https://bugs.freedesktop.org/show_bug.cgi?id=56240

Tobias Mueller <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |UNCONFIRMED
     Ever confirmed|1                           |0

--- Comment #8 from Tobias Mueller <[email protected]> ---
(In reply to comment #7)
> (In reply to comment #3)
> > I just made Apache enforce digest auth, i.e.
> > http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html
> 
> Can you describe the actual setup in more detail? Do you use Apache as proxy
> for Radicale? Do you have any authentication enabled in Radicale itself?

Hm. So I did a few tests. I was looking for a lightweight server, preferably
something without much installation and all, but I failed to find something.
The most promising approach seemed to be cyclone followed by Twisted Web. There
is "quickserve" as a haskell program. Not gonna work. And there is a Python
"quickserve" but it has awkward dependencies and is not installable via
standard mechanisms.

SyncEvolution seems to work with Twisted Web and digest auth like so:

pip install -E /tmp/twisted Twisted

cat > /tmp/digestauth.rpy <<EOF

cache()

from zope.interface import implements

from twisted.cred.portal import IRealm, Portal
from twisted.cred.checkers import FilePasswordDB,
InMemoryUsernamePasswordDatabaseDontUse
from twisted.web.static import File
from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory,
BasicCredentialFactory

class PublicHTMLRealm(object):
    implements(IRealm)

    def requestAvatar(self, avatarId, mind, *interfaces):
        return "foo"

im = InMemoryUsernamePasswordDatabaseDontUse(foo='bar', user1='pw1')
#im.addUser('foo','bar')

portal = Portal(PublicHTMLRealm(), [im])
#portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')])

credentialFactory = DigestCredentialFactory("md5", "localhost:8080")
#credentialFactory = BasicCredentialFactory("realm")
resource = HTTPAuthSessionWrapper(portal, [credentialFactory])

EOF

/tmp/twisted/bin/twistd -n web --path /tmp/




Then configure SyncEvolution like in bug 56263 but with
URL=http://localhost:8080/digestauth.rpy/

It will work, i.e. 401 isn't returned, but 500 or so, which is due to the
handler crashing somewhere, but after authorization.


However, with Apache, it doesn't work. My setup is very simple and doesn't
involve Radicale (or anything else, really), at all.

The Apache config file is:
<VirtualHost *:80>
    AddDefaultCharset UTF-8

    ServerAdmin [email protected]
    DocumentRoot /var/empty/
    ServerName caltest.foo.de

    <Location />
        ## Digest auth doesn't work with SyncEvolution nor Evolution :-( There
are bugs about that
        ## One Android Client seems to handle that well though
        AuthType Digest
        AuthName "calendar"
        AuthDigestDomain calendar
        AuthDigestProvider file
        AuthUserFile /tmp/radicale.passwd

        #AuthType Basic
        #AuthName "Radicale Authentication"
        #AuthBasicProvider file
        #AuthUserFile /tmp/radicale.passwd

        Require valid-user
    </Location>

    <Directory /var/empty/>
      Allow from all
      Options FollowSymlinks
      AllowOverride FileInfo AuthConfig
    </Directory>

</VirtualHost>


Then create a user like this: htdigest /path/to/radicale.passwd foo

See that it does indeed work: wget --user=foo --password=bar -O-
'http://caltest.foo.de/'
And PROPFIND, too: curl --request PROPFIND  --anyauth --fail --user foo:bar
'http://caltest.foo.de/'
curl: (22) The requested URL returned error: 405 Method Not Allowed

Note that 405 is good (we just have not registered a PROPFIND listener and
would get 401 if credentials were bad:  curl --request PROPFIND  --anyauth
--fail --user baz:bar 'http://caltest.foo.de/'
curl: (22) The requested URL returned error: 401


So somewhere is a problem. I am very hesitating to believe that the Apache
HTTPd got the implementation wrong (plus, wget and cURL work). So I don't know
why it works with Twisted. But as Apache is likely to be used much more often
than Twisted, I feel that it is useful to make SyncEvolution work in that
combination.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
_______________________________________________
Syncevolution-issues mailing list
[email protected]
http://lists.syncevolution.org/listinfo/syncevolution-issues

Reply via email to