6.0.0-beta1
7/7/25

[#12305] CalDAV user lookup bug
Summary CalDAV user lookup bug
Queue IMP
Queue Version Git master
Type Bug
State Resolved
Priority 1. Low
Owners jan (at) horde (dot) org
Requester horde (at) freebsd (dot) org
Created 06/05/2013 (4415 days ago)
Due
Updated 08/06/2014 (3988 days ago)
Assigned
Resolved 06/13/2013 (4407 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
08/06/2014 07:47:47 AM piper (at) hrz (dot) uni-marburg (dot) de Comment #8 Reply to this comment
Sorry, wrong ticket, was meant for #12380
Extending Jan's change to kronolith/lib/Form/EditCalendar.php seems 
to fix this, see attached patchfile.

Many thanks to Jan for fixing this issue, it was a major request 
from our users.

Regards,
Andreas
08/06/2014 07:45:39 AM piper (at) hrz (dot) uni-marburg (dot) de Comment #7
New Attachment: kronolith_lib_Form_EditCalendar.php.patch Download
Reply to this comment
Extending Jan's change to kronolith/lib/Form/EditCalendar.php seems to 
fix this, see attached patchfile.

Many thanks to Jan for fixing this issue, it was a major request from 
our users.

Regards,
Andreas
07/09/2013 05:08:31 PM busywater (at) gmail (dot) com Comment #6 Reply to this comment
I discover some problem after employing hook (authusername) to strip 
off domain name when loggin horde and kronolith (4.1.1).

When I try using kronolith and obtain the subscription URL of CalDAV, 
it shows:
https://mail.domain.com/rpc/principals/foo@domain.com/

Then, I try adding the account through iCal (OSX10.8.4) with using the 
URL and username as 'foo@domain.com' and it shows 'Authentication 
failed. Your username and password were rejected by the server'.  The 
horde logging shows nothing about it.

The weird point lies in when I using the following URL to add account:
https://mail.domain.com/rpc/principals/foo/

and using 'foo' as username, iCal can add the account successfully.   
However, there is simply no calendar shown.

On the contrary, if I disable the hook.php and caldav in horde work 
flawlessly with horde.  I have two calendars in horde site and they 
are shown in iCal.  When I enable the hook.php again and re-add the 
account again in ical no calendar can be shown.

Therefore, I believe there are some problems in using the hook and 
CalDAV user name.

Kinglok, Fong
06/13/2013 02:17:36 PM Jan Schneider Deleted Original Message
 
06/13/2013 02:17:28 PM Jan Schneider Assigned to Jan Schneider
State ⇒ Resolved
Patch ⇒ No
 
06/13/2013 02:16:44 PM Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit 808dbc224ab677a614884d5464d75d440dbc35b3
Author: Jan Schneider <jan@horde.org>
Date:   Thu Jun 13 16:16:16 2013 +0200

     Detect admin capabilities in _bootstrap() instead of _init() (Bug #12305).

  imp/docs/CHANGES        |    1 +
  imp/lib/Application.php |   18 ++++++++++--------
  imp/package.xml         |    2 ++
  3 files changed, 13 insertions(+), 8 deletions(-)

http://git.horde.org/horde-git/-/commit/808dbc224ab677a614884d5464d75d440dbc35b3
06/13/2013 02:02:19 PM Jan Schneider Comment #4 Reply to this comment
I can reproduce this now.

In Horde_Core_Auth_Application::listUsers(), the first call to 
hasCapability('list') returns true, so 
$registry->callAppMethod($this->_app, 'authUserList') is called. This 
goes down to Horde_Auth_Imap::listUsers() where hasCapability('list') 
now returns false.
06/13/2013 01:45:18 PM Jan Schneider Comment #3 Reply to this comment
It's not calling the Application API at all, IMP is only involved via 
authentication:
http://git.horde.org/co.php/framework/Dav/lib/Horde/Dav/Auth.php?rt=horde-git&r=fd567b12209dfde32d049dbb467578709dbb9fbf
with $_auth being $injector->getInstance('Horde_Core_Factory_Auth')->create()
06/13/2013 12:15:01 PM Michael Slusarz Comment #2 Reply to this comment
Option 2:
call imp's _init() before checking the problem in Dav/Principals.php
I have no idea what is going on in this Dav code, but anything that is 
trying to access an application's Application class without 
initializing it is very broken.
06/05/2013 02:58:08 PM horde (at) freebsd (dot) org Comment #1
State ⇒ Unconfirmed
New Attachment: imp_application.patch
Patch ⇒ Yes
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ CalDAV user lookup bug
Type ⇒ Bug
Priority ⇒ 1. Low
Reply to this comment
I have triggered an error when using the new CalDAV functionality of 
kronolith.

If using CalDAV and authentication via IMP, imp's _init() does not get 
called in the function mentioned later. This leaves the values 'add', 
'remove', and 'list' in the capability list even if not configured in 
the driver.

framework/Dav/lib/Horde/Dav/Principals.php, function 
getPrincipalByPath() erroneously assumes that 
$this->_auth->hasCapability('list') is true and exits with an user 
does not exist exception. This way I am unable to use CalDAV.

My suggestions to fix this:
Option 1 (preferred, patch attached):
Instead of removing the "add", "list" and "remove" capabilities in 
imp/lib/Application.php when they are not supported, merge them in 
_init() if they are supported

Option 2:
call imp's _init() before checking the problem in Dav/Principals.php

Option 3:
modify the check in Dav/Principals.php to accept such a situation

Saved Queries