[Syncevolution-issues] [Bug 56240] Can't use CalDAV with Digest Auth

https://bugs.freedesktop.org/show_bug.cgi?id=56240 Tobias Mueller <fdo-bugs(a)cryptobitch.de&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |UNCONFIRMED Ever confirmed|1 |0 --- Comment #8 from Tobias Mueller <fdo-bugs(a)cryptobitch.de&gt; --- (In reply to comment #7) Hm. So I did a few tests. I was looking for a lightweight server, preferably something without much installation and all, but I failed to find something. The most promising approach seemed to be cyclone followed by Twisted Web. There is "quickserve" as a haskell program. Not gonna work. And there is a Python "quickserve" but it has awkward dependencies and is not installable via standard mechanisms. SyncEvolution seems to work with Twisted Web and digest auth like so: pip install -E /tmp/twisted Twisted cat > /tmp/digestauth.rpy <<EOF cache() from zope.interface import implements from twisted.cred.portal import IRealm, Portal from twisted.cred.checkers import FilePasswordDB, InMemoryUsernamePasswordDatabaseDontUse from twisted.web.static import File from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory, BasicCredentialFactory class PublicHTMLRealm(object): implements(IRealm) def requestAvatar(self, avatarId, mind, *interfaces): return "foo" im = InMemoryUsernamePasswordDatabaseDontUse(foo='bar', user1='pw1') #im.addUser('foo','bar') portal = Portal(PublicHTMLRealm(), [im]) #portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')]) credentialFactory = DigestCredentialFactory("md5", "localhost:8080") #credentialFactory = BasicCredentialFactory("realm") resource = HTTPAuthSessionWrapper(portal, [credentialFactory]) EOF /tmp/twisted/bin/twistd -n web --path /tmp/ Then configure SyncEvolution like in bug 56263 but with URL=http://localhost:8080/digestauth.rpy/ It will work, i.e. 401 isn't returned, but 500 or so, which is due to the handler crashing somewhere, but after authorization. However, with Apache, it doesn't work. My setup is very simple and doesn't involve Radicale (or anything else, really), at all. The Apache config file is: <VirtualHost *:80> AddDefaultCharset UTF-8 ServerAdmin admin(a)foo.de DocumentRoot /var/empty/ ServerName caltest.foo.de <Location /> ## Digest auth doesn't work with SyncEvolution nor Evolution :-( There are bugs about that ## One Android Client seems to handle that well though AuthType Digest AuthName "calendar" AuthDigestDomain calendar AuthDigestProvider file AuthUserFile /tmp/radicale.passwd #AuthType Basic #AuthName "Radicale Authentication" #AuthBasicProvider file #AuthUserFile /tmp/radicale.passwd Require valid-user </Location> <Directory /var/empty/> Allow from all Options FollowSymlinks AllowOverride FileInfo AuthConfig </Directory> </VirtualHost> Then create a user like this: htdigest /path/to/radicale.passwd foo See that it does indeed work: wget --user=foo --password=bar -O- 'http://caltest.foo.de/' And PROPFIND, too: curl --request PROPFIND --anyauth --fail --user foo:bar 'http://caltest.foo.de/' curl: (22) The requested URL returned error: 405 Method Not Allowed Note that 405 is good (we just have not registered a PROPFIND listener and would get 401 if credentials were bad: curl --request PROPFIND --anyauth --fail --user baz:bar 'http://caltest.foo.de/' curl: (22) The requested URL returned error: 401 So somewhere is a problem. I am very hesitating to believe that the Apache HTTPd got the implementation wrong (plus, wget and cURL work). So I don't know why it works with Twisted. But as Apache is likely to be used much more often than Twisted, I feel that it is useful to make SyncEvolution work in that combination. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.