Radicale 3.2.0__tar.gz → 3.2.2__tar.gz

{radicale-3.2.0 → radicale-3.2.2}/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## 3.dev
+
+## 3.2.2
+* Enhancement: add support for auth.type=denyall (will be default for security reasons in upcoming releases)
+* Enhancement: display warning in case only default config is active
+* Enhancement: display warning in case no user authentication is active
+* Enhancement: add option to skip broken item to avoid triggering exception (default: enabled)
+* Enhancement: add support for predefined collections for new users
+* Enhancement: add options to enable several parts in debug log like backtrace, request_header, request_content, response_content (default: disabled)
+* Enhancement: rights/from_file: display resulting permission of a match in debug log
+* Enhancement: add Apache config file example (see contrib directory)
+* Fix: "verify-collection" skips non-collection directories, logging improved
+
+## 3.2.1
+
+* Enhancement: add option for logging bad PUT request content
+* Enhancement: extend logging with step where bad PUT request failed
+* Fix: support for recurrence "full day"
+* Fix: list of web_files related to HTML pages
+* Test: update/adjustments for workflows (pytest>=7, typeguard<4.3)
+
 ## 3.2.0
 
 * Enhancement: add hook support for event changes+deletion hooks (initial support: "rabbitmq")

{radicale-3.2.0 → radicale-3.2.2}/DOCUMENTATION.md

@@ -216,6 +216,8 @@ requirements.
 
 #### Linux with systemd system-wide
 
+Recommendation: check support by [Linux Distribution Packages](#linux-distribution-packages) instead of manual setup / initial configuration.
+
 Create the **radicale** user and group for the Radicale service. (Run
 `useradd --system --user-group --home-dir / --shell /sbin/nologin radicale` as root.)
 The storage folder must be writable by **radicale**. (Run
@@ -863,6 +865,12 @@ Delete sync-token that are older than the specified time. (seconds)
 
 Default: `2592000`
 
+#### skip_broken_item
+
+Skip broken item instead of triggering an exception
+
+Default: `True`
+
 ##### hook
 
 Command that is run after changes to storage. Take a look at the
@@ -870,6 +878,26 @@ Command that is run after changes to storage. Take a look at the
 
 Default:
 
+##### predefined_collections
+
+Create predefined user collections
+
+ Example:
+
+     {
+       "def-addressbook": {
+          "D:displayname": "Personal Address Book",
+          "tag": "VADDRESSBOOK"
+       },
+       "def-calendar": {
+          "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
+          "D:displayname": "Personal Calendar",
+          "tag": "VCALENDAR"
+       }
+     }
+
+Default:
+
 #### web
 
 ##### type
@@ -902,6 +930,36 @@ Don't include passwords in logs.
 
 Default: `True`
 
+##### bad_put_request_content
+
+Log bad PUT request content (for further diagnostics)
+
+Default: `False`
+
+##### backtrace_on_debug
+
+Log backtrace on level=debug
+
+Default: `False`
+
+##### request_header_on_debug
+
+Log request on level=debug
+
+Default: `False`
+
+##### request_content_on_debug
+
+Log request on level=debug
+
+Default: `False`
+
+##### response_content_on_debug = True
+
+Log response on level=debug
+
+Default: `False`
+
 #### headers
 
 In this section additional HTTP headers that are sent to clients can be
@@ -1079,6 +1137,8 @@ Delete the collections by running something like:
 curl -u user -X DELETE 'http://localhost:5232/user/calendar'
 ```
 
+Note: requires config/option `permit_delete_collection = True`
+
 ### Authentication and Rights
 
 This section describes the format of the rights file for the `from_file`
@@ -1509,7 +1569,7 @@ Radicale has been packaged for:
 * [Debian](http://packages.debian.org/radicale) by Jonas Smedegaard
 * [Gentoo](https://packages.gentoo.org/packages/www-apps/radicale)
   by René Neumann, Maxim Koltsov and Manuel Rüger
-* [Fedora/RHEL/CentOS](https://src.fedoraproject.org/rpms/radicale) by Jorti
+* [Fedora/EnterpriseLinux](https://src.fedoraproject.org/rpms/radicale) by Jorti
   and Peter Bieringer
 * [Mageia](http://madb.mageia.org/package/show/application/0/name/radicale)
   by Jani Välimaa

{radicale-3.2.0 → radicale-3.2.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: Radicale
-Version: 3.2.0
+Version: 3.2.2
 Summary: CalDAV and CardDAV Server
 Home-page: https://radicale.org/
 Author: Guillaume Ayoub
@@ -34,8 +34,8 @@ Requires-Dist: python-dateutil>=2.7.3
 Requires-Dist: pika>=1.1.0
 Requires-Dist: setuptools; python_version < "3.9"
 Provides-Extra: test
-Requires-Dist: pytest<7; extra == "test"
-Requires-Dist: typeguard<3; extra == "test"
+Requires-Dist: pytest>=7; extra == "test"
+Requires-Dist: typeguard<4.3; extra == "test"
 Requires-Dist: waitress; extra == "test"
 Requires-Dist: bcrypt; extra == "test"
 Provides-Extra: bcrypt

{radicale-3.2.0 → radicale-3.2.2}/Radicale.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: Radicale
-Version: 3.2.0
+Version: 3.2.2
 Summary: CalDAV and CardDAV Server
 Home-page: https://radicale.org/
 Author: Guillaume Ayoub
@@ -34,8 +34,8 @@ Requires-Dist: python-dateutil>=2.7.3
 Requires-Dist: pika>=1.1.0
 Requires-Dist: setuptools; python_version < "3.9"
 Provides-Extra: test
-Requires-Dist: pytest<7; extra == "test"
-Requires-Dist: typeguard<3; extra == "test"
+Requires-Dist: pytest>=7; extra == "test"
+Requires-Dist: typeguard<4.3; extra == "test"
 Requires-Dist: waitress; extra == "test"
 Requires-Dist: bcrypt; extra == "test"
 Provides-Extra: bcrypt

{radicale-3.2.0 → radicale-3.2.2}/Radicale.egg-info/SOURCES.txt

@@ -40,6 +40,7 @@ radicale/app/proppatch.py
 radicale/app/put.py
 radicale/app/report.py
 radicale/auth/__init__.py
+radicale/auth/denyall.py
 radicale/auth/htpasswd.py
 radicale/auth/http_x_remote_user.py
 radicale/auth/none.py
@@ -76,4 +77,11 @@ radicale/web/none.py
 radicale/web/internal_data/fn.js
 radicale/web/internal_data/index.html
 radicale/web/internal_data/css/icon.png
-radicale/web/internal_data/css/main.css
+radicale/web/internal_data/css/loading.svg
+radicale/web/internal_data/css/logo.svg
+radicale/web/internal_data/css/main.css
+radicale/web/internal_data/css/icons/delete.svg
+radicale/web/internal_data/css/icons/download.svg
+radicale/web/internal_data/css/icons/edit.svg
+radicale/web/internal_data/css/icons/new.svg
+radicale/web/internal_data/css/icons/upload.svg

{radicale-3.2.0 → radicale-3.2.2}/Radicale.egg-info/requires.txt

@@ -11,7 +11,7 @@ setuptools
 bcrypt
 
 [test]
-pytest<7
-typeguard<3
+pytest>=7
+typeguard<4.3
 waitress
 bcrypt

{radicale-3.2.0 → radicale-3.2.2}/config

@@ -53,7 +53,7 @@
 [auth]
 
 # Authentication method
-# Value: none | htpasswd | remote_user | http_x_remote_user
+# Value: none | htpasswd | remote_user | http_x_remote_user | denyall
 #type = none
 
 # Htpasswd filename
@@ -70,7 +70,7 @@
 # Message displayed in the client when a password is needed
 #realm = Radicale - Password Required
 
-# Сonvert username to lowercase, must be true for case-insensitive auth providers
+# Convert username to lowercase, must be true for case-insensitive auth providers
 #lc_username = False
 
 
@@ -99,10 +99,31 @@
 # Delete sync token that are older (seconds)
 #max_sync_token_age = 2592000
 
+# Skip broken item instead of triggering an exception
+#skip_broken_item = True
+
 # Command that is run after changes to storage
 # Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by \"%(user)s\"")
 #hook =
 
+# Create predefined user collections
+#
+# json format:
+#
+#  {
+#    "def-addressbook": {
+#       "D:displayname": "Personal Address Book",
+#       "tag": "VADDRESSBOOK"
+#    },
+#    "def-calendar": {
+#       "C:supported-calendar-component-set": "VEVENT,VJOURNAL,VTODO",
+#       "D:displayname": "Personal Calendar",
+#       "tag": "VCALENDAR"
+#    }
+#  }
+#
+#predefined_collections =
+
 
 [web]
 
@@ -120,6 +141,21 @@
 # Don't include passwords in logs
 #mask_passwords = True
 
+# Log bad PUT request content
+#bad_put_request_content = False
+
+# Log backtrace on level=debug
+#backtrace_on_debug = False
+
+# Log request header on level=debug
+#request_header_on_debug = False
+
+# Log request content on level=debug
+#request_content_on_debug = False
+
+# Log response content on level=debug
+#response_content_on_debug = False
+
 
 [headers]
 
@@ -133,4 +169,4 @@
 #type = none
 #rabbitmq_endpoint =
 #rabbitmq_topic =
-#rabbitmq_queue_type = classic
+#rabbitmq_queue_type = classic

{radicale-3.2.0 → radicale-3.2.2}/radicale/__init__.py

@@ -2,7 +2,8 @@
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -51,11 +52,16 @@ def _get_application_instance(config_path: str, wsgi_errors: types.ErrorStream
                 configuration = config.load(config.parse_compound_paths(
                     config.DEFAULT_CONFIG_PATH,
                     config_path))
-                log.set_level(cast(str, configuration.get("logging", "level")))
+                log.set_level(cast(str, configuration.get("logging", "level")), configuration.get("logging", "backtrace_on_debug"))
                 # Log configuration after logger is configured
+                default_config_active = True
                 for source, miss in configuration.sources():
-                    logger.info("%s %s", "Skipped missing" if miss
+                    logger.info("%s %s", "Skipped missing/unreadable" if miss
                                 else "Loaded", source)
+                    if not miss and source != "default config":
+                        default_config_active = False
+                if default_config_active:
+                    logger.warn("%s", "No config file found/readable - only default config is active")
                 _application_instance = Application(configuration)
     if _application_config_path != config_path:
         raise ValueError("RADICALE_CONFIG must not change: %r != %r" %

{radicale-3.2.0 → radicale-3.2.2}/radicale/__main__.py

@@ -1,6 +1,7 @@
 # This file is part of Radicale - CalDAV and CardDAV server
 # Copyright © 2011-2017 Guillaume Ayoub
-# Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -141,7 +142,7 @@ def run() -> None:
     # Preliminary configure logging
     with contextlib.suppress(ValueError):
         log.set_level(config.DEFAULT_CONFIG_SCHEMA["logging"]["level"]["type"](
-            vars(args_ns).get("c:logging:level", "")))
+            vars(args_ns).get("c:logging:level", "")), True)
 
     # Update Radicale configuration according to arguments
     arguments_config: types.MUTABLE_CONFIG = {}
@@ -164,11 +165,17 @@ def run() -> None:
         sys.exit(1)
 
     # Configure logging
-    log.set_level(cast(str, configuration.get("logging", "level")))
+    log.set_level(cast(str, configuration.get("logging", "level")), configuration.get("logging", "backtrace_on_debug"))
 
     # Log configuration after logger is configured
+    default_config_active = True
     for source, miss in configuration.sources():
-        logger.info("%s %s", "Skipped missing" if miss else "Loaded", source)
+        logger.info("%s %s", "Skipped missing/unreadable" if miss else "Loaded", source)
+        if not miss and source != "default config":
+            default_config_active = False
+
+    if default_config_active:
+        logger.warn("%s", "No config file found/readable - only default config is active")
 
     if args_ns.verify_storage:
         logger.info("Verifying storage")

{radicale-3.2.0 → radicale-3.2.2}/radicale/app/__init__.py

@@ -3,6 +3,7 @@
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
 # Copyright © 2017-2019 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -80,6 +81,9 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
         """
         super().__init__(configuration)
         self._mask_passwords = configuration.get("logging", "mask_passwords")
+        self._bad_put_request_content = configuration.get("logging", "bad_put_request_content")
+        self._request_header_on_debug = configuration.get("logging", "request_header_on_debug")
+        self._response_content_on_debug = configuration.get("logging", "response_content_on_debug")
         self._auth_delay = configuration.get("auth", "delay")
         self._internal_server = configuration.get("server", "_internal_server")
         self._max_content_length = configuration.get(
@@ -139,7 +143,10 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
             answers = []
             if answer is not None:
                 if isinstance(answer, str):
-                    logger.debug("Response content:\n%s", answer)
+                    if self._response_content_on_debug:
+                        logger.debug("Response content:\n%s", answer)
+                    else:
+                        logger.debug("Response content: suppressed by config/option [auth] response_content_on_debug")
                     headers["Content-Type"] += "; charset=%s" % self._encoding
                     answer = answer.encode(self._encoding)
                 accept_encoding = [
@@ -185,8 +192,11 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
         logger.info("%s request for %r%s received from %s%s",
                     request_method, unsafe_path, depthinfo,
                     remote_host, remote_useragent)
-        logger.debug("Request headers:\n%s",
-                     pprint.pformat(self._scrub_headers(environ)))
+        if self._request_header_on_debug:
+            logger.debug("Request header:\n%s",
+                         pprint.pformat(self._scrub_headers(environ)))
+        else:
+            logger.debug("Request header: suppressed by config/option [auth] request_header_on_debug")
 
         # SCRIPT_NAME is already removed from PATH_INFO, according to the
         # WSGI specification.
@@ -268,7 +278,14 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
                 if "W" in self._rights.authorization(user, principal_path):
                     with self._storage.acquire_lock("w", user):
                         try:
-                            self._storage.create_collection(principal_path)
+                            new_coll = self._storage.create_collection(principal_path)
+                            if new_coll:
+                                jsn_coll = self.configuration.get("storage", "predefined_collections")
+                                for (name_coll, props) in jsn_coll.items():
+                                    try:
+                                        self._storage.create_collection(principal_path + name_coll, props=props)
+                                    except ValueError as e:
+                                        logger.warning("Failed to create predefined collection %r: %s", name_coll, e)
                         except ValueError as e:
                             logger.warning("Failed to create principal "
                                            "collection %r: %s", user, e)

{radicale-3.2.0 → radicale-3.2.2}/radicale/app/base.py

@@ -1,5 +1,6 @@
 # This file is part of Radicale - CalDAV and CardDAV server
 # Copyright © 2020 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -48,6 +49,8 @@ class ApplicationBase:
         self._rights = rights.load(configuration)
         self._web = web.load(configuration)
         self._encoding = configuration.get("encoding", "request")
+        self._log_bad_put_request_content = configuration.get("logging", "bad_put_request_content")
+        self._response_content_on_debug = configuration.get("logging", "response_content_on_debug")
         self._hook = hook.load(configuration)
 
     def _read_xml_request_body(self, environ: types.WSGIEnviron
@@ -69,8 +72,11 @@ class ApplicationBase:
 
     def _xml_response(self, xml_content: ET.Element) -> bytes:
         if logger.isEnabledFor(logging.DEBUG):
-            logger.debug("Response content:\n%s",
-                         xmlutils.pretty_xml(xml_content))
+            if self._response_content_on_debug:
+                logger.debug("Response content:\n%s",
+                             xmlutils.pretty_xml(xml_content))
+            else:
+                logger.debug("Response content: suppressed by config/option [auth] response_content_on_debug")
         f = io.BytesIO()
         ET.ElementTree(xml_content).write(f, encoding=self._encoding,
                                           xml_declaration=True)

{radicale-3.2.0 → radicale-3.2.2}/radicale/app/put.py

@@ -3,6 +3,7 @@
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
 # Copyright © 2017-2018 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -133,7 +134,7 @@ class ApplicationPartPut(ApplicationBase):
         try:
             content = httputils.read_request_body(self.configuration, environ)
         except RuntimeError as e:
-            logger.warning("Bad PUT request on %r: %s", path, e, exc_info=True)
+            logger.warning("Bad PUT request on %r (read_request_body): %s", path, e, exc_info=True)
             return httputils.BAD_REQUEST
         except socket.timeout:
             logger.debug("Client timed out", exc_info=True)
@@ -145,7 +146,11 @@ class ApplicationPartPut(ApplicationBase):
             vobject_items = radicale_item.read_components(content or "")
         except Exception as e:
             logger.warning(
-                "Bad PUT request on %r: %s", path, e, exc_info=True)
+                "Bad PUT request on %r (read_components): %s", path, e, exc_info=True)
+            if self._log_bad_put_request_content:
+                logger.warning("Bad PUT request content of %r:\n%s", path, content)
+            else:
+                logger.debug("Bad PUT request content: suppressed by config/option [auth] bad_put_request_content")
             return httputils.BAD_REQUEST
         (prepared_items, prepared_tag, prepared_write_whole_collection,
          prepared_props, prepared_exc_info) = prepare(
@@ -199,7 +204,7 @@ class ApplicationPartPut(ApplicationBase):
             props = prepared_props
             if prepared_exc_info:
                 logger.warning(
-                    "Bad PUT request on %r: %s", path, prepared_exc_info[1],
+                    "Bad PUT request on %r (prepare): %s", path, prepared_exc_info[1],
                     exc_info=prepared_exc_info)
                 return httputils.BAD_REQUEST
 
@@ -216,7 +221,7 @@ class ApplicationPartPut(ApplicationBase):
                         self._hook.notify(hook_notification_item)
                 except ValueError as e:
                     logger.warning(
-                        "Bad PUT request on %r: %s", path, e, exc_info=True)
+                        "Bad PUT request on %r (create_collection): %s", path, e, exc_info=True)
                     return httputils.BAD_REQUEST
             else:
                 assert not isinstance(item, storage.BaseCollection)
@@ -238,7 +243,7 @@ class ApplicationPartPut(ApplicationBase):
                     self._hook.notify(hook_notification_item)
                 except ValueError as e:
                     logger.warning(
-                        "Bad PUT request on %r: %s", path, e, exc_info=True)
+                        "Bad PUT request on %r (upload): %s", path, e, exc_info=True)
                     return httputils.BAD_REQUEST
 
             headers = {"ETag": etag}

{radicale-3.2.0 → radicale-3.2.2}/radicale/app/report.py

@@ -24,8 +24,8 @@ import posixpath
 import socket
 import xml.etree.ElementTree as ET
 from http import client
-from typing import (Callable, Iterable, Iterator, List, Optional, Sequence,
-                    Tuple, Union)
+from typing import (Any, Callable, Iterable, Iterator, List, Optional,
+                    Sequence, Tuple, Union)
 from urllib.parse import unquote, urlparse
 
 import vobject.base
@@ -196,14 +196,17 @@ def _expand(
         start: datetime.datetime,
         end: datetime.datetime,
 ) -> ET.Element:
-    rruleset = None
-    if hasattr(item.vobject_item.vevent, 'rrule'):
-        rruleset = item.vobject_item.vevent.getrruleset()
+    dt_format = '%Y%m%dT%H%M%SZ'
 
-    expanded_item = _make_vobject_expanded_item(item)
+    if type(item.vobject_item.vevent.dtstart.value) is datetime.date:
+        # If an event comes to us with a dt_start specified as a date
+        # then in the response we return the date, not datetime
+        dt_format = '%Y%m%d'
+
+    expanded_item, rruleset = _make_vobject_expanded_item(item, dt_format)
 
     if rruleset:
-        recurrences = rruleset.between(start, end)
+        recurrences = rruleset.between(start, end, inc=True)
 
         expanded: vobject.base.Component = copy.copy(expanded_item.vobject_item)
         is_expanded_filled: bool = False
@@ -214,7 +217,7 @@ def _expand(
             vevent = copy.deepcopy(expanded.vevent)
             vevent.recurrence_id = ContentLine(
                 name='RECURRENCE-ID',
-                value=recurrence_utc.strftime('%Y%m%dT%H%M%SZ'), params={}
+                value=recurrence_utc.strftime(dt_format), params={}
             )
 
             if is_expanded_filled is False:
@@ -231,8 +234,9 @@ def _expand(
 
 
 def _make_vobject_expanded_item(
-        item: radicale_item.Item
-) -> radicale_item.Item:
+        item: radicale_item.Item,
+        dt_format: str,
+) -> Tuple[radicale_item.Item, Optional[Any]]:
     # https://www.rfc-editor.org/rfc/rfc4791#section-9.6.5
     # The returned calendar components MUST NOT use recurrence
     #       properties (i.e., EXDATE, EXRULE, RDATE, and RRULE) and MUST NOT
@@ -243,17 +247,34 @@ def _make_vobject_expanded_item(
     item = copy.copy(item)
     vevent = item.vobject_item.vevent
 
-    start_utc = vevent.dtstart.value.astimezone(datetime.timezone.utc)
-    vevent.dtstart = ContentLine(
-        name='DTSTART',
-        value=start_utc.strftime('%Y%m%dT%H%M%SZ'), params={})
+    if type(vevent.dtstart.value) is datetime.date:
+        start_utc = datetime.datetime.fromordinal(
+            vevent.dtstart.value.toordinal()
+        ).replace(tzinfo=datetime.timezone.utc)
+    else:
+        start_utc = vevent.dtstart.value.astimezone(datetime.timezone.utc)
+
+    vevent.dtstart = ContentLine(name='DTSTART', value=start_utc, params=[])
 
     dt_end = getattr(vevent, 'dtend', None)
     if dt_end is not None:
-        end_utc = dt_end.value.astimezone(datetime.timezone.utc)
-        vevent.dtend = ContentLine(
-            name='DTEND',
-            value=end_utc.strftime('%Y%m%dT%H%M%SZ'), params={})
+        if type(vevent.dtend.value) is datetime.date:
+            end_utc = datetime.datetime.fromordinal(
+                dt_end.value.toordinal()
+            ).replace(tzinfo=datetime.timezone.utc)
+        else:
+            end_utc = dt_end.value.astimezone(datetime.timezone.utc)
+
+        vevent.dtend = ContentLine(name='DTEND', value=end_utc, params={})
+
+    rruleset = None
+    if hasattr(item.vobject_item.vevent, 'rrule'):
+        rruleset = vevent.getrruleset()
+
+    # There is something strage behavour during serialization native datetime, so converting manualy
+    vevent.dtstart.value = vevent.dtstart.value.strftime(dt_format)
+    if dt_end is not None:
+        vevent.dtend.value = vevent.dtend.value.strftime(dt_format)
 
     timezones_to_remove = []
     for component in item.vobject_item.components():
@@ -271,7 +292,7 @@ def _make_vobject_expanded_item(
     except AttributeError:
         pass
 
-    return item
+    return item, rruleset
 
 
 def xml_item_response(base_prefix: str, href: str,

{radicale-3.2.0 → radicale-3.2.2}/radicale/auth/__init__.py

@@ -2,7 +2,8 @@
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
-# Copyright © 2017-2018 Unrud <unrud@outlook.com>
+# Copyright © 2017-2022 Unrud <unrud@outlook.com>
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -31,13 +32,19 @@ Take a look at the class ``BaseAuth`` if you want to implement your own.
 from typing import Sequence, Tuple, Union
 
 from radicale import config, types, utils
+from radicale.log import logger
 
 INTERNAL_TYPES: Sequence[str] = ("none", "remote_user", "http_x_remote_user",
+                                 "denyall",
                                  "htpasswd")
 
 
 def load(configuration: "config.Configuration") -> "BaseAuth":
     """Load the authentication module chosen in configuration."""
+    if configuration.get("auth", "type") == "none":
+        logger.warning("No user authentication is selected: '[auth] type=none' (insecure)")
+    if configuration.get("auth", "type") == "denyall":
+        logger.warning("All access is blocked by: '[auth] type=denyall'")
     return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
                              configuration)
 

radicale-3.2.2/radicale/auth/denyall.py

@@ -0,0 +1,30 @@
+# This file is part of Radicale - CalDAV and CardDAV server
+# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
+#
+# This library is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+A dummy backend that denies any username and password.
+
+Used as default for security reasons.
+
+"""
+
+from radicale import auth
+
+
+class Auth(auth.BaseAuth):
+
+    def _login(self, login: str, password: str) -> str:
+        return ""