02 14:39:20 +02:00
Guillaume Ayoub
301bb552d7 Cosmetics 2016-08-02 14:37:39 +02:00
Guillaume Ayoub
d322d3f394 Clean the user's collection creation code 2016-08-02 14:00:42 +02:00
Guillaume Ayoub
04010ff8d3 Merge pull request #455 from Unrud/home
Creating addressbooks and calendars in DAVdroid
2016-08-02 13:51:29 +02:00
Guillaume Ayoub
71be1a56b8 Change find_available_file_name into private method 2016-08-02 12:11:38 +02:00
Guillaume Ayoub
a7f078eb54 Change find_available_file_name into a method 2016-08-02 11:16:24 +02:00
Guillaume Ayoub
880744ada7 Merge pull request #454 from Unrud/uniq
Check if file name already exists
2016-08-02 11:12:30 +02:00
Unrud
81b04890f1 Create principal collection automatically 2016-08-02 08:04:12 +02:00
Unrud
39d38f36a5 Check if file name already exists
The chances are pretty low but maybe the RNG is bad or something
2016-08-02 07:33:47 +02:00
Unrud
d5008672c5 Principal associated properties only on principal collections
This misguides DAVdroid into creating new calendars and addressbooks in /
2016-08-01 20:48:57 +02:00
Unrud
03cbcee5cd / is not a principal 2016-08-01 20:46:57 +02:00
Unrud
7aa481aaa1 Return / for principal-collection-set
From RFC3744: This protected property of a resource contains a set of URLs that identify the root collections that contain the principals that are available on the server that implements this resource.
2016-08-01 20:44:04 +02:00
Unrud
8f91190949 Remove duplicate code 2016-08-01 20:42:03 +02:00
Guillaume Ayoub
6b30870be5 Minor cleanups
Everything works fine with Apple clients now.
2016-08-01 19:00:57 +02:00
Guillaume Ayoub
b517818749 Don't reject everybody from "/" with owner_only
Fix 407.
2016-08-01 18:59:47 +02:00
Guillaume Ayoub
6bfdcbafec Cosmetics 2016-08-01 12:50:51 +02:00
Guillaume Ayoub
711ecf5df2 Merge pull request #451 from Unrud/removewellknown
Remove /.well-known
2016-08-01 12:20:55 +02:00
Guillaume Ayoub
9d3086427d Merge pull request #450 from Unrud/safeusernames
Prevent unsafe usernames
2016-08-01 12:14:40 +02:00
Guillaume Ayoub
605e21494d Merge pull request #452 from Unrud/regex
Always match full username/collection with regex
2016-08-01 12:12:36 +02:00
Guillaume Ayoub
8052032a13 Try to fix Travis again 2016-08-01 11:57:19 +02:00
Guillaume Ayoub
8f850f2c08 Revert "Use only one job for flake8"
This reverts commit f4ebe3f545.
2016-08-01 11:56:22 +02:00
Unrud
9dd8c65d65 Always match full username/collection with regex
It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not.
2016-08-01 10:07:21 +02:00
Unrud
fd977891e8 Remove /.well-known
I can't think of a sane use-case for this.
2016-08-01 09:31:25 +02:00
Unrud
da1a693620 Prevent unsafe usernames
If an attacker is able to create an account with a username like "user/calendar.ics", he can access collections of other users.
2016-08-01 09:10:23 +02:00
Guillaume Ayoub
f4ebe3f545 Use only one job for flake8
See https://gitlab.com/pycqa/flake8/issues/164
2016-07-30 18:00:32 +02:00
Guillaume Ayoub
b3d8833779 Normalize the version number 2016-07-30 16:43:29 +02:00
Guillaume Ayoub
dc406c17fd Merge pull request #425 from Unrud/patch-19
Don't silently drop files
2016-07-30 15:28:35 +02:00
Guillaume Ayoub
62588477f6 Merge pull request #429 from Unrud/hook
Add hook for storage changes
2016-07-30 15:26:17 +02:00
Guillaume Ayoub
0a2d12a4a3 Merge pull request #445 from Unrud/patch-24
Point well-known to /
2016-07-30 15:25:01 +02:00
Guillaume Ayoub
3430efc563 Merge pull request #444 from Unrud/patch-23
Hide temporary files
2016-07-14 11:06:23 +02:00
Unrud
0306ee6dcc Point well-known to /
Fixes #431
2016-07-14 10:13:20 +02:00
Unrud
21d7d5a453 Hide temporary files
Fixes #443
2016-07-14 09:09:10 +02:00
Unrud
0a32e46295 Improve error message 2016-07-14 08:08:08 +02:00
Unrud
e3d7d08eab Don't silently drop files 2016-07-14 08:08:08 +02:00
Unrud
0263251ecf Add hook for storage changes 2016-07-14 07:57:46 +02:00
Guillaume Ayoub
ef63865e31 Merge pull request #428 from Unrud/patch-22
Add timeout to connections, limit size of request body and limit number of parallel connections
2016-07-14 02:06:24 +02:00