mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-04 21:57:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1512 from pbiering/warn-default-config

Browse source 
Warn about default config and no active user authentication
This commit is contained in:
Peter Bieringer 2024-06-07 21:27:02 +02:00 committed by GitHub
commit d3bfa968f8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 25 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -2,6 +2,8 @@
## 3.dev ## 3.dev
* Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases) * Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases)
* Enhancement: display warning in case only default config is active
* Enhancement: display warning in case no user authentication is active
## 3.2.1 ## 3.2.1

10
radicale/__init__.py
View file

@ -2,7 +2,8 @@
# Copyright © 2008 Nicolas Kandel # Copyright © 2008 Nicolas Kandel
# Copyright © 2008 Pascal Halter # Copyright © 2008 Pascal Halter
# Copyright © 2008-2017 Guillaume Ayoub # Copyright © 2008-2017 Guillaume Ayoub
# Copyright © 2017-2019 Unrud <unrud@outlook.com> # Copyright © 2017-2022 Unrud <unrud@outlook.com>
# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
# #
# This library is free software: you can redistribute it and/or modify # This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -53,9 +54,14 @@ def _get_application_instance(config_path: str, wsgi_errors: types.ErrorStream
config_path)) config_path))
log.set_level(cast(str, configuration.get("logging", "level"))) log.set_level(cast(str, configuration.get("logging", "level")))
# Log configuration after logger is configured # Log configuration after logger is configured
default_config_active = True
for source, miss in configuration.sources(): for source, miss in configuration.sources():
logger.info("%s %s", "Skipped missing" if miss logger.info("%s %s", "Skipped missing/unreadable" if miss
else "Loaded", source) else "Loaded", source)
if not miss and source != "default config":
default_config_active = False
if default_config_active:
logger.warn("%s", "No config file found/readable - only default config is active")
_application_instance = Application(configuration) _application_instance = Application(configuration)
if _application_config_path != config_path: if _application_config_path != config_path:
raise ValueError("RADICALE_CONFIG must not change: %r != %r" % raise ValueError("RADICALE_CONFIG must not change: %r != %r" %

11
radicale/__main__.py
View file

@ -1,6 +1,7 @@
# This file is part of Radicale - CalDAV and CardDAV server # This file is part of Radicale - CalDAV and CardDAV server
# Copyright © 2011-2017 Guillaume Ayoub # Copyright © 2011-2017 Guillaume Ayoub
# Copyright © 2017-2019 Unrud <unrud@outlook.com> # Copyright © 2017-2022 Unrud <unrud@outlook.com>
# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
# #
# This library is free software: you can redistribute it and/or modify # This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -167,8 +168,14 @@ def run() -> None:
log.set_level(cast(str, configuration.get("logging", "level"))) log.set_level(cast(str, configuration.get("logging", "level")))
# Log configuration after logger is configured # Log configuration after logger is configured
default_config_active = True
for source, miss in configuration.sources(): for source, miss in configuration.sources():
logger.info("%s %s", "Skipped missing" if miss else "Loaded", source) logger.info("%s %s", "Skipped missing/unreadable" if miss else "Loaded", source)
if not miss and source != "default config":
default_config_active = False
if default_config_active:
logger.warn("%s", "No config file found/readable - only default config is active")
if args_ns.verify_storage: if args_ns.verify_storage:
logger.info("Verifying storage") logger.info("Verifying storage")

5
radicale/auth/__init__.py
View file

@ -32,6 +32,7 @@ Take a look at the class ``BaseAuth`` if you want to implement your own.
from typing import Sequence, Tuple, Union from typing import Sequence, Tuple, Union
from radicale import config, types, utils from radicale import config, types, utils
from radicale.log import logger
INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user", INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
"denyall", "denyall",
@ -40,6 +41,10 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
def load(configuration: "config.Configuration") -> "BaseAuth": def load(configuration: "config.Configuration") -> "BaseAuth":
"""Load the authentication module chosen in configuration.""" """Load the authentication module chosen in configuration."""
if configuration.get("auth", "type") == "none":
logger.warn("No user authentication is selected: '[auth] type=none' (insecure)")
if configuration.get("auth", "type") == "denyall":
logger.warn("All access is blocked by: '[auth] type=denyall'")
return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth, return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
configuration) configuration)

2
radicale/config.py
View file

@ -2,7 +2,7 @@
# Copyright © 2008-2017 Guillaume Ayoub # Copyright © 2008-2017 Guillaume Ayoub
# Copyright © 2008 Nicolas Kandel # Copyright © 2008 Nicolas Kandel
# Copyright © 2008 Pascal Halter # Copyright © 2008 Pascal Halter
# Copyright © 2017-2019 Unrud <unrud@outlook.com> # Copyright © 2017-2020 Unrud <unrud@outlook.com>
# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de> # Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
# #
# This library is free software: you can redistribute it and/or modify # This library is free software: you can redistribute it and/or modify