Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement read-only exports for calendar events (.ics) #7

Closed
jeromeschneider opened this issue Jul 23, 2012 · 18 comments
Closed

Implement read-only exports for calendar events (.ics) #7

jeromeschneider opened this issue Jul 23, 2012 · 18 comments
Assignees
Milestone

Comments

@jeromeschneider
Copy link
Contributor

Implement read-only exports for calendar events (.ics)

@SimonSimCity
Copy link

@jeromeschneider, how far have you come with that? I really need this feature and am willing to write the code for it ...

I think we just need to cherry-pick the changes in https://github.com/helgeeichelberg/Baikal/commit/5a463449df2f7efa9d9d79730e867861f3e9e66e and add an option, that you have read-only access for anonymous users or fully implement #73 ...

@lpirl
Copy link
Contributor

lpirl commented Sep 5, 2013

I'd love to see an option "Show only 'busy' instead of appointment titles" or similar.
I've done this with other server by granting only "read Free/Busy" so that people can see where an appointment would be possible (human free/busy scheduling).

@SimonSimCity
Copy link

@lpirl, I don't know how to set permissions in Baïkal, but the spec has already thought of something like that (http://www.ietf.org/rfc/rfc4791.txt - Chapter 6.1.1: CALDAV:read-free-busy Privilege). This feature seems supported by the underlying library Sabre CalDAV (I've seen some unit-tests for this), so it shouldn't be hard to implement ;)

Requires #51

@dsp1986
Copy link

dsp1986 commented Jan 10, 2014

is there any progress to be expected?
I found the ?export option (e.g. http://my.server.com/cal.php/calendars/me/public?export)
This asks name and password though. I would need to have read-only access without login, for a chosen calendar.

@SimonSimCity
Copy link

@dsp1986 I did it by using a proxy-server. Here's a sample configuration for nginx:

server {
    location /iCalendar/export {
        proxy_pass http://localhost/baikal/html/cal.php/calendars/{USERNAME}/default?export;
        proxy_set_header Authorization "Basic dXNlcm5hbWU6cGFzc3dvcmQ=";
    }
}

The encrypted string for basic authentication is created by this: base64_encode("{USERNAME}:{PASSWORD}");

When you now send a request to a domain, where this configuration has been added to, you can use the calendar by calling http://example.org/iCalendar/export

@dsp1986
Copy link

dsp1986 commented Jan 11, 2014

i understand this as follows:
if you visit example.org/iCalendar/export from any Browser on any Computer your server adds a header to the original request that tells itself (same server) you are logged in.

I use apache2 and am no big expert on it. Conditional changing of requests rings the mod_rewrite bell for me. Am I thinking the right direction? Can anybody give me a hint what i need to learn to make this happen in Apache?

thank you

@SimonSimCity
Copy link

@dsp1986 nearly correct. The system does not need to be the same server, as it is a proxy. In my case, it's a different vhost. You can't access this link externally. You can't do it using mod_rewrite, because mod_rewrite will not do something with proxying, it just rewrites links, that are available to the clients.

What could help is a combination of http://www.zeitoun.net/articles/http-basic-auth-through-reverse-proxy/start and http://httpd.apache.org/docs/2.2/mod/mod_proxy.html so - something like this:

http://stackoverflow.com/questions/567814/apache2-reverse-proxy-to-an-end-point-that-requires-basicauth-but-want-to-hide-t#answer-8901645

Haven't done this with apache until now, but as far as I understand, the second answer to the stackoverflow-question should get you in the right direction.

@dsp1986
Copy link

dsp1986 commented Jan 15, 2014

@SimonSimCity thank you for the directions. I'm still looking for some time to try them out. I will post my solution when I find it.

@MatonAnthony
Copy link

Hi @SimonSimCity , after many try, I was unable to reproduce your tricks with nginx could you explain it with more details ?

@SimonSimCity
Copy link

@MatonAnthony here a 1-2-3 setup for it:

  1. Set up a Baïkal installation
  2. Activate the ICSExportPlugin, as done in https://github.com/helgeeichelberg/Baikal/commit/5a463449df2f7efa9d9d79730e867861f3e9e66e
  3. Verify, that you can export the calendar (read the instructions in the commit-message, linked in step 2)
  4. Copy the URL, you used for the calendar-export
  5. Create a new directive in your nginx-configuration on a host of your likes
  6. Set up a proxy as I did (use the URL you copied as proxy_pass and add the login-credentials as proxy_set_header as described above)

I think, what confused you, was, that I used localhost has hostname here. But this has nothing to say. The Baïkal setup can also run on example.com or another domain, not hosted on the server your nginx-installation runs on.

If you got to step 4, but no further, I advice you to read some tutorials about proxies - what they are, what they do and how to set one up using nginx.

@MatonAnthony
Copy link

Ok thanks ! I think it's because I was using the digest auth ...

@MatonAnthony
Copy link

@SimonSimCity In fact not, I've make the proxy but it seems the Authentification header don't pass.

server {
    listen 80;
    server_name agenda.local;

    root /Users/anthony/Documents/Mozilla/Agenda/;
    index index.php;

    rewrite ^/.well-known/caldav /cal.php redirect;
    rewrite ^/.well-known/carddav /card.php redirect;

    charset utf-8;

    location ~ /(\.ht|Core|Specific) {
        deny all;
        return 404;
    }

    location ~ ^(.+\.php)(.*)$ {
        try_files $fastcgi_script_name =404;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include /usr/local/etc/nginx/fastcgi_params;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /var/www/nginx-default;
    }
    location /iCalendar {
        proxy_pass http://agenda.local/cal.php/calendars/Mozilla-be/default?export;
        proxy_set_header Authorization "Basic e01vemlsbGEtYmV9OntMb2ZvdHU5NX0=";
    }
}

Thanks a lot for the help.

@SimonSimCity
Copy link

@MatonAnthony Sorry, don't know. The configuration looks good, but there's maybe something with your Baïkal configuration ... had myself a pretty hard time on that. You're using basic authentication, on Baïkals side, right? Try to send this request from the command line using curl or turn the verbosity of nginx to debug and view the logs, that's what I did.

Please keep this ticket now focused on updates for native support in Baïkal.

@osiefart
Copy link

Hi,
thanks for the description, now it is working for me too. I had to solve two problems until it worked:

  1. Configure baikal to basic authentication (Default is Digest, not Basic) in the baikal settings admin page
  2. It is important to use the php base64_encode function (and not the command line base64 tool) to generate the UserPasswordHash. On the command line:
php -r 'echo base64_encode("user:password");' 

@MatonAnthony: Maybe this is solving your problem?

@SimonSimCity
Copy link

@osiefart, your first decision is depending on the choice you took in the Baïkal administration (Settings - WebDAV authentication type). I don't really know how to create a digest-header, so I just took basic to make the implementation easier for me :)

@MatonAnthony
Copy link

@osiefart : Thanks, i've take the decision to use a script write in shell who generate the hash and create the .ics, after my user just have to download it.

@cbmainz
Copy link

cbmainz commented Apr 30, 2014

@MatonAnthony, how does this shell script look like?

@SimonSimCity, how would the Proxy rule look like for Apache2?

@netgusto
Copy link
Member

Continued in #282.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants