RFE: Better error message on HTTP 401 Unauthorized

[genodeftest]

Steps to reproduce:

1. Setup DaVx⁵ with a new web service or account
2. When choosing username+password, mistype username or password
3. Try to connect

What happens:

1. DaVx⁵ sends a GET request on /, gets a 401 Unauthorized response
2. DaVx⁵ tries again on /.well-known/carddav, gets an error (java.io.IOException: unexpected end of stream)
3. DaVx⁵ waits 9 seconds
4. DaVx⁵ tries again on /.well-known/carddav, gets a 301 Moved Permanently redirect to /
5. DaVx⁵ tries again on /, gets an error (`java.io.IOException: unexpected end of stream')
6. DaVx⁵ waits 10 seconds
7. DaVx⁵ sends a GET request on /, gets a 401 Unauthorized response
8. DaVx⁵ waits 27 seconds (maybe that's the timeouts from the steps below)
9. DaVx⁵ tries again, this time on IPv4 and IPv6 with port number 443 (although I've configured a different one) and fails with java.net.ConnectException as expected
10. DaVx⁵ waits 55 seconds (maybe that's the timeouts from the steps below)
11. DaVx⁵ tries again on IPv4 and IPv6 with port number 443 (although I've configured a different port) and fails with java.net.ConnectException as expected

What should happen:

DaVx⁵ should immediately communicate the HTTP status code 401 Unauthorized it got from the server to the user, e.g. with a text like this:

Login was denied. Please make sure that you typed you username and password correctly and that the account you are trying to use exists on [servername].

DaVx⁵ should not try again even once, but immediately display the message.

Details

I'm seeing this exception:

[ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed
EXCEPTION at.bitfire.dav4jvm.exception.UnauthorizedException: HTTP 401 Unauthorized
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:11)
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
	at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
	at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:11)
	at at.bitfire.davdroid.ui.setup.DavResourceFinder.checkUserGivenURL(DavResourceFinder.kt:11)
	at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:24)
	at at.bitfire.davdroid.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:1)
	at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$DetectConfigurationModel$detectConfiguration$2.invoke(DetectConfigurationFragment.kt:6)
	at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$DetectConfigurationModel$detectConfiguration$2.invoke(DetectConfigurationFragment.kt:1)
	at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:1)

More details in the attached (partially censored) logs.txt.

┌────────────────────────────────┬───────────┬───────────┬─────────────────────────────────────┬───────┐
│ Package                        │ Version   │ Code      │ Installer                           │ Notes │
├────────────────────────────────┼───────────┼───────────┼─────────────────────────────────────┼───────┤
│ at.bitfire.davdroid            │ 4.2.1-ose │ 402010004 │ com.google.android.packageinstaller │       │
│ org.dmfs.tasks                 │ 1.4.2     │ 82200     │ com.google.android.packageinstaller │       │
│ org.tasks                      │ 12.6.1    │ 120603    │ com.google.android.packageinstaller │       │
│ com.android.providers.contacts │ 11        │ 30        │ —                                   │       │
│ com.android.providers.calendar │ 11        │ 30        │ —                                   │       │
│ at.tomtasche.reader            │ 3.19      │ 172       │ com.google.android.packageinstaller │       │
└────────────────────────────────┴───────────┴───────────┴─────────────────────────────────────┴───────┘

[rfc2822]

DaVx⁵ should immediately communicate the HTTP status code 401 Unauthorized it got from the server to the user, e.g. with a text like this:

This is not how proper service detection works. Often, the base URL (which may not be the CalDAV endpoint) can return 401, but a well-known URL can still work.

DaVx⁵ waits 9 seconds

I suggest to change your server so that it rejects connections with RST instead of dropping the packets (firewall setting). Then you don't have to wait until the connection attempt times out.

DaVx⁵ should not try again even once, but immediately display the message.

If it would be that easy... as said above, it doesn't mean anything when the base URL or a well-known URL or a SRV/TXT URL returns 401, because the others may still work, and the 401 may or may not be related to the CalDAV service. So we don't know if the username/password is actually wrong or if the URL is wrong etc....

See also https://www.rfc-editor.org/rfc/rfc6764