[CalendarServer-changes] [10126] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Tue Dec 4 15:39:34 PST 2012
Revision: 10126
http://trac.calendarserver.org//changeset/10126
Author: sagen at apple.com
Date: 2012-12-04 15:39:34 -0800 (Tue, 04 Dec 2012)
Log Message:
-----------
Undo r10125 to back out changes which broke CDT
Revision Links:
--------------
http://trac.calendarserver.org//changeset/10125
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/conf/caldavd-apple.plist
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/contrib/migration/calendarcommonextra.py
CalendarServer/trunk/contrib/migration/test/test_commonextra.py
CalendarServer/trunk/twext/web2/dav/auth.py
CalendarServer/trunk/twistedcaldav/resource.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Removed Paths:
-------------
CalendarServer/trunk/twext/web2/dav/test/test_auth.py
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -688,7 +688,6 @@
credentialFactories,
(auth.IPrincipal,),
overrides=overrides,
- allowBasicOverNonSSL=config.Authentication.Basic.AllowedOverNonSSL,
)
logWrapper = DirectoryLogWrapperResource(
Modified: CalendarServer/trunk/conf/caldavd-apple.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-apple.plist 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/conf/caldavd-apple.plist 2012-12-04 23:39:34 UTC (rev 10126)
@@ -242,8 +242,6 @@
<key>Basic</key>
<dict>
<key>Enabled</key>
- <true/>
- <key>AllowedOverNonSSL</key>
<false/>
</dict>
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2012-12-04 23:39:34 UTC (rev 10126)
@@ -507,8 +507,6 @@
<dict>
<key>Enabled</key>
<true/>
- <key>AllowedOverNonSSL</key>
- <true/>
</dict>
<!-- Digest challenge/response -->
Modified: CalendarServer/trunk/contrib/migration/calendarcommonextra.py
===================================================================
--- CalendarServer/trunk/contrib/migration/calendarcommonextra.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/contrib/migration/calendarcommonextra.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -146,7 +146,6 @@
settings["EnableSSL"] = True
settings["RedirectHTTPToHTTPS"] = True
- settings.setdefault("Authentication", {}).setdefault("Basic", {})["Enabled"] = True
def setCert(plistPath, otherCert):
"""
Modified: CalendarServer/trunk/contrib/migration/test/test_commonextra.py
===================================================================
--- CalendarServer/trunk/contrib/migration/test/test_commonextra.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/contrib/migration/test/test_commonextra.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -34,7 +34,6 @@
orig = {
}
expected = {
- 'Authentication': {'Basic': {'Enabled': True}},
'EnableSSL': True,
'RedirectHTTPToHTTPS': True,
'SSLAuthorityChain': '/test/pchain.pem',
Modified: CalendarServer/trunk/twext/web2/dav/auth.py
===================================================================
--- CalendarServer/trunk/twext/web2/dav/auth.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/twext/web2/dav/auth.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -37,8 +37,7 @@
class AuthenticationWrapper(WrapperResource):
- def __init__(self, resource, portal, credentialFactories, loginInterfaces,
- allowBasicOverNonSSL=False):
+ def __init__(self, resource, portal, credentialFactories, loginInterfaces):
"""
Wrap the given resource and use the parameters to set up the request
to allow anyone to challenge and handle authentication.
@@ -49,34 +48,20 @@
@param credentialFactories: Sequence of credentialFactories that can
be used to authenticate by resources in this tree.
@param loginInterfaces: More cred stuff
- @param allowBasicOverNonSSL: Should we advertise Basic over non SSL
- connections?
- @type allowBasicOverNonSSL: C{bool}
"""
super(AuthenticationWrapper, self).__init__(resource)
self.portal = portal
self.credentialFactories = dict([(factory.scheme, factory)
for factory in credentialFactories])
- self.secureCredentialFactories = dict([(factory.scheme, factory)
- for factory in credentialFactories
- if factory.scheme != "basic"])
self.loginInterfaces = loginInterfaces
- self.allowBasicOverNonSSL = allowBasicOverNonSSL
def hook(self, req):
req.portal = self.portal
+ req.credentialFactories = self.credentialFactories
req.loginInterfaces = self.loginInterfaces
- # If not using SSL, use the factory list which excludes "Basic"
- if req.chanRequest is None: # This is only None in unit tests
- secureConnection = True
- else:
- ignored, secureConnection = req.chanRequest.getHostInfo()
- req.credentialFactories = (self.credentialFactories if secureConnection or
- self.allowBasicOverNonSSL else self.secureCredentialFactories)
-
class IPrincipal(Interface):
pass
Deleted: CalendarServer/trunk/twext/web2/dav/test/test_auth.py
===================================================================
--- CalendarServer/trunk/twext/web2/dav/test/test_auth.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/twext/web2/dav/test/test_auth.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -1,100 +0,0 @@
-##
-# Copyright (c) 2012 Apple Computer, Inc. All rights reserved.
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-#
-# DRI: Wilfredo Sanchez, wsanchez at apple.com
-##
-
-import collections
-from twext.web2.dav.auth import AuthenticationWrapper
-import twext.web2.dav.test.util
-
-class AutoWrapperTestCase(twext.web2.dav.test.util.TestCase):
-
- def test_basicAuthPrevention(self):
-
- FakeFactory = collections.namedtuple("FakeFactory", ("scheme,"))
- factories = [FakeFactory("basic"), FakeFactory("digest"), FakeFactory("xyzzy")]
-
- class FakeChannel(object):
- def __init__(self, secure):
- self.secure = secure
- def getHostInfo(self):
- return "ignored", self.secure
-
- class FakeRequest(object):
- def __init__(self, secure):
- self.portal = None
- self.loginInterfaces = None
- self.credentialFactories = None
- self.chanRequest = FakeChannel(secure)
-
- #
- # allowBasicOverNonSSL=True
- #
- wrapper = AuthenticationWrapper(None, None, factories, None, allowBasicOverNonSSL=True)
- req = FakeRequest(True) # Connection is over SSL
- wrapper.hook(req)
- self.assertEquals(
- set(req.credentialFactories.keys()),
- set(["basic", "digest", "xyzzy"])
- )
- req = FakeRequest(False) # Connection is not over SSL
- wrapper.hook(req)
- self.assertEquals(
- set(req.credentialFactories.keys()),
- set(["basic", "digest", "xyzzy"])
- )
-
- #
- # allowBasicOverNonSSL=False
- #
- wrapper = AuthenticationWrapper(None, None, factories, None, allowBasicOverNonSSL=False)
- req = FakeRequest(True) # Connection is over SSL
- wrapper.hook(req)
- self.assertEquals(
- set(req.credentialFactories.keys()),
- set(["basic", "digest", "xyzzy"])
- )
- req = FakeRequest(False) # Connection is not over SSL
- wrapper.hook(req)
- self.assertEquals(
- set(req.credentialFactories.keys()),
- set(["digest", "xyzzy"]) # Basic auth is *not* advertised
- )
-
- #
- # Also make sure things still work if basic was not enabled to begin with
- #
- factories = [FakeFactory("digest"), FakeFactory("xyzzy")]
- wrapper = AuthenticationWrapper(None, None, factories, None, allowBasicOverNonSSL=False)
- req = FakeRequest(True) # Connection is over SSL
- wrapper.hook(req)
- self.assertEquals(
- set(req.credentialFactories.keys()),
- set(["digest", "xyzzy"])
- )
- req = FakeRequest(False) # Connection is not over SSL
- wrapper.hook(req)
- self.assertEquals(
- set(req.credentialFactories.keys()),
- set(["digest", "xyzzy"])
- )
-
Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/twistedcaldav/resource.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -3024,10 +3024,10 @@
credentialFactories on a per-resource-path basis """
def __init__(self, resource, portal, credentialFactories, loginInterfaces,
- overrides=None, allowBasicOverNonSSL=False):
+ overrides=None):
super(AuthenticationWrapper, self).__init__(resource, portal,
- credentialFactories, loginInterfaces, allowBasicOverNonSSL=allowBasicOverNonSSL)
+ credentialFactories, loginInterfaces)
self.overrides = {}
if overrides:
@@ -3043,7 +3043,7 @@
super(AuthenticationWrapper, self).hook(req)
factories = self.overrides.get(req.path.rstrip("/"),
- req.credentialFactories)
+ self.credentialFactories)
req.credentialFactories = factories
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2012-12-04 22:07:43 UTC (rev 10125)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2012-12-04 23:39:34 UTC (rev 10126)
@@ -406,10 +406,7 @@
# Authentication
#
"Authentication": {
- "Basic": { # Clear text; best avoided
- "Enabled": False,
- "AllowedOverNonSSL": False,
- },
+ "Basic": { "Enabled": False }, # Clear text; best avoided
"Digest": { # Digest challenge/response
"Enabled": True,
"Algorithm": "md5",
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20121204/1a276c3a/attachment-0001.html>
More information about the calendarserver-changes
mailing list