Unrud
8a98f4861d
Fix permissions for REPORT request
...
Only read access is required.
2017-03-13 08:22:14 +01:00
Unrud
7d687205bd
Use logger for WSGIServer
...
Log exception from the WSGIServer. Exceptions from socket timeouts are currently written to stderr.
2017-03-10 13:39:26 +01:00
Unrud
5cd5cfe368
Use REMOTE_ADDR if REMOTE_HOST is missing
...
WSGIRequestHandler doesn't set REMOTE_HOST if dns lookup is disabled.
2017-03-07 20:34:37 +01:00
Unrud
69d39b47ca
Also log the forwarding host for forwarded requests
2017-03-07 20:34:36 +01:00
Unrud
c104da28ce
Use UNKNOWN if user agent is missing
...
This is much shorter and doesn't clutter the log as much.
2017-03-07 20:33:37 +01:00
Unrud
266dc608f2
Remove unnecessary if-statements
2017-03-07 20:32:23 +01:00
Guillaume Ayoub
5d67257555
Merge branch 'trycatch-broken-objects' of https://github.com/pbiering/Radicale into pbiering-trycatch-broken-objects
2017-02-26 16:24:41 +01:00
Guillaume Ayoub
46fcec8fe0
Cosmetics
2017-02-26 16:19:38 +01:00
Guillaume Ayoub
e6880057a2
Merge pull request #518 from pbiering/improved-access-logging
...
improved request logging
2017-02-26 16:17:44 +01:00
Guillaume Ayoub
9d958e8e51
Remove unused import
2017-02-26 16:13:50 +01:00
Guillaume Ayoub
3213495245
Merge branch 'url' of https://github.com/Unrud/Radicale into Unrud-url
2017-02-26 14:43:59 +01:00
Guillaume Ayoub
e55d75ce46
Set charsets in headers
2016-10-12 14:50:53 +02:00
Guillaume Ayoub
c459d32a19
Use argparse to parse command arguments
...
This commit also allows users to specify all the config values through
the command line.
Fix #154 .
2016-10-12 14:30:18 +02:00
Peter Bieringer
c578470fc3
log depth also on response log line
2016-09-19 20:11:52 +02:00
Peter Bieringer
f52fa73cab
check env first before using HTTP_DEPTH
2016-09-19 20:04:11 +02:00
Peter Bieringer
87061df68f
add conditional logging of given depth
2016-09-19 19:59:47 +02:00
Peter Bieringer
d116423458
improved request logging
2016-09-17 15:35:43 +02:00
Peter Bieringer
e6ba31937a
3rd catch
2016-09-17 15:11:02 +02:00
Unrud
83046c80c4
Let reverse proxies overwrite script name
...
Reverse proxies can overwrite the script name with the HTTP header field X-Script-Name.
2016-09-06 16:53:14 +02:00
Unrud
13d652b094
Remove unnecessary module prefix
2016-09-04 22:26:46 +02:00
Unrud
664fa71278
Don't double unquote request URL
...
"%2525" was transformed to "%" instead of "%25".
2016-09-04 22:26:46 +02:00
Unrud
dbaf58dbfe
Remove base_prefix and use SCRIPT_NAME instead
...
This conforms with the WSGI reference (PEP 333)
2016-09-04 22:26:40 +02:00
Unrud
fe5daf801a
Set password to empty string instead of None
...
Prevent exception in auth module.
2016-09-03 10:01:52 +02:00
Unrud
2a9f37defb
Repair authentication
2016-09-02 14:41:31 +02:00
Guillaume Ayoub
88d558f9fa
Remove useless nested tuples
2016-09-02 11:05:35 +02:00
Guillaume Ayoub
68e1e9dfb2
Don't use mutables in constants or parameters
2016-09-02 11:04:29 +02:00
Unrud
20b1480399
Make copy of headers before mutating
2016-09-02 04:23:47 +02:00
Unrud
f7e995f9f6
Move encoding of answer into response function
...
Fix #505
2016-09-02 04:10:11 +02:00
Guillaume Ayoub
e25373fa85
Merge pull request #501 from Unrud/httperrors
...
HTTP error messages
2016-08-31 14:49:19 +02:00
Guillaume Ayoub
8d92b371e4
Merge pull request #502 from Unrud/patch-40
...
Plain text for GET / instead of malformed HTML
2016-08-31 14:42:59 +02:00
Guillaume Ayoub
db681da08e
Merge pull request #500 from Unrud/loginuser
...
Map logins to internal users in Auth module
2016-08-31 14:40:08 +02:00
Unrud
f875bcd892
Plain text for GET / instead of malformed HTML
...
It's basically the same in browsers and looks nicer in tools that don't support HTML rendering (like curl).
2016-08-31 02:01:18 +02:00
Unrud
ff2b8f6e5c
Use NOT_FOUND instead of GONE
...
Thunderbird doesn't recognize the status code correctly and shows an synchronization error.
2016-08-31 01:54:31 +02:00
Unrud
1ea9b1dca9
Return error for GET requests on directories
...
Radicale doesn't support directory listings.
2016-08-31 00:45:14 +02:00
Unrud
4ac2e68f5c
Add HTTP error messages
...
Browsers just show a blank page if an error occurs. You have to open the developer tools to see the HTTP status code. E.g. a user wants to download a calendar in the browser and the URL is wrong.
Some tools like curl don't show any indication of an error.
2016-08-31 00:41:08 +02:00
Unrud
689e5c9dd5
Map logins to internal users in Auth module
...
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
Unrud
e782808a14
Remove empty line in log
...
Separating requests by an empty line doesn't work any longer with parallel (overlapping) requests.
2016-08-30 14:04:16 +02:00
Guillaume Ayoub
34ad1b9073
Remove useless import
2016-08-29 12:07:58 +02:00
Guillaume Ayoub
fd1742fcea
Fix typo
2016-08-29 12:07:30 +02:00
Guillaume Ayoub
9e78454da2
Merge branch 'remupdate' of https://github.com/Unrud/Radicale into Unrud-remupdate
2016-08-26 22:50:26 +02:00
Guillaume Ayoub
ac61b18237
Merge pull request #490 from Unrud/hook
...
Move hook into storage.Collection
2016-08-26 15:58:42 +02:00
Guillaume Ayoub
0e646cdae4
Merge branch 'Unrud-logging'
2016-08-25 11:52:12 +02:00
Unrud
c5342d36d5
Remove BaseCollection.update
...
I don't think that this can be used for optimizations.
It's useless in the filesystem backend, SQL has REPLACE and I doubt that there is much use in any other storage mechanism.
2016-08-25 06:37:12 +02:00
Unrud
10786cbad8
Move hook into storage.Collection
...
The hook is only valid for filesystem storage, it's meaningless for other backends like databases.
2016-08-25 05:40:46 +02:00
Unrud
8db580abce
Try to decode URLs with utf-8 ( Fixes #486 )
2016-08-25 05:30:46 +02:00
Unrud
3b71ab960e
Log exceptions ( Fixes #447 )
...
Exceptions were just written to stderr but not into logs.
2016-08-25 05:24:24 +02:00
Unrud
6515062bcd
Return HTTP status in xmlutils.propfind
2016-08-12 23:34:08 +02:00
Guillaume Ayoub
d3d29802ad
Merge pull request #474 from Unrud/patch-31
...
PROPFIND rights checking
2016-08-11 11:44:43 +02:00
Unrud
4eb04e3526
PROPFIND rights checking
...
Return 404 and 403 only when it's appropriate. Don't ask users for passwords if an item just doesn't exist (e.g. mistyped URL).
2016-08-11 02:19:48 +02:00
Unrud
e2b87d145f
Cosmetics: Don't use % for logging
2016-08-10 23:43:32 +02:00
Unrud
9192a7751b
Remove incorrect argument
...
In rare cases this can cause a crash.
2016-08-10 23:41:19 +02:00
Guillaume Ayoub
c4cf918bf2
Merge pull request #470 from Unrud/readcontent
...
Read content after access checks
2016-08-08 12:57:59 +02:00
Unrud
a9b89be5c7
Read content after access checks
...
Unauthorized users can't fill up RAM with crap anymore.
2016-08-08 07:00:24 +02:00
Unrud
f294b1cf17
Add access check to PROPFIND
2016-08-08 06:59:15 +02:00
Unrud
68286faa63
Atomic replacement of whole collection by PUT
2016-08-08 06:08:52 +02:00
Unrud
ee5b8facda
Always use wrapper to lock collection
...
Also run the hook after creation of the principal collection.
2016-08-07 17:14:47 +02:00
Unrud
23582c8208
Expose low level MOVE operation in storage.BaseCollection
2016-08-06 05:09:00 +02:00
Unrud
17ff22cae4
Support replacing in MOVE method
2016-08-06 04:45:44 +02:00
Unrud
89ac2fb397
Remove faulty check
...
This should have been (to_path.strip("/")+"/").startswith(path.strip("/")+"/").
But it's not required as we don't support moving collections.
2016-08-06 04:44:18 +02:00
Guillaume Ayoub
9aefc500ec
Merge pull request #461 from Unrud/patch-27
...
Remove old code
2016-08-05 17:48:03 +02:00
Unrud
6d77e24028
Remove old code
...
This was missed while merging #457 and #459 .
2016-08-05 17:05:32 +02:00
Unrud
65af0592d3
Run hook while storage is still locked
2016-08-05 16:58:03 +02:00
Guillaume Ayoub
8682504c6e
Strip empty lines from content
2016-08-05 02:25:15 +02:00
Guillaume Ayoub
26e1c9ba89
Fix collection creation with PUT request
2016-08-05 02:24:52 +02:00
Guillaume Ayoub
8ac3ce1a89
Clean many, many things
2016-08-05 02:14:49 +02:00
Guillaume Ayoub
92a0027ae1
Merge branch 'rights' of https://github.com/Unrud/Radicale into Unrud-rights
2016-08-04 23:35:01 +02:00
Unrud
066b5994d1
Improve rights checking and request handlers
...
* Access rights are checked before the storage is locked and
collections are loaded.
* DELETE sends 410 instead of doing nothing or crashing if the target
doesn't exist.
* GET always returns 404 if the target doesn't exist.
* GET doesn't crash if a collection without tag property is requested.
* MKCOL and MKCALENDAR send 409 if the target already exists.
* MOVE checks if the target collection of an item actually exists and
sends 409 otherwise.
* PUT doesn't crash if a whole collection that doesn't exist yet is
uploaded and ``content-type`` is ``text/vcard`` or
``text/calendar``.
* PUT distinguishes between simple items and whole collections by the
following criteria: Target is a collection; Parent exists; Parent
has the tag property set; Parent contains other items. Before only
the first two criteria where used, which was very unrelieable. #384
* PROPPATCH is only allowed on collections and 409 is send otherwise.
* ``Rights.authorized`` takes a path instead of a collection.
* ``Collection.discover`` only returns items in ``path``, that
actually exist. #442
2016-08-04 06:08:08 +02:00
Unrud
ae89082c24
Atomic creation of collections
2016-08-03 15:50:55 +02:00
Unrud
bd7641699e
Atomic PROPPATCH
2016-08-03 14:45:52 +02:00
Guillaume Ayoub
b71664b322
Return UNAUTHORIZED for NOT_FOUND PROPFINDs
2016-08-02 17:24:04 +02:00
Guillaume Ayoub
3e52f34309
Remove pylint
2016-08-02 14:39:20 +02:00
Guillaume Ayoub
301bb552d7
Cosmetics
2016-08-02 14:37:39 +02:00
Guillaume Ayoub
d322d3f394
Clean the user's collection creation code
2016-08-02 14:00:42 +02:00
Guillaume Ayoub
04010ff8d3
Merge pull request #455 from Unrud/home
...
Creating addressbooks and calendars in DAVdroid
2016-08-02 13:51:29 +02:00
Unrud
81b04890f1
Create principal collection automatically
2016-08-02 08:04:12 +02:00
Guillaume Ayoub
6b30870be5
Minor cleanups
...
Everything works fine with Apple clients now.
2016-08-01 19:00:57 +02:00
Guillaume Ayoub
6bfdcbafec
Cosmetics
2016-08-01 12:50:51 +02:00
Guillaume Ayoub
711ecf5df2
Merge pull request #451 from Unrud/removewellknown
...
Remove /.well-known
2016-08-01 12:20:55 +02:00
Unrud
fd977891e8
Remove /.well-known
...
I can't think of a sane use-case for this.
2016-08-01 09:31:25 +02:00
Unrud
da1a693620
Prevent unsafe usernames
...
If an attacker is able to create an account with a username like "user/calendar.ics", he can access collections of other users.
2016-08-01 09:10:23 +02:00
Guillaume Ayoub
b3d8833779
Normalize the version number
2016-07-30 16:43:29 +02:00
Unrud
0263251ecf
Add hook for storage changes
2016-07-14 07:57:46 +02:00
Guillaume Ayoub
ef63865e31
Merge pull request #428 from Unrud/patch-22
...
Add timeout to connections, limit size of request body and limit number of parallel connections
2016-07-14 02:06:24 +02:00
Guillaume Ayoub
5bd80d8d13
Don't crash when getting unknown collections
...
Fix #422 .
2016-07-14 01:39:57 +02:00
Florian Mounier
383409213e
deflate seems to be problematic with different implementations ( http://stackoverflow.com/questions/388595/why-use-deflate-instead-of-gzip-for-text-files-served-by-apache/388633#388633 ). Using gzip instead.
2016-07-04 17:00:43 +02:00
Unrud
83ea9da2b4
Limit number of parallel connections
2016-06-11 13:19:26 +02:00
Unrud
e438d9fd4b
Limit size of request body
2016-06-11 13:16:45 +02:00
Unrud
b55d2181ed
Add timeout to integrated sever
2016-06-11 13:14:58 +02:00
Unrud
d4e6205745
Don't include passwords in logs
2016-06-11 12:58:28 +02:00
Unrud
54b47c4a3e
Refactor: Move response code into function
2016-06-10 14:55:32 +02:00
Guillaume Ayoub
13a7f2f9af
Merge pull request #417 from Unrud/patch-14
...
Allow creation of empty collection via PUT
2016-05-30 11:23:27 +02:00
Unrud
4861b79878
Allow creation of empty collection via PUT
2016-05-29 01:18:29 +02:00
Unrud
af1dce1504
Fix crash on unknown content type
2016-05-28 23:49:15 +02:00
Unrud
28e643dec1
Don't pass None to vobject.readComponents
...
If an empty collections is created with PUT, content is None.
2016-05-28 22:46:20 +02:00
Unrud
ecbffe69dc
Veify Authorization Scheme
2016-05-26 12:21:09 +02:00
Guillaume Ayoub
a3c32ee77f
Merge pull request #402 from Unrud/locking
...
Implement locking of whole storage
2016-05-25 14:03:48 +02:00
Unrud
bca6cec6b3
Use context manager for locking
2016-05-22 10:29:50 +02:00
Unrud
a24613da9c
Compress answer
...
The protocol uses verbose XML and compression reduces the size significantly.
2016-05-21 02:26:03 +02:00
Unrud
ff3b31fed6
Use threading in integrated webserver
2016-05-21 01:26:52 +02:00
Unrud
2c45b1998c
Implement locking of whole storage
2016-05-21 01:26:45 +02:00
Guillaume Ayoub
a8fda1aedf
Cut long lines
2016-05-18 22:41:05 +02:00
Guillaume Ayoub
20ff5444fb
Don't explicitely inherit from object
2016-05-12 18:57:59 +02:00
Guillaume Ayoub
ca056dea9f
Don't return 404 for GET requests on collections
2016-05-12 18:55:03 +02:00
Guillaume Ayoub
2f97d7d1e1
Remove global state about configuration and logs
...
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.
Related to #122 .
2016-04-22 11:37:02 +09:00
Guillaume Ayoub
303a53eede
Return Items in upload and update methods
...
Related to #380
2016-04-20 08:09:00 +09:00
Guillaume Ayoub
6adc7f5fed
Enhance collection discovering
...
When the request path leads to a non-existing item, try to create the
Collection object according to an existing collection at request path's
parent.
This change means that the requests whose path leads to a collection
that doesn't exist (at least MKCOL, MKCALENDAR and PUT) need to rely on
the request path more than on the Collection path. It was already done
for PUT, it's been fixed for MKCOL and MKCALENDAR.
Fix #378 .
2016-04-19 10:39:52 +09:00
Guillaume Ayoub
e586569b31
Fix a lot of details
2016-04-12 18:21:18 +02:00
Guillaume Ayoub
406027f3c9
Change the Collection API
...
The new API used comes from vdirsyncer, as proposed by @untitaker in
issue #130 .
The code has been tested and works with the (too simple) unit tests, and
with Lightning and DAVdroid. Many things are broken and a good part of
the code has not be ported to the new API yet. TODOs have been added
where the application is known to be broken.
2016-04-11 20:11:35 +02:00
Guillaume Ayoub
41e319a8b8
Merge ical and storage modules
2016-04-10 02:08:07 +02:00
Guillaume Ayoub
12ddd64884
Fix the management of paths
2016-04-09 22:44:34 +02:00
Guillaume Ayoub
7a0e267f19
Better collection discovery
2016-04-09 15:11:47 +02:00
Guillaume Ayoub
44ba2c36a7
Merge branch 'master' of https://github.com/hadleyrich/Radicale
2016-04-08 15:05:56 +02:00
Guillaume Ayoub
7e493f73cd
Remove backslash
2016-04-08 14:46:38 +02:00
Guillaume Ayoub
e2b6bc3008
Remove old workaround
2016-04-08 14:46:17 +02:00
Guillaume Ayoub
54dee0c7c4
Clean tests
2016-04-07 19:25:10 +02:00
Guillaume Ayoub
595e2329ea
Don't create collections on GET requests
2016-04-07 19:03:27 +02:00
Guillaume Ayoub
434cb533e9
Remove Python 2 support
2016-03-31 19:57:40 +02:00
Unrud
6be7dab03f
Correct function name
2016-01-14 23:07:53 +01:00
Guillaume Ayoub
f8b068e9fe
Version 1.1.1
2016-01-07 23:31:19 +01:00
Guillaume Ayoub
e47b50421e
Version 1.1
2015-12-31 12:51:23 +01:00
Unrud
1ad994cadf
Move sanitize_path into pathutils.py
2015-12-24 14:39:15 +01:00
Unrud
ed44830447
Error message if path not starting with prefix
...
Before the program crashed implicitly
2015-12-24 14:32:21 +01:00
Unrud
780cecc0f2
Always sanitize request URI
...
Do no rely on the HTTP server
2015-12-24 14:32:21 +01:00
Unrud
ee095a463d
Improve URI sanitation
...
The old implementation failed to sanitize URIs
like ".", "..", "../.." or "//"
2015-12-24 14:32:21 +01:00
Unrud
592537e37c
Introduce naming scheme for request handlers
...
The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
2015-12-24 07:22:55 +01:00
Unrud
7cb31fe22b
Improve regex for Well-Known URIs
...
Example to show the problem:
/Xwell-known/carddavXX
2015-12-22 12:44:19 +01:00
Guillaume Ayoub
6babebd315
Version 1.0.1
2015-09-21 12:14:51 +02:00
Guillaume Ayoub
377762e23c
Version 1.0
2015-09-14 11:49:34 +02:00
Guillaume Ayoub
ce9fd74d98
Merge pull request #260 from deronnax/not_found_instead_of_gone
...
change GET response from GONE to NOT FOUND when item is not found
2015-08-21 15:34:59 +02:00
Hadley Rich
54d71355d1
Change xmlutils propfind to return readonly calendars
2015-06-04 11:23:01 +12:00
Guillaume Ayoub
c249e080af
Merge pull request #273 from untitaker/issue117
...
Fix another instance of #117
2015-04-29 19:09:38 +02:00
Guillaume Ayoub
a0fc07a894
Allow content-types with ';' in charset, fix #279
2015-04-29 19:08:20 +02:00
Markus Unterwaditzer
78e203a2b9
Fix another instance of #117
2015-03-22 12:25:54 +01:00
deronnax
5b8333c2b0
change GET response from GONE to NOT FOUND when item is not found
2015-02-09 11:03:06 +01:00
Guillaume Ayoub
a7700f9805
Don't crash when getting unknown events ( fix #258 )
2015-02-08 17:11:29 +01:00
Guillaume Ayoub
2c4b335fad
Clean the ical API
2015-02-07 17:26:20 +01:00
deronnax
240125aca7
don't pick timezones when asking for contacts
2015-02-07 14:11:43 +01:00
Guillaume Ayoub
7135367640
Version 0.10
2015-01-12 18:40:42 +01:00
Guillaume Ayoub
c932ba230e
Fix Python 3 compatibility
2014-10-22 16:28:08 +02:00
Guillaume Ayoub
1f9c568720
Don't recreate the regular expression for each request
2014-10-22 11:32:25 +02:00
Guillaume Ayoub
2cf34a0d67
Cosmetic changes
2014-10-21 13:13:16 +02:00
Guillaume Ayoub
4e59d734a1
Merge pull request #225 from deronnax/well-known
...
Support "well known" URLs
2014-10-21 13:03:18 +02:00
deronnax
8ec00f08df
throw 401 in case of failed variable substition for .well-known url
2014-10-21 12:30:14 +02:00
deronnax
f846f107e6
now with regex
2014-10-21 11:57:42 +02:00
deronnax
b863e8390e
add ".well-known" addresses feature ( closes #126 )
2014-10-20 18:51:43 +02:00
deronnax
c180b4ace3
decode http resquest content later
2014-10-20 17:32:10 +02:00
Guillaume Ayoub
a6884492a2
Version 0.9
2014-08-13 13:12:19 +02:00
Guillaume Ayoub
9ad9c466e2
Add an option allowing requests without base_prefix
...
Related to #147 , patch proposed by jheidemann
2014-08-06 11:51:11 +02:00
Guillaume Ayoub
a5c5f2494f
New version
2014-07-28 13:03:06 +02:00
Guillaume Ayoub
a65f96fe41
Fix syntax error
2014-07-28 11:28:12 +02:00