From 780aaa7e3e349d46236ae72defcfcf4eccb12245 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 26 Jan 2025 12:10:37 +0100 Subject: [PATCH 001/161] clarify quick installation guides --- DOCUMENTATION.md | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index 30566c33..84b3a0cf 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -23,7 +23,8 @@ Radicale is a small but powerful CalDAV (calendars, to-do lists) and CardDAV Radicale is really easy to install (for testing purposes) and works out-of-the-box. ```bash -python3 -m pip install --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz +# Run as normal user +python3 -m pip install --user --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz python3 -m radicale --logging-level info --storage-filesystem-folder=~/.var/lib/radicale/collections ``` @@ -63,10 +64,20 @@ enough to install the package ``python3-pip``. Then open a console and type: ```bash -# Run the following command as root or -# add the --user argument to only install for the current user -$ python3 -m pip install --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz -$ python3 -m radicale --storage-filesystem-folder=~/.var/lib/radicale/collections +# Run the following command to only install for the current user +# data is also stored for the current user only +python3 -m pip install --user --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz +python3 -m radicale --storage-filesystem-folder=~/.var/lib/radicale/collections +``` + +Alternative one can install as root or system user + +```bash +# Run the following command as root +# or non-root system user (can require --user in case of dependencies are not available system-wide) +# requires existence of and write permissions to /var/lib/radicale/collections +python3 -m pip install --upgrade https://github.com/Kozea/Radicale/archive/master.tar.gz +python3 -m radicale --storage-filesystem-folder=/var/lib/radicale/collections ``` Victory! Open in your browser! From 30389f45255ada48a5a80fee05297ca373bf2a37 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 08:29:02 +0100 Subject: [PATCH 002/161] initial from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/radicale_auth_oauth2/__init__.py --- radicale/auth/oauth2.py | 44 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 radicale/auth/oauth2.py diff --git a/radicale/auth/oauth2.py b/radicale/auth/oauth2.py new file mode 100644 index 00000000..4efde374 --- /dev/null +++ b/radicale/auth/oauth2.py @@ -0,0 +1,44 @@ +""" +Authentication backend that checks credentials against an oauth2 server auth endpoint +""" + +from radicale import auth +from radicale.log import logger +import requests +from requests.utils import quote + + +class Auth(auth.BaseAuth): + def __init__(self, configuration): + super().__init__(configuration) + self._endpoint = configuration.get("auth", "oauth2_token_endpoint") + logger.warning("Using oauth2 token endpoint: %s" % (self._endpoint)) + + def login(self, login, password): + """Validate credentials. + Sends login credentials to oauth auth endpoint and checks that a token is returned + """ + try: + # authenticate to authentication endpoint and return login if ok, else "" + req_params = { + "username": login, + "password": password, + "grant_type": "password", + "client_id": "radicale", + } + req_headers = {"Content-Type": "application/x-www-form-urlencoded"} + response = requests.post( + self._endpoint, data=req_params, headers=req_headers + ) + if ( + response.status_code == requests.codes.ok + and "access_token" in response.json() + ): + return login + except OSError as e: + raise RuntimeError( + "Failed to authenticate against oauth server %r: %s" + % (self._endpoint, e) + ) from e + logger.warning("User %s failed to authenticate" % (str(login))) + return "" From 063883797ce703c4b862b74ea56f92b6435caa94 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 08:32:42 +0100 Subject: [PATCH 003/161] add copyright --- radicale/auth/oauth2.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/radicale/auth/oauth2.py b/radicale/auth/oauth2.py index 4efde374..cfa5dbe5 100644 --- a/radicale/auth/oauth2.py +++ b/radicale/auth/oauth2.py @@ -1,3 +1,25 @@ +# This file is part of Radicale Server - Calendar Server +# +# Original from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/ +# Copyright © 2021-2022 Bruno Boiget +# Copyright © 2022-2022 Daniel Dehennin +# +# Since migration into upstream +# Copyright © 2025-2025 Peter Bieringer +# +# This library is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Radicale. If not, see . + """ Authentication backend that checks credentials against an oauth2 server auth endpoint """ From 937acf38f7f26c578c8a6ae912d1d9d4fce6e26b Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 08:33:49 +0100 Subject: [PATCH 004/161] oauth2 config check improvement --- radicale/auth/oauth2.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/radicale/auth/oauth2.py b/radicale/auth/oauth2.py index cfa5dbe5..644bdb8a 100644 --- a/radicale/auth/oauth2.py +++ b/radicale/auth/oauth2.py @@ -29,12 +29,14 @@ from radicale.log import logger import requests from requests.utils import quote - class Auth(auth.BaseAuth): def __init__(self, configuration): super().__init__(configuration) self._endpoint = configuration.get("auth", "oauth2_token_endpoint") - logger.warning("Using oauth2 token endpoint: %s" % (self._endpoint)) + if not self._endpoint: + logger.error("auth.oauth2_token_endpoint URL missing") + raise RuntimeError("OAuth2 token endpoint URL is required") + logger.info("auth OAuth2 token endpoint: %s" % (self._endpoint)) def login(self, login, password): """Validate credentials. From e28b719233a58b04517abfda2e206cc520a8a15a Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:01:40 +0100 Subject: [PATCH 005/161] oauth2 example config --- config | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config b/config index c775a3c1..ba53ef3e 100644 --- a/config +++ b/config @@ -125,6 +125,9 @@ # Value: tls | starttls | none #imap_security = tls +# OAuth2 token endpoint URL +#oauth2_token_endpoint = + # Htpasswd filename #htpasswd_filename = /etc/radicale/users From 87dc5538d201e3e2587d70fcf5a84e0953c7a4d4 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:01:58 +0100 Subject: [PATCH 006/161] oauth2 module enabling --- radicale/auth/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radicale/auth/__init__.py b/radicale/auth/__init__.py index 71854e2a..e92272f8 100644 --- a/radicale/auth/__init__.py +++ b/radicale/auth/__init__.py @@ -42,6 +42,7 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user", "htpasswd", "ldap", "imap", + "oauth2", "dovecot") CACHE_LOGIN_TYPES: Sequence[str] = ( @@ -49,6 +50,7 @@ CACHE_LOGIN_TYPES: Sequence[str] = ( "ldap", "htpasswd", "imap", + "oauth2", ) AUTH_SOCKET_FAMILY: Sequence[str] = ("AF_UNIX", "AF_INET", "AF_INET6") From 23a68b2fb1a923aa23be3296ca43ef4d00248388 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:03:25 +0100 Subject: [PATCH 007/161] extend mypy options --- pyproject.toml | 2 +- setup.cfg.legacy | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 5784971a..16d539fc 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -72,7 +72,7 @@ skip_install = true [tool.tox.env.mypy] deps = ["mypy==1.11.0"] -commands = [["mypy", "."]] +commands = [["mypy", "--install-types", "--non-interactive", "."]] skip_install = true diff --git a/setup.cfg.legacy b/setup.cfg.legacy index 94a39915..e27241b4 100644 --- a/setup.cfg.legacy +++ b/setup.cfg.legacy @@ -24,7 +24,7 @@ skip_install = True [testenv:mypy] deps = mypy==1.11.0 -commands = mypy . +commands = mypy --install-types --non-interactive . skip_install = True [tool:isort] From 04523e50874d72e8b489b2e56780f706bda07730 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:03:42 +0100 Subject: [PATCH 008/161] oauth2 config option --- radicale/config.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/radicale/config.py b/radicale/config.py index 9b4e9af4..5f46022e 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -307,6 +307,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([ "value": "tls", "help": "Secure the IMAP connection: *tls*|starttls|none", "type": imap_security}), + ("oauth2_token_endpoint", { + "value": "", + "help": "OAuth2 token endpoint URL", + "type": str}), ("strip_domain", { "value": "False", "help": "strip domain from username", From 7b6146405f014adf1c3073b6f84e44f0ce5a8a12 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:04:06 +0100 Subject: [PATCH 009/161] make tox happy --- radicale/auth/oauth2.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/radicale/auth/oauth2.py b/radicale/auth/oauth2.py index 644bdb8a..c9ae4359 100644 --- a/radicale/auth/oauth2.py +++ b/radicale/auth/oauth2.py @@ -24,10 +24,11 @@ Authentication backend that checks credentials against an oauth2 server auth endpoint """ +import requests + from radicale import auth from radicale.log import logger -import requests -from requests.utils import quote + class Auth(auth.BaseAuth): def __init__(self, configuration): From d2be086cd1de73df1ebb7270f40b2e8bc0b0db05 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:04:20 +0100 Subject: [PATCH 010/161] oauth2 adjustments to radicale changes in the past --- radicale/auth/oauth2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/radicale/auth/oauth2.py b/radicale/auth/oauth2.py index c9ae4359..7ca5eb9d 100644 --- a/radicale/auth/oauth2.py +++ b/radicale/auth/oauth2.py @@ -39,9 +39,9 @@ class Auth(auth.BaseAuth): raise RuntimeError("OAuth2 token endpoint URL is required") logger.info("auth OAuth2 token endpoint: %s" % (self._endpoint)) - def login(self, login, password): + def _login(self, login, password): """Validate credentials. - Sends login credentials to oauth auth endpoint and checks that a token is returned + Sends login credentials to oauth token endpoint and checks that a token is returned """ try: # authenticate to authentication endpoint and return login if ok, else "" From e0d20edbcd8116790dd02b387b04177c6ca46e69 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:04:42 +0100 Subject: [PATCH 011/161] oauth2 do not throw exception in case server is not reachable --- radicale/auth/oauth2.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/radicale/auth/oauth2.py b/radicale/auth/oauth2.py index 7ca5eb9d..838a786e 100644 --- a/radicale/auth/oauth2.py +++ b/radicale/auth/oauth2.py @@ -61,9 +61,6 @@ class Auth(auth.BaseAuth): ): return login except OSError as e: - raise RuntimeError( - "Failed to authenticate against oauth server %r: %s" - % (self._endpoint, e) - ) from e - logger.warning("User %s failed to authenticate" % (str(login))) + logger.critical("Failed to authenticate against OAuth2 server %s: %s" % (self._endpoint, e)) + logger.warning("User failed to authenticate using OAuth2: %r" % login) return "" From cfcfbbd231cc4ba48102fb7f436149841eae674c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:08:57 +0100 Subject: [PATCH 012/161] oauth2 changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 620073c1..3a1d896e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 3.4.2.dev + +* Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/ + ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port * Add: option [auth] type imap by code migration from https://github.com/Unrud/RadicaleIMAP/ From f3a7641baa73a96feeab51bdd795716520b35083 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:09:08 +0100 Subject: [PATCH 013/161] 3.4.2.dev --- pyproject.toml | 2 +- setup.py.legacy | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 16d539fc..eac75049 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -3,7 +3,7 @@ name = "Radicale" # When the version is updated, a new section in the CHANGELOG.md file must be # added too. readme = "README.md" -version = "3.4.1" +version = "3.4.2.dev" authors = [{name = "Guillaume Ayoub", email = "guillaume.ayoub@kozea.fr"}, {name = "Unrud", email = "unrud@outlook.com"}, {name = "Peter Bieringer", email = "pb@bieringer.de"}] license = {text = "GNU GPL v3"} description = "CalDAV and CardDAV Server" diff --git a/setup.py.legacy b/setup.py.legacy index 547f9dda..09d323a9 100644 --- a/setup.py.legacy +++ b/setup.py.legacy @@ -20,7 +20,7 @@ from setuptools import find_packages, setup # When the version is updated, a new section in the CHANGELOG.md file must be # added too. -VERSION = "3.4.1" +VERSION = "3.4.2.dev" with open("README.md", encoding="utf-8") as f: long_description = f.read() From 6f68a64855b2d2e266fa23d8fca11363410c94de Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 2 Feb 2025 09:14:04 +0100 Subject: [PATCH 014/161] oauth2 doc --- DOCUMENTATION.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index 84b3a0cf..c2e586ef 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -824,7 +824,10 @@ Available backends: : Use a Dovecot server to authenticate users. `imap` -: Use a IMAP server to authenticate users. +: Use an IMAP server to authenticate users. + +`oauth2` +: Use an OAuth2 server to authenticate users. Default: `none` @@ -1019,6 +1022,12 @@ Secure the IMAP connection: tls | starttls | none Default: `tls` +##### oauth2_token_endpoint + +OAuth2 token endpoint URL + +Default: + ##### lc_username Сonvert username to lowercase, must be true for case-insensitive auth From 938f6a97fdd670049dee91ede9d2a1fcfae0db1d Mon Sep 17 00:00:00 2001 From: Rob Aguilar Date: Thu, 6 Feb 2025 21:56:03 -0500 Subject: [PATCH 015/161] Update DOCUMENTATION.md Corrected the method override in the authentication plugin example. The original example suggested overriding login(), but BaseAuth expects _login() to be implemented instead. Overriding login() causes a Too many values to unpack error. --- DOCUMENTATION.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index c2e586ef..b9c4c572 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -1819,7 +1819,7 @@ class Auth(BaseAuth): def __init__(self, configuration): super().__init__(configuration.copy(PLUGIN_CONFIG_SCHEMA)) - def login(self, login, password): + def _login(self, login, password): # Get password from configuration option static_password = self.configuration.get("auth", "password") # Check authentication From dcaec206816b2e44f3a793bc3228cd139d56e250 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Mon, 10 Feb 2025 19:33:28 +0100 Subject: [PATCH 016/161] extend copyright year --- radicale/app/put.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/app/put.py b/radicale/app/put.py index 6e1ba215..4e1e0c9b 100644 --- a/radicale/app/put.py +++ b/radicale/app/put.py @@ -4,7 +4,7 @@ # Copyright © 2008-2017 Guillaume Ayoub # Copyright © 2017-2020 Unrud # Copyright © 2020-2023 Tuna Celik -# Copyright © 2024-2024 Peter Bieringer +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From b011fa4e61b3f8dfcd484b0af546da9059ea842c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Mon, 10 Feb 2025 19:34:13 +0100 Subject: [PATCH 017/161] extend copyright year --- radicale/httputils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/httputils.py b/radicale/httputils.py index 3983d7eb..f3c53965 100644 --- a/radicale/httputils.py +++ b/radicale/httputils.py @@ -3,7 +3,7 @@ # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub # Copyright © 2017-2022 Unrud -# Copyright © 2024-2024 Peter Bieringer +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 77f69f2b1e6f772e6811d12381b4699ffb360bbf Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Mon, 10 Feb 2025 19:34:29 +0100 Subject: [PATCH 018/161] add new error code --- radicale/httputils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/radicale/httputils.py b/radicale/httputils.py index f3c53965..23cc3677 100644 --- a/radicale/httputils.py +++ b/radicale/httputils.py @@ -79,6 +79,9 @@ REMOTE_DESTINATION: types.WSGIResponse = ( DIRECTORY_LISTING: types.WSGIResponse = ( client.FORBIDDEN, (("Content-Type", "text/plain"),), "Directory listings are not supported.") +INSUFFICIENT_STORAGE: types.WSGIResponse = ( + client.INSUFFICIENT_STORAGE, (("Content-Type", "text/plain"),), + "Insufficient Storage. Please contact the administrator.") INTERNAL_SERVER_ERROR: types.WSGIResponse = ( client.INTERNAL_SERVER_ERROR, (("Content-Type", "text/plain"),), "A server error occurred. Please contact the administrator.") From f0d06cbc7d8b1c133d84db6dc4b51febbdbe888c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Mon, 10 Feb 2025 19:37:19 +0100 Subject: [PATCH 019/161] catch server errors on put --- radicale/app/put.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/radicale/app/put.py b/radicale/app/put.py index 4e1e0c9b..976b7bfd 100644 --- a/radicale/app/put.py +++ b/radicale/app/put.py @@ -19,8 +19,10 @@ # You should have received a copy of the GNU General Public License # along with Radicale. If not, see . +import errno import itertools import posixpath +import re import socket import sys from http import client @@ -264,9 +266,22 @@ class ApplicationPartPut(ApplicationBase): ) self._hook.notify(hook_notification_item) except ValueError as e: - logger.warning( - "Bad PUT request on %r (upload): %s", path, e, exc_info=True) - return httputils.BAD_REQUEST + # return better matching HTTP result in case errno is provided and catched + errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) + if errno_match: + logger.warning( + "Failed PUT request on %r (upload): %s", path, e, exc_info=True) + errno_e = int(errno_match.group(1)) + if errno_e == errno.ENOSPC: + return httputils.INSUFFICIENT_STORAGE + elif (errno_e == errno.EPERM) or (errno_e == errno.EACCES): + return httputils.FORBIDDEN + else: + return httputils.INTERNAL_SERVER_ERROR + else: + logger.warning( + "Bad PUT request on %r (upload): %s", path, e, exc_info=True) + return httputils.BAD_REQUEST headers = {"ETag": etag} return client.CREATED, headers, None From 605fc655847efbd2be7f6d65c16581614825895d Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:17:47 +0100 Subject: [PATCH 020/161] improve coding --- radicale/app/put.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/app/put.py b/radicale/app/put.py index 976b7bfd..7bd37035 100644 --- a/radicale/app/put.py +++ b/radicale/app/put.py @@ -274,7 +274,7 @@ class ApplicationPartPut(ApplicationBase): errno_e = int(errno_match.group(1)) if errno_e == errno.ENOSPC: return httputils.INSUFFICIENT_STORAGE - elif (errno_e == errno.EPERM) or (errno_e == errno.EACCES): + elif errno_e in [errno.EPERM, errno.EACCES]: return httputils.FORBIDDEN else: return httputils.INTERNAL_SERVER_ERROR From c157dd7d19f2101c957a4992394595359cb32020 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:18:45 +0100 Subject: [PATCH 021/161] extend copyright --- radicale/app/mkcol.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/radicale/app/mkcol.py b/radicale/app/mkcol.py index 5bccc50c..50c94dce 100644 --- a/radicale/app/mkcol.py +++ b/radicale/app/mkcol.py @@ -2,7 +2,8 @@ # Copyright © 2008 Nicolas Kandel # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub -# Copyright © 2017-2018 Unrud +# Copyright © 2017-2021 Unrud +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 88accdb6723acda526d1bad30513ba6c826fea35 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:19:16 +0100 Subject: [PATCH 022/161] catch server errors and return proper message --- radicale/app/mkcol.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/radicale/app/mkcol.py b/radicale/app/mkcol.py index 50c94dce..953508ad 100644 --- a/radicale/app/mkcol.py +++ b/radicale/app/mkcol.py @@ -18,7 +18,9 @@ # You should have received a copy of the GNU General Public License # along with Radicale. If not, see . +import errno import posixpath +import re import socket from http import client @@ -75,8 +77,21 @@ class ApplicationPartMkcol(ApplicationBase): try: self._storage.create_collection(path, props=props) except ValueError as e: - logger.warning( - "Bad MKCOL request on %r (type:%s): %s", path, collection_type, e, exc_info=True) - return httputils.BAD_REQUEST + # return better matching HTTP result in case errno is provided and catched + errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) + if errno_match: + logger.error( + "Failed MKCOL request on %r (type:%s): %s", path, collection_type, e, exc_info=True) + errno_e = int(errno_match.group(1)) + if errno_e == errno.ENOSPC: + return httputils.INSUFFICIENT_STORAGE + elif errno_e in [errno.EPERM, errno.EACCES]: + return httputils.FORBIDDEN + else: + return httputils.INTERNAL_SERVER_ERROR + else: + logger.warning( + "Bad MKCOL request on %r (type:%s): %s", path, collection_type, e, exc_info=True) + return httputils.BAD_REQUEST logger.info("MKCOL request %r (type:%s): %s", path, collection_type, "successful") return client.CREATED, {}, None From cd51581f389024dbec6b04d790ac1725cf085352 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:20:29 +0100 Subject: [PATCH 023/161] extend copyright --- radicale/storage/multifilesystem/create_collection.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/storage/multifilesystem/create_collection.py b/radicale/storage/multifilesystem/create_collection.py index 2e6e9ce7..f300f59a 100644 --- a/radicale/storage/multifilesystem/create_collection.py +++ b/radicale/storage/multifilesystem/create_collection.py @@ -2,7 +2,7 @@ # Copyright © 2014 Jean-Marc Martins # Copyright © 2012-2017 Guillaume Ayoub # Copyright © 2017-2021 Unrud -# Copyright © 2024-2024 Peter Bieringer +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 37b18cf5a2c3c986e739eb973e79ec9ca46ab205 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:20:51 +0100 Subject: [PATCH 024/161] catch error during create_collection --- .../multifilesystem/create_collection.py | 44 ++++++++++--------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/radicale/storage/multifilesystem/create_collection.py b/radicale/storage/multifilesystem/create_collection.py index f300f59a..cbbdee53 100644 --- a/radicale/storage/multifilesystem/create_collection.py +++ b/radicale/storage/multifilesystem/create_collection.py @@ -50,27 +50,31 @@ class StoragePartCreateCollection(StorageBase): self._makedirs_synced(parent_dir) # Create a temporary directory with an unsafe name - with TemporaryDirectory(prefix=".Radicale.tmp-", dir=parent_dir - ) as tmp_dir: - # The temporary directory itself can't be renamed - tmp_filesystem_path = os.path.join(tmp_dir, "collection") - os.makedirs(tmp_filesystem_path) - col = self._collection_class( - cast(multifilesystem.Storage, self), - pathutils.unstrip_path(sane_path, True), - filesystem_path=tmp_filesystem_path) - col.set_meta(props) - if items is not None: - if props.get("tag") == "VCALENDAR": - col._upload_all_nonatomic(items, suffix=".ics") - elif props.get("tag") == "VADDRESSBOOK": - col._upload_all_nonatomic(items, suffix=".vcf") + try: + with TemporaryDirectory(prefix=".Radicale.tmp-", dir=parent_dir + ) as tmp_dir: + # The temporary directory itself can't be renamed + tmp_filesystem_path = os.path.join(tmp_dir, "collection") + os.makedirs(tmp_filesystem_path) + col = self._collection_class( + cast(multifilesystem.Storage, self), + pathutils.unstrip_path(sane_path, True), + filesystem_path=tmp_filesystem_path) + col.set_meta(props) + if items is not None: + if props.get("tag") == "VCALENDAR": + col._upload_all_nonatomic(items, suffix=".ics") + elif props.get("tag") == "VADDRESSBOOK": + col._upload_all_nonatomic(items, suffix=".vcf") - if os.path.lexists(filesystem_path): - pathutils.rename_exchange(tmp_filesystem_path, filesystem_path) - else: - os.rename(tmp_filesystem_path, filesystem_path) - self._sync_directory(parent_dir) + if os.path.lexists(filesystem_path): + pathutils.rename_exchange(tmp_filesystem_path, filesystem_path) + else: + os.rename(tmp_filesystem_path, filesystem_path) + self._sync_directory(parent_dir) + except Exception as e: + raise ValueError("Failed to create collection %r as %r %s" % + (href, filesystem_path, e)) from e return self._collection_class( cast(multifilesystem.Storage, self), From 803763729a1a9310f32fdfb3126b540324d794b9 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:26:57 +0100 Subject: [PATCH 025/161] extend copyright --- radicale/app/mkcalendar.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/radicale/app/mkcalendar.py b/radicale/app/mkcalendar.py index c507ae44..20c3445f 100644 --- a/radicale/app/mkcalendar.py +++ b/radicale/app/mkcalendar.py @@ -2,7 +2,8 @@ # Copyright © 2008 Nicolas Kandel # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub -# Copyright © 2017-2018 Unrud +# Copyright © 2017-2021 Unrud +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From fde0ecb9b20b070a1c1205aa5b1d578b351bc218 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:29:33 +0100 Subject: [PATCH 026/161] change loglevel --- radicale/app/put.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/app/put.py b/radicale/app/put.py index 7bd37035..962bf756 100644 --- a/radicale/app/put.py +++ b/radicale/app/put.py @@ -269,7 +269,7 @@ class ApplicationPartPut(ApplicationBase): # return better matching HTTP result in case errno is provided and catched errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) if errno_match: - logger.warning( + logger.error( "Failed PUT request on %r (upload): %s", path, e, exc_info=True) errno_e = int(errno_match.group(1)) if errno_e == errno.ENOSPC: From b078a8f00233ff4c19ae2b14dfbbd61949dc21d7 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:29:56 +0100 Subject: [PATCH 027/161] catch os errors --- radicale/app/mkcalendar.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/radicale/app/mkcalendar.py b/radicale/app/mkcalendar.py index 20c3445f..b9f2063a 100644 --- a/radicale/app/mkcalendar.py +++ b/radicale/app/mkcalendar.py @@ -18,7 +18,9 @@ # You should have received a copy of the GNU General Public License # along with Radicale. If not, see . +import errno import posixpath +import re import socket from http import client @@ -71,7 +73,20 @@ class ApplicationPartMkcalendar(ApplicationBase): try: self._storage.create_collection(path, props=props) except ValueError as e: - logger.warning( - "Bad MKCALENDAR request on %r: %s", path, e, exc_info=True) - return httputils.BAD_REQUEST + # return better matching HTTP result in case errno is provided and catched + errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) + if errno_match: + logger.error( + "Failed MKCALENDAR request on %r: %s", path, e, exc_info=True) + errno_e = int(errno_match.group(1)) + if errno_e == errno.ENOSPC: + return httputils.INSUFFICIENT_STORAGE + elif errno_e in [errno.EPERM, errno.EACCES]: + return httputils.FORBIDDEN + else: + return httputils.INTERNAL_SERVER_ERROR + else: + logger.warning( + "Bad MKCALENDAR request on %r: %s", path, e, exc_info=True) + return httputils.BAD_REQUEST return client.CREATED, {}, None From 718089e3bfc512aa45479d62500216896439f5c6 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:34:46 +0100 Subject: [PATCH 028/161] extend copyright --- radicale/app/proppatch.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/radicale/app/proppatch.py b/radicale/app/proppatch.py index c15fddfe..1d2701a0 100644 --- a/radicale/app/proppatch.py +++ b/radicale/app/proppatch.py @@ -2,7 +2,9 @@ # Copyright © 2008 Nicolas Kandel # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub -# Copyright © 2017-2018 Unrud +# Copyright © 2017-2020 Unrud +# Copyright © 2020-2020 Tuna Celik +# Copyright © 2025-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 484616f3631a24c5a8d3bcd6a87e8bc1a2b01a01 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:35:03 +0100 Subject: [PATCH 029/161] catch os error --- radicale/app/proppatch.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/radicale/app/proppatch.py b/radicale/app/proppatch.py index 1d2701a0..faa8c25b 100644 --- a/radicale/app/proppatch.py +++ b/radicale/app/proppatch.py @@ -19,6 +19,8 @@ # You should have received a copy of the GNU General Public License # along with Radicale. If not, see . +import errno +import re import socket import xml.etree.ElementTree as ET from http import client @@ -109,7 +111,20 @@ class ApplicationPartProppatch(ApplicationBase): ) self._hook.notify(hook_notification_item) except ValueError as e: - logger.warning( - "Bad PROPPATCH request on %r: %s", path, e, exc_info=True) - return httputils.BAD_REQUEST + # return better matching HTTP result in case errno is provided and catched + errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) + if errno_match: + logger.warning( + "Failed PROPPATCH request on %r: %s", path, e, exc_info=True) + errno_e = int(errno_match.group(1)) + if errno_e == errno.ENOSPC: + return httputils.INSUFFICIENT_STORAGE + elif errno_e in [errno.EPERM, errno.EACCES]: + return httputils.FORBIDDEN + else: + return httputils.INTERNAL_SERVER_ERROR + else: + logger.warning( + "Bad PROPPATCH request on %r: %s", path, e, exc_info=True) + return httputils.BAD_REQUEST return client.MULTI_STATUS, headers, self._xml_response(xml_answer) From dc83c6d7d01d7e2fcfa97c648ce0de07073805ad Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:39:40 +0100 Subject: [PATCH 030/161] extend copyright --- radicale/app/move.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/radicale/app/move.py b/radicale/app/move.py index 5bd8a579..b2909cd2 100644 --- a/radicale/app/move.py +++ b/radicale/app/move.py @@ -2,7 +2,8 @@ # Copyright © 2008 Nicolas Kandel # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub -# Copyright © 2017-2018 Unrud +# Copyright © 2017-2023 Unrud +# Copyright © 2023-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 67bbc9a31b5334af64a25de0944bf055ea8d2e4c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:39:54 +0100 Subject: [PATCH 031/161] catch os error --- radicale/app/move.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/radicale/app/move.py b/radicale/app/move.py index b2909cd2..f555e871 100644 --- a/radicale/app/move.py +++ b/radicale/app/move.py @@ -18,6 +18,7 @@ # You should have received a copy of the GNU General Public License # along with Radicale. If not, see . +import errno import posixpath import re from http import client @@ -110,7 +111,20 @@ class ApplicationPartMove(ApplicationBase): try: self._storage.move(item, to_collection, to_href) except ValueError as e: - logger.warning( - "Bad MOVE request on %r: %s", path, e, exc_info=True) - return httputils.BAD_REQUEST + # return better matching HTTP result in case errno is provided and catched + errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) + if errno_match: + logger.error( + "Failed MOVE request on %r: %s", path, e, exc_info=True) + errno_e = int(errno_match.group(1)) + if errno_e == errno.ENOSPC: + return httputils.INSUFFICIENT_STORAGE + elif errno_e in [errno.EPERM, errno.EACCES]: + return httputils.FORBIDDEN + else: + return httputils.INTERNAL_SERVER_ERROR + else: + logger.warning( + "Bad MOVE request on %r: %s", path, e, exc_info=True) + return httputils.BAD_REQUEST return client.NO_CONTENT if to_item else client.CREATED, {}, None From a62da71aa22077a7c3a9d2176d84bcba17956e0a Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:44:30 +0100 Subject: [PATCH 032/161] fix loglevel --- radicale/app/proppatch.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/app/proppatch.py b/radicale/app/proppatch.py index faa8c25b..76b4a1a1 100644 --- a/radicale/app/proppatch.py +++ b/radicale/app/proppatch.py @@ -114,7 +114,7 @@ class ApplicationPartProppatch(ApplicationBase): # return better matching HTTP result in case errno is provided and catched errno_match = re.search("\\[Errno ([0-9]+)\\]", str(e)) if errno_match: - logger.warning( + logger.error( "Failed PROPPATCH request on %r: %s", path, e, exc_info=True) errno_e = int(errno_match.group(1)) if errno_e == errno.ENOSPC: From 19a47158bdf982f5809df8f74fb36f8b6ff37841 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 16:48:48 +0100 Subject: [PATCH 033/161] extend changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a1d896e..cd0ab4f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## 3.4.2.dev * Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/ +* Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error) ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port From 018978edd8349af7700f3b7ea483f6174047807c Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 11 Feb 2025 17:00:05 +0100 Subject: [PATCH 034/161] update from https://github.com/Kozea/Radicale/issues/740 --- contrib/nginx/radicale.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/nginx/radicale.conf b/contrib/nginx/radicale.conf index 5d63e523..acf91a18 100644 --- a/contrib/nginx/radicale.conf +++ b/contrib/nginx/radicale.conf @@ -2,6 +2,10 @@ ### ### Usual configuration file location: /etc/nginx/default.d/ +## "well-known" redirect at least for Apple devices +rewrite ^/.well-known/carddav /radicale/ redirect; +rewrite ^/.well-known/caldav /radicale/ redirect; + ## Base URI: /radicale/ location /radicale/ { proxy_pass http://localhost:5232/; From 3d50ae4a70097c72b76db0b35c8f466d15ad751b Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 18 Feb 2025 06:13:11 +0100 Subject: [PATCH 035/161] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cd0ab4f4..f9e2a473 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ * Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/ * Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error) +* Test: skip bcrypt related tests if module is missing ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port From 48a634af9fe77e037535df59d4a7a41151049ccb Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 18 Feb 2025 06:13:19 +0100 Subject: [PATCH 036/161] check whether bcrypt module is available --- radicale/tests/test_auth.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/radicale/tests/test_auth.py b/radicale/tests/test_auth.py index f2ba577b..7abb23e9 100644 --- a/radicale/tests/test_auth.py +++ b/radicale/tests/test_auth.py @@ -41,6 +41,14 @@ class TestBaseAuthRequests(BaseTest): """ + # test for available bcrypt module + try: + import bcrypt + except ImportError as e: + has_bcrypt = 0 + else: + has_bcrypt = 1 + def _test_htpasswd(self, htpasswd_encryption: str, htpasswd_content: str, test_matrix: Union[str, Iterable[Tuple[str, str, bool]]] = "ascii") -> None: From 3914735ec0e1a28ddd325d3ebfafbfeb4e522d78 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 18 Feb 2025 06:13:39 +0100 Subject: [PATCH 037/161] skip bcrypt related tests if module is missing --- radicale/tests/test_auth.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radicale/tests/test_auth.py b/radicale/tests/test_auth.py index 7abb23e9..6745e665 100644 --- a/radicale/tests/test_auth.py +++ b/radicale/tests/test_auth.py @@ -99,10 +99,12 @@ class TestBaseAuthRequests(BaseTest): def test_htpasswd_sha512(self) -> None: self._test_htpasswd("sha512", "tmp:$6$3Qhl8r6FLagYdHYa$UCH9yXCed4A.J9FQsFPYAOXImzZUMfvLa0lwcWOxWYLOF5sE/lF99auQ4jKvHY2vijxmefl7G6kMqZ8JPdhIJ/") + @pytest.mark.skipif(has_bcrypt == 0, reason="No bcrypt module installed") def test_htpasswd_bcrypt(self) -> None: self._test_htpasswd("bcrypt", "tmp:$2y$05$oD7hbiQFQlvCM7zoalo/T.MssV3V" "NTRI3w5KDnj8NTUKJNWfVpvRq") + @pytest.mark.skipif(has_bcrypt == 0, reason="No bcrypt module installed") def test_htpasswd_bcrypt_unicode(self) -> None: self._test_htpasswd("bcrypt", "😀:$2y$10$Oyz5aHV4MD9eQJbk6GPemOs4T6edK" "6U9Sqlzr.W1mMVCS8wJUftnW", "unicode") From f6b5cb8a1e79b7862b975541b1bc21342742f098 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 18 Feb 2025 06:14:59 +0100 Subject: [PATCH 038/161] make flake8 happy --- radicale/tests/test_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/tests/test_auth.py b/radicale/tests/test_auth.py index 6745e665..6c356f97 100644 --- a/radicale/tests/test_auth.py +++ b/radicale/tests/test_auth.py @@ -44,7 +44,7 @@ class TestBaseAuthRequests(BaseTest): # test for available bcrypt module try: import bcrypt - except ImportError as e: + except ImportError: has_bcrypt = 0 else: has_bcrypt = 1 From 13a78d7365423f511e19c8d36b3805c93697cebc Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 20 Feb 2025 21:12:58 +0100 Subject: [PATCH 039/161] relax mtime check --- radicale/storage/multifilesystem/__init__.py | 35 ++++++++++++-------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/radicale/storage/multifilesystem/__init__.py b/radicale/storage/multifilesystem/__init__.py index 3bf9202f..6412ec1a 100644 --- a/radicale/storage/multifilesystem/__init__.py +++ b/radicale/storage/multifilesystem/__init__.py @@ -95,15 +95,21 @@ class Storage( def _analyse_mtime(self): # calculate and display mtime resolution path = os.path.join(self._filesystem_folder, ".Radicale.mtime_test") + logger.debug("Storage item mtime resolution test with file: %r", path) try: with open(path, "w") as f: f.write("mtime_test") f.close except Exception as e: - logger.error("Storage item mtime resolution test not possible, cannot write file: %r (%s)", path, e) + logger.warning("Storage item mtime resolution test not possible, cannot write file: %r (%s)", path, e) raise # set mtime_ns for tests - os.utime(path, times=None, ns=(MTIME_NS_TEST, MTIME_NS_TEST)) + try: + os.utime(path, times=None, ns=(MTIME_NS_TEST, MTIME_NS_TEST)) + except Exception as e: + logger.warning("Storage item mtime resolution test not possible, cannot set utime on file: %r (%s)", path, e) + os.remove(path) + raise logger.debug("Storage item mtime resoultion test set: %d" % MTIME_NS_TEST) mtime_ns = os.stat(path).st_mtime_ns logger.debug("Storage item mtime resoultion test get: %d" % mtime_ns) @@ -147,17 +153,20 @@ class Storage( logger.info("Storage cache subfolder usage for 'history': %s", self._use_cache_subfolder_for_history) logger.info("Storage cache subfolder usage for 'sync-token': %s", self._use_cache_subfolder_for_synctoken) logger.info("Storage cache use mtime and size for 'item': %s", self._use_mtime_and_size_for_item_cache) - (precision, precision_unit, unit) = self._analyse_mtime() - if precision >= 100000000: - # >= 100 ms - logger.warning("Storage item mtime resolution test result: %d %s (VERY RISKY ON PRODUCTION SYSTEMS)" % (precision_unit, unit)) - elif precision >= 10000000: - # >= 10 ms - logger.warning("Storage item mtime resolution test result: %d %s (RISKY ON PRODUCTION SYSTEMS)" % (precision_unit, unit)) - else: - logger.info("Storage item mtime resolution test result: %d %s" % (precision_unit, unit)) - if self._use_mtime_and_size_for_item_cache is False: - logger.info("Storage cache using mtime and size for 'item' may be an option in case of performance issues") + try: + (precision, precision_unit, unit) = self._analyse_mtime() + if precision >= 100000000: + # >= 100 ms + logger.warning("Storage item mtime resolution test result: %d %s (VERY RISKY ON PRODUCTION SYSTEMS)" % (precision_unit, unit)) + elif precision >= 10000000: + # >= 10 ms + logger.warning("Storage item mtime resolution test result: %d %s (RISKY ON PRODUCTION SYSTEMS)" % (precision_unit, unit)) + else: + logger.info("Storage item mtime resolution test result: %d %s" % (precision_unit, unit)) + if self._use_mtime_and_size_for_item_cache is False: + logger.info("Storage cache using mtime and size for 'item' may be an option in case of performance issues") + except: + logger.warning("Storage item mtime resolution test result not successful") logger.debug("Storage cache action logging: %s", self._debug_cache_actions) if self._use_cache_subfolder_for_item is True or self._use_cache_subfolder_for_history is True or self._use_cache_subfolder_for_synctoken is True: logger.info("Storage cache subfolder: %r", self._get_collection_cache_folder()) From 4ab1cedee38ebf57d38d52d702fa04c8b5b8f073 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 20 Feb 2025 21:13:43 +0100 Subject: [PATCH 040/161] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9e2a473..23f73485 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ * Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/ * Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error) * Test: skip bcrypt related tests if module is missing +* Improve: relax mtime check on storage filesystem ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port From d5cb05f817923dd7f3507a54292b0af9b264a0a9 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 20 Feb 2025 21:17:24 +0100 Subject: [PATCH 041/161] extend copyright --- radicale/storage/multifilesystem/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/storage/multifilesystem/__init__.py b/radicale/storage/multifilesystem/__init__.py index 6412ec1a..846f46b5 100644 --- a/radicale/storage/multifilesystem/__init__.py +++ b/radicale/storage/multifilesystem/__init__.py @@ -2,7 +2,7 @@ # Copyright © 2014 Jean-Marc Martins # Copyright © 2012-2017 Guillaume Ayoub # Copyright © 2017-2021 Unrud -# Copyright © 2024-2024 Peter Bieringer +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 18338b3c6e9fe8eb413eec660a979ae60fc873dc Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 20 Feb 2025 21:17:34 +0100 Subject: [PATCH 042/161] flake8 fix --- radicale/storage/multifilesystem/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/storage/multifilesystem/__init__.py b/radicale/storage/multifilesystem/__init__.py index 846f46b5..1a933d14 100644 --- a/radicale/storage/multifilesystem/__init__.py +++ b/radicale/storage/multifilesystem/__init__.py @@ -165,7 +165,7 @@ class Storage( logger.info("Storage item mtime resolution test result: %d %s" % (precision_unit, unit)) if self._use_mtime_and_size_for_item_cache is False: logger.info("Storage cache using mtime and size for 'item' may be an option in case of performance issues") - except: + except Exception: logger.warning("Storage item mtime resolution test result not successful") logger.debug("Storage cache action logging: %s", self._debug_cache_actions) if self._use_cache_subfolder_for_item is True or self._use_cache_subfolder_for_history is True or self._use_cache_subfolder_for_synctoken is True: From 53251231d4ef4a1c3fa02a82eacf2271c4ae5af9 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Fri, 21 Feb 2025 07:41:01 +0100 Subject: [PATCH 043/161] change mtime test file location to collection-root --- radicale/storage/multifilesystem/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/storage/multifilesystem/__init__.py b/radicale/storage/multifilesystem/__init__.py index 1a933d14..c5b8d439 100644 --- a/radicale/storage/multifilesystem/__init__.py +++ b/radicale/storage/multifilesystem/__init__.py @@ -94,7 +94,7 @@ class Storage( def _analyse_mtime(self): # calculate and display mtime resolution - path = os.path.join(self._filesystem_folder, ".Radicale.mtime_test") + path = os.path.join(self._get_collection_root_folder(), ".Radicale.mtime_test") logger.debug("Storage item mtime resolution test with file: %r", path) try: with open(path, "w") as f: From c3c61c692e35de1d28a1b06fcc3b15282f9c908f Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Fri, 21 Feb 2025 07:41:54 +0100 Subject: [PATCH 044/161] update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23f73485..97869621 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ * Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/ * Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error) * Test: skip bcrypt related tests if module is missing -* Improve: relax mtime check on storage filesystem +* Improve: relax mtime check on storage filesystem, change test file location to "collection-root" directory ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port From 970d4ba4681067ec5a55e2397a95dd26b86d7704 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 16:22:18 +0100 Subject: [PATCH 045/161] add oauth2 to example --- config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config b/config index ba53ef3e..dfd8c4e2 100644 --- a/config +++ b/config @@ -59,7 +59,7 @@ [auth] # Authentication method -# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | denyall +# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | denyall #type = none # Cache logins for until expiration time From 9791a4db0f4105990e31274db5cdcccee9841894 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:48:31 +0100 Subject: [PATCH 046/161] pam: doc --- DOCUMENTATION.md | 4 ++ radicale/auth/pam.py | 93 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 radicale/auth/pam.py diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index b9c4c572..8718c08f 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -829,6 +829,10 @@ Available backends: `oauth2` : Use an OAuth2 server to authenticate users. +`pam` +: Use local PAM to authenticate users. + + Default: `none` ##### cache_logins diff --git a/radicale/auth/pam.py b/radicale/auth/pam.py new file mode 100644 index 00000000..25e66b19 --- /dev/null +++ b/radicale/auth/pam.py @@ -0,0 +1,93 @@ +# -*- coding: utf-8 -*- +# +# This file is part of Radicale Server - Calendar Server +# Copyright © 2011 Henry-Nicolas Tourneur +# +# This library is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Radicale. If not, see . + +""" +PAM authentication. + +Authentication based on the ``pam-python`` module. + +""" + +import grp +import pam +import pwd + +from .. import config, log + + +GROUP_MEMBERSHIP = config.get("auth", "pam_group_membership") + + +# Compatibility for old versions of python-pam. +if hasattr(pam, "pam"): + def pam_authenticate(*args, **kwargs): + return pam.pam().authenticate(*args, **kwargs) +else: + def pam_authenticate(*args, **kwargs): + return pam.authenticate(*args, **kwargs) + + +def is_authenticated(user, password): + """Check if ``user``/``password`` couple is valid.""" + if user is None or password is None: + return False + + # Check whether the user exists in the PAM system + try: + pwd.getpwnam(user).pw_uid + except KeyError: + log.LOGGER.debug("User %s not found" % user) + return False + else: + log.LOGGER.debug("User %s found" % user) + + # Check whether the group exists + try: + # Obtain supplementary groups + members = grp.getgrnam(GROUP_MEMBERSHIP).gr_mem + except KeyError: + log.LOGGER.debug( + "The PAM membership required group (%s) doesn't exist" % + GROUP_MEMBERSHIP) + return False + + # Check whether the user exists + try: + # Get user primary group + primary_group = grp.getgrgid(pwd.getpwnam(user).pw_gid).gr_name + except KeyError: + log.LOGGER.debug("The PAM user (%s) doesn't exist" % user) + return False + + # Check whether the user belongs to the required group + # (primary or supplementary) + if primary_group == GROUP_MEMBERSHIP or user in members: + log.LOGGER.debug( + "The PAM user belongs to the required group (%s)" % + GROUP_MEMBERSHIP) + # Check the password + if pam_authenticate(user, password, service='radicale'): + return True + else: + log.LOGGER.debug("Wrong PAM password") + else: + log.LOGGER.debug( + "The PAM user doesn't belong to the required group (%s)" % + GROUP_MEMBERSHIP) + + return False From 6683775c81968043bcdd929c1773d229ffb3638f Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:48:51 +0100 Subject: [PATCH 047/161] pam: doc --- DOCUMENTATION.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index 8718c08f..fb86db70 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -1032,6 +1032,18 @@ OAuth2 token endpoint URL Default: +##### pam_service + +PAM service + +Default: radicale + +##### pam_group_membership + +PAM group user should be member of + +Default: + ##### lc_username Сonvert username to lowercase, must be true for case-insensitive auth From 954ddea0062f111b2eb7b1faa0d747099b53612f Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:49:13 +0100 Subject: [PATCH 048/161] pam: config --- config | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config b/config index dfd8c4e2..2585c718 100644 --- a/config +++ b/config @@ -128,6 +128,12 @@ # OAuth2 token endpoint URL #oauth2_token_endpoint = +# PAM service +#pam_serivce = radicale + +# PAM group user should be member of +#pam_group_membership = + # Htpasswd filename #htpasswd_filename = /etc/radicale/users From 046d39b1bd87dbcb08617098eb36436f702de2a4 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:49:36 +0100 Subject: [PATCH 049/161] pam: add support --- radicale/auth/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radicale/auth/__init__.py b/radicale/auth/__init__.py index e92272f8..62a7b34f 100644 --- a/radicale/auth/__init__.py +++ b/radicale/auth/__init__.py @@ -43,6 +43,7 @@ INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user", "ldap", "imap", "oauth2", + "pam", "dovecot") CACHE_LOGIN_TYPES: Sequence[str] = ( @@ -51,6 +52,7 @@ CACHE_LOGIN_TYPES: Sequence[str] = ( "htpasswd", "imap", "oauth2", + "pam", ) AUTH_SOCKET_FAMILY: Sequence[str] = ("AF_UNIX", "AF_INET", "AF_INET6") From c8f650bc2c5699ad2c3dc3e43363d1041db915ae Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:49:52 +0100 Subject: [PATCH 050/161] extend copyright --- radicale/auth/pam.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radicale/auth/pam.py b/radicale/auth/pam.py index 25e66b19..3194cb59 100644 --- a/radicale/auth/pam.py +++ b/radicale/auth/pam.py @@ -2,6 +2,8 @@ # # This file is part of Radicale Server - Calendar Server # Copyright © 2011 Henry-Nicolas Tourneur +# Copyright © 2021-2021 Unrud +# Copyright © 2025-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 855e3743caaf389643a8c567abe35565ea199823 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:50:07 +0100 Subject: [PATCH 051/161] pam: merge+adjust module from v1 --- radicale/auth/pam.py | 134 +++++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 62 deletions(-) diff --git a/radicale/auth/pam.py b/radicale/auth/pam.py index 3194cb59..84cacb82 100644 --- a/radicale/auth/pam.py +++ b/radicale/auth/pam.py @@ -21,75 +21,85 @@ """ PAM authentication. -Authentication based on the ``pam-python`` module. +Authentication using the ``pam-python`` module. +Important: radicale user need access to /etc/shadow by e.g. + chgrp radicale /etc/shadow + chmod g+r """ import grp -import pam import pwd -from .. import config, log +from radicale import auth +from radicale.log import logger -GROUP_MEMBERSHIP = config.get("auth", "pam_group_membership") - - -# Compatibility for old versions of python-pam. -if hasattr(pam, "pam"): - def pam_authenticate(*args, **kwargs): - return pam.pam().authenticate(*args, **kwargs) -else: - def pam_authenticate(*args, **kwargs): - return pam.authenticate(*args, **kwargs) - - -def is_authenticated(user, password): - """Check if ``user``/``password`` couple is valid.""" - if user is None or password is None: - return False - - # Check whether the user exists in the PAM system - try: - pwd.getpwnam(user).pw_uid - except KeyError: - log.LOGGER.debug("User %s not found" % user) - return False - else: - log.LOGGER.debug("User %s found" % user) - - # Check whether the group exists - try: - # Obtain supplementary groups - members = grp.getgrnam(GROUP_MEMBERSHIP).gr_mem - except KeyError: - log.LOGGER.debug( - "The PAM membership required group (%s) doesn't exist" % - GROUP_MEMBERSHIP) - return False - - # Check whether the user exists - try: - # Get user primary group - primary_group = grp.getgrgid(pwd.getpwnam(user).pw_gid).gr_name - except KeyError: - log.LOGGER.debug("The PAM user (%s) doesn't exist" % user) - return False - - # Check whether the user belongs to the required group - # (primary or supplementary) - if primary_group == GROUP_MEMBERSHIP or user in members: - log.LOGGER.debug( - "The PAM user belongs to the required group (%s)" % - GROUP_MEMBERSHIP) - # Check the password - if pam_authenticate(user, password, service='radicale'): - return True +class Auth(auth.BaseAuth): + def __init__(self, configuration) -> None: + super().__init__(configuration) + try: + import pam + self.pam = pam + except ImportError as e: + raise RuntimeError("PAM authentication requires the Python pam module") from e + self._service = configuration.get("auth", "pam_service") + logger.info("auth.pam_service: %s" % self._service) + self._group_membership = configuration.get("auth", "pam_group_membership") + if (self._group_membership): + logger.info("auth.pam_group_membership: %s" % self._group_membership) else: - log.LOGGER.debug("Wrong PAM password") - else: - log.LOGGER.debug( - "The PAM user doesn't belong to the required group (%s)" % - GROUP_MEMBERSHIP) + logger.info("auth.pam_group_membership: (empty, nothing to check / INSECURE)") - return False + def pam_authenticate(self, *args, **kwargs): + return self.pam.authenticate(*args, **kwargs) + + def _login(self, login: str, password: str) -> str: + """Check if ``user``/``password`` couple is valid.""" + if login is None or password is None: + return "" + + # Check whether the user exists in the PAM system + try: + pwd.getpwnam(login).pw_uid + except KeyError: + logger.debug("PAM user not found: %r" % login) + return "" + else: + logger.debug("PAM user found: %r" % login) + + # Check whether the user has a primary group (mandatory) + try: + # Get user primary group + primary_group = grp.getgrgid(pwd.getpwnam(login).pw_gid).gr_name + logger.debug("PAM user %r has primary group: %r" % (login, primary_group)) + except KeyError: + logger.debug("PAM user has no primary group: %r" % login) + return "" + + # Obtain supplementary groups + members = [] + if (self._group_membership): + try: + members = grp.getgrnam(self._group_membership).gr_mem + except KeyError: + logger.debug( + "PAM membership required group doesn't exist: %r" % + self._group_membership) + return "" + + # Check whether the user belongs to the required group + # (primary or supplementary) + if (self._group_membership): + if (primary_group != self._group_membership) and (login not in members): + logger.warning("PAM user %r belongs not to the required group: %r" % (login, self._group_membership)) + return "" + else: + logger.debug("PAM user %r belongs to the required group: %r" % (login, self._group_membership)) + + # Check the password + if self.pam_authenticate(login, password, service=self._service): + return login + else: + logger.debug("PAM authentication not successful for user: %r (service %r)" % (login, self._service)) + return "" From 0759673e67ab0bd1f631f458cac15a5e4e308bb6 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:50:24 +0100 Subject: [PATCH 052/161] pam: config parser --- radicale/config.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/radicale/config.py b/radicale/config.py index 5f46022e..6a218160 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -311,6 +311,14 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([ "value": "", "help": "OAuth2 token endpoint URL", "type": str}), + ("pam_group_membership", { + "value": "", + "help": "PAM group user should be member of", + "type": str}), + ("pam_service", { + "value": "radicale", + "help": "PAM service", + "type": str}), ("strip_domain", { "value": "False", "help": "strip domain from username", From 7f3fedc048576afd2bdbc439d8ec9ca0bc0890e4 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:50:42 +0100 Subject: [PATCH 053/161] log used python version --- radicale/utils.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radicale/utils.py b/radicale/utils.py index 097be3fb..a75e5089 100644 --- a/radicale/utils.py +++ b/radicale/utils.py @@ -18,6 +18,7 @@ # along with Radicale. If not, see . import ssl +import sys from importlib import import_module, metadata from typing import Callable, Sequence, Type, TypeVar, Union @@ -55,6 +56,7 @@ def package_version(name): def packages_version(): versions = [] + versions.append("python=%s.%s.%s" % (sys.version_info[0], sys.version_info[1], sys.version_info[2])) for pkg in RADICALE_MODULES: versions.append("%s=%s" % (pkg, package_version(pkg))) return " ".join(versions) From 6518f1b63aea24d8e0f0c7d6072930213dc639fa Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 17:51:06 +0100 Subject: [PATCH 054/161] pam: add to config selector --- config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config b/config index 2585c718..e367083c 100644 --- a/config +++ b/config @@ -59,7 +59,7 @@ [auth] # Authentication method -# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | denyall +# Value: none | htpasswd | remote_user | http_x_remote_user | dovecot | ldap | oauth2 | pam | denyall #type = none # Cache logins for until expiration time From 16ece44faf353822e867a27fdfd2a9ff629d37ff Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sat, 22 Feb 2025 18:00:23 +0100 Subject: [PATCH 055/161] pam: extend changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97869621..2c201fe4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error) * Test: skip bcrypt related tests if module is missing * Improve: relax mtime check on storage filesystem, change test file location to "collection-root" directory +* Add: option [auth] type pam by code migration from v1, add new option pam_serivce ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port From 8218081f5882bd25814bb9d6ef85b2278b7adf1b Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 25 Feb 2025 06:19:51 +0100 Subject: [PATCH 056/161] fix loglevel --- radicale/auth/pam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/auth/pam.py b/radicale/auth/pam.py index 84cacb82..02727c85 100644 --- a/radicale/auth/pam.py +++ b/radicale/auth/pam.py @@ -49,7 +49,7 @@ class Auth(auth.BaseAuth): if (self._group_membership): logger.info("auth.pam_group_membership: %s" % self._group_membership) else: - logger.info("auth.pam_group_membership: (empty, nothing to check / INSECURE)") + logger.warning("auth.pam_group_membership: (empty, nothing to check / INSECURE)") def pam_authenticate(self, *args, **kwargs): return self.pam.authenticate(*args, **kwargs) From 50f5d2e5ef3fc1b40200eeec294b84d5ea22e6d2 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 25 Feb 2025 06:20:03 +0100 Subject: [PATCH 057/161] extend copyright --- radicale/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/utils.py b/radicale/utils.py index a75e5089..2d7210ac 100644 --- a/radicale/utils.py +++ b/radicale/utils.py @@ -2,7 +2,7 @@ # Copyright © 2014 Jean-Marc Martins # Copyright © 2012-2017 Guillaume Ayoub # Copyright © 2017-2018 Unrud -# Copyright © 2024-2024 Peter Bieringer +# Copyright © 2024-2025 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 9b671becebcb90fcb8eb2ffe4d5946526df9f669 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 25 Feb 2025 06:20:14 +0100 Subject: [PATCH 058/161] extend module list to display version on start --- radicale/utils.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/radicale/utils.py b/radicale/utils.py index 2d7210ac..87836a65 100644 --- a/radicale/utils.py +++ b/radicale/utils.py @@ -27,7 +27,13 @@ from radicale.log import logger _T_co = TypeVar("_T_co", covariant=True) -RADICALE_MODULES: Sequence[str] = ("radicale", "vobject", "passlib", "defusedxml") +RADICALE_MODULES: Sequence[str] = ("radicale", "vobject", "passlib", "defusedxml", + "dateutil", + "bcrypt", + "pika", + "ldap", + "ldap3", + "pam") def load_plugin(internal_types: Sequence[str], module_name: str, @@ -58,7 +64,13 @@ def packages_version(): versions = [] versions.append("python=%s.%s.%s" % (sys.version_info[0], sys.version_info[1], sys.version_info[2])) for pkg in RADICALE_MODULES: - versions.append("%s=%s" % (pkg, package_version(pkg))) + try: + versions.append("%s=%s" % (pkg, package_version(pkg))) + except Exception: + try: + versions.append("%s=%s" % (pkg, package_version("python-" + pkg))) + except Exception: + versions.append("%s=%s" % (pkg, "n/a")) return " ".join(versions) From 0b5dd82109e403783cad3ce35ca5d8d27adf6fab Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 25 Feb 2025 06:21:15 +0100 Subject: [PATCH 059/161] extend changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c201fe4..5b86d183 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * Test: skip bcrypt related tests if module is missing * Improve: relax mtime check on storage filesystem, change test file location to "collection-root" directory * Add: option [auth] type pam by code migration from v1, add new option pam_serivce +* Cosmetics: extend list of used modules with their version on startup ## 3.4.1 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port From 29b1da465219add851ae2ac738e4e3a1ba7f31c5 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Tue, 25 Feb 2025 06:33:50 +0100 Subject: [PATCH 060/161] takeover hints from https://github.com/Kozea/Radicale/issues/1168 --- DOCUMENTATION.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md index fb86db70..b99b1d61 100644 --- a/DOCUMENTATION.md +++ b/DOCUMENTATION.md @@ -49,10 +49,8 @@ You want to try Radicale but only have 5 minutes free in your calendar? Let's go right now and play a bit with Radicale! When everything works, you can get a [client](#supported-clients) -and start creating calendars and address books. The server **only** binds to -localhost (is **not** reachable over the network) and you can log in with any -username and password. If Radicale fits your needs, it may be time for -[some basic configuration](#basic-configuration). +and start creating calendars and address books. By default, the server only binds to localhost (is not reachable over the network) +and you can log in with any user name and password. When everything works, you may get a local client and start creating calendars and address books. If Radicale fits your needs, it may be time for some [basic configuration](#basic-configuration) to support remote clients. Follow one of the chapters below depending on your operating system. From c2013ec901769250722b6911a0a764da7ccb8949 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 07:50:41 +0100 Subject: [PATCH 061/161] permit dot inside collection name, but not as first char, fixes https://github.com/Kozea/Radicale/issues/1632 --- radicale/web/internal_data/fn.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js index af13ad0a..9b0bad3b 100644 --- a/radicale/web/internal_data/fn.js +++ b/radicale/web/internal_data/fn.js @@ -1348,8 +1348,10 @@ function cleanHREFinput(a) { href_form = a.target; } let currentTxtVal = href_form.value.trim().toLowerCase(); - //Clean the HREF to remove non lowercase letters and dashes - currentTxtVal = currentTxtVal.replace(/(?![0-9a-z\-\_])./g, ''); + //Clean the HREF to remove not permitted chars + currentTxtVal = currentTxtVal.replace(/(?![0-9a-z\-\_\.])./g, ''); + //Clean the HREF to remove leading . (would result in hidden directory) + currentTxtVal = currentTxtVal.replace(/^\./, ''); href_form.value = currentTxtVal; } From fcaee51ceb2714c33ea179064dacfd9a595e2fb4 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 08:09:05 +0100 Subject: [PATCH 062/161] remove double / for MKCOL --- radicale/web/internal_data/fn.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js index 9b0bad3b..66d6f9bb 100644 --- a/radicale/web/internal_data/fn.js +++ b/radicale/web/internal_data/fn.js @@ -1213,7 +1213,7 @@ function CreateEditCollectionScene(user, password, collection) { alert("You must enter a valid HREF"); return false; } - href = collection.href + "/" + newhreftxtvalue + "/"; + href = collection.href + newhreftxtvalue + "/"; } displayname = displayname_form.value; description = description_form.value; From 3910457a8d0d35e2eba9f60166fa9be74fce58cc Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 08:26:19 +0100 Subject: [PATCH 063/161] remove double / for PUT --- radicale/web/internal_data/fn.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js index 66d6f9bb..61492a34 100644 --- a/radicale/web/internal_data/fn.js +++ b/radicale/web/internal_data/fn.js @@ -927,7 +927,7 @@ function UploadCollectionScene(user, password, collection) { if(files.length > 1 || href.length == 0){ href = random_uuid(); } - let upload_href = collection.href + "/" + href + "/"; + let upload_href = collection.href + href + "/"; upload_req = upload_collection(user, password, upload_href, file, function(result) { upload_req = null; results.push(result); From 7318f592c84cddf566f8efbd04d1f7531e53f9cc Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 08:32:26 +0100 Subject: [PATCH 064/161] use basename of uploaded file as default collection name, support https://github.com/Kozea/Radicale/issues/1633 --- radicale/web/internal_data/fn.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js index 61492a34..a83a6edd 100644 --- a/radicale/web/internal_data/fn.js +++ b/radicale/web/internal_data/fn.js @@ -874,8 +874,7 @@ function UploadCollectionScene(user, password, collection) { upload_btn.onclick = upload_start; uploadfile_form.onchange = onfileschange; - let href = random_uuid(); - href_form.value = href; + href_form.value = ""; /** @type {?number} */ let scene_index = null; /** @type {?XMLHttpRequest} */ let upload_req = null; @@ -993,10 +992,12 @@ function UploadCollectionScene(user, password, collection) { hreflimitmsg_html.classList.remove("hidden"); href_form.classList.add("hidden"); href_label.classList.add("hidden"); + href_form.value = random_uuid(); // dummy, will be replaced on upload }else{ hreflimitmsg_html.classList.add("hidden"); href_form.classList.remove("hidden"); href_label.classList.remove("hidden"); + href_form.value = files[0].name.replace(/\.(ics|vcf)$/, ''); } return false; } From eb8dc61952f6db88e86ca05f273c007e32615e7b Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 19:40:11 +0100 Subject: [PATCH 065/161] extend copyright --- radicale/web/internal_data/fn.js | 1 + 1 file changed, 1 insertion(+) diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js index a83a6edd..2e30d1f6 100644 --- a/radicale/web/internal_data/fn.js +++ b/radicale/web/internal_data/fn.js @@ -2,6 +2,7 @@ * This file is part of Radicale Server - Calendar Server * Copyright © 2017-2024 Unrud * Copyright © 2023-2024 Matthew Hana + * Copyright © 2024-2025 Peter Bieringer * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by From 4419aa22854d07f49009ff2aef0ccd1b246bf995 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 19:40:24 +0100 Subject: [PATCH 066/161] display error --- radicale/web/internal_data/fn.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js index 2e30d1f6..745ea87d 100644 --- a/radicale/web/internal_data/fn.js +++ b/radicale/web/internal_data/fn.js @@ -1007,6 +1007,12 @@ function UploadCollectionScene(user, password, collection) { scene_index = scene_stack.length - 1; html_scene.classList.remove("hidden"); close_btn.onclick = onclose; + if(error){ + error_form.textContent = "Error: " + error; + error_form.classList.remove("hidden"); + }else{ + error_form.classList.add("hidden"); + } }; this.hide = function() { @@ -1319,6 +1325,12 @@ function CreateEditCollectionScene(user, password, collection) { fill_form(); submit_btn.onclick = onsubmit; cancel_btn.onclick = oncancel; + if(error){ + error_form.textContent = "Error: " + error; + error_form.classList.remove("hidden"); + }else{ + error_form.classList.add("hidden"); + } }; this.hide = function() { read_form(); From e3ae7b3ab546adf3e7b05ff3ecef911ad0bd854e Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 19:40:37 +0100 Subject: [PATCH 067/161] add copyright --- radicale/web/internal_data/index.html | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/radicale/web/internal_data/index.html b/radicale/web/internal_data/index.html index 7806765f..db241238 100644 --- a/radicale/web/internal_data/index.html +++ b/radicale/web/internal_data/index.html @@ -1,4 +1,10 @@ + From 78b94b1d4d64c11b7bbea10c523c4a53cb37cac8 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Thu, 27 Feb 2025 19:40:49 +0100 Subject: [PATCH 068/161] add html to display error --- radicale/web/internal_data/index.html | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/radicale/web/internal_data/index.html b/radicale/web/internal_data/index.html index db241238..9ac96795 100644 --- a/radicale/web/internal_data/index.html +++ b/radicale/web/internal_data/index.html @@ -122,6 +122,8 @@ + +