feat: handle Retry-After header on 429/503 responses (RFC 6585 / RFC 9110)

Merges and fixes PR #628 by temsocial (#628).

New `DAVClient` parameters:
- `rate_limit_handle` (bool, default False): when True, automatically sleep
  and retry on rate-limited responses; when False raise `RateLimitError`
  immediately so callers can implement their own strategy.
- `rate_limit_default_sleep` (Optional[int], default None): fallback sleep
  in seconds when the server's 429 omits a Retry-After header. None means
  raise rather than guess a sleep duration.
- `rate_limit_max_sleep` (Optional[int], default None): cap on the sleep
  duration; None means respect the server's value without limit.

New `error.RateLimitError(DAVError)` with `retry_after` (raw header string)
and `retry_after_seconds` (parsed float) attributes.

11 unit tests added to `TestRateLimiting` in `tests/test_caldav_unit.py`.

Co-authored-by: temsocial <temsocial@users.noreply.github.com>
Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: tobixen

CHANGELOG.md

@@ -125,6 +125,7 @@ Additionally, direct `DAVClient()` instantiation should migrate to `get_davclien
 * **URL space validation** -- `caldav.lib.url` now validates that URLs don't contain unquoted spaces
 * **Fallback for missing calendar-home-set** -- Client falls back to principal URL when `calendar-home-set` property is not available
 * **Load fallback for changed URLs** -- `CalendarObjectResource.load()` falls back to UID-based lookup when servers change URLs after save
+* **Retry-After / rate-limit handling** (RFC 6585 / RFC 9110) -- `DAVClient` now exposes `rate_limit_handle`, `rate_limit_default_sleep`, and `rate_limit_max_sleep` parameters. When `rate_limit_handle=True` the client automatically sleeps and retries on 429 Too Many Requests and 503 Service Unavailable responses that carry a `Retry-After` header. When `rate_limit_handle=False` (default) a `RateLimitError` is raised immediately so callers can implement their own back-off strategy. https://github.com/python-caldav/caldav/issues/627
 
 ### Fixed
 

caldav/davclient.py

@@ -11,7 +11,10 @@
 import copy
 import logging
 import sys
+import time
 import warnings
+from datetime import datetime, timezone
+from email.utils import parsedate_to_datetime
 from types import TracebackType
 from typing import TYPE_CHECKING, Any, Optional
 from urllib.parse import unquote
@@ -210,6 +213,9 @@ def __init__(
         features: FeatureSet | dict | str = None,
         enable_rfc6764: bool = True,
         require_tls: bool = True,
+        rate_limit_handle: bool = False,
+        rate_limit_default_sleep: Optional[int] = None,
+        rate_limit_max_sleep: Optional[int] = None,
     ) -> None:
         """
         Sets up a HTTPConnection object towards the server in the url.
@@ -247,6 +253,16 @@ def __init__(
                        redirect to unencrypted HTTP. Set to False ONLY if you need to
                        support non-TLS servers and trust your DNS infrastructure.
                        This parameter has no effect if enable_rfc6764=False.
+          rate_limit_handle: boolean, whether to automatically sleep and retry when the server
+                             responds with 429 Too Many Requests or 503 Service Unavailable.
+                             Default: False (raise RateLimitError immediately).
+          rate_limit_default_sleep: int or None, fallback sleep duration in seconds when the
+                                    server's 429 response does not include a parseable Retry-After
+                                    header. None (default) means raise RateLimitError rather than
+                                    sleeping when no Retry-After is provided.
+          rate_limit_max_sleep: int or None, maximum number of seconds to sleep when rate limited,
+                                regardless of the server's Retry-After value. None (default) means
+                                there is no cap and the server-requested delay is respected as-is.
 
         The niquests library will honor a .netrc-file, if such a file exists
         username and password may be omitted.
@@ -344,6 +360,10 @@ def __init__(
 
         self._principal = None
 
+        self.rate_limit_handle = rate_limit_handle
+        self.rate_limit_default_sleep = rate_limit_default_sleep
+        self.rate_limit_max_sleep = rate_limit_max_sleep
+
     def __enter__(self) -> Self:
         ## Used for tests, to set up a temporarily test server
         if hasattr(self, "setup"):
@@ -936,7 +956,24 @@ def request(
         Returns:
             DAVResponse
         """
-        return self._sync_request(url, method, body, headers)
+        try:
+            return self._sync_request(url, method, body, headers)
+        except error.RateLimitError as e:
+            if not self.rate_limit_handle:
+                raise
+            retry_after_seconds = (
+                e.retry_after_seconds
+                if e.retry_after_seconds is not None
+                else self.rate_limit_default_sleep
+            )
+            if retry_after_seconds is None or retry_after_seconds <= 0:
+                raise
+            if self.rate_limit_max_sleep is not None:
+                retry_after_seconds = min(retry_after_seconds, self.rate_limit_max_sleep)
+            if retry_after_seconds <= 0:
+                raise
+            time.sleep(retry_after_seconds)
+            return self._sync_request(url, method, body, headers)
 
     def _sync_request(
         self,
@@ -979,8 +1016,31 @@ def _sync_request(
             cert=self.ssl_cert,
         )
 
-        # Handle 401 responses for auth negotiation
         r_headers = CaseInsensitiveDict(r.headers)
+
+        # Handle 429/503 responses: raise RateLimitError so the caller can decide whether to retry
+        if r.status_code in (429, 503):
+            retry_after_header: Optional[str] = r_headers.get("Retry-After")
+            retry_seconds: Optional[float] = None
+            if retry_after_header:
+                try:
+                    retry_seconds = int(retry_after_header)
+                except ValueError:
+                    try:
+                        retry_date = parsedate_to_datetime(retry_after_header)
+                        now = datetime.now(timezone.utc)
+                        retry_seconds = max(0.0, (retry_date - now).total_seconds())
+                    except (ValueError, TypeError):
+                        pass
+            if r.status_code == 429 or retry_after_header is not None:
+                raise error.RateLimitError(
+                    url=str(url_obj),
+                    reason=f"Rate limited or service unavailable. Retry after: {retry_after_header}",
+                    retry_after=retry_after_header,
+                    retry_after_seconds=retry_seconds,
+                )
+
+        # Handle 401 responses for auth negotiation
         if (
             r.status_code == 401
             and "WWW-Authenticate" in r_headers

caldav/lib/error.py

@@ -133,6 +133,22 @@ class ResponseError(DAVError):
     pass
 
 
+class RateLimitError(DAVError):
+    """Raised when the server responds with 429 Too Many Requests or
+    503 Service Unavailable with a Retry-After header."""
+
+    def __init__(
+        self,
+        url: str | None = None,
+        reason: str | None = None,
+        retry_after: str | None = None,
+        retry_after_seconds: float | None = None,
+    ) -> None:
+        super().__init__(url=url, reason=reason)
+        self.retry_after = retry_after
+        self.retry_after_seconds = retry_after_seconds
+
+
 exception_by_method: dict[str, DAVError] = defaultdict(lambda: DAVError)
 for method in (
     "delete",

tests/test_caldav_unit.py

@@ -7,7 +7,7 @@
 """
 
 import pickle
-from datetime import date, datetime, timedelta
+from datetime import date, datetime, timedelta, timezone
 from unittest import mock
 from urllib.parse import urlparse
 
@@ -1801,3 +1801,152 @@ def testGetObjectByUidExactMatch(self):
         # Searching for a UID that exists only as a substring of another should fail
         with pytest.raises(error.NotFoundError):
             calendar.get_object_by_uid("20010712T182145Z-123401@example.com-nope")
+
+
+class TestRateLimiting:
+    """
+    Unit tests for 429/503 rate-limit handling (issue #627).
+    No real server communication - uses mock.patch on the session.
+    """
+
+    def _make_response(self, status_code, headers=None):
+        """Build a minimal mock HTTP response."""
+        r = mock.MagicMock()
+        r.status_code = status_code
+        r.headers = headers or {}
+        r.reason = "Too Many Requests" if status_code == 429 else "Service Unavailable"
+        return r
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_429_no_retry_after_raises(self, mocked):
+        """429 without Retry-After header always raises RateLimitError with retry_after_seconds=None."""
+        mocked.return_value = self._make_response(429)
+        client = DAVClient(url="http://cal.example.com/")
+        with pytest.raises(error.RateLimitError) as exc_info:
+            client.request("/")
+        assert exc_info.value.retry_after is None
+        assert exc_info.value.retry_after_seconds is None
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_429_with_integer_retry_after(self, mocked):
+        """429 with integer Retry-After header parses the seconds correctly."""
+        mocked.return_value = self._make_response(429, {"Retry-After": "30"})
+        client = DAVClient(url="http://cal.example.com/")
+        with pytest.raises(error.RateLimitError) as exc_info:
+            client.request("/")
+        assert exc_info.value.retry_after == "30"
+        assert exc_info.value.retry_after_seconds == 30
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_429_with_http_date_retry_after(self, mocked):
+        """429 with HTTP-date Retry-After header computes seconds from now."""
+        from email.utils import format_datetime
+
+        future = datetime.now(timezone.utc) + timedelta(seconds=60)
+        retry_after_str = format_datetime(future)
+        mocked.return_value = self._make_response(429, {"Retry-After": retry_after_str})
+        client = DAVClient(url="http://cal.example.com/")
+        with pytest.raises(error.RateLimitError) as exc_info:
+            client.request("/")
+        assert exc_info.value.retry_after == retry_after_str
+        # Should be close to 60s (allow a few seconds tolerance)
+        assert exc_info.value.retry_after_seconds is not None
+        assert 55 <= exc_info.value.retry_after_seconds <= 65
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_429_with_unparseable_retry_after(self, mocked):
+        """429 with a garbled Retry-After header still raises; retry_after_seconds is None."""
+        mocked.return_value = self._make_response(429, {"Retry-After": "banana"})
+        client = DAVClient(url="http://cal.example.com/")
+        with pytest.raises(error.RateLimitError) as exc_info:
+            client.request("/")
+        assert exc_info.value.retry_after == "banana"
+        assert exc_info.value.retry_after_seconds is None
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_503_without_retry_after_does_not_raise_rate_limit(self, mocked):
+        """503 without Retry-After falls through as a normal (non-rate-limit) response."""
+        mocked.return_value = self._make_response(503)
+        client = DAVClient(url="http://cal.example.com/")
+        # Should NOT raise RateLimitError; returns a DAVResponse with status 503
+        response = client.request("/")
+        assert response.status == 503
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_503_with_retry_after_raises(self, mocked):
+        """503 with Retry-After header raises RateLimitError."""
+        mocked.return_value = self._make_response(503, {"Retry-After": "10"})
+        client = DAVClient(url="http://cal.example.com/")
+        with pytest.raises(error.RateLimitError) as exc_info:
+            client.request("/")
+        assert exc_info.value.retry_after_seconds == 10
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_rate_limit_handle_sleeps_and_retries(self, mocked):
+        """With rate_limit_handle=True the client sleeps then retries, returning the second response."""
+        ok_response = mock.MagicMock()
+        ok_response.status_code = 200
+        ok_response.headers = {}
+        mocked.side_effect = [
+            self._make_response(429, {"Retry-After": "5"}),
+            ok_response,
+        ]
+        client = DAVClient(url="http://cal.example.com/", rate_limit_handle=True)
+        with mock.patch("caldav.davclient.time.sleep") as mock_sleep:
+            response = client.request("/")
+        mock_sleep.assert_called_once_with(5)
+        assert response.status == 200
+        assert mocked.call_count == 2
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_rate_limit_handle_default_sleep_used_when_no_retry_after(self, mocked):
+        """With rate_limit_default_sleep set, that value is used when server omits Retry-After."""
+        ok_response = mock.MagicMock()
+        ok_response.status_code = 200
+        ok_response.headers = {}
+        mocked.side_effect = [
+            self._make_response(429),
+            ok_response,
+        ]
+        client = DAVClient(
+            url="http://cal.example.com/", rate_limit_handle=True, rate_limit_default_sleep=3
+        )
+        with mock.patch("caldav.davclient.time.sleep") as mock_sleep:
+            response = client.request("/")
+        mock_sleep.assert_called_once_with(3)
+        assert response.status == 200
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_rate_limit_handle_no_sleep_info_raises(self, mocked):
+        """rate_limit_handle=True but no Retry-After and no default sleep re-raises RateLimitError."""
+        mocked.return_value = self._make_response(429)
+        client = DAVClient(url="http://cal.example.com/", rate_limit_handle=True)
+        with pytest.raises(error.RateLimitError):
+            client.request("/")
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_rate_limit_max_sleep_caps_sleep_time(self, mocked):
+        """rate_limit_max_sleep caps the sleep even when server requests longer."""
+        ok_response = mock.MagicMock()
+        ok_response.status_code = 200
+        ok_response.headers = {}
+        mocked.side_effect = [
+            self._make_response(429, {"Retry-After": "3600"}),
+            ok_response,
+        ]
+        client = DAVClient(
+            url="http://cal.example.com/", rate_limit_handle=True, rate_limit_max_sleep=60
+        )
+        with mock.patch("caldav.davclient.time.sleep") as mock_sleep:
+            client.request("/")
+        mock_sleep.assert_called_once_with(60)
+
+    @mock.patch("caldav.davclient.requests.Session.request")
+    def test_rate_limit_max_sleep_zero_raises(self, mocked):
+        """rate_limit_max_sleep=0 means never sleep, always raise."""
+        mocked.return_value = self._make_response(429, {"Retry-After": "30"})
+        client = DAVClient(
+            url="http://cal.example.com/", rate_limit_handle=True, rate_limit_max_sleep=0
+        )
+        with pytest.raises(error.RateLimitError):
+            client.request("/")