mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-03 21:27:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

change default of authentication type to "denyall" for secure-by-default

Browse source
This commit is contained in:
Peter Bieringer 2025-03-15 14:34:51 +01:00
parent 7bb4beeae2
commit be43ce5161
5 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config
View file

@ -63,7 +63,7 @@
# Authentication method # Authentication method
# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall # Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall
#type = none #type = denyall
# Cache logins for until expiration time # Cache logins for until expiration time
#cache_logins = false #cache_logins = false

2
radicale/config.py
View file

@ -206,7 +206,7 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
"type": str})])), "type": str})])),
("auth", OrderedDict([ ("auth", OrderedDict([
("type", { ("type", {
"value": "none", "value": "denyall",
"help": "authentication method (" + "|".join(auth.INTERNAL_TYPES) + ")", "help": "authentication method (" + "|".join(auth.INTERNAL_TYPES) + ")",
"type": str_or_callable, "type": str_or_callable,
"internal": auth.INTERNAL_TYPES}), "internal": auth.INTERNAL_TYPES}),

2
radicale/tests/test_base.py
View file

@ -1714,6 +1714,7 @@ permissions: RrWw""")
assert status == 200 and prop.text == "text/vcard;charset=utf-8" assert status == 200 and prop.text == "text/vcard;charset=utf-8"
def test_authorization(self) -> None: def test_authorization(self) -> None:
self.configure({"auth": {"type": "none"}})
_, responses = self.propfind("/", """\ _, responses = self.propfind("/", """\
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:"> <propfind xmlns="DAV:">
@ -1740,6 +1741,7 @@ permissions: RrWw""")
def test_principal_collection_creation(self) -> None: def test_principal_collection_creation(self) -> None:
"""Verify existence of the principal collection.""" """Verify existence of the principal collection."""
self.configure({"auth": {"type": "none"}})
self.propfind("/user/", login="user:") self.propfind("/user/", login="user:")
def test_authentication_current_user_principal_hack(self) -> None: def test_authentication_current_user_principal_hack(self) -> None:

3
radicale/tests/test_rights.py
View file

@ -143,6 +143,7 @@ collection: public/[^/]*
permissions: i""") permissions: i""")
self.configure({"rights": {"type": "from_file", self.configure({"rights": {"type": "from_file",
"file": rights_file_path}}) "file": rights_file_path}})
self.configure({"auth": {"type": "none"}})
self.mkcalendar("/tmp/calendar", login="tmp:bepo") self.mkcalendar("/tmp/calendar", login="tmp:bepo")
self.mkcol("/public", login="tmp:bepo") self.mkcol("/public", login="tmp:bepo")
self.mkcalendar("/public/calendar", login="tmp:bepo") self.mkcalendar("/public/calendar", login="tmp:bepo")
@ -165,6 +166,7 @@ permissions: i""")
Items are allowed at "/.../.../...". Items are allowed at "/.../.../...".
""" """
self.configure({"auth": {"type": "none"}})
self.mkcalendar("/", check=401) self.mkcalendar("/", check=401)
self.mkcalendar("/user/", check=401) self.mkcalendar("/user/", check=401)
self.mkcol("/user/") self.mkcol("/user/")
@ -175,6 +177,7 @@ permissions: i""")
def test_put_collections_and_items(self) -> None: def test_put_collections_and_items(self) -> None:
"""Test rights for creation of calendars and items with PUT.""" """Test rights for creation of calendars and items with PUT."""
self.configure({"auth": {"type": "none"}})
self.put("/user/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR", check=401) self.put("/user/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR", check=401)
self.mkcol("/user/") self.mkcol("/user/")
self.put("/user/calendar/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR") self.put("/user/calendar/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR")

1
radicale/tests/test_storage.py
View file

@ -77,6 +77,7 @@ class TestMultiFileSystem(BaseTest):
"""Verify that the hooks runs when a new user is created.""" """Verify that the hooks runs when a new user is created."""
self.configure({"storage": {"hook": "mkdir %s" % os.path.join( self.configure({"storage": {"hook": "mkdir %s" % os.path.join(
"collection-root", "created_by_hook")}}) "collection-root", "created_by_hook")}})
self.configure({"auth": {"type": "none"}})
self.propfind("/", login="user:") self.propfind("/", login="user:")
self.propfind("/created_by_hook/") self.propfind("/created_by_hook/")