oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-07-02 16:58:30 +00:00
Code Wiki Activity
2067 commits 5 branches 81 tags 7.5 MiB
Commit graph

454 commits

Author SHA1 Message Date
Unrud
c5342d36d5 Remove BaseCollection.update 
I don't think that this can be used for optimizations.

It's useless in the filesystem backend, SQL has REPLACE and I doubt that there is much use in any other storage mechanism.
 2016-08-25 06:37:12 +02:00
Unrud
10786cbad8 Move hook into storage.Collection 
The hook is only valid for filesystem storage, it's meaningless for other backends like databases.
 2016-08-25 05:40:46 +02:00
Unrud
8db580abce Try to decode URLs with utf-8 (Fixes #486) 2016-08-25 05:30:46 +02:00
Unrud
3b71ab960e Log exceptions (Fixes #447) 
Exceptions were just written to stderr but not into logs.
 2016-08-25 05:24:24 +02:00
Unrud
6515062bcd Return HTTP status in xmlutils.propfind 2016-08-12 23:34:08 +02:00
Guillaume Ayoub
d3d29802ad Merge pull request #474 from Unrud/patch-31 
PROPFIND rights checking
 2016-08-11 11:44:43 +02:00
Unrud
4eb04e3526 PROPFIND rights checking 
Return 404 and 403 only when it's appropriate. Don't ask users for passwords if an item just doesn't exist (e.g. mistyped URL).
 2016-08-11 02:19:48 +02:00
Unrud
e2b87d145f Cosmetics: Don't use % for logging 2016-08-10 23:43:32 +02:00
Unrud
9192a7751b Remove incorrect argument 
In rare cases this can cause a crash.
 2016-08-10 23:41:19 +02:00
Guillaume Ayoub
c4cf918bf2 Merge pull request #470 from Unrud/readcontent 
Read content after access checks
 2016-08-08 12:57:59 +02:00
Unrud
a9b89be5c7 Read content after access checks 
Unauthorized users can't fill up RAM with crap anymore.
 2016-08-08 07:00:24 +02:00
Unrud
f294b1cf17 Add access check to PROPFIND 2016-08-08 06:59:15 +02:00
Unrud
68286faa63 Atomic replacement of whole collection by PUT 2016-08-08 06:08:52 +02:00
Unrud
ee5b8facda Always use wrapper to lock collection 
Also run the hook after creation of the principal collection.
 2016-08-07 17:14:47 +02:00
Unrud
23582c8208 Expose low level MOVE operation in storage.BaseCollection 2016-08-06 05:09:00 +02:00
Unrud
17ff22cae4 Support replacing in MOVE method 2016-08-06 04:45:44 +02:00
Unrud
89ac2fb397 Remove faulty check 
This should have been (to_path.strip("/")+"/").startswith(path.strip("/")+"/").
But it's not required as we don't support moving collections.
 2016-08-06 04:44:18 +02:00
Guillaume Ayoub
9aefc500ec Merge pull request #461 from Unrud/patch-27 
Remove old code
 2016-08-05 17:48:03 +02:00
Unrud
6d77e24028 Remove old code 
This was missed while merging #457 and #459.
 2016-08-05 17:05:32 +02:00
Unrud
65af0592d3 Run hook while storage is still locked 2016-08-05 16:58:03 +02:00
Guillaume Ayoub
8682504c6e Strip empty lines from content 2016-08-05 02:25:15 +02:00
Guillaume Ayoub
26e1c9ba89 Fix collection creation with PUT request 2016-08-05 02:24:52 +02:00
Guillaume Ayoub
8ac3ce1a89 Clean many, many things 2016-08-05 02:14:49 +02:00
Guillaume Ayoub
92a0027ae1 Merge branch 'rights' of https://github.com/Unrud/Radicale into Unrud-rights 2016-08-04 23:35:01 +02:00
Unrud
066b5994d1 Improve rights checking and request handlers 
* Access rights are checked before the storage is locked and
    collections are loaded.
  * DELETE sends 410 instead of doing nothing or crashing if the target
    doesn't exist.
  * GET always returns 404 if the target doesn't exist.
  * GET doesn't crash if a collection without tag property is requested.
  * MKCOL and MKCALENDAR send 409 if the target already exists.
  * MOVE checks if the target collection of an item actually exists and
    sends 409 otherwise.
  * PUT doesn't crash if a whole collection that doesn't exist yet is
    uploaded and ``content-type`` is ``text/vcard`` or
    ``text/calendar``.
  * PUT distinguishes between simple items and whole collections by the
    following criteria: Target is a collection; Parent exists; Parent
    has the tag property set; Parent contains other items. Before only
    the first two criteria where used, which was very unrelieable. #384
  * PROPPATCH is only allowed on collections and 409 is send otherwise.
  * ``Rights.authorized`` takes a path instead of a collection.
  * ``Collection.discover`` only returns items in ``path``, that
    actually exist. #442
 2016-08-04 06:08:08 +02:00
Unrud
ae89082c24 Atomic creation of collections 2016-08-03 15:50:55 +02:00
Unrud
bd7641699e Atomic PROPPATCH 2016-08-03 14:45:52 +02:00
Guillaume Ayoub
b71664b322 Return UNAUTHORIZED for NOT_FOUND PROPFINDs 2016-08-02 17:24:04 +02:00
Guillaume Ayoub
3e52f34309 Remove pylint 2016-08-02 14:39:20 +02:00
Guillaume Ayoub
301bb552d7 Cosmetics 2016-08-02 14:37:39 +02:00
Guillaume Ayoub
d322d3f394 Clean the user's collection creation code 2016-08-02 14:00:42 +02:00
Guillaume Ayoub
04010ff8d3 Merge pull request #455 from Unrud/home 
Creating addressbooks and calendars in DAVdroid
 2016-08-02 13:51:29 +02:00
Unrud
81b04890f1 Create principal collection automatically 2016-08-02 08:04:12 +02:00
Guillaume Ayoub
6b30870be5 Minor cleanups 
Everything works fine with Apple clients now.
 2016-08-01 19:00:57 +02:00
Guillaume Ayoub
6bfdcbafec Cosmetics 2016-08-01 12:50:51 +02:00
Guillaume Ayoub
711ecf5df2 Merge pull request #451 from Unrud/removewellknown 
Remove /.well-known
 2016-08-01 12:20:55 +02:00
Unrud
fd977891e8 Remove /.well-known 
I can't think of a sane use-case for this.
 2016-08-01 09:31:25 +02:00
Unrud
da1a693620 Prevent unsafe usernames 
If an attacker is able to create an account with a username like "user/calendar.ics", he can access collections of other users.
 2016-08-01 09:10:23 +02:00
Guillaume Ayoub
b3d8833779 Normalize the version number 2016-07-30 16:43:29 +02:00
Unrud
0263251ecf Add hook for storage changes 2016-07-14 07:57:46 +02:00
Guillaume Ayoub
ef63865e31 Merge pull request #428 from Unrud/patch-22 
Add timeout to connections, limit size of request body and limit number of parallel connections
 2016-07-14 02:06:24 +02:00
Guillaume Ayoub
5bd80d8d13 Don't crash when getting unknown collections 
Fix #422.
 2016-07-14 01:39:57 +02:00
Florian Mounier
383409213e deflate seems to be problematic with different implementations (http://stackoverflow.com/questions/388595/why-use-deflate-instead-of-gzip-for-text-files-served-by-apache/388633#388633). Using gzip instead. 2016-07-04 17:00:43 +02:00
Unrud
83ea9da2b4 Limit number of parallel connections 2016-06-11 13:19:26 +02:00
Unrud
e438d9fd4b Limit size of request body 2016-06-11 13:16:45 +02:00
Unrud
b55d2181ed Add timeout to integrated sever 2016-06-11 13:14:58 +02:00
Unrud
d4e6205745 Don't include passwords in logs 2016-06-11 12:58:28 +02:00
Unrud
54b47c4a3e Refactor: Move response code into function 2016-06-10 14:55:32 +02:00
Guillaume Ayoub
13a7f2f9af Merge pull request #417 from Unrud/patch-14 
Allow creation of empty collection via PUT
 2016-05-30 11:23:27 +02:00
Unrud
4861b79878 Allow creation of empty collection via PUT 2016-05-29 01:18:29 +02:00