change default of authentication type to "denyall" for secure-by-default

2025-04-03 21:27:36 +03:00 · 2025-03-15 14:34:51 +01:00 · 2025-03-15 14:34:51 +01:00 · be43ce5161
commit be43ce5161
parent 7bb4beeae2
5 changed files with 8 additions and 2 deletions
--- a/2
+++ b/2
@ -63,7 +63,7 @@

 # Authentication method
 # Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall
-#type = none
+#type = denyall

 # Cache logins for until expiration time
 #cache_logins = false
--- a/radicale/config.py
+++ b/radicale/config.py
@ -206,7 +206,7 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "type": str})])),
    ("auth", OrderedDict([
        ("type", {
-            "value": "none",
+            "value": "denyall",
            "help": "authentication method (" + "|".join(auth.INTERNAL_TYPES) + ")",
            "type": str_or_callable,
            "internal": auth.INTERNAL_TYPES}),
--- a/radicale/tests/test_base.py
+++ b/radicale/tests/test_base.py
@ -1714,6 +1714,7 @@ permissions: RrWw""")
        assert status == 200 and prop.text == "text/vcard;charset=utf-8"

    def test_authorization(self) -> None:
+        self.configure({"auth": {"type": "none"}})
        _, responses = self.propfind("/", """\
 <?xml version="1.0" encoding="utf-8"?>
 <propfind xmlns="DAV:">
@ -1740,6 +1741,7 @@ permissions: RrWw""")

    def test_principal_collection_creation(self) -> None:
        """Verify existence of the principal collection."""
+        self.configure({"auth": {"type": "none"}})
        self.propfind("/user/", login="user:")

    def test_authentication_current_user_principal_hack(self) -> None:
--- a/radicale/tests/test_rights.py
+++ b/radicale/tests/test_rights.py
@ -143,6 +143,7 @@ collection: public/[^/]*
 permissions: i""")
        self.configure({"rights": {"type": "from_file",
                                   "file": rights_file_path}})
+        self.configure({"auth": {"type": "none"}})
        self.mkcalendar("/tmp/calendar", login="tmp:bepo")
        self.mkcol("/public", login="tmp:bepo")
        self.mkcalendar("/public/calendar", login="tmp:bepo")
@ -165,6 +166,7 @@ permissions: i""")
        Items are allowed at "/.../.../...".

        """
+        self.configure({"auth": {"type": "none"}})
        self.mkcalendar("/", check=401)
        self.mkcalendar("/user/", check=401)
        self.mkcol("/user/")
@ -175,6 +177,7 @@ permissions: i""")

    def test_put_collections_and_items(self) -> None:
        """Test rights for creation of calendars and items with PUT."""
+        self.configure({"auth": {"type": "none"}})
        self.put("/user/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR", check=401)
        self.mkcol("/user/")
        self.put("/user/calendar/", "BEGIN:VCALENDAR\r\nEND:VCALENDAR")
--- a/radicale/tests/test_storage.py
+++ b/radicale/tests/test_storage.py
@ -77,6 +77,7 @@ class TestMultiFileSystem(BaseTest):
        """Verify that the hooks runs when a new user is created."""
        self.configure({"storage": {"hook": "mkdir %s" % os.path.join(
            "collection-root", "created_by_hook")}})
+        self.configure({"auth": {"type": "none"}})
        self.propfind("/", login="user:")
        self.propfind("/created_by_hook/")