From c7c3119267a95d561224299d60bc55573da34ce7 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 08:35:26 +0200
Subject: [PATCH 1/5] detect active default config

---
 radicale/__init__.py | 7 ++++++-
 radicale/__main__.py | 8 +++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index 870bf369..b8d864f9 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -53,9 +53,14 @@ def _get_application_instance(config_path: str, wsgi_errors: types.ErrorStream
                     config_path))
                 log.set_level(cast(str, configuration.get("logging", "level")))
                 # Log configuration after logger is configured
+                default_config_active = True
                 for source, miss in configuration.sources():
-                    logger.info("%s %s", "Skipped missing" if miss
+                    logger.info("%s %s", "Skipped missing/unreadable" if miss
                                 else "Loaded", source)
+                    if not miss and source != "default config":
+                        default_config_active = False
+                if default_config_active:
+                    logger.warn("%s", "No config file found/readable - only default config is active")
                 _application_instance = Application(configuration)
     if _application_config_path != config_path:
         raise ValueError("RADICALE_CONFIG must not change: %r != %r" %
diff --git a/radicale/__main__.py b/radicale/__main__.py
index dcf8cb67..c9a022e1 100644
--- a/radicale/__main__.py
+++ b/radicale/__main__.py
@@ -167,8 +167,14 @@ def run() -> None:
     log.set_level(cast(str, configuration.get("logging", "level")))
 
     # Log configuration after logger is configured
+    default_config_active = True
     for source, miss in configuration.sources():
-        logger.info("%s %s", "Skipped missing" if miss else "Loaded", source)
+        logger.info("%s %s", "Skipped missing/unreadable" if miss else "Loaded", source)
+        if not miss and source != "default config":
+            default_config_active = False
+
+    if default_config_active:
+        logger.warn("%s", "No config file found/readable - only default config is active")
 
     if args_ns.verify_storage:
         logger.info("Verifying storage")

From 27dfaa866386052ace21800a8c101fa0b5b1f1f1 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 08:35:46 +0200
Subject: [PATCH 2/5] warn in case no user authentication is active

---
 radicale/auth/__init__.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/radicale/auth/__init__.py b/radicale/auth/__init__.py
index 89f65adc..08ec5ee0 100644
--- a/radicale/auth/__init__.py
+++ b/radicale/auth/__init__.py
@@ -32,6 +32,7 @@ Take a look at the class ``BaseAuth`` if you want to implement your own.
 from typing import Sequence, Tuple, Union
 
 from radicale import config, types, utils
+from radicale.log import logger
 
 INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
                                  "denyall",
@@ -40,6 +41,8 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
 
 def load(configuration: "config.Configuration") -> "BaseAuth":
     """Load the authentication module chosen in configuration."""
+    if configuration.get("auth", "type") == "none":
+        logger.warn("No user authentication is selected (insecure)")
     return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
                              configuration)
 

From ad3a8d9370cdb58e0cc4ee9d30b47843f0ebcd86 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 08:36:05 +0200
Subject: [PATCH 3/5] update copyright

---
 radicale/__init__.py | 3 ++-
 radicale/__main__.py | 3 ++-
 radicale/config.py   | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index b8d864f9..4df3e989 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -2,7 +2,8 @@
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/radicale/__main__.py b/radicale/__main__.py
index c9a022e1..e71663b4 100644
--- a/radicale/__main__.py
+++ b/radicale/__main__.py
@@ -1,6 +1,7 @@
 # This file is part of Radicale - CalDAV and CardDAV server
 # Copyright © 2011-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/radicale/config.py b/radicale/config.py
index 4cf3e2ce..6961c460 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -2,7 +2,7 @@
 # Copyright © 2008-2017 Guillaume Ayoub
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2020 Unrud <unrud@outlook.com>
 # Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify

From 9c338b34eb71f57429b1197c4bec0e741b5af423 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 08:37:04 +0200
Subject: [PATCH 4/5] update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d0eb301..bb57f25c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## 3.dev
 * Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases)
+* Enhancement: display warning in case only default config is active
+* Enhancement: display warning in case no user authentication is active
 
 ## 3.2.1
 

From bf112d6b5fe664e7c9fc8e3a1f745bec259d3761 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Fri, 7 Jun 2024 12:35:21 +0200
Subject: [PATCH 5/5] log also in case of "denyall" is selected, cosmetics

---
 radicale/auth/__init__.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/radicale/auth/__init__.py b/radicale/auth/__init__.py
index 08ec5ee0..dfc5f564 100644
--- a/radicale/auth/__init__.py
+++ b/radicale/auth/__init__.py
@@ -42,7 +42,9 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
 def load(configuration: "config.Configuration") -> "BaseAuth":
     """Load the authentication module chosen in configuration."""
     if configuration.get("auth", "type") == "none":
-        logger.warn("No user authentication is selected (insecure)")
+        logger.warn("No user authentication is selected: '[auth] type=none' (insecure)")
+    if configuration.get("auth", "type") == "denyall":
+        logger.warn("All access is blocked by: '[auth] type=denyall'")
     return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
                              configuration)