This is required as we do not want .props files to be created for nodes,
otherwise they'll stop being considered as nodes, which will break
discovery of calendars.
This fixes https://github.com/Kozea/Radicale/issues/208
Fix#196
The way to do collection discovery described in
http://stackoverflow.com/a/11673483 doesn't work well with Radicale:
1. current-user-principal returns /user/calendar.ics/
2. PROPFINDs asking for calendar-home-set will return the URL that was
used in the request, which is still /user/calendar.ics/
3. The final PROPFIND with Depth: 1 is supposed to list all collections,
but because the request is done with a collection URL, Radicale returns
the items for the "calendar.ics" collection which might or might not
exist.
When using IMAP as auth module every single request causes a warning to
be logged just because we're not encrypting traffic sent to another
process on the *same* machine.
This change recognizes that while some people might consider this
undesirable, others might have made this a conscious choice and *don't*
wish to be spammed for it. As such now only a single warning is logged
(the first time in the server's lifetime that a user logs in).
Signed-off-by: Giel van Schijndel <me@mortis.eu>
Call os.path.expanduser on the location given by the config parameter.
This will allow to use settings like
htpasswd_filename = ~/.config/radicale/users
If we don't do this, we might get the following in the logs:
2014-04-08 20:00:59,354 - DEBUG: Section 'r' matches
2014-04-08 20:00:59,354 - DEBUG: Section 'r' does not match
which is a bit confusing.
under certain conditions it was possible to pass the final access control
if-clause. the master branch granted access if:
if ((read_allowed_items or write_allowed_items)
and (not user or auth.is_authenticated(user, password))) or
function == self.options or not items:
the easy-connect branch from pull request #95 adds:
(is_authenticated and function == self.propfind) or
the last `or not items` condition levers out the previous authentication and
access control. that isn't that big secuity issue because in this case there
are no collection and items at all. but "bad" and anonymous users could gather
data and information which not destined for them.
this commit fixes and simplifies the if-clause.
