From 5dd27d3c80297c3c6becdc26f18aa96981140615 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 06:45:39 +0200
Subject: [PATCH 1/3] add support for auth.type=denyall

---
 config                      |  2 +-
 radicale/auth/__init__.py   |  1 +
 radicale/auth/denyall.py    | 30 ++++++++++++++++++++++++++++++
 radicale/tests/test_auth.py |  8 ++++++++
 4 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 radicale/auth/denyall.py

diff --git a/config b/config
index 743bc93e..c20710cb 100644
--- a/config
+++ b/config
@@ -53,7 +53,7 @@
 [auth]
 
 # Authentication method
-# Value: none | htpasswd | remote_user | http_x_remote_user
+# Value: none | htpasswd | remote_user | http_x_remote_user | denyall
 #type = none
 
 # Htpasswd filename
diff --git a/radicale/auth/__init__.py b/radicale/auth/__init__.py
index e03a69b3..716e6b1d 100644
--- a/radicale/auth/__init__.py
+++ b/radicale/auth/__init__.py
@@ -33,6 +33,7 @@ from typing import Sequence, Tuple, Union
 from radicale import config, types, utils
 
 INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
+                                 "denyall",
                                  "htpasswd")
 
 
diff --git a/radicale/auth/denyall.py b/radicale/auth/denyall.py
new file mode 100644
index 00000000..5a047e35
--- /dev/null
+++ b/radicale/auth/denyall.py
@@ -0,0 +1,30 @@
+# This file is part of Radicale - CalDAV and CardDAV server
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
+#
+# This library is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+A dummy backend that denies any username and password.
+
+Used as default for security reasons.
+
+"""
+
+from radicale import auth
+
+
+class Auth(auth.BaseAuth):
+
+    def _login(self, login: str, password: str) -> str:
+        return ""
diff --git a/radicale/tests/test_auth.py b/radicale/tests/test_auth.py
index 089059fc..31411d63 100644
--- a/radicale/tests/test_auth.py
+++ b/radicale/tests/test_auth.py
@@ -152,3 +152,11 @@ class TestBaseAuthRequests(BaseTest):
         """Custom authentication."""
         self.configure({"auth": {"type": "radicale.tests.custom.auth"}})
         self.propfind("/tmp/", login="tmp:")
+
+    def test_none(self) -> None:
+        self.configure({"auth": {"type": "none"}})
+        self.propfind("/tmp/", login="tmp:")
+
+    def test_denyall(self) -> None:
+        self.configure({"auth": {"type": "denyall"}})
+        self.propfind("/tmp/", login="tmp:", check=401)

From d8cbe0e20616313302a3c964cf1e2f56cf340e87 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 06:46:16 +0200
Subject: [PATCH 2/3] extend copyright

---
 radicale/auth/__init__.py   | 3 ++-
 radicale/tests/test_auth.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/radicale/auth/__init__.py b/radicale/auth/__init__.py
index 716e6b1d..89f65adc 100644
--- a/radicale/auth/__init__.py
+++ b/radicale/auth/__init__.py
@@ -2,7 +2,8 @@
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
-# Copyright © 2017-2018 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/radicale/tests/test_auth.py b/radicale/tests/test_auth.py
index 31411d63..858e0827 100644
--- a/radicale/tests/test_auth.py
+++ b/radicale/tests/test_auth.py
@@ -1,7 +1,8 @@
 # This file is part of Radicale - CalDAV and CardDAV server
 # Copyright © 2012-2016 Jean-Marc Martins
 # Copyright © 2012-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

From e4949a1f2f395cb4c570836986edbd73ff43328e Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 06:47:36 +0200
Subject: [PATCH 3/3] update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b51f85b7..2d0eb301 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # Changelog
 
 ## 3.dev
+* Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases)
 
 ## 3.2.1