oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-10-15 21:51:57 +00:00
Code Wiki Activity
3302 commits 5 branches 85 tags 10 MiB
Commit graph

184 commits

Author SHA1 Message Date
Peter Bieringer
b46916fca9 fix according to https://github.com/Kozea/Radicale/issues/1878#issue-3438629348 2025-09-24 06:35:27 +02:00
Johannes Berg
256ca59aaf auth: clean up remote IP parameter/documentation 
Make the remote IP parameter more generic and make it an enum
determining the source instead of a boolean. Also fix the
changelog entry.

Both as requested, I managed to miss those comments previously.
 2025-09-09 20:25:49 +02:00
Johannes Berg
b5a1ea911d auth: dovecot: pass remote IP (rip=) to auth server 
If known, let the auth server know where the client came
from, using REMOTE_ADDR or, optionally/configurably, the
X-Remote-Addr header value (which is needed when running
behind a trusted proxy.)

Addresses #1859.
 2025-09-09 12:10:00 +02:00
Peter Marschall
9eb9556536 LDAP auth: decode UTF-8 byte sequences to strings only if necessary 2025-09-07 15:05:47 +02:00
Peter Marschall
cde4c5f2e8 LDAP auth: stop giving type hints for local list variables 2025-09-07 14:44:03 +02:00
Peter Marschall
9b216a9f24 LDAP auth: define fallback value for _use_encryption 2025-09-07 11:38:08 +02:00
Peter Marschall
5c4a0578b0 LDAP auth: fix _login2() by importing ldap.filter 2025-09-07 11:38:08 +02:00
Peter Marschall
5a183e3c2b LDAP auth: make flake8 happy 
"fix" small lint to keep flake8 happy.
 2025-09-07 11:38:08 +02:00
Peter Marschall
5f677fc77e LDAP auth: document all paramters at the top of the file 2025-09-07 11:38:08 +02:00
Peter Marschall
8821612fa8 LDAP auth: allow finding groups based on separate search 
Instead of searching for the membership attribute on the user side
(usually AD: memberOf, Novell eDirectory: groupMembership) to determine
the groups the user loging on is a member of, allow performing a separate
search for the groups having the user as member and use the found groups' DNs.

The group search is performed in the context of 'ldap_reader_dn', after
the user DN has been found in the directory, but before the authentication
has been performed by doing an LDAP bind in the user's context.

Although this may - in the case of unsuccessful login attempts -
double the number of queries to the LDAP server, it has been done
this way to keep the number of LDAP contexts minimal.

Doing the group search in the context of the user logging on is no viable
option, because there are known implementations where regular users do not
have the necessary permissions to query the groups they are a member in.
 2025-09-07 11:38:08 +02:00
Peter Marschall
be3d58c55d LDAP auth: protect LDAP search with a try: .. except clause 
Make sure to catch exceptions when searching for the user in LDAP,
log as error and fail gracefully by declining login.
 2025-07-20 17:59:31 +02:00
Dipl. Ing. Péter Varkoly
95b3944ade Do not read server info by bind to avoid needless network trafic. 2025-05-31 13:36:59 +02:00
Peter Bieringer
1e44a086bc Python < 3.10 regression fix 2025-05-16 07:37:35 +02:00
Peter Bieringer
d1098c3e22 flake8 regression E261 2025-05-16 07:28:50 +02:00
Juan F Arjona
7eb4e037cc Fixing extra space lint doesn't like :-|. 2025-05-07 13:33:18 -04:00
Juan F Arjona
1fe0211ba6
Update __init__.py 
Making lint happy (?)
 2025-05-07 11:59:27 -05:00
Juan F Arjona
d22d74320a Added urldecode_username option to decode the username when sent by the client. This solved problems when authenticating against an imap server from the iOS calendar. 2025-05-02 18:02:43 -04:00
Peter Bieringer
0bcd5d283a argon2: fix typo 2025-04-29 19:44:24 +02:00
Peter Bieringer
7b49bab471 argon2: make isort happy 2025-04-29 19:41:48 +02:00
Peter Bieringer
631f1596ae argon2: make flake8 happy 2025-04-29 19:39:15 +02:00
Peter Bieringer
76b9e89deb argon2: fix not supported auth method detection 2025-04-29 19:26:01 +02:00
Peter Bieringer
d3f1d203d4 argon2: fixes for mypy 2025-04-29 19:22:55 +02:00
Peter Bieringer
3c1593d244 fix typo 2025-04-29 19:18:41 +02:00
Peter Bieringer
2c569492f8 argon2: add support 2025-04-29 19:18:27 +02:00
Peter Bieringer
d5133fccd1 argon2: preparation 2025-04-29 19:15:19 +02:00
Peter Bieringer
323af3368c add info about argon2 support 2025-04-29 19:14:21 +02:00
gajus
b805393bd9 Standardize LDAP security configuration naming 2025-04-21 21:26:58 +02:00
gajus
1162a3a011 Add support for start_tls 2025-04-19 17:02:45 +02:00
Miles Liu
24138389ed
fix(auth/ldap): Extract user attribute from list in _login3 
This commit modifies `_login3` to check if the attribute value is a
list and, if so, extracts the first element (`[0]`) as the login
identifier. If the value is not a list, it's used directly (fallback).
 2025-04-17 14:02:40 +08:00
Peter Bieringer
6b83c409d4
Merge pull request #1742 from BastelBaus/patch-2 
Update ldap.py
 2025-03-26 05:50:28 +01:00
BastelBaus@gmail.com
5d5b12c124 fixed flake8 errors 2025-03-24 22:14:29 +01:00
BastelBaus
2439266d0e
Update ldap.py 
Bugfix, user_entry['attributes'][self._ldap_user_attr] is already the string so user_entry['attributes'][self._ldap_user_attr][0] would give only the first character and not the full user attribute
 2025-03-24 20:25:51 +01:00
BastelBaus
3af690fcb6
Update ldap.py 2025-03-24 20:13:38 +01:00
BastelBaus
98152062df
Update ldap.py 2025-03-24 20:11:40 +01:00
BastelBaus
bcbf0918a9
Update ldap.py 2025-03-24 20:10:53 +01:00
BastelBaus
7399286ec9
Update ldap.py 
timestamp hack
 2025-03-23 18:04:53 +01:00
Peter Bieringer
2ef99e5e85 Fix: auth/htpasswd related to detection and use of bcrypt 2025-03-19 06:17:34 +01:00
Peter Bieringer
69f85a0bdf only display warning if not started as wsgi 2025-03-14 21:33:36 +01:00
Peter Bieringer
358ae55540 add warning in case authentication based on environment is selected and server is not listen to loopback addresses only 2025-03-13 21:48:14 +01:00
Peter Bieringer
b0d649f8b9 adjust copyright 2025-03-13 21:31:50 +01:00
Peter Bieringer
3a13ffbc51 forgotten bcrypt pattern extension 2025-03-10 06:00:30 +01:00
Peter Bieringer
3963bb4d82 extend logging, adjust loglevel for hash error 2025-03-09 08:50:53 +01:00
Peter Bieringer
cffb2aaae3 add support for additional bcrypt algo on autodetect, improve autodetect logic and log not matching hash length 2025-03-09 08:49:30 +01:00
Peter Bieringer
95a8899002 quote error message 2025-03-08 17:28:35 +01:00
Peter Bieringer
41ab96e142 catch ValueError on verify, adjust log level for failed logins 2025-03-08 17:27:02 +01:00
Peter Bieringer
a284d18c16 make encryption visible to other functions 2025-03-08 17:26:28 +01:00
Przemysław Buczkowski
25402ab641 Use AUTHENTICATE PLAIN instead of LOGIN 
Makes imaplib use more modern AUTHENTICATE verb
rather than LOGIN.
The immediate benefit is that now the credentials
can be non-ASCII.
In the future, it may be used to add other
authentication methods, such as OAuth.

References:
* https://datatracker.ietf.org/doc/html/rfc6855.html#page-5
* https://bugs.python.org/issue13700
 2025-03-06 13:08:51 +00:00
Peter Bieringer
8218081f58 fix loglevel 2025-02-25 06:19:51 +01:00
Peter Bieringer
855e3743ca pam: merge+adjust module from v1 2025-02-22 17:50:07 +01:00
Peter Bieringer
c8f650bc2c extend copyright 2025-02-22 17:49:52 +01:00