iPhone devices incorrectly implement DAV:current-user-principal from
RFC 5397. They assume that current-user-principal is the href for the
resource being queried. The RFC says it should be the current resource.
See: https://gitlab.com/davical-project/davical/-/issues/335
HTTP/2 requests to Davical with debug mode result in logged
Authorization header as the comparison is currently case sensitive
https://datatracker.ietf.org/doc/rfc9113/
> 8.2. HTTP Fields
> Field names MUST be converted to lowercase when constructing an HTTP/2
message.
We also use a locally set password (aka a pepper) to ensure that the contents
of memcached isn't sufficient to perform dictionary attacks on the cached
credentials.
This is intended to reduce the load on external authentication sources
as most (all?) CalDAV clients use HTTPBasicAuth to authenticate and
if an external source is used, every request we receive requires
external authentication. This can place a large load on those external
sources.
Closes#254.
This tickles a bug as reported by Thorsten Marquardt in
https://sourceforge.net/p/davical/mailman/message/58766531/ with this
error message reported:
Exception [0] ldap_get_attributes(): Argument #2 ($entry) must be of
type LDAP\ResultEntry, false given
At line 718 of /usr/share/davical-master/inc/drivers_ldap.php
You need to look in 3da860e5d5e732c2dedb62a73c76608a2b7098a4 for that line
number as I've just made some improvements to the code the last few commits.
This is to tickle my suspicion of the bug as reported by Thorsten Marquardt
in https://sourceforge.net/p/davical/mailman/message/58766531/ with this
error message reported:
Exception [0] ldap_get_attributes(): Argument #2 ($entry) must be of
type LDAP\ResultEntry, false given
At line 718 of /usr/share/davical-master/inc/drivers_ldap.php
You need to look in 3da860e5d5e732c2dedb62a73c76608a2b7098a4 for that line
number as I've just made some improvements to the code.
I have also improved the SQL to check if the users have been added, and
discovered that the result file *did not* have them. This test was failing
due to the test config file looking for memberUid, not member. Also, fix
that.
Add a new value for i_use_mode_kerberos: "allow_fallback_ldap_auth",
which will fallback to username/password authentication when the
REMOTE_USER value is unset.
Currently, when `i_use_mode_kerberos` is enabled in the LDAP driver,
Davical checks the `REMOTE_USER` server variable, followed by the
`REDIRECT_REMOTE_USER` variable, for a matching username. If a matching
username is not found, authentication fails immediately.
This commit modifies the LDAP driver to fallback to standard LDAP
password authentication when `i_use_mode_kerberos` is enabled and
neither of these server variables are set. This allows
non-kerberos-enabled clients to authenticate as well.
Fixes#323
This allows us to have more complex test files where an action is taken, then
we test something, then another action is taken, etc.
Changes to test files are required so that URL is defined after all the
required settings are set.
Changes to the result files are either whitespace changes due to above logic
changes, or printing out a SQL Result header before each result. I figured it
was useful.
Add some properties to classes to fix errors like:
Creation of dynamic property iSchedule::$body_cannon is deprecated in /usr/share/davical/inc/iSchedule.php on line 533
Creation of dynamic property FakeSession::$user_active is deprecated in /usr/share/davical/inc/iSchedule-POST.php on line 23
