mirror of
https://github.com/pewdiepie-archdaemon/odysseus.git
synced 2026-06-16 17:55:26 -04:00
Logan Davis
ad82ee1c83
* feat(calendar): support multiple CalDAV accounts Replaces the single CalDAV credential slot with a named account list so users can sync both a personal and work calendar simultaneously. - Add `account_id` column to `CalendarCal` + startup migration - `_load_caldav_accounts()` in caldav_sync.py reads `caldav_accounts` list from prefs, auto-migrating the legacy single `caldav` key on first use (no user action required) - `sync_caldav()` iterates all accounts and aggregates counts/errors - `writeback_event()` resolves credentials via `CalendarCal.account_id`, falling back to the first account for legacy rows - New REST endpoints: GET/POST/PUT/DELETE `/api/calendar/config/accounts` - Legacy GET/POST `/api/calendar/config` preserved for backward compat - Settings UI: one card per account with Label, URL, Username, Password fields; Test button works for both unsaved (inline creds) and saved (by account_id) accounts; delete removes only that account - Update test_caldav_url_hardening.py mock to include `_save_for_user` and updated `_sync_blocking` signature * fix(calendar): restore #2765 PK scoping and #2819 writeback URL validation Two regressions introduced by the multi-account refactor: 1. PK collision (#2765): _stable_cal_id was back to hashing only the URL, so two users — or one user with two accounts on the same server — would collide on the primary key. Restore owner+account_id in the hash key (format: "{owner}\n{account_id}\n{url}") and thread both values through _sync_blocking → _writeback_blocking → push_event → find_remote_calendar so the hash round-trips correctly on write-back. 2. URL validation dropped (#2819): _load_caldav_accounts imported _save_for_user at function scope, causing an ImportError on test mocks that only provide _load_for_user, which prevented writeback_event from reaching the validate_caldav_url call. Move the import inside the migration branch and wrap in try/except (best-effort save; next call re-migrates from the still-present legacy key). Update fake_writeback_blocking in test_caldav_writeback.py to accept the new owner/account_id optional params.
145 lines
5.0 KiB
Python
145 lines
5.0 KiB
Python
import asyncio
|
|
import ipaddress
|
|
import sys
|
|
import types
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
|
|
from src import caldav_sync
|
|
|
|
|
|
def test_validate_caldav_url_normalizes_safe_url(monkeypatch):
|
|
monkeypatch.setattr(
|
|
caldav_sync,
|
|
"_resolve_caldav_host_ips",
|
|
lambda host: [ipaddress.ip_address("93.184.216.34")],
|
|
)
|
|
assert (
|
|
caldav_sync.validate_caldav_url(" https://calendar.example.com/dav/ ")
|
|
== "https://calendar.example.com/dav"
|
|
)
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"url, message",
|
|
[
|
|
("ftp://calendar.example.com/dav", "must start with"),
|
|
("https://alice:secret@calendar.example.com/dav", "credentials"),
|
|
("https://calendar.example.com/dav#frag", "fragments"),
|
|
("http://localhost:5232/dav", "host is not allowed"),
|
|
("http://service.localhost/dav", "host is not allowed"),
|
|
("http://127.0.0.1:5232/dav", "host is not allowed"),
|
|
("http://[::1]:5232/dav", "host is not allowed"),
|
|
("http://169.254.169.254/latest", "host is not allowed"),
|
|
],
|
|
)
|
|
def test_validate_caldav_url_rejects_unsafe_urls(url, message):
|
|
with pytest.raises(ValueError, match=message):
|
|
caldav_sync.validate_caldav_url(url)
|
|
|
|
|
|
def test_validate_caldav_url_blocks_private_ips_unless_explicitly_allowed(monkeypatch):
|
|
monkeypatch.delenv("ODYSSEUS_ALLOW_PRIVATE_CALDAV", raising=False)
|
|
with pytest.raises(ValueError, match="Private CalDAV IPs require"):
|
|
caldav_sync.validate_caldav_url("http://10.0.0.5:5232/dav")
|
|
|
|
monkeypatch.setenv("ODYSSEUS_ALLOW_PRIVATE_CALDAV", "1")
|
|
assert caldav_sync.validate_caldav_url("http://10.0.0.5:5232/dav") == "http://10.0.0.5:5232/dav"
|
|
|
|
|
|
def test_validate_caldav_url_blocks_dns_to_private(monkeypatch):
|
|
monkeypatch.delenv("ODYSSEUS_ALLOW_PRIVATE_CALDAV", raising=False)
|
|
monkeypatch.setattr(
|
|
caldav_sync,
|
|
"_resolve_caldav_host_ips",
|
|
lambda host: [ipaddress.ip_address("10.0.0.5")],
|
|
)
|
|
|
|
with pytest.raises(ValueError, match="Private CalDAV IPs require"):
|
|
caldav_sync.validate_caldav_url("https://calendar.example.com/dav")
|
|
|
|
|
|
def test_validate_caldav_url_blocks_dns_to_link_local_even_when_private_allowed(monkeypatch):
|
|
monkeypatch.setenv("ODYSSEUS_ALLOW_PRIVATE_CALDAV", "1")
|
|
monkeypatch.setattr(
|
|
caldav_sync,
|
|
"_resolve_caldav_host_ips",
|
|
lambda host: [ipaddress.ip_address("169.254.169.254")],
|
|
)
|
|
|
|
with pytest.raises(ValueError, match="host is not allowed"):
|
|
caldav_sync.validate_caldav_url("https://calendar.example.com/dav")
|
|
|
|
|
|
def test_validate_caldav_url_fails_closed_when_hostname_does_not_resolve(monkeypatch):
|
|
def _no_dns(host):
|
|
raise OSError("no such host")
|
|
|
|
monkeypatch.setattr(caldav_sync, "_resolve_caldav_host_ips", _no_dns)
|
|
|
|
with pytest.raises(ValueError, match="host does not resolve"):
|
|
caldav_sync.validate_caldav_url("https://calendar.example.com/dav")
|
|
|
|
|
|
def test_sync_caldav_decrypts_stored_password_and_validates_url(monkeypatch):
|
|
monkeypatch.setattr(
|
|
caldav_sync,
|
|
"_resolve_caldav_host_ips",
|
|
lambda host: [ipaddress.ip_address("93.184.216.34")],
|
|
)
|
|
saved = {}
|
|
prefs_mod = types.ModuleType("routes.prefs_routes")
|
|
prefs_mod._load_for_user = lambda owner: {
|
|
"caldav": {
|
|
"url": " https://calendar.example.com/dav/ ",
|
|
"username": owner,
|
|
"password": "enc:stored",
|
|
}
|
|
}
|
|
prefs_mod._save_for_user = lambda owner, prefs: saved.update({"owner": owner, "prefs": prefs})
|
|
monkeypatch.setitem(sys.modules, "routes.prefs_routes", prefs_mod)
|
|
|
|
secret_mod = types.ModuleType("src.secret_storage")
|
|
secret_mod.decrypt = lambda value: "decrypted-password" if value == "enc:stored" else value
|
|
monkeypatch.setitem(sys.modules, "src.secret_storage", secret_mod)
|
|
|
|
captured = {}
|
|
|
|
def fake_sync_blocking(owner, url, username, password, account_id=""):
|
|
captured.update(
|
|
{
|
|
"owner": owner,
|
|
"url": url,
|
|
"username": username,
|
|
"password": password,
|
|
}
|
|
)
|
|
return {"calendars": 1, "events": 0, "deleted": 0, "errors": []}
|
|
|
|
async def inline_to_thread(func, *args, **kwargs):
|
|
return func(*args, **kwargs)
|
|
|
|
monkeypatch.setattr(caldav_sync, "_sync_blocking", fake_sync_blocking)
|
|
monkeypatch.setattr(caldav_sync.asyncio, "to_thread", inline_to_thread)
|
|
|
|
result = asyncio.run(caldav_sync.sync_caldav("alice"))
|
|
|
|
assert result["calendars"] == 1
|
|
assert captured == {
|
|
"owner": "alice",
|
|
"url": "https://calendar.example.com/dav",
|
|
"username": "alice",
|
|
"password": "decrypted-password",
|
|
}
|
|
|
|
|
|
def test_calendar_routes_use_hardened_caldav_client_and_secret_storage():
|
|
text = Path("routes/calendar_routes.py").read_text(encoding="utf-8")
|
|
|
|
assert "validate_caldav_url(body.get(\"url\", \"\"))" in text
|
|
assert "encrypt(body[\"password\"])" in text
|
|
assert "pw = decrypt(pw)" in text
|
|
assert "follow_redirects=False, trust_env=False" in text
|
|
assert "Redirects are not followed for CalDAV safety" in text
|