correct 401/403 usage for webdav

2025-08-17 09:02:15 -06:00 · 2022-10-18 20:29:06 +02:00 · 2022-10-18 20:29:06 +02:00 · fe57321853
parent 8510804e57
commit fe57321853
4 changed files with 13 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -719,6 +719,11 @@ on windows xp/7, connect using the explorer UI:
 on windows 7/8/10, disable wpad for performance:
 * control panel -> [network and internet] -> [internet options] -> [connections] tab -> [lan settings] -> automatically detect settings: Nope

+known issues:
+* winxp cannot show unicode characters outside of *some range*
+  * latin-1 is fine, hiragana is not (not even as shift-jis on japanese xp)
+* win7 cannot access servers which require authentication unless you use https or [enable basic authentication](./contrib/webdav-basicauth.reg) for http
+

 ## file indexing

--- a/contrib/README.md
+++ b/contrib/README.md
@ -29,6 +29,9 @@ however if your copyparty is behind a reverse-proxy, you may want to use [`share
 * disables thumbnails and folder-type detection in windows explorer
 * makes it way faster (especially for slow/networked locations (such as copyparty-fuse))

+### [`webdav-basicauth.reg`](webdav-basicauth.reg)
+* enables webdav basic-auth over plaintext http
+
 ### [`cfssl.sh`](cfssl.sh)
 * creates CA and server certificates using cfssl
 * give a 3rd argument to install it to your copyparty config
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@ -411,6 +411,7 @@ class VFS(object):
        will_move: bool = False,
        will_del: bool = False,
        will_get: bool = False,
+        err=403,
    ) -> tuple["VFS", str]:
        """returns [vfsnode,fs_remainder] if user has the requested permissions"""
        if ANYWIN:
@ -432,7 +433,7 @@ class VFS(object):
        ]:
            if req and (uname not in d and "*" not in d) and uname != LEELOO_DALLAS:
                t = "you don't have {}-access for this location"
-                raise Pebkac(403, t.format(msg))
+                raise Pebkac(err, t.format(msg))

        return vn, rem

--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -671,7 +671,7 @@ class HttpCli(object):
        if not self.can_read and not self.can_write and not self.can_get:
            if self.vpath:
                self.log("inaccessible: [{}]".format(self.vpath))
-                return self.tx_404(True)
+                raise Pebkac(401, "authenticate")

            self.uparam["h"] = ""

@ -731,7 +731,7 @@ class HttpCli(object):
            ]

        props = set(props_lst)
-        vn, rem = self.asrv.vfs.get(self.vpath, self.uname, True, False)
+        vn, rem = self.asrv.vfs.get(self.vpath, self.uname, True, False, err=401)
        depth = self.headers.get("depth", "infinity").lower()

        if depth == "infinity":
@ -2502,7 +2502,7 @@ class HttpCli(object):

    def tx_ups(self) -> bool:
        if not self.args.unpost:
-            raise Pebkac(400, "the unpost feature is disabled in server config")
+            raise Pebkac(403, "the unpost feature is disabled in server config")

        idx = self.conn.get_u2idx()
        if not hasattr(idx, "p_end"):