copyparty 1.19.5__tar.gz → 1.19.6__tar.gz

{copyparty-1.19.5 → copyparty-1.19.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: copyparty
-Version: 1.19.5
+Version: 1.19.6
 Summary:   Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
 Author-email: ed <copyparty@ocv.me>
 License: MIT
@@ -637,6 +637,8 @@ for example `-v /mnt::r -v /var/empty:web/certs:r` mounts the server folder `/mn
 
 the example config file right above this section may explain this better; the first volume `/` is mapped to `/srv` which means http://127.0.0.1:3923/music would try to read `/srv/music` on the server filesystem, but since there's another volume at `/music` mapped to `/mnt/music` then it'll go to `/mnt/music` instead
 
+> ℹ️ this also works for single files, because files can also be volumes
+
 
 ## dotfiles
 
@@ -1494,6 +1496,7 @@ and some minor issues,
   * win10 onwards does not allow connecting anonymously / without accounts
 * python3 only
 * slow (the builtin webdav support in windows is 5x faster, and rclone-webdav is 30x faster)
+  * those numbers are specifically for copyparty's smb-server (because it sucks); other smb-servers should be similar to webdav
 
 known client bugs:
 * on win7 only, `--smb1` is much faster than smb2 (default) because it keeps rescanning folders on smb2
@@ -2679,9 +2682,16 @@ NOTE: full bidirectional sync, like what [nextcloud](https://docs.nextcloud.com/
 
 the commandline uploader [u2c.py](https://github.com/9001/copyparty/tree/hovudstraum/bin#u2cpy) with `--dr` is the best way to sync a folder to copyparty; verifies checksums and does files in parallel, and deletes unexpected files on the server after upload has finished which makes file-renames really cheap (it'll rename serverside and skip uploading)
 
+if you want to sync with `u2c.py` then:
+* the `e2dsa` option (either globally or volflag) must be enabled on the server for the volumes you're syncing into
+* ...but DON'T enable global-options `no-hash` or `no-idx` (or volflags `nohash` / `noidx`), or at least make sure they are configured so they do not affect anything you are syncing into
+* ...and u2c needs the delete-permission, so either `rwd` at minimum, or just `A` which is the same as `rwmd.a`
+  * quick reminder that `a` and `A` are different permissions, and `.` is very useful for sync
+
 alternatively there is [rclone](./docs/rclone.md) which allows for bidirectional sync and is *way* more flexible (stream files straight from sftp/s3/gcs to copyparty, ...), although there is no integrity check and it won't work with files over 100 MiB if copyparty is behind cloudflare
 
 * starting from rclone v1.63, rclone is faster than u2c.py on low-latency connections
+  * but this is only true for the initial upload; u2c will be faster for periodic syncing
 
 
 ## mount as drive

{copyparty-1.19.5 → copyparty-1.19.6}/README.md

@@ -572,6 +572,8 @@ for example `-v /mnt::r -v /var/empty:web/certs:r` mounts the server folder `/mn
 
 the example config file right above this section may explain this better; the first volume `/` is mapped to `/srv` which means http://127.0.0.1:3923/music would try to read `/srv/music` on the server filesystem, but since there's another volume at `/music` mapped to `/mnt/music` then it'll go to `/mnt/music` instead
 
+> ℹ️ this also works for single files, because files can also be volumes
+
 
 ## dotfiles
 
@@ -1429,6 +1431,7 @@ and some minor issues,
   * win10 onwards does not allow connecting anonymously / without accounts
 * python3 only
 * slow (the builtin webdav support in windows is 5x faster, and rclone-webdav is 30x faster)
+  * those numbers are specifically for copyparty's smb-server (because it sucks); other smb-servers should be similar to webdav
 
 known client bugs:
 * on win7 only, `--smb1` is much faster than smb2 (default) because it keeps rescanning folders on smb2
@@ -2614,9 +2617,16 @@ NOTE: full bidirectional sync, like what [nextcloud](https://docs.nextcloud.com/
 
 the commandline uploader [u2c.py](https://github.com/9001/copyparty/tree/hovudstraum/bin#u2cpy) with `--dr` is the best way to sync a folder to copyparty; verifies checksums and does files in parallel, and deletes unexpected files on the server after upload has finished which makes file-renames really cheap (it'll rename serverside and skip uploading)
 
+if you want to sync with `u2c.py` then:
+* the `e2dsa` option (either globally or volflag) must be enabled on the server for the volumes you're syncing into
+* ...but DON'T enable global-options `no-hash` or `no-idx` (or volflags `nohash` / `noidx`), or at least make sure they are configured so they do not affect anything you are syncing into
+* ...and u2c needs the delete-permission, so either `rwd` at minimum, or just `A` which is the same as `rwmd.a`
+  * quick reminder that `a` and `A` are different permissions, and `.` is very useful for sync
+
 alternatively there is [rclone](./docs/rclone.md) which allows for bidirectional sync and is *way* more flexible (stream files straight from sftp/s3/gcs to copyparty, ...), although there is no integrity check and it won't work with files over 100 MiB if copyparty is behind cloudflare
 
 * starting from rclone v1.63, rclone is faster than u2c.py on low-latency connections
+  * but this is only true for the initial upload; u2c will be faster for periodic syncing
 
 
 ## mount as drive

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/__main__.py

@@ -190,35 +190,41 @@ def init_E(EE )  :
             (unicode, "/tmp"),
         ]
         errs = []
-        for chk in [os.listdir, os.mkdir]:
-            for npath, (pf, pa) in enumerate(paths):
-                p = ""
-                try:
-                    p = pf(pa)
-                    # print(chk.__name__, p, pa)
-                    if not p or p.startswith("~"):
-                        continue
-
-                    p = os.path.normpath(p)
-                    chk(p)  # type: ignore
-                    p = os.path.join(p, "copyparty")
-                    if not os.path.isdir(p):
-                        os.mkdir(p)
-
-                    if npath > 1:
-                        t = "Using [%s] for config; filekeys/dirkeys will change on every restart. Consider setting XDG_CONFIG_HOME or giving the unix-user a ~/.config/"
-                        errs.append(t % (p,))
-                    elif errs:
-                        errs.append("Using [%s] instead" % (p,))
-
-                    if errs:
-                        warn(". ".join(errs))
-
-                    return p  # type: ignore
-                except Exception as ex:
-                    if p and npath < 2:
-                        t = "Unable to store config in [%s] due to %r"
-                        errs.append(t % (p, ex))
+        for npath, (pf, pa) in enumerate(paths):
+            p = ""
+            try:
+                p = pf(pa)
+                if not p or p.startswith("~"):
+                    continue
+
+                p = os.path.normpath(p)
+                if os.path.isdir(p) and os.listdir(p):
+                    mkdir = False
+                else:
+                    mkdir = True
+                    os.mkdir(p)
+
+                p = os.path.join(p, "copyparty")
+                if not os.path.isdir(p):
+                    os.mkdir(p)
+
+                if npath > 1:
+                    t = "Using %s/copyparty [%s] for config; filekeys/dirkeys will change on every restart. Consider setting XDG_CONFIG_HOME or giving the unix-user a ~/.config/"
+                    errs.append(t % (pa, p))
+                elif mkdir:
+                    t = "Using %s/copyparty [%s] for config%s (Warning: %s did not exist and was created just now)"
+                    errs.append(t % (pa, p, " instead" if npath else "", pa))
+                elif errs:
+                    errs.append("Using %s/copyparty [%s] instead" % (pa, p))
+
+                if errs:
+                    warn(". ".join(errs))
+
+                return p  # type: ignore
+            except Exception as ex:
+                if p and npath < 2:
+                    t = "Unable to store config in %s [%s] due to %r"
+                    errs.append(t % (pa, p, ex))
 
         raise Exception("could not find a writable path for config")
 
@@ -662,6 +668,42 @@ def get_sects():
             """
             ),
         ],
+        [
+            "auth-ord",
+            "authentication precedence",
+            dedent(
+                """
+            \033[33m--auth-ord\033[0m is a comma-separated list of auth options
+            (one or more of the [\033[35moptions\033[0m] below); first one wins
+
+            [\033[35mpw\033[0m] is conventional login, for example the "\033[36mPW\033[0m" header,
+              or the \033[36m?pw=\033[0m[...] URL-suffix, or a valid session cookie
+              (see \033[33m--help-auth\033[0m)
+
+            [\033[35midp\033[0m] is a username provided in the http-request-header
+              defined by \033[33m--idp-h-usr\033[0m and/or \033[33m--idp-hm-usr\033[0m, which is
+              provided by an authentication middleware such as
+              authentik, authelia, tailscale, ... (see \033[33m--help-idp\033[0m)
+
+            [\033[35midp-h\033[0m] is specifically an \033[33m--idp-h-usr\033[0m header,
+            [\033[35midp-hm\033[0m] is specifically an \033[33m--idp-hm-usr\033[0m header;
+            [\033[35midp\033[0m] is the same as [\033[35midp-hm,idp-h\033[0m]
+
+            [\033[35mipu\033[0m] is a mapping from an IP-address to a username,
+              auto-authing that client-IP to that account
+              (see the description of \033[36m--ipu\033[0m in \033[33m--help\033[0m)
+
+            NOTE: even if an option (\033[35mpw\033[0m/\033[35mipu\033[0m/...) is not in the list,
+              it may still be enabled and can still take effect if
+              none of the other alternatives identify the user
+
+            NOTE: if [\033[35mipu\033[0m] is in the list, it must be FIRST or LAST
+
+            NOTE: if [\033[35mpw\033[0m] is not in the list, the logout-button
+              will be hidden when any idp feature is enabled
+            """
+            ),
+        ],
         [
             "flags",
             "list of volflags",
@@ -1107,6 +1149,8 @@ def add_qr(ap, tty):
     ap2.add_argument("--qrz", metavar="N", type=int, default=0, help="[\033[32m1\033[0m]=1x, [\033[32m2\033[0m]=2x, [\033[32m0\033[0m]=auto (try [\033[32m2\033[0m] on broken fonts)")
     ap2.add_argument("--qr-pin", metavar="N", type=int, default=0, help="sticky/pin the qr-code to always stay on-screen; [\033[32m0\033[0m]=disabled, [\033[32m1\033[0m]=with-url, [\033[32m2\033[0m]=just-qr")
     ap2.add_argument("--qr-wait", metavar="SEC", type=float, default=0, help="wait \033[33mSEC\033[0m before printing the qr-code to the log")
+    ap2.add_argument("--qr-every", metavar="SEC", type=float, default=0, help="print the qr-code every \033[33mSEC\033[0m (try this with/without --qr-pin in case of issues)")
+    ap2.add_argument("--qr-winch", metavar="SEC", type=float, default=0, help="when --qr-pin is enabled, check for terminal size change every \033[33mSEC\033[0m")
     ap2.add_argument("--qr-file", metavar="TXT", type=u, action="append", help="\033[34mREPEATABLE:\033[0m write qr-code to file.\n └─To create txt or svg, \033[33mTXT\033[0m is Filepath:Zoom:Pad, for example [\033[32mqr.txt:1:2\033[0m]\n └─To create png or gif, \033[33mTXT\033[0m is Filepath:Zoom:Pad:Foreground:Background, for example [\033[32mqr.png:8:2:333333:ffcc55\033[0m], or [\033[32mqr.png:8:2::ffcc55\033[0m] for transparent")
 
 
@@ -1232,7 +1276,7 @@ def add_auth(ap):
     ses_db = os.path.join(E.cfg, "sessions.db")
     ap2 = ap.add_argument_group("IdP / identity provider / user authentication options")
     ap2.add_argument("--idp-h-usr", metavar="HN", type=u, action="append", help="\033[34mREPEATABLE:\033[0m bypass the copyparty authentication checks if the request-header \033[33mHN\033[0m contains a username to associate the request with (for use with authentik/oauth/...)\n\033[1;31mWARNING:\033[0m if you enable this, make sure clients are unable to specify this header themselves; must be washed away and replaced by a reverse-proxy")
-    ap2.add_argument("--idp-hm-usr", metavar="TXT", type=u, action="append", help="\033[34mREPEATABLE:\033[0m bypass the copyparty authentication checks if the request-header \033[33mHN\033[0m is provided, and its value exists in a mapping defined by this option; see --help-idp")
+    ap2.add_argument("--idp-hm-usr", metavar="T", type=u, action="append", help="\033[34mREPEATABLE:\033[0m bypass the copyparty authentication checks if the request-header \033[33mT\033[0m is provided, and its value exists in a mapping defined by this option; see --help-idp")
     ap2.add_argument("--idp-h-grp", metavar="HN", type=u, default="", help="assume the request-header \033[33mHN\033[0m contains the groupname of the requesting user; can be referenced in config files for group-based access control")
     ap2.add_argument("--idp-h-key", metavar="HN", type=u, default="", help="optional but recommended safeguard; your reverse-proxy will insert a secret header named \033[33mHN\033[0m into all requests, and the other IdP headers will be ignored if this header is not present")
     ap2.add_argument("--idp-gsep", metavar="RE", type=u, default="|:;+,", help="if there are multiple groups in \033[33m--idp-h-grp\033[0m, they are separated by one of the characters in \033[33mRE\033[0m")
@@ -1240,6 +1284,7 @@ def add_auth(ap):
     ap2.add_argument("--idp-store", metavar="N", type=int, default=1, help="how to use \033[33m--idp-db\033[0m; [\033[32m0\033[0m] = entirely disable, [\033[32m1\033[0m] = write-only (effectively disabled), [\033[32m2\033[0m] = remember users, [\033[32m3\033[0m] = remember users and groups.\nNOTE: Will remember and restore the IdP-volumes of all users for all eternity if set to 2 or 3, even when user is deleted from your IdP")
     ap2.add_argument("--idp-adm", metavar="U,U", type=u, default="", help="comma-separated list of users allowed to use /?idp (the cache management UI)")
     ap2.add_argument("--idp-cookie", metavar="S", type=int, default=0, help="generate a session-token for IdP users which is written to cookie \033[33mcppws\033[0m (or \033[33mcppwd\033[0m if plaintext), to reduce the load on the IdP server, lifetime \033[33mS\033[0m seconds.\n └─note: The expiration time is a client hint only; the actual lifetime of the session-token is infinite (until next restart with \033[33m--ses-db\033[0m wiped)")
+    ap2.add_argument("--auth-ord", metavar="TXT", type=u, default="idp,ipu", help="controls auth precedence; examples: [\033[32mpw,idp,ipu\033[0m], [\033[32mipu,pw,idp\033[0m], see --help-auth-ord")
     ap2.add_argument("--no-bauth", action="store_true", help="disable basic-authentication support; do not accept passwords from the 'Authenticate' header at all. NOTE: This breaks support for the android app")
     ap2.add_argument("--bauth-last", action="store_true", help="keeps basic-authentication enabled, but only as a last-resort; if a cookie is also provided then the cookie wins")
     ap2.add_argument("--ses-db", metavar="PATH", type=u, default=ses_db, help="where to store the sessions database (if you run multiple copyparty instances, make sure they use different DBs)")
@@ -1250,6 +1295,10 @@ def add_auth(ap):
     ap2.add_argument("--ipr", metavar="CIDR=USR", type=u, action="append", help="\033[34mREPEATABLE:\033[0m username \033[33mUSR\033[0m can only connect from an IP matching one or more \033[33mCIDR\033[0m (comma-sep.); example: [\033[32m192.168.123.0/24,172.16.0.0/16=dave]")
     ap2.add_argument("--have-idp-hdrs", type=u, default="", help=argparse.SUPPRESS)
     ap2.add_argument("--have-ipu-or-ipr", type=u, default="", help=argparse.SUPPRESS)
+    ap2.add_argument("--ao-idp-before-pw", type=u, default="", help=argparse.SUPPRESS)
+    ap2.add_argument("--ao-h-before-hm", type=u, default="", help=argparse.SUPPRESS)
+    ap2.add_argument("--ao-ipu-wins", type=u, default="", help=argparse.SUPPRESS)
+    ap2.add_argument("--ao-has-pw", type=u, default="", help=argparse.SUPPRESS)
 
 
 def add_chpw(ap):
@@ -1489,6 +1538,7 @@ def add_logging(ap):
     ap2.add_argument("--log-utc", action="store_true", help="do not use local timezone; assume the TZ env-var is UTC (tiny bit faster)")
     ap2.add_argument("--log-tdec", metavar="N", type=int, default=3, help="timestamp resolution / number of timestamp decimals")
     ap2.add_argument("--log-badpwd", metavar="N", type=int, default=2, help="log failed login attempt passwords: 0=terse, 1=plaintext, 2=hashed")
+    ap2.add_argument("--log-badxml", action="store_true", help="log any invalid XML received from a client")
     ap2.add_argument("--log-conn", action="store_true", help="debug: print tcp-server msgs")
     ap2.add_argument("--log-htp", action="store_true", help="debug: print http-server threadpool scaling")
     ap2.add_argument("--ihead", metavar="HEADER", type=u, action='append', help="print request \033[33mHEADER\033[0m; [\033[32m*\033[0m]=all")
@@ -1626,6 +1676,7 @@ def add_db_metadata(ap):
 
 def add_txt(ap):
     ap2 = ap.add_argument_group("textfile options")
+    ap2.add_argument("--md-no-br", action="store_true", help="markdown: disable newline-is-newline; will only render a newline into the html given two trailing spaces or a double-newline (volflag=md_no_br)")
     ap2.add_argument("--md-hist", metavar="TXT", type=u, default="s", help="where to store old version of markdown files; [\033[32ms\033[0m]=subfolder, [\033[32mv\033[0m]=volume-histpath, [\033[32mn\033[0m]=nope/disabled (volflag=md_hist)")
     ap2.add_argument("--txt-eol", metavar="TYPE", type=u, default="", help="enable EOL conversion when writing documents; supported: CRLF, LF (volflag=txt_eol)")
     ap2.add_argument("-mcr", metavar="SEC", type=int, default=60, help="the textfile editor will check for serverside changes every \033[33mSEC\033[0m seconds")
@@ -1959,7 +2010,7 @@ def main(argv  = None)  :
     if not HAVE_IPV6 and al.i == "::":
         al.i = "0.0.0.0"
 
-    al.i = al.i.split(",")
+    al.i = [x.strip() for x in al.i.split(",")]
     try:
         if "-" in al.p:
             lo, hi = [int(x) for x in al.p.split("-")]

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 19, 5)
+VERSION = (1, 19, 6)
 CODENAME = "usernames"
-BUILD_DT = (2025, 8, 21)
+BUILD_DT = (2025, 8, 27)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/authsrv.py

@@ -1651,6 +1651,7 @@ class AuthSrv(object):
                     # accept both , and : as separators between usernames
                     zs1, zs2 = x.replace("=", ":").split(":", 1)
                     grps[zs1] = zs2.replace(":", ",").split(",")
+                    grps[zs1] = [x.strip() for x in grps[zs1]]
                 except:
                     t = '\n  invalid value "{}" for argument --grp, must be groupname:username1,username2,...'
                     raise Exception(t.format(x))
@@ -1704,6 +1705,7 @@ class AuthSrv(object):
 
         self.args.have_idp_hdrs = bool(self.args.idp_h_usr or self.args.idp_hm_usr)
         self.args.have_ipu_or_ipr = bool(self.args.ipu or self.args.ipr)
+        self.setup_auth_ord()
 
         self.setup_pwhash(acct)
         defpw = acct.copy()
@@ -2802,7 +2804,8 @@ class AuthSrv(object):
                 "have_mv": not self.args.no_mv,
                 "have_del": not self.args.no_del,
                 "have_unpost": int(self.args.unpost),
-                "have_emp": self.args.emp,
+                "have_emp": int(self.args.emp),
+                "md_no_br": int(vf.get("md_no_br") or 0),
                 "ext_th": vf.get("ext_th_d") or {},
                 "sb_md": "" if "no_sb_md" in vf else (vf.get("md_sbf") or "y"),
                 "sba_md": vf.get("md_sba") or "",
@@ -2852,6 +2855,18 @@ class AuthSrv(object):
             zs = str(vol.flags.get("tcolor") or self.args.tcolor)
             vol.flags["tcolor"] = zs.lstrip("#")
 
+    def setup_auth_ord(self)  :
+        ao = [x.strip() for x in self.args.auth_ord.split(",")]
+        if "idp" in ao:
+            zi = ao.index("idp")
+            ao = ao[:zi] + ["idp-hm", "idp-h"] + ao[zi:]
+        zsl = "pw idp-h idp-hm ipu".split()
+        pw, h, hm, ipu = [ao.index(x) if x in ao else 99 for x in zsl]
+        self.args.ao_idp_before_pw = min(h, hm) < pw
+        self.args.ao_h_before_hm = h < hm
+        self.args.ao_ipu_wins = ipu == 0
+        self.args.ao_have_pw = pw < 99
+
     def load_idp_db(self, quiet=False)  :
         # mutex me
         level = self.args.idp_store

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/broker_util.py

@@ -2,7 +2,6 @@
 from __future__ import print_function, unicode_literals
 
 import argparse
-import traceback
 
 from queue import Queue
 

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/cert.py

@@ -126,6 +126,7 @@ def _gen_srv(log , args, netdevs  ):
     nlog  = lambda msg, c=0: log("cert-gen-srv", msg, c)
 
     names = args.crt_ns.split(",") if args.crt_ns else []
+    names = [x.strip() for x in names]
     if not args.crt_exact:
         for n in names[:]:
             names.append("*.{}".format(n))

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/cfg.py

@@ -44,6 +44,7 @@ def vf_bmap()   :
         "gsel",
         "hardlink",
         "magic",
+        "md_no_br",
         "no_db_ip",
         "no_sb_md",
         "no_sb_lg",
@@ -324,6 +325,7 @@ flagcats = {
         "og_ua": "if defined: only send OG html if useragent matches this regex",
     },
     "textfiles": {
+        "md_no_br": "newline only on double-newline or two tailing spaces",
         "md_hist": "where to put markdown backups; s=subfolder, v=volHist, n=nope",
         "exp": "enable textfile expansion; see --help-exp",
         "exp_md": "placeholders to expand in markdown files; see --help",

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/ftpd.py

@@ -382,7 +382,7 @@ class FtpFs(AbstractedFS):
         svp = join(self.cwd, src).lstrip("/")
         dvp = join(self.cwd, dst).lstrip("/")
         try:
-            self.hub.up2k.handle_mv(self.uname, self.h.cli_ip, svp, dvp)
+            self.hub.up2k.handle_mv("", self.uname, self.h.cli_ip, svp, dvp)
         except Exception as ex:
             raise FSE(str(ex))
 

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/httpcli.py

@@ -12,7 +12,6 @@ import random
 import re
 import socket
 import stat
-import string
 import sys
 import threading  # typechk
 import time
@@ -31,7 +30,7 @@ try:
 except:
     pass
 
-from .__init__ import ANYWIN, PY2, RES, TYPE_CHECKING, EnvParams, unicode
+from .__init__ import ANYWIN, RES, TYPE_CHECKING, EnvParams, unicode
 from .__version__ import S_VERSION
 from .authsrv import LEELOO_DALLAS, VFS  # typechk
 from .bos import bos
@@ -66,6 +65,7 @@ from .util import (
     exclude_dotfiles,
     formatdate,
     fsenc,
+    gen_content_disposition,
     gen_filekey,
     gen_filekey_dbg,
     gencookie,
@@ -619,7 +619,9 @@ class HttpCli(object):
             or "*"
         )
 
-        if self.args.have_idp_hdrs:
+        if self.args.have_idp_hdrs and (
+            self.uname == "*" or self.args.ao_idp_before_pw
+        ):
             idp_usr = ""
             if self.args.idp_hm_usr:
                 for hn, hmv in self.args.idp_hm_usr_p.items():
@@ -632,9 +634,9 @@ class HttpCli(object):
                     if idp_usr:
                         break
             for hn in self.args.idp_h_usr:
-                if idp_usr:
+                if idp_usr and not self.args.ao_h_before_hm:
                     break
-                idp_usr = self.headers.get(hn)
+                idp_usr = self.headers.get(hn) or idp_usr
             if idp_usr:
                 idp_grp = (
                     self.headers.get(self.args.idp_h_grp) or ""
@@ -683,7 +685,10 @@ class HttpCli(object):
                 if idp_usr in self.asrv.vfs.aread:
                     self.pw = ""
                     self.uname = idp_usr
-                    self.html_head += "<script>var is_idp=1</script>\n"
+                    if self.args.ao_have_pw:
+                        self.html_head += "<script>var is_idp=1</script>\n"
+                    else:
+                        self.html_head += "<script>var is_idp=2</script>\n"
                     zs = self.asrv.ases.get(idp_usr)
                     if zs:
                         self.set_idp_cookie(zs)
@@ -691,7 +696,7 @@ class HttpCli(object):
                     self.log("unknown username: %r" % (idp_usr,), 1)
 
         if self.args.have_ipu_or_ipr:
-            if self.args.ipu and self.uname == "*":
+            if self.args.ipu and (self.uname == "*" or self.args.ao_ipu_wins):
                 self.uname = self.conn.ipu_iu[self.conn.ipu_nm.map(self.ip)]
             ipr = self.conn.hsrv.ipr
             if ipr and self.uname in ipr:
@@ -809,6 +814,15 @@ class HttpCli(object):
                         6 if em.startswith("client d/c ") else 3,
                     )
 
+                if self.hint and self.hint.startswith("<xml> "):
+                    if self.args.log_badxml:
+                        t = "invalid XML received from client: %r"
+                        self.log(t % (self.hint[6:],), 6)
+                    else:
+                        t = "received invalid XML from client; enable --log-badxml to see the whole XML in the log"
+                        self.log(t, 6)
+                    self.hint = ""
+
                 msg = "%s\r\nURL: %s\r\n" % (em, self.vpath)
                 if self.hint:
                     msg += "hint: %s\r\n" % (self.hint,)
@@ -1525,7 +1539,9 @@ class HttpCli(object):
                 if not rbuf or len(buf) >= 32768:
                     break
 
-            xroot = parse_xml(buf.decode(enc, "replace"))
+            sbuf = buf.decode(enc, "replace")
+            self.hint = "<xml> " + sbuf
+            xroot = parse_xml(sbuf)
             xtag = next((x for x in xroot if x.tag.split("}")[-1] == "prop"), None)
             if xtag is not None:
                 props = set([y.tag.split("}")[-1] for y in xtag])
@@ -1731,6 +1747,7 @@ class HttpCli(object):
         uenc = enc.upper()
 
         txt = buf.decode(enc, "replace")
+        self.hint = "<xml> " + txt
         ET.register_namespace("D", "DAV:")
         xroot = mkenod("D:orz")
         xroot.insert(0, parse_xml(txt))
@@ -1788,6 +1805,7 @@ class HttpCli(object):
         uenc = enc.upper()
 
         txt = buf.decode(enc, "replace")
+        self.hint = "<xml> " + txt
         ET.register_namespace("D", "DAV:")
         lk = parse_xml(txt)
         assert lk.tag == "{DAV:}lockinfo"
@@ -3995,6 +4013,13 @@ class HttpCli(object):
         if not editions:
             return self.tx_404()
 
+        #
+        # force download
+
+        if "dl" in self.ouparam:
+            cdis = gen_content_disposition(os.path.basename(req_path))
+            self.out_headers["Content-Disposition"] = cdis
+
         #
         # if-modified
 
@@ -4162,6 +4187,13 @@ class HttpCli(object):
         if not editions:
             return self.tx_404()
 
+        #
+        # force download
+
+        if "dl" in self.ouparam:
+            cdis = gen_content_disposition(os.path.basename(req_path))
+            self.out_headers["Content-Disposition"] = cdis
+
         #
         # if-modified
 
@@ -4707,24 +4739,7 @@ class HttpCli(object):
                     if maxn < nf:
                         raise Pebkac(400, t)
 
-        safe = (string.ascii_letters + string.digits).replace("%", "")
-        afn = "".join([x if x in safe.replace('"', "") else "_" for x in fn])
-        bascii = unicode(safe).encode("utf-8")
-        zb = fn.encode("utf-8", "xmlcharrefreplace")
-        if not PY2:
-            zbl = [
-                chr(x).encode("utf-8")
-                if x in bascii
-                else "%{:02x}".format(x).encode("ascii")
-                for x in zb
-            ]
-        else:
-            zbl = [unicode(x) if x in bascii else "%{:02x}".format(ord(x)) for x in zb]
-
-        ufn = b"".join(zbl).decode("ascii")
-
-        cdis = "attachment; filename=\"{}.{}\"; filename*=UTF-8''{}.{}"
-        cdis = cdis.format(afn, ext, ufn, ext)
+        cdis = gen_content_disposition("%s.%s" % (fn, ext))
         self.log(repr(cdis))
         self.send_headers(None, mime=mime, headers={"Content-Disposition": cdis})
 
@@ -4911,7 +4926,8 @@ class HttpCli(object):
             "lastmod": int(ts_md * 1000),
             "lang": self.args.lang,
             "favico": self.args.favico,
-            "have_emp": self.args.emp,
+            "have_emp": int(self.args.emp),
+            "md_no_br": int(vn.flags.get("md_no_br") or 0),
             "md_chk_rate": self.args.mcr,
             "md": boundary,
             "arg_base": arg_base,

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/mdns.py

@@ -27,7 +27,7 @@ from .stolen.dnslib import (
     DNSRecord,
     set_avahi_379,
 )
-from .util import CachedSet, Daemon, Netdev, list_ips, min_ex
+from .util import IP6_LL, CachedSet, Daemon, Netdev, list_ips, min_ex
 
 if TYPE_CHECKING:
     from .svchub import SvcHub
@@ -371,7 +371,7 @@ class MDNS(MCast):
         cip = addr[0]
         v6 = ":" in cip
         if (cip.startswith("169.254") and not self.ll_ok) or (
-            v6 and not cip.startswith("fe80")
+            v6 and not cip.startswith(IP6_LL)
         ):
             return
 

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/multicast.py

@@ -15,7 +15,7 @@ from ipaddress import (
 )
 
 from .__init__ import MACOS, TYPE_CHECKING
-from .util import Daemon, Netdev, find_prefix, min_ex, spack
+from .util import IP6_LL, IP64_LL, Daemon, Netdev, find_prefix, min_ex, spack
 
 if TYPE_CHECKING:
     from .svchub import SvcHub
@@ -142,7 +142,7 @@ class MCast(object):
         all_selected = ips[:]
 
         # discard non-linklocal ipv6
-        ips = [x for x in ips if ":" not in x or x.startswith("fe80")]
+        ips = [x for x in ips if ":" not in x or x.startswith(IP6_LL)]
 
         if not ips:
             raise NoIPs()
@@ -180,7 +180,7 @@ class MCast(object):
                 srv.ips[oth_ip.split("/")[0]] = ipaddress.ip_network(oth_ip, False)
 
             # gvfs breaks if a linklocal ip appears in a dns reply
-            ll = {k: v for k, v in srv.ips.items() if k.startswith(("169.254", "fe80"))}
+            ll = {k: v for k, v in srv.ips.items() if k.startswith(IP64_LL)}
             rt = {k: v for k, v in srv.ips.items() if k not in ll}
 
             if self.args.ll or not rt:

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/pwhash.py

@@ -25,6 +25,7 @@ class PWHash(object):
         self.args = args
 
         zsl = args.ah_alg.split(",")
+        zsl = [x.strip() for x in zsl]
         alg = zsl[0]
         if alg == "none":
             alg = ""

{copyparty-1.19.5 → copyparty-1.19.6}/copyparty/smbd.py

@@ -315,7 +315,7 @@ class SMB(object):
             t = "blocked rename (no-move-acc %s): /%s @%s"
             yeet(t % (vfs1.axs.umove, vp1, uname))
 
-        self.hub.up2k.handle_mv(uname, "1.7.6.2", vp1, vp2)
+        self.hub.up2k.handle_mv("", uname, "1.7.6.2", vp1, vp2)
         try:
             bos.makedirs(ap2, vf=vfs2.flags)
         except: