6.0.0-beta1
7/6/25

[#12385] DAV-Principals mix auth-username and horde-username
Summary DAV-Principals mix auth-username and horde-username
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 2. Medium
Owners jan (at) horde (dot) org
Requester piper (at) hrz (dot) uni-marburg (dot) de
Created 06/21/2013 (4398 days ago)
Due
Updated 02/02/2016 (3442 days ago)
Assigned 07/02/2013 (4387 days ago)
Resolved 02/02/2016 (3442 days ago)
Github Issue Link
Github Pull Request
Milestone Horde_Core 2.18.2
Patch Yes

History
02/02/2016 08:45:55 AM Jan Schneider Comment #4
State ⇒ Resolved
Milestone ⇒ Horde_Core 2.18.2		 Reply to this comment
This has been fixed already a year ago.
10/17/2013 02:10:49 PM busywater (at) gmail (dot) com Comment #3 Reply to this comment

[Show Quoted Text - 26 lines]
I report that the patch here fix the problem.

Kinglok, Fong
07/15/2013 02:09:35 PM busywater (at) gmail (dot) com Comment #2 Reply to this comment
I report the same problem after employing hook (authusername) to strip
off domain name when loggin horde and kronolith (4.1.1).

When I try using kronolith and obtain the subscription URL of CalDAV,
it shows:
https://mail.domain.com/rpc/principals/foo@domain.com/

Then, I try adding the account through iCal (OSX10.8.4) with using the
URL and username as 'foo@domain.com' and it shows 'Authentication
failed. Your username and password were rejected by the server'.  The
horde logging shows nothing about it.

The weird point lies in when I using the following URL to add account:
https://mail.domain.com/rpc/principals/foo/

and using 'foo' as username, iCal can add the account successfully.
However, there is simply no calendar shown.

On the contrary, if I disable the hook.php and caldav in horde work
flawlessly with horde.  I have two calendars in horde site and they
are shown in iCal.  When I enable the hook.php again and re-add the
account again in ical no calendar can be shown.

Therefore, I believe there are some problems in using the hook and
CalDAV user name.

Kinglok, Fong
07/02/2013 10:39:40 PM Jan Schneider Assigned to Jan Schneider
State ⇒ Assigned
 
06/25/2013 09:16:19 AM Jan Schneider Priority ⇒ 2. Medium
Version ⇒ Git master
 
06/21/2013 09:15:28 AM piper (at) hrz (dot) uni-marburg (dot) de Comment #1
Priority ⇒ 3. High
State ⇒ Unconfirmed
New Attachment: Horde_Dav_Principals.php.patch Download
Patch ⇒ Yes
Milestone ⇒
Queue ⇒ Horde Framework Packages
Due ⇒ 06/22/2013
Summary ⇒ DAV-Principals mix auth-username and horde-username
Type ⇒ Bug		 Reply to this comment
In my horde-setup (Horde-5.1.1, IMP-6.1.1, Horde_Dav-1.0.0) I am using 
horde-usernames of form 'user@domain' and auth-usernames of form 'user'.

This leads to problems with CalDav-access: if I access a caldav-URL 
with the browser, I get the (xml-)message 'User user@domain does not 
exist'. This is related to the authentication-routine 
getPrincipalByPath($path)  in 'Horde/Dav/Principals.php', where the 
horde-username from the URL is used as auth-username. It can be fixed 
by converting the username to auth-username (see attached patch).

This leads to the new error message 'User did not have the required 
privileges ({DAV:}read) for path "..."', as the authentication in the 
browser has been done using the auth-username, which is used in the 
routine 'getCurrentUserPrincipal()' in 'Sabre/DAVACL/Plugin.php' to 
set the principal-path, which should contain the horde-username. This 
can be fixed likewise by converting the username to horde-username 
(see second patch).

Is my observation and the fixing correct, or do I miss something here?

Thanks for your help,
regards,
Andreas

New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers