oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-07-23 17:48:30 +00:00
Code Wiki Activity
1459 commits 5 branches 81 tags 8.2 MiB
Commit graph

386 commits

Author SHA1 Message Date
Guillaume Ayoub
f7c7746643 Merge pull request #99 from horazont/fix-preauth 
Fix issues if authentication is done by web server
 2014-02-05 12:59:45 +01:00
Christoph Polcin
3aa992e518 Find collections if necessary 2014-01-19 20:11:47 +01:00
Christoph Polcin
90d82d044c Fix access to collections 
under certain conditions it was possible to pass the final access control
if-clause. the master branch granted access if:

    if ((read_allowed_items or write_allowed_items)
        and (not user or auth.is_authenticated(user, password))) or
        function == self.options or not items:

the easy-connect branch from pull request #95 adds:
    (is_authenticated and function == self.propfind) or

the last `or not items` condition levers out the previous authentication and
access control. that isn't that big secuity issue because in this case there
are no collection and items at all. but "bad" and anonymous users could gather
data and information which not destined for them.

this commit fixes and simplifies the if-clause.
 2014-01-19 20:04:37 +01:00
Christoph Polcin
83db27303f Respond to all authenticated PROPFIND requests 2014-01-19 19:35:46 +01:00
Jonas Wielicki
d9df9a36e1 Fix issues if authentication is done by web server 
This patch fixes `user` always being None if the authentication is
offloaded to the webserver, as it is suggested in the documentation.

For normal access, this is not a problem, but it becomes a problem if a
client wants to get the current-user-principal, for which the user name
is required.
 2014-01-14 20:46:47 +01:00
Sergey Fursov
dca10fa14e Different rights management backends 
Initially only one backend - regular expressions based
 2013-12-25 03:44:24 +04:00
Jean-Marc Martins
7ac971e022 Fix wrong syntax in config file and fix #58 2013-12-23 16:45:15 +01:00
Jean-Marc Martins
f377bd1356 Fix ssl protocol 2013-12-13 15:17:30 +01:00
Jean-Marc Martins
d765544edd Add ssl protocol and ciphers in config 2013-12-13 14:31:09 +01:00
Jean-Marc Martins
a631c8c761 Fix compatibility between python2 and 3 2013-09-19 14:40:03 +02:00
Jean-Marc Martins
e2512b12fb Fixed partially anonymous authentication 2013-09-13 15:05:02 +02:00
Jean-Marc Martins
58faf725b0 Fixed authentication for anonymous users 2013-09-12 17:39:20 +02:00
Guillaume Ayoub
43785e48a9 Get configuration keys at runtime, not when module is imported (fixes #64) 2013-09-12 13:48:49 +02:00
Jean-Marc Martins
97a19405c4 Adds git support to Radicale (Fix #30) 2013-08-30 17:23:04 +02:00
Guillaume Ayoub
f7f26afd6b Fix rights type "None" 2013-08-14 11:58:08 +02:00
Guillaume Ayoub
586773148e Use a more simple rights manager 2013-08-14 10:50:59 +02:00
Guillaume Ayoub
b8848de15e Preparing next version 2013-07-12 18:40:12 +02:00
Guillaume Ayoub
2df8f92f87 Version 0.8 2013-07-12 17:45:30 +02:00
Guillaume Ayoub
c4f2587fd9 Pylint 2013-07-12 15:25:57 +02:00
Guillaume Ayoub
de1e57081b Put the realm in the configuration file (fix #37) 2013-06-28 16:39:09 +02:00
Guillaume Ayoub
fab7796ca0 Allow additional HTTP headers in configuration file 
Best ratio coolness/sloc ever!
 2013-05-13 18:15:08 +02:00
Guillaume Ayoub
e9e811d375 Allow requests with no maching items (ie. requests at "/") 2013-05-01 20:36:41 +02:00
Guillaume Ayoub
f73b44a311 Useless typo 2013-05-01 20:12:24 +02:00
Guillaume Ayoub
bf8e874e4d Merge *base_prefix config keys into base_prefix (fixes #996) 2013-04-30 14:02:17 +02:00
Guillaume Ayoub
406bb6e8cc Update copyright years 2013-04-26 01:28:03 +02:00
Guillaume Ayoub
bcdf00f85e Allow colon characters in passwords (fixes #1308) 2013-01-31 17:27:23 +01:00
Guillaume Ayoub
4c064bcf35 Clean rights from file and remove tests 2012-09-15 09:08:01 +02:00
Guillaume Ayoub
7b15832dbf Merge pull request #12 from matthiasjordan/master 
File-based rights and testing
 2012-09-14 05:23:24 -07:00
Guillaume Ayoub
e06cfa4de0 Handle "If-None-Match: *" HTTP headers for PUT requests 2012-08-31 17:24:32 +02:00
Matthias Jordan
e08aa6176c Less aggressive logging 2012-08-18 00:36:30 +02:00
Matthias Jordan
0c4562c01d Using different HTTP status codes in some cases where auth or rights are violated 2012-08-18 00:18:22 +02:00
Matthias Jordan
db708a0853 Checking rights only once. Also taking care of mistakenly checking 
ownership of events. xmlutils is now unaware of rights.
 2012-08-15 22:36:42 +02:00
Matthias Jordan
0722db04fb Extract method 2012-08-15 15:12:18 +02:00
Matthias Jordan
bc0b74c555 Using collection's URL for logging instead of its name 2012-08-11 00:57:15 +02:00
Guillaume Ayoub
98bbe61f67 Use relative imports 2012-08-09 17:31:36 +02:00
Guillaume Ayoub
9f446cb261 Fix GET requests 2012-08-09 16:00:31 +02:00
Guillaume Ayoub
17857654b0 Use the same import mechanisms for auth, storage, rights 2012-08-09 15:39:01 +02:00
Guillaume Ayoub
3ddbb80674 Fix OPTIONS requests 2012-08-09 14:29:44 +02:00
Guillaume Ayoub
4fa53d15b3 Fix the auth checking algorithm 2012-08-09 14:15:20 +02:00
Guillaume Ayoub
e33ee8ea7c Small fixes 2012-08-08 18:54:58 +02:00
Guillaume Ayoub
b4a7ada5f2 is_authorized returns True when no auth method is set 2012-08-08 18:44:25 +02:00
Guillaume Ayoub
45afac5353 Code cleaned and modules renamed 
*Radicale is probably broken now*
 2012-08-08 18:29:09 +02:00
Matthias Jordan
55a13d4c39 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	radicale/__init__.py
	radicale/acl/courier.py
 2012-08-04 11:27:51 +02:00
Guillaume Ayoub
7d06d1b4d5 Version set to "git" 2012-08-03 14:37:40 +02:00
Guillaume Ayoub
0cf9b92ce7 Version 0.7.1 2012-08-03 14:37:02 +02:00
Guillaume Ayoub
7ae764fd4b Enhance readability according to PEP8 2012-08-03 14:08:11 +02:00
Matthias Jordan
e40e68b528 Separation of authentication and authorization. Separation of read and write authorization. 
Static test strategies for authentication. Barely tested. Use at your own risk!
 2012-08-03 13:10:20 +02:00
Guillaume Ayoub
a7481a0546 Clean the server's __call__ method, with comments and better variable names 2012-08-03 11:52:30 +02:00
Guillaume Ayoub
cff6c2b43b Return 204 response when an item is modified 2012-06-22 12:29:49 +02:00
Guillaume Ayoub
b5e94598e9 No etag returned when an added item doesn't have the same name as the one given by the client (closes #799) 2012-04-27 16:03:14 +02:00