Unauthorised error not being recognised and code going into infinite loop

[bvanjeelharia]

The caldav library is recognising Unauthorised error when incorrect username/password is supplied and the code goes into an infinite loop.Version affected > 1.0

[tobixen]

Oups. I'm able to reproduce. I wonder if this may be related to the traceback shown in #270

[bvanjeelharia]

Actually it is working fine in earlier versions.

def request(...): (...) elif r.status_code == 401 and "WWW-Authenticate" in r.headers and self.auth:

        ## Some (ancient) servers don't like UTF-8 binary auth with Digest authentication.
        ## An example are old SabreDAV based servers.  Not sure about UTF-8 and Basic Auth,
        ## but likely the same.  so retry if password is a bytes sequence and not a string
        ## (see commit 13a4714, which introduced this regression)

        auth_types = self.extract_auth_types(r.headers["WWW-Authenticate"])

        if self.password and hasattr(self.password, "decode"):
            if self.username and "digest" in auth_types:
                self.auth = requests.auth.HTTPDigestAuth(
                    self.username, self.password.decode()
                )
            elif self.username and "basic" in auth_types:
                self.auth = requests.auth.HTTPBasicAuth(
                    self.username, self.password.decode()
                )
            elif "bearer" in auth_types:
                self.auth = HTTPBearerAuth(self.password.decode())

        self.username = None
        self.password = None
        return self.request(url, method, body, headers)

Its happening in this portion , as in elif its not checking for username and password which is being set to None at the end in this section , so it goes in this elif and requests again

[bvanjeelharia]

Works fine if we add the check for username and password as in previous versions

[tobixen]

I'm fixing. Will take some time as I also should make test code and improvements in the code comments.

[bvanjeelharia]

Sure, thanks :), Approximate time for the same?

[tobixen]

Will have a fix in master branch within minutes or hours, depending on the amount of other important interruptions. New release probably tomorrow.

[bvanjeelharia]

Thanks a lot for your quick response and quick action

[tobixen]

Master branch fixed now. I had to argue a bit with radicale ... the very basic configuration used when launching a test server creates a user that accepts any password, breaking my new test :-)

[bvanjeelharia]

Hey @tobixen , thanks a lot for your quick work. I have a couple of questions, it would be good if you can answer them: 1.How long will it take for these changes to reflect in the distros? How can I fetch these changes? 2.How can I make sure that I always have the latest version of the library by adding a ppa or something?

[tobixen]

1.How long will it take for these changes to reflect in the distros? How can I fetch these changes?

Depends on your distro, but generally it often takes years from some development library is being released and until it can be found in a distribution. Archlinux is probably the best exception, it is pretty fast on picking up the latest software versions.

It's usually possible to install and upgrade python libraries using the "pip" command, like sudo pip install -U caldav or pip install -U caldav.