Unrud
|
577d9317d2
|
Strip script name from path
|
2017-05-26 11:02:07 +02:00 |
|
Guillaume Ayoub
|
22d364729b
|
Use "&" instead of "+" to test booleans
|
2017-05-23 17:11:28 +02:00 |
|
Guillaume Ayoub
|
85e8336361
|
Add python_requires into setup.py
|
2017-05-23 17:02:41 +02:00 |
|
Guillaume Ayoub
|
5066e97c66
|
Always compare both login and password to avoid timing attacks
Related to #591.
|
2017-05-23 16:55:43 +02:00 |
|
Guillaume Ayoub
|
1b5bfee96c
|
Merge pull request #600 from Unrud/auth
Test and fix auth module. Configurable delay. Improve logging.
|
2017-05-23 12:22:16 +02:00 |
|
Unrud
|
cf78a23856
|
Improve logging
Log failed login attempts more clearly and also log access violations of authenticated users.
|
2017-05-23 04:16:52 +02:00 |
|
Unrud
|
f2fb07fa84
|
Move authentication delay into __init__.py and add config
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
|
2017-05-23 04:07:32 +02:00 |
|
Unrud
|
fb970246e0
|
Only query auth backend when a user is set
|
2017-05-23 04:07:32 +02:00 |
|
Unrud
|
c4537b1f5c
|
Compare passwords and hashes in constant time (Fixes #591)
|
2017-05-23 04:07:32 +02:00 |
|
Unrud
|
fc309562da
|
Repair SSHA method
|
2017-05-23 04:07:31 +02:00 |
|
Unrud
|
99bda37839
|
Repair auth tests, add tests for all methods and cross check
The auth tests were not doing anything because "Basic" was missing in the AUTHORIZATION header.
|
2017-05-23 04:07:31 +02:00 |
|
Guillaume Ayoub
|
2e8cd09c02
|
Merge pull request #581 from jre-wine/patch-1
Add git init to config hook example
|
2017-05-05 01:03:15 +02:00 |
|
jre
|
1c357a5636
|
Add git init to config hook example
The example code previously required to manually create a git repo first.
Above change automates this.
|
2017-04-22 17:40:29 +02:00 |
|
Guillaume Ayoub
|
dcb0638538
|
Version 2.0.0rc2
|
2017-04-19 14:10:02 +02:00 |
|
Guillaume Ayoub
|
059ba8dec1
|
Random timer to avoid timing oracles and simple bruteforce attacks
Important note: this is a security fix.
|
2017-04-19 13:48:30 +02:00 |
|
Guillaume Ayoub
|
78e0bfd449
|
Correctly initialize the logger in the WSGI and FastCGI scripts
Fix #574.
|
2017-04-15 18:11:47 +02:00 |
|
Guillaume Ayoub
|
7ad1f985a6
|
Use flup instead of flipflop to create the FastCGI application
|
2017-04-15 18:05:42 +02:00 |
|
Guillaume Ayoub
|
8293ca5c1c
|
Fix a CLI help description
|
2017-04-15 16:03:51 +02:00 |
|
Guillaume Ayoub
|
7e2406c778
|
Version 2.0.0rc1
|
2017-04-15 15:51:05 +02:00 |
|
Guillaume Ayoub
|
864eb5931a
|
Merge setup.cfg and pytest.ini, fix tests
|
2017-04-15 10:51:00 +02:00 |
|
Guillaume Ayoub
|
26d8214296
|
Merge pull request #566 from Unrud/cleanxmlutils
Some small fixes for xmlutils.py
|
2017-04-15 09:24:38 +02:00 |
|
Guillaume Ayoub
|
b173307f55
|
Merge pull request #570 from Unrud/patch-5
Fix permissions for REPORT request
|
2017-04-15 09:20:01 +02:00 |
|
Guillaume Ayoub
|
d74ee7b688
|
Merge pull request #553 from Kozea/config
Change default values for the config
|
2017-04-15 09:19:32 +02:00 |
|
Unrud
|
4f6d2e8b58
|
Only search for filter that are direct children
|
2017-03-18 04:59:27 +01:00 |
|
Unrud
|
a05cca563a
|
Stop iterating when a component is found
|
2017-03-18 04:58:55 +01:00 |
|
Unrud
|
8a98f4861d
|
Fix permissions for REPORT request
Only read access is required.
|
2017-03-13 08:22:14 +01:00 |
|
Unrud
|
c027b68b4f
|
PROPFIND: return all supported report methods
addressbook-multiget, addressbook-query, calendar-multiget and calendar-query were missing.
sync-collection only works for leaf collections.
|
2017-03-10 22:30:44 +01:00 |
|
Unrud
|
53a7e15833
|
Return empty result for unsupported report methods
|
2017-03-10 22:19:10 +01:00 |
|
Unrud
|
2f67da5750
|
Remove unnecessary conditions
|
2017-03-10 22:16:46 +01:00 |
|
Unrud
|
a7f12b5fac
|
PROPFIND: only one privilege per privilege element
Before: <privilege><read /><write /></privilege>
After: <privilege><read /></privilege><privilege><write /></privilege>
|
2017-03-10 22:14:13 +01:00 |
|
Guillaume Ayoub
|
c1f0e66232
|
Merge pull request #564 from Unrud/logserver
Use logger for WSGIServer
|
2017-03-10 14:54:12 +01:00 |
|
Unrud
|
7d687205bd
|
Use logger for WSGIServer
Log exception from the WSGIServer. Exceptions from socket timeouts are currently written to stderr.
|
2017-03-10 13:39:26 +01:00 |
|
Guillaume Ayoub
|
edebcf03c7
|
Merge pull request #558 from Unrud/collision
Check for conflicting file names
|
2017-03-08 15:58:48 +01:00 |
|
Guillaume Ayoub
|
33b27a2e71
|
Merge pull request #559 from Unrud/remotehostlogging
Cleanup remote host logging
|
2017-03-08 15:57:07 +01:00 |
|
Guillaume Ayoub
|
96248c299e
|
Merge pull request #560 from Unrud/detclose
Always close files when creating collection
|
2017-03-08 15:55:47 +01:00 |
|
Guillaume Ayoub
|
7b72b2e35a
|
Merge pull request #561 from Unrud/patch-4
Use python3 in shebang (setup.py)
|
2017-03-08 15:54:24 +01:00 |
|
Guillaume Ayoub
|
9b8fc4ac14
|
Update and fix some config values
|
2017-03-08 15:50:24 +01:00 |
|
Unrud
|
5cd5cfe368
|
Use REMOTE_ADDR if REMOTE_HOST is missing
WSGIRequestHandler doesn't set REMOTE_HOST if dns lookup is disabled.
|
2017-03-07 20:34:37 +01:00 |
|
Unrud
|
69d39b47ca
|
Also log the forwarding host for forwarded requests
|
2017-03-07 20:34:36 +01:00 |
|
Unrud
|
c104da28ce
|
Use UNKNOWN if user agent is missing
This is much shorter and doesn't clutter the log as much.
|
2017-03-07 20:33:37 +01:00 |
|
Unrud
|
266dc608f2
|
Remove unnecessary if-statements
|
2017-03-07 20:32:23 +01:00 |
|
Unrud
|
2008149cd3
|
Use python3 in shebang
|
2017-03-07 18:39:13 +01:00 |
|
Unrud
|
c6c32945a0
|
Log unsafe paths when discovering collections
|
2017-03-07 18:24:40 +01:00 |
|
Unrud
|
9b27d075b6
|
Always close files when creating collection
If an exception occurs we rely on garbage collection to close the files.
|
2017-03-07 18:13:52 +01:00 |
|
Unrud
|
2d170bd41f
|
Check for conflicting file names
On Windows file systems the user "TESTUS~1" can access the data of the user "testuser".
|
2017-03-07 18:04:51 +01:00 |
|
Guillaume Ayoub
|
9900251b8b
|
Add Python 3.6 classifier in setup.py
|
2017-03-04 14:37:58 +01:00 |
|
Guillaume Ayoub
|
8fbb094878
|
Add tests for Python 3.6 and on MacOS
|
2017-03-04 14:34:57 +01:00 |
|
Guillaume Ayoub
|
4278cc3443
|
Set htpasswd encryption type to plain in tests
|
2017-03-04 14:25:01 +01:00 |
|
Guillaume Ayoub
|
78abe39002
|
Set authentication method when testing rights
|
2017-03-04 14:22:28 +01:00 |
|
Guillaume Ayoub
|
b47505d5bd
|
Don't set rights management when no authentication is set
|
2017-03-04 14:15:46 +01:00 |
|