Commit Graph

861 Commits

Author SHA1 Message Date
Guillaume Ayoub
152e5494d3 Use flup or flipflop in fcgi script 2014-02-24 20:05:14 +01:00
Guillaume Ayoub
f9ce1d0e6d Remove the backend/type split for rights in configuration 2014-02-05 14:11:40 +01:00
Guillaume Ayoub
f6a6e77fb0 Typo fixes in config file 2014-02-05 13:58:30 +01:00
Guillaume Ayoub
df85a8c990 Update NEWS 2014-02-05 13:17:01 +01:00
Guillaume Ayoub
2ad8b57305 Merge branch 'apache_auth' of git://github.com/jaesivsm/Radicale into jaesivsm-apache_auth
Conflicts:
	radicale/__init__.py
2014-02-05 13:09:37 +01:00
Guillaume Ayoub
701df2d201 Use environ.get instead of try/except 2014-02-05 13:01:49 +01:00
Guillaume Ayoub
f7c7746643 Merge pull request #99 from horazont/fix-preauth
Fix issues if authentication is done by web server
2014-02-05 12:59:45 +01:00
Guillaume Ayoub
c953211175 Merge pull request #100 from chripo/fix-access
Fix access
2014-02-05 12:47:43 +01:00
Guillaume Ayoub
00674fe8b0 Merge pull request #95 from chripo/easy-connect
Easy connect
2014-02-05 12:38:09 +01:00
Christoph Polcin
3aa992e518 Find collections if necessary 2014-01-19 20:11:47 +01:00
Christoph Polcin
90d82d044c Fix access to collections
under certain conditions it was possible to pass the final access control
if-clause. the master branch granted access if:

    if ((read_allowed_items or write_allowed_items)
        and (not user or auth.is_authenticated(user, password))) or
        function == self.options or not items:

the easy-connect branch from pull request #95 adds:
    (is_authenticated and function == self.propfind) or

the last `or not items` condition levers out the previous authentication and
access control. that isn't that big secuity issue because in this case there
are no collection and items at all. but "bad" and anonymous users could gather
data and information which not destined for them.

this commit fixes and simplifies the if-clause.
2014-01-19 20:04:37 +01:00
Christoph Polcin
387e1fee76 Fix calendar/addressbook-home-set in PROPFIND response 2014-01-19 19:35:53 +01:00
Christoph Polcin
d09b16c5ad Fix principal-collection-set in PROPFIND response 2014-01-19 19:35:53 +01:00
Christoph Polcin
83db27303f Respond to all authenticated PROPFIND requests 2014-01-19 19:35:46 +01:00
François Schmidts
b9ff564c1f not only apache uses REMOTE_USER
removing the apache mention to make the config more "webserver agnostic"
2014-01-15 23:01:36 +01:00
François Schmidts
18ea7e4942 removing the user and password getting from main __call__ function 2014-01-15 22:40:33 +01:00
François Schmidts
34163c5020 making radicale support authenticated user from apache 2014-01-15 09:50:22 +01:00
Jonas Wielicki
d9df9a36e1 Fix issues if authentication is done by web server
This patch fixes `user` always being None if the authentication is
offloaded to the webserver, as it is suggested in the documentation.

For normal access, this is not a problem, but it becomes a problem if a
client wants to get the current-user-principal, for which the user name
is required.
2014-01-14 20:46:47 +01:00
Guillaume Ayoub
e2dbdd4d96 Merge pull request #97 from rngtng/fix-manifest
Fix wrong filename in Manifest
2014-01-13 04:43:19 -08:00
Tobias Bielohlawek
39efc3b781 fix wrong filename in Manifest 2014-01-10 20:32:22 +01:00
Christoph Polcin
2ddec14535 Fix principal URLs in PROPFIND response 2014-01-05 21:22:53 +01:00
Guillaume Ayoub
97efc1c86f Update NEWS 2013-12-30 13:54:14 +01:00
Guillaume Ayoub
a4a2c7e206 Merge pull request #93 from hovel/master
Custom handlers for auth and storage, simplified tests structure, added rights management backends
2013-12-30 04:45:49 -08:00
Sergey Fursov
1362976400 fixed default config 2013-12-29 18:30:53 +04:00
Sergey Fursov
1d0418594d Allow attach custom rights backend, small fix in default config file 2013-12-29 15:13:35 +04:00
Sergey Fursov
017df0ddcf Simplified tests structure 2013-12-28 14:40:29 +04:00
Sergey Fursov
3b0328ca1e Allow attach custom storage backend 2013-12-28 14:15:35 +04:00
Sergey Fursov
a91a7790c5 Allow attach custom auth handler 2013-12-28 13:31:32 +04:00
Sergey Fursov
dca10fa14e Different rights management backends
Initially only one backend - regular expressions based
2013-12-25 03:44:24 +04:00
Guillaume Ayoub
3ee47dd242 Update NEWS 2013-12-24 12:14:25 +01:00
Guillaume Ayoub
0e566e4c97 Merge branch 'apple' 2013-12-24 11:22:57 +01:00
Guillaume Ayoub
a7be59b9f7 Merge pull request #92 from cristen/master
Fix wrong syntax in config file and fix #58
2013-12-24 02:21:43 -08:00
Jean-Marc Martins
7ac971e022 Fix wrong syntax in config file and fix #58 2013-12-23 16:45:15 +01:00
Guillaume Ayoub
17dc3beadd Merge branch 'master' of github.com:Kozea/Radicale 2013-12-17 14:42:52 +01:00
Guillaume Ayoub
fae2b30ec4 Merge branch 'master' of git://github.com/cristen/Radicale into cristen-master
Conflicts:
	radicale/storage/database.py
	schema.sql
2013-12-17 14:42:20 +01:00
Jean-Marc Martins
56581a998a Fix database Fix bug #77 HELL YEAH ! 2013-12-17 14:35:55 +01:00
Guillaume Ayoub
8969dae12f Merge pull request #90 from cristen/master
Refs #87 Add ssl options
2013-12-13 06:22:16 -08:00
Jean-Marc Martins
f377bd1356 Fix ssl protocol 2013-12-13 15:17:30 +01:00
Guillaume Ayoub
f133b8a588 Add an example for multiple IP addresses in the configuration file 2013-12-13 14:56:03 +01:00
Jean-Marc Martins
d765544edd Add ssl protocol and ciphers in config 2013-12-13 14:31:09 +01:00
Guillaume Ayoub
a957ebf397 Fix schema again 2013-10-31 16:32:19 +01:00
Guillaume Ayoub
30e8d12001 Fix sql schema 2013-10-31 16:09:28 +01:00
Guillaume Ayoub
0c2c9c3a7e Store collection's parent in database (bug #77) 2013-10-31 16:07:37 +01:00
Guillaume Ayoub
a920518a26 Return an int for __hash__ 2013-10-31 14:05:15 +01:00
Guillaume Ayoub
ce8e86af63 Allow read-only access to .well-known/ca(l|rd)av (related to #32) 2013-10-31 13:57:37 +01:00
Guillaume Ayoub
92b3cf41bc Simple try/except import trick 2013-10-29 14:09:46 +01:00
Guillaume Ayoub
830774824e Merge pull request #75 from davidaurelio/master
Fix python 3 problems with default rights
2013-10-29 03:16:09 -07:00
Guillaume Ayoub
94a29992b7 Update NEWS 2013-10-29 10:56:10 +01:00
Guillaume Ayoub
9c59c089ef Remove useless comment 2013-10-29 10:41:23 +01:00
Guillaume Ayoub
337d2719be Cosmetics 2013-10-29 09:30:51 +01:00