diff options
Diffstat (limited to 'radicale_web/web/infcloud/misc')
-rw-r--r-- | radicale_web/web/infcloud/misc/baikal-flat-0.2.7.diff | 35 | ||||
-rw-r--r-- | radicale_web/web/infcloud/misc/calendarserver.diff | 70 | ||||
-rw-r--r-- | radicale_web/web/infcloud/misc/config_davical.txt | 24 | ||||
-rw-r--r-- | radicale_web/web/infcloud/misc/readme_baikal_sabredav.txt | 41 | ||||
-rw-r--r-- | radicale_web/web/infcloud/misc/readme_osx.txt | 40 |
5 files changed, 210 insertions, 0 deletions
diff --git a/radicale_web/web/infcloud/misc/baikal-flat-0.2.7.diff b/radicale_web/web/infcloud/misc/baikal-flat-0.2.7.diff new file mode 100644 index 0000000..8eba7bf --- /dev/null +++ b/radicale_web/web/infcloud/misc/baikal-flat-0.2.7.diff @@ -0,0 +1,35 @@ +diff -rc baikal-flat/vendor/sabre/dav/lib/Sabre/DAVACL/PrincipalBackend/PDO.php baikal-flat-0.2.7.new/vendor/sabre/dav/lib/Sabre/DAVACL/PrincipalBackend/PDO.php +*** baikal-flat/vendor/sabre/dav/lib/Sabre/DAVACL/PrincipalBackend/PDO.php 2013-10-02 20:38:26.000000000 +0200 +--- baikal-flat-0.2.7.new/vendor/sabre/dav/lib/Sabre/DAVACL/PrincipalBackend/PDO.php 2014-02-16 16:25:15.873574244 +0100 +*************** +*** 70,75 **** +--- 70,80 ---- + '{http://sabredav.org/ns}email-address' => array( + 'dbField' => 'email', + ), ++ ++ /* necessary to access with PROPFIND caldavzap settings (Zellner, 2014-02-14) */ ++ '{http://inf-it.com/ns/dav/}settings' => array( ++ 'dbField' => 'inf_it_settings', ++ ), + ); + + /** +diff -rc baikal-flat/vendor/sabre/dav/lib/Sabre/DAVACL/Principal.php baikal-flat-0.2.7.new/vendor/sabre/dav/lib/Sabre/DAVACL/Principal.php +*** baikal-flat/vendor/sabre/dav/lib/Sabre/DAVACL/Principal.php 2013-10-02 20:38:26.000000000 +0200 +--- baikal-flat-0.2.7.new/vendor/sabre/dav/lib/Sabre/DAVACL/Principal.php 2014-02-16 16:26:05.393981448 +0100 +*************** +*** 242,247 **** +--- 242,253 ---- + 'principal' => $this->getPrincipalUrl(), + 'protected' => true, + ), ++ /* give write permissions to principal properties (Zellner, 2014-02-14) */ ++ array( ++ 'privilege' => '{DAV:}write', ++ 'principal' => $this->getPrincipalUrl(), ++ 'protected' => true, ++ ), + ); + + } diff --git a/radicale_web/web/infcloud/misc/calendarserver.diff b/radicale_web/web/infcloud/misc/calendarserver.diff new file mode 100644 index 0000000..1acff92 --- /dev/null +++ b/radicale_web/web/infcloud/misc/calendarserver.diff @@ -0,0 +1,70 @@ +diff -ru web2/http_headers.py web2-CardDavMATE/http_headers.py +--- web2/http_headers.py 2011-10-31 00:34:14.000000000 +0100 ++++ web2-CardDavMATE/http_headers.py 2011-10-31 00:31:07.000000000 +0100 +@@ -1531,7 +1531,14 @@ + 'Set-Cookie2':(tokenize, parseSetCookie2), + 'Vary':(tokenize, filterTokens), + 'WWW-Authenticate': (lambda h: tokenize(h, foldCase=False), +- parseWWWAuthenticate,) ++ parseWWWAuthenticate,), ++ ++ # begin CardDavMATE section ++ 'Access-Control-Allow-Origin':(last,), ++ 'Access-Control-Allow-Methods':(last,), ++ 'Access-Control-Allow-Headers':(last,), ++ 'Access-Control-Allow-Credentials':(last,), ++ 'Access-Control-Expose-Headers':(last,) ++ # end CardDavMATE section + } + + generator_response_headers = { +@@ -1545,7 +1552,14 @@ + 'Set-Cookie':(generateSetCookie,), + 'Set-Cookie2':(generateSetCookie2,), + 'Vary':(generateList, singleHeader), +- 'WWW-Authenticate':(generateWWWAuthenticate,) ++ 'WWW-Authenticate':(generateWWWAuthenticate,), ++ ++ # begin CardDavMATE section ++ 'Access-Control-Allow-Origin':(str, singleHeader), ++ 'Access-Control-Allow-Methods':(str, singleHeader), ++ 'Access-Control-Allow-Headers':(str, singleHeader), ++ 'Access-Control-Allow-Credentials':(str, singleHeader), ++ 'Access-Control-Expose-Headers':(str, singleHeader) ++ # end CardDavMATE section + } + + parser_entity_headers = { +diff -ru web2/server.py web2-CardDavMATE/server.py +--- web2/server.py 2011-10-31 00:34:21.000000000 +0100 ++++ web2-CardDavMATE/server.py 2011-10-31 00:31:07.000000000 +0100 +@@ -58,6 +58,18 @@ + response.headers.setHeader('server', VERSION) + if not response.headers.hasHeader('date'): + response.headers.setHeader('date', time.time()) ++ ++ # begin CardDavMATE section ++ if not response.headers.hasHeader('Access-Control-Allow-Origin'): ++ response.headers.setHeader('Access-Control-Allow-Origin', '*') ++ if not response.headers.hasHeader('Access-Control-Allow-Methods'): ++ response.headers.setHeader('Access-Control-Allow-Methods','GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK') ++ if not response.headers.hasHeader('Access-Control-Allow-Headers'): ++ response.headers.setHeader('Access-Control-Allow-Headers','User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With') ++ if not response.headers.hasHeader('Access-Control-Allow-Credentials'): ++ response.headers.setHeader('Access-Control-Allow-Credentials','true') ++ if not response.headers.hasHeader('Access-Control-Expose-Headers'): ++ response.headers.setHeader('Access-Control-Expose-Headers','Etag,Preference-Applied') ++ # end CardDavMATE section ++ + return response + defaultHeadersFilter.handleErrors = True + +@@ -354,7 +366,7 @@ + example. This would also be the place to do any CONNECT + processing.""" + +- if self.method == "OPTIONS" and self.uri == "*": ++ if self.method == "OPTIONS": + response = http.Response(responsecode.OK) + response.headers.setHeader('allow', ('GET', 'HEAD', 'OPTIONS', 'TRACE')) + return response diff --git a/radicale_web/web/infcloud/misc/config_davical.txt b/radicale_web/web/infcloud/misc/config_davical.txt new file mode 100644 index 0000000..e88672b --- /dev/null +++ b/radicale_web/web/infcloud/misc/config_davical.txt @@ -0,0 +1,24 @@ + RewriteEngine On + <IfModule mod_headers.c> + Header unset Access-Control-Allow-Origin + Header unset Access-Control-Allow-Methods + Header unset Access-Control-Allow-Headers + Header unset Access-Control-Allow-Credentials + Header unset Access-Control-Expose-Headers + + # If your setup is working and complete you can replace the "*" with CardDavMATE instalation + # origin (protocol/host/port) - see the examples below (for multiple origins use multiple headers) + #Header always set Access-Control-Allow-Origin "http://www.server.com" + #Header always set Access-Control-Allow-Origin "https://www.server.com" + #Header always set Access-Control-Allow-Origin "https://www.server.com:8080" + + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" + Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" + Header always set Access-Control-Allow-Credentials false + Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" + + RewriteCond %{HTTP:Access-Control-Request-Method} !^$ + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=200,L] + </IfModule> diff --git a/radicale_web/web/infcloud/misc/readme_baikal_sabredav.txt b/radicale_web/web/infcloud/misc/readme_baikal_sabredav.txt new file mode 100644 index 0000000..a7c99d1 --- /dev/null +++ b/radicale_web/web/infcloud/misc/readme_baikal_sabredav.txt @@ -0,0 +1,41 @@ + +PROBLEM: +-------- + +caldavzap reads and saves session settings persistently in the caldav server by +PROPPATCH / PROPFIND in a principal property '{http://inf-it.com/ns/dav/}settings'. + +Unfortunately, sabredav and sabredav based caldav servers... +- do not provide access to new or non-standard properties +- do not provide write access to principal properties with PROPPATCH + + +SOLUTION: +--------- + +An ideal and clean solution would be a sabredav plugin which allows creation and +access to arbitrary new principal properties. Since such a plugin doesn't exist, +I'll show here a hack which modifies baikal to just provide the specific principal +property '{http://inf-it.com/ns/dav/}settings' which is needed by caldavzap. + +The following steps apply to baikal 0.2.7 but should be applicable to any +sabredav based server. + +1. modify your sql databse: +add a text type database entry to the principals table which will hold the settings. +This can be done by sql commands or by using a gui frontend for your database. +I've named this text field 'inf_it_settings'. +Example: the sqlite structure of the principals table should then look like this: +CREATE TABLE 'principals' ( id INTEGER PRIMARY KEY ASC, uri TEXT, email TEXT, + displayname TEXT, vcardurl TEXT, inf_it_settings TEXT, UNIQUE(uri) ) + +2. apply the patch baikal-flat-0.2.7-for-caldavzap.diff to patch the baikal server. +This patch does two things: + +a) it modifies vendor/sabre/dav/lib/Sabre/DAVACL/PrincipalBackend/PDO.php to map +requests for the property '{http://inf-it.com/ns/dav/}settings' to the newly created +database field inf_it_settings (see above 1.) + +b) it modifies vendor/sabre/dav/lib/Sabre/DAVACL/Principal.php to give write +access to principal properties ('write' includes 'write-properties'). + diff --git a/radicale_web/web/infcloud/misc/readme_osx.txt b/radicale_web/web/infcloud/misc/readme_osx.txt new file mode 100644 index 0000000..511e7f3 --- /dev/null +++ b/radicale_web/web/infcloud/misc/readme_osx.txt @@ -0,0 +1,40 @@ +OS X Server instructions: + +1. Calendarserver in OS X not sends headers required by web browsers to allow cross domain queries. To add these headers follow the steps below: + - copy the misc/calendarserver.diff into any directory on your server (for example: ~/Desktop) + Mac OS X Lion Server (for OS X Mountain Lion Server see below): + - if your server is already patched (previous version of patch) you must restore the original files from backup: + NOTE: if you have updated your server installation, you probably do not want to restore the old files (possible newer version of Calendarserver files) + sudo mv /usr/share/caldavd/lib/python/twext/web2/http_headers.py.orig /usr/share/caldavd/lib/python/twext/web2/http_headers.py + sudo mv /usr/share/caldavd/lib/python/twext/web2/server.py.orig /usr/share/caldavd/lib/python/twext/web2/server.py + - execute the following command in the Terminal: + sudo patch -b -d /usr/share/caldavd/lib/python/twext/web2 -i ~/Desktop/calendarserver.diff + OS X Mountain Lion Server: + - if your server is already patched (previous version of patch) you must restore the original files from backup: + NOTE: if you have updated your server installation, you probably do not want to restore the old files (possible newer version of Calendarserver files) + sudo mv /Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/lib/python/twext/web2/http_headers.py.orig /Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/lib/python/twext/web2/http_headers.py + sudo mv /Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/lib/python/twext/web2/server.py.orig /Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/lib/python/twext/web2/server.py + - execute the following command in the Terminal: + sudo patch -b -d /Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/lib/python/twext/web2 -i ~/Desktop/calendarserver.diff + +2. The Digest authentication used in OS X Server is not supported directly by JavaScript in many browsers. It is recommended to disable it and enable the Basic authentication instead (or you may try the Digest auth with globalUseJqueryAuth=true in config.js). To disable the Digest authentication execute the following commands in Terminal: + sudo serveradmin settings calendar:Authentication:Basic:Enabled = yes + sudo serveradmin settings calendar:Authentication:Digest:Enabled = no + +3. Restart Calendarserver services: + sudo serveradmin stop addressbook + sudo serveradmin start addressbook + sudo serveradmin stop calendar + sudo serveradmin start calendar + + WARNING: with Basic authentication your username and password are sent over the network in plain text. + !!! ALWAYS USE SSL with Basic authentication !!! + + +Example config.js href values for OS X Server: + globalAccountSettings: + href: http://osxserver.com:8008/principals/users/USERNAME/ (INSECURE!) + href: https://osxserver.com:8443/principals/users/USERNAME/ + globalNetworkCheckSettings: + href: http://osxserver.com:8008/principals/users/ (INSECURE!) + href: https://osxserver.com:8443/principals/users/ |