auth: clean up remote IP parameter/documentation

Make the remote IP parameter more generic and make it an enum determining the source instead of a boolean. Also fix the changelog entry. Both as requested, I managed to miss those comments previously.
2025-09-15 20:36:55 +00:00 · 2025-09-09 20:22:44 +02:00 · 2025-09-09 20:22:44 +02:00 · 256ca59aaf
commit 256ca59aaf
parent d70606e7a5
7 changed files with 31 additions and 18 deletions
--- a/radicale/auth/init.py
+++ b/radicale/auth/init.py
@ -64,6 +64,8 @@ INSECURE_IF_NO_LOOPBACK_TYPES: Sequence[str] = (

 AUTH_SOCKET_FAMILY: Sequence[str] = ("AF_UNIX", "AF_INET", "AF_INET6")

+REMOTE_ADDR_SOURCE: Sequence[str] = ("REMOTE_ADDR", "X-Remote-Addr")
+

 def load(configuration: "config.Configuration") -> "BaseAuth":
    """Load the authentication module chosen in configuration."""
--- a/radicale/auth/dovecot.py
+++ b/radicale/auth/dovecot.py
@ -33,7 +33,8 @@ class Auth(auth.BaseAuth):
        self.timeout = 5
        self.request_id_gen = itertools.count(1)

-        self.use_x_remote_addr = configuration.get("auth", "dovecot_rip_x_remote_addr")
+        remote_ip_source = configuration.get("auth", "remote_ip_source")
+        self.use_x_remote_addr = remote_ip_source == 'X-Remote-Addr'

        config_family = configuration.get("auth", "dovecot_connection_type")
        if config_family == "AF_UNIX":
--- a/radicale/config.py
+++ b/radicale/config.py
@ -253,10 +253,11 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "value": "12345",
            "help": "dovecot auth port",
            "type": int}),
-        ("dovecot_rip_x_remote_addr", {
-            "value": "False",
-            "help": "use X-Remote-Addr for dovecot auth remote IP (rip) parameter",
-            "type": bool}),
+        ("remote_ip_source", {
+            "value": "REMOTE_ADDR",
+            "help": "remote address source for passing it to auth method",
+            "type": str,
+            "internal": auth.REMOTE_ADDR_SOURCE}),
        ("realm", {
            "value": "Radicale - Password Required",
            "help": "message displayed when a password is needed",
--- a/radicale/tests/test_auth.py
+++ b/radicale/tests/test_auth.py
@ -428,7 +428,7 @@ class TestBaseAuthRequests(BaseTest):
                               'HTTP_X_REMOTE_ADDR': '172.17.16.15',
                           },
                           extra_config={
-                               'auth': {"dovecot_rip_x_remote_addr": "True"},
+                               'auth': {"remote_ip_source": "X-Remote-Addr"},
                           })

    @pytest.mark.skipif(sys.platform == 'win32', reason="Not supported on Windows")
@ -439,7 +439,7 @@ class TestBaseAuthRequests(BaseTest):
                               'HTTP_X_REMOTE_ADDR': '172.17.16.15\trip=127.0.0.1',
                           },
                           extra_config={
-                               'auth': {"dovecot_rip_x_remote_addr": "True"},
+                               'auth': {"remote_ip_source": "X-Remote-Addr"},
                           })

    def test_custom(self) -> None: