Fixed authentication for anonymous users

radicale/__init__.py

@@ -279,7 +279,7 @@ class Application(object):
             user = password = None
 
         if not items or function == self.options or \
-                auth.is_authenticated(user, password):
+                auth.is_authenticated(user, password) if user else True:
 
             read_allowed_items, write_allowed_items = \
                 self.collect_allowed_items(items, user)
@@ -290,6 +290,14 @@ class Application(object):
                 status, headers, answer = function(
                     environ, read_allowed_items, write_allowed_items, content,
                     user)
+            elif not user:
+                # Unknown or unauthorized user
+                log.LOGGER.info("%s refused" % (user or "Anonymous user"))
+                status = client.UNAUTHORIZED
+                headers = {
+                    "WWW-Authenticate":
+                    "Basic realm=\"%s\"" % config.get("server", "realm")}
+                answer = None
             else:
                 # Good user but has no rights to any of the given collections
                 status, headers, answer = NOT_ALLOWED

radicale/rights.py

@@ -93,5 +93,7 @@ def _read_from_sections(user, collection, permission):
 def authorized(user, collection, right):
     """Check if the user is allowed to read or write the collection."""
     rights_type = config.get("rights", "type").lower()
-    return rights_type == "none" or (user and _read_from_sections(
-        user, collection.url.rstrip("/") or "/", right))
+    return rights_type == "none" or (
+        (True if not user else user) and _read_from_sections(
+            user if user else "", collection.url.rstrip("/") or "/", right)
+    )