tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,252 Commits 2 Branches 0 Tags 3 MiB
8fbb094878
Commit Graph

1252 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Unrud
eb4b513d63 Quote hreferences 
RFC 4918 states that they are URIs and RFC 3986 says that URIs must always be in percent-encoded form.
 2016-09-06 16:53:20 +02:00
Unrud
83046c80c4 Let reverse proxies overwrite script name 
Reverse proxies can overwrite the script name with the HTTP header field X-Script-Name.
 2016-09-06 16:53:14 +02:00
Unrud
90486f33a5 Log invalid URLs in XML requests 
Before the requests either failed or the invalid hreference was silently dropped.
 2016-09-04 22:28:01 +02:00
Unrud
d5b8ddd71c Check that name is valid in name_from_path 
Before it was possible craft XML requests, so that the storage backend got requests with invalid hrefs.
 2016-09-04 22:28:01 +02:00
Unrud
139076faee Sanitize URLs from XML requests 2016-09-04 22:27:59 +02:00
Unrud
13d652b094 Remove unnecessary module prefix 2016-09-04 22:26:46 +02:00
Unrud
664fa71278 Don't double unquote request URL 
"%2525" was transformed to "%" instead of "%25".
 2016-09-04 22:26:46 +02:00
Unrud
dbaf58dbfe Remove base_prefix and use SCRIPT_NAME instead 
This conforms with the WSGI reference (PEP 333)
 2016-09-04 22:26:40 +02:00
Unrud
03fbb1e68e Don't strip {} in get method 
If someone uploads a file that starts or ends with the chars {}, all REPORT requests on that collection will fail and it's impossible to delete the file.
 2016-09-04 13:35:44 +02:00
Unrud
6df54bf88a Log name of faulty component 
If vobject can't parse a component it raises an exception, but the filename of that component is missing in the logs.
 2016-09-04 13:23:01 +02:00
Unrud
5ccfe16372 Remove Collection.has 
It's the same as BaseCollection.has
 2016-09-04 13:21:57 +02:00
Unrud
de09f6689a Only relevant files for last_modified calculation 
Leftovers from failed transactions etc. should not change that property.
 2016-09-04 13:16:42 +02:00
Unrud
cd9f789294 Name variables for files f 
fd sounds more like file descriptions.
prop doesn't sound like a file at all.
 2016-09-04 13:14:51 +02:00
Unrud
f5650df5f7 Remove checks for existence of collection 
They are unnecessary since the discover methods stopped returning collections that actually don't exist.
 2016-09-04 13:13:35 +02:00
Unrud
e7d8b4816c Duplicate code: Use list and get methods 2016-09-04 13:12:55 +02:00
Unrud
5dbf9df876 Add missing checks for safe fileystem components 
Currently it's not possible to exploit these.
 2016-09-04 13:09:10 +02:00
Unrud
dc501d5dc5 Refactor/Duplicate code: Extract _fsync method 2016-09-04 13:08:12 +02:00
Unrud
77e9ca1252 Remove EtagMismatchError 
Etags are not checked in storage anymore and this is unused.
 2016-09-04 13:06:09 +02:00
Unrud
a12ef69129 Secure is_safe_filesystem_path_component 
On Windows 1/2 would be a safe filesystem path component, but it's not safe to pass it to path_to_filesystem.
Currently only the get method can be called with a href like that and it checked for that.
This just moves the check into the is_safe_filesystem_path_component function.
 2016-09-04 12:55:28 +02:00
Unrud
a4a6a62643 Duplicate code: Use is_safe_path_component 2016-09-04 12:53:07 +02:00
Unrud
8d5f2ded42 Describe encoding of Etag 2016-09-04 12:52:29 +02:00
Unrud
d371179487 thread and level in simple log formatter 
The log messages are a mess without any allocation to threads.
 2016-09-04 11:47:27 +02:00
Unrud
26e58cee56 Use hexadecimal for thread 
Old: ... - 139891659843328 - INFO: Starting Radicale
New: ... - [7f3b10b12700] INFO: Starting Radicale
 2016-09-04 11:43:35 +02:00
Unrud
fe5daf801a Set password to empty string instead of None 
Prevent exception in auth module.
 2016-09-03 10:01:52 +02:00
Guillaume Ayoub
b85fc5bed6 Merge pull request #507 from Unrud/auth 
Repair and test authentication
 2016-09-02 18:36:31 +02:00
Guillaume Ayoub
ae2c447dca Merge pull request #508 from Unrud/testheader 
Test custom header
 2016-09-02 16:05:55 +02:00
Unrud
9e27d4e2a8 Emulate fullmatch with match 
re.fullmatch was introduced in Python 3.4
 2016-09-02 15:06:32 +02:00
Unrud
b25a601e28 Test custom header 2016-09-02 14:52:45 +02:00
Unrud
11df2f1184 Test authentication 
Test for 2a9f37defb
 2016-09-02 14:42:22 +02:00
Unrud
2a9f37defb Repair authentication 2016-09-02 14:41:31 +02:00
Guillaume Ayoub
88d558f9fa Remove useless nested tuples 2016-09-02 11:05:35 +02:00
Guillaume Ayoub
68e1e9dfb2 Don't use mutables in constants or parameters 2016-09-02 11:04:29 +02:00
Guillaume Ayoub
e6433ec970 Merge pull request #506 from Unrud/patch-1 
Move encoding of answer into response function
 2016-09-02 10:58:45 +02:00
Unrud
20b1480399 Make copy of headers before mutating 2016-09-02 04:23:47 +02:00
Unrud
f7e995f9f6 Move encoding of answer into response function 
Fix #505
 2016-09-02 04:10:11 +02:00
Guillaume Ayoub
085c6fcbeb Merge pull request #503 from Unrud/tests2 
Test REPORT on an item and authorization
 2016-09-01 09:43:51 +02:00
Unrud
3df367aad2 Test REPORT on item 
Test for 90e4655a44
 2016-09-01 06:17:18 +02:00
Unrud
9d2743d797 Test authorization 2016-09-01 06:15:31 +02:00
Guillaume Ayoub
e25373fa85 Merge pull request #501 from Unrud/httperrors 
HTTP error messages
 2016-08-31 14:49:19 +02:00
Guillaume Ayoub
8d92b371e4 Merge pull request #502 from Unrud/patch-40 
Plain text for GET / instead of malformed HTML
 2016-08-31 14:42:59 +02:00
Guillaume Ayoub
db681da08e Merge pull request #500 from Unrud/loginuser 
Map logins to internal users in Auth module
 2016-08-31 14:40:08 +02:00
Unrud
f875bcd892 Plain text for GET / instead of malformed HTML 
It's basically the same in browsers and looks nicer in tools that don't support HTML rendering (like curl).
 2016-08-31 02:01:18 +02:00
Unrud
ff2b8f6e5c Use NOT_FOUND instead of GONE 
Thunderbird doesn't recognize the status code correctly and shows an synchronization error.
 2016-08-31 01:54:31 +02:00
Unrud
1ea9b1dca9 Return error for GET requests on directories 
Radicale doesn't support directory listings.
 2016-08-31 00:45:14 +02:00
Unrud
4ac2e68f5c Add HTTP error messages 
Browsers just show a blank page if an error occurs. You have to open the developer tools to see the HTTP status code. E.g. a user wants to download a calendar in the browser and the URL is wrong.

Some tools like curl don't show any indication of an error.
 2016-08-31 00:41:08 +02:00
Unrud
689e5c9dd5 Map logins to internal users in Auth module 
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
 2016-08-30 23:13:33 +02:00
Guillaume Ayoub
5f46cc24bd Merge pull request #497 from Unrud/patch-38 
Add thread id to log
 2016-08-30 19:16:54 +02:00
Guillaume Ayoub
3c32df3d9a Merge pull request #496 from Unrud/patch-37 
Remove empty line in log
 2016-08-30 19:16:19 +02:00
Unrud
b2f11a7c18 Add thread id to log 
Make log messages from parallel request allocable.
 2016-08-30 14:06:34 +02:00
Unrud
e782808a14 Remove empty line in log 
Separating requests by an empty line doesn't work any longer with parallel (overlapping) requests.
 2016-08-30 14:04:16 +02:00