From 7da46f392e5c0d9c090f01a0199ed289c1fda3b4 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 27 Aug 2024 21:34:52 +0200 Subject: [PATCH 01/12] fix logger.warn->warning --- radicale/hook/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/radicale/hook/__init__.py b/radicale/hook/__init__.py index e31befc1..1f39c9e1 100644 --- a/radicale/hook/__init__.py +++ b/radicale/hook/__init__.py @@ -14,8 +14,8 @@ def load(configuration): return utils.load_plugin( INTERNAL_TYPES, "hook", "Hook", BaseHook, configuration) except Exception as e: - logger.warn(e) - logger.warn("Hook \"%s\" failed to load, falling back to \"none\"." % configuration.get("hook", "type")) + logger.warning(e) + logger.warning("Hook \"%s\" failed to load, falling back to \"none\"." % configuration.get("hook", "type")) configuration = configuration.copy() configuration.update({"hook": {"type": "none"}}, "hook", privileged=True) return utils.load_plugin( From 336972316ecd7d0ebc1c6777a9f95224d516811b Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 27 Aug 2024 21:44:57 +0200 Subject: [PATCH 02/12] add missing entries --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87d3fd2b..8a919054 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,13 @@ # Changelog ## 3.dev +* Add: support for Python 3.13 * Fix: Using icalendar's tzinfo on created datetime to fix issue with icalendar +* Fix: typos in code * Enhancement: Added free-busy report * Enhancement: Added 'max_freebusy_occurrences` setting to avoid potential DOS on reports * Enhancement: remove unexpected control codes from uploaded items +* Enhancement: add 'strip_domain' setting for username handling * Drop: remove unused requirement "typeguard" * Improve: Refactored some date parsing code From 39662fc680ceedf66323703f549ef2221368a84c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 07:48:45 +0200 Subject: [PATCH 03/12] fix config section info --- radicale/app/__init__.py | 4 ++-- radicale/app/base.py | 2 +- radicale/app/put.py | 2 +- radicale/httputils.py | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/radicale/app/__init__.py b/radicale/app/__init__.py index 5fe71d30..1c323b5d 100644 --- a/radicale/app/__init__.py +++ b/radicale/app/__init__.py @@ -146,7 +146,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead, if self._response_content_on_debug: logger.debug("Response content:\n%s", answer) else: - logger.debug("Response content: suppressed by config/option [auth] response_content_on_debug") + logger.debug("Response content: suppressed by config/option [logging] response_content_on_debug") headers["Content-Type"] += "; charset=%s" % self._encoding answer = answer.encode(self._encoding) accept_encoding = [ @@ -196,7 +196,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead, logger.debug("Request header:\n%s", pprint.pformat(self._scrub_headers(environ))) else: - logger.debug("Request header: suppressed by config/option [auth] request_header_on_debug") + logger.debug("Request header: suppressed by config/option [logging] request_header_on_debug") # SCRIPT_NAME is already removed from PATH_INFO, according to the # WSGI specification. diff --git a/radicale/app/base.py b/radicale/app/base.py index 15b5a1df..ac4a26bc 100644 --- a/radicale/app/base.py +++ b/radicale/app/base.py @@ -76,7 +76,7 @@ class ApplicationBase: logger.debug("Response content:\n%s", xmlutils.pretty_xml(xml_content)) else: - logger.debug("Response content: suppressed by config/option [auth] response_content_on_debug") + logger.debug("Response content: suppressed by config/option [logging] response_content_on_debug") f = io.BytesIO() ET.ElementTree(xml_content).write(f, encoding=self._encoding, xml_declaration=True) diff --git a/radicale/app/put.py b/radicale/app/put.py index e30c4e07..15a7e00d 100644 --- a/radicale/app/put.py +++ b/radicale/app/put.py @@ -150,7 +150,7 @@ class ApplicationPartPut(ApplicationBase): if self._log_bad_put_request_content: logger.warning("Bad PUT request content of %r:\n%s", path, content) else: - logger.debug("Bad PUT request content: suppressed by config/option [auth] bad_put_request_content") + logger.debug("Bad PUT request content: suppressed by config/option [logging] bad_put_request_content") return httputils.BAD_REQUEST (prepared_items, prepared_tag, prepared_write_whole_collection, prepared_props, prepared_exc_info) = prepare( diff --git a/radicale/httputils.py b/radicale/httputils.py index a9565293..04898b40 100644 --- a/radicale/httputils.py +++ b/radicale/httputils.py @@ -146,7 +146,7 @@ def read_request_body(configuration: "config.Configuration", if configuration.get("logging", "request_content_on_debug"): logger.debug("Request content:\n%s", content) else: - logger.debug("Request content: suppressed by config/option [auth] request_content_on_debug") + logger.debug("Request content: suppressed by config/option [logging] request_content_on_debug") return content From 4f1e8ce889c6e09d711b0305333181734cdaf02e Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 07:49:48 +0200 Subject: [PATCH 04/12] add overseen conditional request_content debug log --- radicale/app/base.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/radicale/app/base.py b/radicale/app/base.py index ac4a26bc..5c8a9355 100644 --- a/radicale/app/base.py +++ b/radicale/app/base.py @@ -51,6 +51,7 @@ class ApplicationBase: self._encoding = configuration.get("encoding", "request") self._log_bad_put_request_content = configuration.get("logging", "bad_put_request_content") self._response_content_on_debug = configuration.get("logging", "response_content_on_debug") + self._request_content_on_debug = configuration.get("logging", "request_content_on_debug") self._hook = hook.load(configuration) def _read_xml_request_body(self, environ: types.WSGIEnviron @@ -66,17 +67,20 @@ class ApplicationBase: logger.debug("Request content (Invalid XML):\n%s", content) raise RuntimeError("Failed to parse XML: %s" % e) from e if logger.isEnabledFor(logging.DEBUG): - logger.debug("Request content:\n%s", - xmlutils.pretty_xml(xml_content)) + if self._request_content_on_debug: + logger.debug("Request content (XML):\n%s", + xmlutils.pretty_xml(xml_content)) + else: + logger.debug("Request content (XML): suppressed by config/option [logging] request_content_on_debug") return xml_content def _xml_response(self, xml_content: ET.Element) -> bytes: if logger.isEnabledFor(logging.DEBUG): if self._response_content_on_debug: - logger.debug("Response content:\n%s", + logger.debug("Response content (XML):\n%s", xmlutils.pretty_xml(xml_content)) else: - logger.debug("Response content: suppressed by config/option [logging] response_content_on_debug") + logger.debug("Response content (XML): suppressed by config/option [logging] response_content_on_debug") f = io.BytesIO() ET.ElementTree(xml_content).write(f, encoding=self._encoding, xml_declaration=True) From 107fe1bc53f5a9f712efe24d2d34b05a49048aa3 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 08:02:54 +0200 Subject: [PATCH 05/12] fix missing newline at the end --- config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config b/config index 829ad7db..b6bd2209 100644 --- a/config +++ b/config @@ -177,4 +177,4 @@ # When returning a free-busy report, limit the number of returned # occurences per event to prevent DOS attacks. -#max_freebusy_occurrence = 10000 \ No newline at end of file +#max_freebusy_occurrence = 10000 From e852c887d7f864d6570a225716cde2efb01bf29c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 08:03:16 +0200 Subject: [PATCH 06/12] Enhancement: add option to toggle debug log of right with doesn't match --- CHANGELOG.md | 1 + DOCUMENTATION.md | 6 ++++++ config | 2 ++ radicale/config.py | 4 ++++ radicale/rights/from_file.py | 4 +++- 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a919054..b2459ddf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Enhancement: Added 'max_freebusy_occurrences` setting to avoid potential DOS on reports * Enhancement: remove unexpected control codes from uploaded items * Enhancement: add 'strip_domain' setting for username handling +* Enhancement: add option to toggle debug log of right with doesn't match * Drop: remove unused requirement "typeguard" * Improve: Refactored some date parsing code diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index 15f54d0b..342b89cb 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -978,6 +978,12 @@ Log response on level=debug Default: `False` +##### right_doesnt_match = True + +Log right which doesn't match on level=debug + +Default: `False` + #### headers In this section additional HTTP headers that are sent to clients can be diff --git a/config b/config index b6bd2209..0a999877 100644 --- a/config +++ b/config @@ -158,6 +158,8 @@ # Log response content on level=debug #response_content_on_debug = False +# Log right which doesn't match +#right_doesnt_match = False [headers] diff --git a/radicale/config.py b/radicale/config.py index 0515813b..46fafbb8 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -292,6 +292,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([ "value": "False", "help": "log response content on level=debug", "type": bool}), + ("right_doesnt_match", { + "value": "False", + "help": "log rights which doesn't match on level=debug", + "type": bool}), ("mask_passwords", { "value": "True", "help": "mask passwords in logs", diff --git a/radicale/rights/from_file.py b/radicale/rights/from_file.py index d766d1dd..47218085 100644 --- a/radicale/rights/from_file.py +++ b/radicale/rights/from_file.py @@ -48,6 +48,7 @@ class Rights(rights.BaseRights): def __init__(self, configuration: config.Configuration) -> None: super().__init__(configuration) self._filename = configuration.get("rights", "file") + self._log_right_doesnt_match = configuration.get("logging", "right_doesnt_match") def authorization(self, user: str, path: str) -> str: user = user or "" @@ -80,7 +81,8 @@ class Rights(rights.BaseRights): user, sane_path, user_pattern, collection_pattern, section, permission) return permission - logger.debug("Rule %r:%r doesn't match %r:%r from section %r", + if self._log_right_doesnt_match: + logger.debug("Rule %r:%r doesn't match %r:%r from section %r", user, sane_path, user_pattern, collection_pattern, section) logger.info("Rights: %r:%r doesn't match any section", user, sane_path) From 6d117382432a42a5075baff9b438cb5376ca521b Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 08:39:16 +0200 Subject: [PATCH 07/12] fix/enhance Apache template for file authentication --- contrib/apache/radicale.conf | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/contrib/apache/radicale.conf b/contrib/apache/radicale.conf index 7499be61..98a25a72 100644 --- a/contrib/apache/radicale.conf +++ b/contrib/apache/radicale.conf @@ -57,13 +57,15 @@ Require all granted - ## You may want to use apache's authentication (config: [auth] type = remote_user) + ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user) + ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser #AuthBasicProvider file #AuthType Basic #AuthName "Enter your credentials" - #AuthUserFile /path/to/httpdfile/ + #AuthUserFile /etc/httpd/conf/htpasswd-radicale #AuthGroupFile /dev/null #Require valid-user + #RequestHeader set X-Remote-User expr=%{REMOTE_USER} @@ -106,13 +108,15 @@ Require all granted - ## You may want to use apache's authentication (config: [auth] type = remote_user) + ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user) + ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser #AuthBasicProvider file #AuthType Basic #AuthName "Enter your credentials" - #AuthUserFile /path/to/httpdfile/ + #AuthUserFile /etc/httpd/conf/htpasswd-radicale #AuthGroupFile /dev/null #Require valid-user + #RequestHeader set X-Remote-User expr=%{REMOTE_USER} @@ -179,11 +183,12 @@ CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Require all granted - ## You may want to use apache's authentication (config: [auth] type = remote_user) + ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user) + ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser #AuthBasicProvider file #AuthType Basic #AuthName "Enter your credentials" - #AuthUserFile /path/to/httpdfile/ + #AuthUserFile /etc/httpd/conf/htpasswd-radicale #AuthGroupFile /dev/null #Require valid-user @@ -221,11 +226,12 @@ CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Require all granted - ## You may want to use apache's authentication (config: [auth] type = remote_user) + ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user) + ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser #AuthBasicProvider file #AuthType Basic #AuthName "Enter your credentials" - #AuthUserFile /path/to/httpdfile/ + #AuthUserFile /etc/httpd/conf/htpasswd-radicale #AuthGroupFile /dev/null #Require valid-user From a79c2ad83e5ddd94897bc5ef945d784e075988dd Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 08:59:32 +0200 Subject: [PATCH 08/12] align option name --- DOCUMENTATION.md | 4 ++-- config | 4 ++-- radicale/config.py | 4 ++-- radicale/rights/from_file.py | 10 ++++++---- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index 342b89cb..644ad012 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -978,9 +978,9 @@ Log response on level=debug Default: `False` -##### right_doesnt_match = True +##### rights_rule_doesnt_match_on_debug = True -Log right which doesn't match on level=debug +Log rights rule which doesn't match on level=debug Default: `False` diff --git a/config b/config index 0a999877..8c75bf77 100644 --- a/config +++ b/config @@ -158,8 +158,8 @@ # Log response content on level=debug #response_content_on_debug = False -# Log right which doesn't match -#right_doesnt_match = False +# Log rights rule which doesn't match on level=debug +#rights_rule_doesnt_match_on_debug = False [headers] diff --git a/radicale/config.py b/radicale/config.py index 46fafbb8..d5797c13 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -292,9 +292,9 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([ "value": "False", "help": "log response content on level=debug", "type": bool}), - ("right_doesnt_match", { + ("rights_rule_doesnt_match_on_debug", { "value": "False", - "help": "log rights which doesn't match on level=debug", + "help": "log rights rules which doesn't match on level=debug", "type": bool}), ("mask_passwords", { "value": "True", diff --git a/radicale/rights/from_file.py b/radicale/rights/from_file.py index 47218085..79e0994f 100644 --- a/radicale/rights/from_file.py +++ b/radicale/rights/from_file.py @@ -48,7 +48,7 @@ class Rights(rights.BaseRights): def __init__(self, configuration: config.Configuration) -> None: super().__init__(configuration) self._filename = configuration.get("rights", "file") - self._log_right_doesnt_match = configuration.get("logging", "right_doesnt_match") + self._log_rights_rule_doesnt_match_on_debug = configuration.get("logging", "rights_rule_doesnt_match_on_debug") def authorization(self, user: str, path: str) -> str: user = user or "" @@ -62,6 +62,8 @@ class Rights(rights.BaseRights): except Exception as e: raise RuntimeError("Failed to load rights file %r: %s" % (self._filename, e)) from e + if not self._log_rights_rule_doesnt_match_on_debug: + logger.debug("logging of rules which doesn't match suppressed by config/option [logging] rights_rule_doesnt_match_on_debug") for section in rights_config.sections(): try: user_pattern = rights_config.get(section, "user") @@ -81,9 +83,9 @@ class Rights(rights.BaseRights): user, sane_path, user_pattern, collection_pattern, section, permission) return permission - if self._log_right_doesnt_match: + if self._log_rights_rule_doesnt_match_on_debug: logger.debug("Rule %r:%r doesn't match %r:%r from section %r", - user, sane_path, user_pattern, collection_pattern, - section) + user, sane_path, user_pattern, collection_pattern, + section) logger.info("Rights: %r:%r doesn't match any section", user, sane_path) return "" From 3f62982e1d3d0a6e571c58e23924774b4340fd81 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Wed, 28 Aug 2024 09:00:41 +0200 Subject: [PATCH 09/12] fix --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2459ddf..614db10a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ * Enhancement: Added 'max_freebusy_occurrences` setting to avoid potential DOS on reports * Enhancement: remove unexpected control codes from uploaded items * Enhancement: add 'strip_domain' setting for username handling -* Enhancement: add option to toggle debug log of right with doesn't match +* Enhancement: add option to toggle debug log of rights rule with doesn't match * Drop: remove unused requirement "typeguard" * Improve: Refactored some date parsing code From e70486900d259a1391b1403751f5ac509cc07e08 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Fri, 30 Aug 2024 06:17:00 +0200 Subject: [PATCH 10/12] Version 3.2.3 --- CHANGELOG.md | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 614db10a..e6e5e20b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 3.dev +## 3.2.3 * Add: support for Python 3.13 * Fix: Using icalendar's tzinfo on created datetime to fix issue with icalendar * Fix: typos in code diff --git a/setup.py b/setup.py index 68e36398..dc7160ac 100644 --- a/setup.py +++ b/setup.py @@ -19,7 +19,7 @@ from setuptools import find_packages, setup # When the version is updated, a new section in the CHANGELOG.md file must be # added too. -VERSION = "3.dev" +VERSION = "3.2.3" with open("README.md", encoding="utf-8") as f: long_description = f.read() From b1ce69882ce60490bffd2ae92e9b588694e80b24 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 1 Sep 2024 17:13:08 +0200 Subject: [PATCH 11/12] revert to 3.dev --- CHANGELOG.md | 2 ++ setup.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6e5e20b..125e7ae8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog +## 3.dev + ## 3.2.3 * Add: support for Python 3.13 * Fix: Using icalendar's tzinfo on created datetime to fix issue with icalendar diff --git a/setup.py b/setup.py index dc7160ac..68e36398 100644 --- a/setup.py +++ b/setup.py @@ -19,7 +19,7 @@ from setuptools import find_packages, setup # When the version is updated, a new section in the CHANGELOG.md file must be # added too. -VERSION = "3.2.3" +VERSION = "3.dev" with open("README.md", encoding="utf-8") as f: long_description = f.read() From c63dee71ec80a2d6ce629adb4d9aabb2abb27471 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 1 Sep 2024 17:19:53 +0200 Subject: [PATCH 12/12] Adjustment: option [auth] htpasswd_encryption change default from "md5" to "autodetect" --- CHANGELOG.md | 2 ++ DOCUMENTATION.md | 17 ++++++++--------- config | 2 +- radicale/config.py | 2 +- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 125e7ae8..9676f5c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## 3.dev +* Adjustment: option [auth] htpasswd_encryption change default from "md5" to "autodetect" + ## 3.2.3 * Add: support for Python 3.13 * Fix: Using icalendar's tzinfo on created datetime to fix issue with icalendar diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index 644ad012..723c3705 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -122,12 +122,12 @@ The `users` file can be created and managed with [htpasswd](https://httpd.apache.org/docs/current/programs/htpasswd.html): ```bash -# Create a new htpasswd file with the user "user1" -$ htpasswd -c /path/to/users user1 +# Create a new htpasswd file with the user "user1" using SHA-512 as hash method +$ htpasswd -5 -c /path/to/users user1 New password: Re-type new password: # Add another user -$ htpasswd /path/to/users user2 +$ htpasswd -5 /path/to/users user2 New password: Re-type new password: ``` @@ -138,8 +138,7 @@ Authentication can be enabled with the following configuration: [auth] type = htpasswd htpasswd_filename = /path/to/users -# encryption method used in the htpasswd file -htpasswd_encryption = md5 +htpasswd_encryption = autodetect ``` ##### The simple but insecure way @@ -623,7 +622,7 @@ hosts = 0.0.0.0:5232, [::]:5232 [auth] type = htpasswd htpasswd_filename = ~/.config/radicale/users -htpasswd_encryption = md5 +htpasswd_encryption = autodetect [storage] filesystem_folder = ~/.var/lib/radicale/collections @@ -641,7 +640,7 @@ The same example configuration via command line arguments looks like: ```bash python3 -m radicale --server-hosts 0.0.0.0:5232,[::]:5232 \ --auth-type htpasswd --auth-htpasswd-filename ~/.config/radicale/users \ - --auth-htpasswd-encryption md5 + --auth-htpasswd-encryption autodetect ``` Add the argument `--config ""` to stop Radicale from loading the default @@ -775,7 +774,7 @@ Available methods: The installation of **bcrypt** is required for this. `md5` -: This uses an iterated MD5 digest of the password with a salt. +: This uses an iterated MD5 digest of the password with a salt (nowadays insecure). `sha256` : This uses an iterated SHA-256 digest of the password with a salt. @@ -786,7 +785,7 @@ Available methods: `autodetect` : This selects autodetection of method per entry. -Default: `md5` +Default: `autodetect` ##### delay diff --git a/config b/config index 8c75bf77..8cbc6f91 100644 --- a/config +++ b/config @@ -62,7 +62,7 @@ # Htpasswd encryption method # Value: plain | bcrypt | md5 | sha256 | sha512 | autodetect # bcrypt requires the installation of 'bcrypt' module. -#htpasswd_encryption = md5 +#htpasswd_encryption = autodetect # Incorrect authentication delay (seconds) #delay = 1 diff --git a/radicale/config.py b/radicale/config.py index d5797c13..ec1335db 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -180,7 +180,7 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([ "help": "htpasswd filename", "type": filepath}), ("htpasswd_encryption", { - "value": "md5", + "value": "autodetect", "help": "htpasswd encryption method", "type": str}), ("realm", {