[CalendarServer-changes] [14116] CalendarServer/trunk/txdav

source_changes at macosforge.org source_changes at macosforge.org
Tue Oct 28 16:57:07 PDT 2014


Revision: 14116
          http://trac.calendarserver.org//changeset/14116
Author:   sagen at apple.com
Date:     2014-10-28 16:57:06 -0700 (Tue, 28 Oct 2014)
Log Message:
-----------
Fix unauthenticated access to wiki calendars

Modified Paths:
--------------
    CalendarServer/trunk/txdav/dps/client.py
    CalendarServer/trunk/txdav/dps/server.py
    CalendarServer/trunk/txdav/who/test/test_wiki.py
    CalendarServer/trunk/txdav/who/wiki.py

Modified: CalendarServer/trunk/txdav/dps/client.py
===================================================================
--- CalendarServer/trunk/txdav/dps/client.py	2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/dps/client.py	2014-10-28 23:57:06 UTC (rev 14116)
@@ -573,7 +573,7 @@
             WikiAccessForUIDCommand,
             self._convertAccess,
             wikiUID=self.uid.encode("utf-8"),
-            uid=record.uid.encode("utf-8")
+            uid=record.uid.encode("utf-8") if record else ""
         )
 
 

Modified: CalendarServer/trunk/txdav/dps/server.py
===================================================================
--- CalendarServer/trunk/txdav/dps/server.py	2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/dps/server.py	2014-10-28 23:57:06 UTC (rev 14116)
@@ -634,8 +634,11 @@
         log.debug("WikiAccessForUID: {w} {u}", w=wikiUID, u=uid)
         access = WikiAccessLevel.none
         wikiRecord = (yield self._directory.recordWithUID(wikiUID))
-        userRecord = (yield self._directory.recordWithUID(uid))
-        if wikiRecord is not None and userRecord is not None:
+        if uid:
+            userRecord = (yield self._directory.recordWithUID(uid))
+        else:
+            userRecord = None
+        if wikiRecord is not None:
             access = (yield wikiRecord.accessForRecord(userRecord))
         response = {
             "access": access.name.encode("utf-8"),

Modified: CalendarServer/trunk/txdav/who/test/test_wiki.py
===================================================================
--- CalendarServer/trunk/txdav/who/test/test_wiki.py	2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/who/test/test_wiki.py	2014-10-28 23:57:06 UTC (rev 14116)
@@ -26,7 +26,9 @@
 from twisted.internet.defer import inlineCallbacks, succeed
 from twistedcaldav.test.util import StoreTestCase
 
-from ..wiki import DirectoryService, WikiAccessLevel
+from ..wiki import (
+    DirectoryService, WikiAccessLevel, getWikiACL, RecordType, DirectoryRecord
+)
 import txdav.who.wiki
 
 
@@ -95,6 +97,7 @@
         return succeed(self.access)
 
 
+
     @inlineCallbacks
     def test_accessForRecord(self):
         record = yield self.directory.recordWithUID(u"wiki-test")
@@ -114,3 +117,63 @@
         self.access = "admin"
         access = yield record.accessForRecord(None)
         self.assertEquals(access, WikiAccessLevel.write)
+
+
+
+# Test getWikiACL()
+# Currently stubs out enough functionality to test that an unauthenticated
+# request can support read access when generating an ACL element
+# TODO: add tests which have auth'd principals in the request
+
+class FakeRequest(object):
+
+    def __init__(self):
+        self.authnUser = None
+
+
+class FakeResource(object):
+
+    def __init__(self, record):
+        self.record = record
+
+
+def stubAccessForRecord(self, record):
+    return succeed(self.access)
+
+
+class GetWikiACLTestCase(StoreTestCase):
+    """
+    Exercise getWikiACL
+    """
+
+    def configure(self):
+        """
+        Override configuration hook to turn on wiki service.
+        """
+        from twistedcaldav.config import config
+
+        super(GetWikiACLTestCase, self).configure()
+        self.patch(config.Authentication.Wiki, "Enabled", True)
+        self.patch(
+            txdav.who.wiki.DirectoryRecord,
+            "accessForRecord",
+            stubAccessForRecord
+        )
+
+    @inlineCallbacks
+    def test_getWikiACL(self):
+        fields = {
+            self.directory.fieldName.uid: u"wiki-1",
+            self.directory.fieldName.shortNames: [u"wiki-one",],
+            self.directory.fieldName.recordType: RecordType.macOSXServerWiki,
+        }
+        record = DirectoryRecord(self.directory, fields)
+        resource = FakeResource(record)
+        request = FakeRequest()
+
+        record.access = WikiAccessLevel.read
+        result = yield getWikiACL(resource, request)
+        self.assertEqual(
+            result.children[0].children[0].children[0].name,
+            "unauthenticated"
+        )

Modified: CalendarServer/trunk/txdav/who/wiki.py
===================================================================
--- CalendarServer/trunk/txdav/who/wiki.py	2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/who/wiki.py	2014-10-28 23:57:06 UTC (rev 14116)
@@ -282,7 +282,11 @@
         if access == WikiAccessLevel.read:
             request.wikiACL = davxml.ACL(
                 davxml.ACE(
-                    request.authnUser.principalElement(),
+                    (
+                        request.authnUser.principalElement() if
+                        request.authnUser is not None else
+                        davxml.Principal(davxml.Unauthenticated())
+                    ),
                     davxml.Grant(
                         davxml.Privilege(davxml.Read()),
                         davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
@@ -311,7 +315,11 @@
         elif access == WikiAccessLevel.write:
             request.wikiACL = davxml.ACL(
                 davxml.ACE(
-                    request.authnUser.principalElement(),
+                    (
+                        request.authnUser.principalElement() if
+                        request.authnUser is not None else
+                        davxml.Principal(davxml.Unauthenticated())
+                    ),
                     davxml.Grant(
                         davxml.Privilege(davxml.Read()),
                         davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141028/e887bc9e/attachment.html>


More information about the calendarserver-changes mailing list