Merge pull request #1512 from pbiering/warn-default-config

Warn about default config and no active user authentication
2025-04-04 21:57:43 +03:00 · 2024-06-07 21:27:02 +02:00 · 2024-06-07 21:27:02 +02:00 · d3bfa968f8
commit d3bfa968f8
parent 28fa28aaff bf112d6b5f
5 changed files with 25 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,8 @@

 ## 3.dev
 * Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases)
+* Enhancement: display warning in case only default config is active
+* Enhancement: display warning in case no user authentication is active

 ## 3.2.1

--- a/radicale/init.py
+++ b/radicale/init.py
@ -2,7 +2,8 @@
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -53,9 +54,14 @@ def _get_application_instance(config_path: str, wsgi_errors: types.ErrorStream
                    config_path))
                log.set_level(cast(str, configuration.get("logging", "level")))
                # Log configuration after logger is configured
+                default_config_active = True
                for source, miss in configuration.sources():
-                    logger.info("%s %s", "Skipped missing" if miss
+                    logger.info("%s %s", "Skipped missing/unreadable" if miss
                                else "Loaded", source)
+                    if not miss and source != "default config":
+                        default_config_active = False
+                if default_config_active:
+                    logger.warn("%s", "No config file found/readable - only default config is active")
                _application_instance = Application(configuration)
    if _application_config_path != config_path:
        raise ValueError("RADICALE_CONFIG must not change: %r != %r" %
--- a/radicale/main.py
+++ b/radicale/main.py
@ -1,6 +1,7 @@
 # This file is part of Radicale - CalDAV and CardDAV server
 # Copyright © 2011-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -167,8 +168,14 @@ def run() -> None:
    log.set_level(cast(str, configuration.get("logging", "level")))

    # Log configuration after logger is configured
+    default_config_active = True
    for source, miss in configuration.sources():
-        logger.info("%s %s", "Skipped missing" if miss else "Loaded", source)
+        logger.info("%s %s", "Skipped missing/unreadable" if miss else "Loaded", source)
+        if not miss and source != "default config":
+            default_config_active = False
+
+    if default_config_active:
+        logger.warn("%s", "No config file found/readable - only default config is active")

    if args_ns.verify_storage:
        logger.info("Verifying storage")
--- a/radicale/auth/init.py
+++ b/radicale/auth/init.py
@ -32,6 +32,7 @@ Take a look at the class ``BaseAuth`` if you want to implement your own.
 from typing import Sequence, Tuple, Union

 from radicale import config, types, utils
+from radicale.log import logger

 INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
                                 "denyall",
@ -40,6 +41,10 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",

 def load(configuration: "config.Configuration") -> "BaseAuth":
    """Load the authentication module chosen in configuration."""
+    if configuration.get("auth", "type") == "none":
+        logger.warn("No user authentication is selected: '[auth] type=none' (insecure)")
+    if configuration.get("auth", "type") == "denyall":
+        logger.warn("All access is blocked by: '[auth] type=denyall'")
    return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
                             configuration)

--- a/radicale/config.py
+++ b/radicale/config.py
@ -2,7 +2,7 @@
 # Copyright © 2008-2017 Guillaume Ayoub
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2020 Unrud <unrud@outlook.com>
 # Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify