The do_ prefix and upper case name allows easy
distinction between methods that handle requests
and other methods.
Without this distinction an attacker could
call arbitrary methods.
Currently there is no method that matches the
argument count, but that's easy to miss when new
methods are added.
- Update docstring for optional MD5-APR1/BCRYPT support via passlib.
- Support the "md5" and "bcrypt" htpasswd_encryption config values.
- Conditionally import the required passlib components if either
"md5" or "bcrypt" is requested in the configuration file.
- Test bcrypt backend availability upon import.
- First define verification functions, then conditionally import
external dependencies.
- Consolidate: use context manager for reading credential file.
- Consolidate: save one call to strip() while parsing.
- Consolidate: break long lines, clarify comments and docstrings.
- Consolidate: use verification function mapping for improving maintainability.
* Handle both the explicit <propall/> and its implicit variants
- the missing request-body case was already handled
- the empty request-body case wasn't
- the explicit (a request-body containing <propall/>) wasn't either
* <propnames/> now lists all retrievable properties
Signed-off-by: Giel van Schijndel <me@mortis.eu>
We should burn PEP 235, bicameral scripts, encodings, Python2/3 compatibility,
Windows, MacOS X, filenames, unicode (including composite characters), and the
whole world. And LF/CR too, of course.
Let's recreate a language relying on only two characters. Anyone interested?
If I do REPORT requests, the following line would raise a KeyError:
items = [collection.items[name]]
Wrapping it with a try-except block obviously fixes that issue.
At least for REPORT requests, Radicale now also returns proper HTTP
status codes when items or just its properties couldn't be found.