4857117dda
Do not propagate api password ( #1797 )
...
* Do not propagate API password in service requests.
It makes service validation fail. The choice is to either handle it as an
optional key in every service handler and make sure it doesn't end up in event
stream and notifications, or to strip it as early as possible.
* Some places still need a forwarded api password.
- Event forwarding/remote api uses the local api password to
authenticate against the remote instance.
- The generated index.html at '/' embeds the api password.
2016-04-11 19:37:15 -07:00
80d6e9f08f
Use constant time comparison for http authentication ( #1804 )
...
In order to prevent a potential timing attack, it's important to make
sure the password check takes the same amount of time, regardless of
how many characters in the candidate password match the real password.
This commit does increase the verbosity of the authentication check.
Generally it is a good idea for authentication logic to be very clear,
even if that requires some extra verbosity.
2016-04-11 19:36:25 -07:00
c99617d6e5
Ensure server_host is respected in configuration.yaml
2016-04-06 18:45:40 -07:00
24b7a7b964
Add source ip to log entry
2016-04-03 00:46:05 -07:00
7cb69ae9d9
Make sure we always sent content-length header
2016-03-27 12:15:41 -07:00
4cbd49921f
Use HTTP 1.1
2016-03-26 19:03:16 -07:00
bb658412c4
Revert "Allow encrypted passwords"
...
This reverts commit 505b3b198e
2016-03-19 22:19:08 +01:00
505b3b198e
Allow encrypted passwords
2016-03-19 22:15:23 +01:00
c865ff852d
Log failed login attempts
2016-03-15 23:40:24 +01:00
f8d2da2ace
Add content-length header to http resonses
2016-03-12 23:41:00 -08:00
13d7f742a7
Add thread names
2016-03-12 16:54:31 -08:00
b534244e40
Fix PEEP257 issues
2016-03-08 17:55:57 +01:00
b8a40457ee
Update docstrings to match PEP257
2016-03-07 18:50:30 +01:00
e80309c03c
Fix imports (using isort)
2016-02-18 21:27:50 -08:00
fdbb409331
Increase security of using SSL
2016-01-15 13:39:54 -07:00
3b7b12bbd5
Make Flake8 happy
2016-01-12 21:53:27 -08:00
394c87c40b
Remove unnecessary condition in write_text
2015-12-31 13:05:24 -07:00
7d41ce4e46
Switch from json messages to plain text messages
2015-12-30 22:43:32 -07:00
027b891052
Add tests for API.stream
2015-12-14 23:20:43 -08:00
931f7e8615
Simplify http component
2015-12-12 22:18:38 -08:00
39e3a3c463
Bugfix: Allow accessing API via api_password in url
2015-12-06 21:09:49 -08:00
98467d0d9f
Correct HTTP start log message
2015-12-06 15:13:41 -08:00
832674286b
Update the http log message with correct url
2015-12-06 14:42:08 -08:00
9d8e077acc
Add support for keys to HTTP component
2015-12-06 14:19:25 -08:00
b33e9fe6d9
Update API object to support SSL
2015-12-06 14:13:35 -08:00
f4238ca242
Add SSL support to HA
2015-12-06 14:05:58 -08:00
e0c4c8d7dd
Remove unused constant in HTTP
2015-12-06 11:41:43 -08:00
c4fe480b7b
HTTP will not fail if no config
2015-12-05 13:44:50 -08:00
733de6b357
Streaming API will keep session alive
2015-11-28 22:14:40 -08:00
0df39b4df5
Remove no password set boolean
2015-11-28 18:32:15 -08:00
78cfed1fb0
Clean up HTTP sessions and allow log out
2015-11-28 17:18:35 -08:00
e84ef2d2d7
API to fetch Error log is no longer cached.
2015-11-28 14:08:01 -08:00
fabd0ced3f
Make DEPENDENCIES optional for components
2015-11-26 13:11:59 -08:00
97f9f8aa49
Update link to docs (Jekyll 3 update)
2015-11-09 13:12:18 +01:00
f93282d636
Add link to docs
2015-10-25 15:58:58 +01:00
62f016e7d2
Filter api password from arguments
2015-09-23 20:56:34 -07:00
3dc1dc6c6a
A few minor cleanups in the http debug api server
2015-09-12 14:27:07 -05:00
ff470c8ffe
Added core daemon function as flags.
...
Created three additional flags for the hass command:
-v - Toggle verbose log file output
—pid-file - Specify PID file path
—daemon - Launch as daemon (nix only)
The core now binds to SIGQUIT on nix systems to trigger a clean
shutdown.
Modified HTTP server to write logging messages through the logging
module.
2015-09-01 02:12:00 -04:00
1b89a502c4
Extract core into own submodule
2015-08-16 20:44:46 -07:00
7870e9a5e2
Minor cleanup core
2015-08-03 17:05:33 +02:00
fed36d2cd0
Better error reporting remote classes
2015-07-26 00:14:55 -07:00
5606d4bb12
fixed session error during automated tests
2015-05-20 17:13:13 +10:00
a8e7903f39
refactored the session store into a separate class
2015-05-19 19:18:41 +10:00
80f0c42844
Refactored session handling into a separate class
2015-05-19 03:57:35 +10:00
8431fd822f
Fixed flake8 blank line error
2015-05-19 00:08:02 +10:00
721dc6dae4
Addd basic http sessions to the http component
2015-05-18 23:54:32 +10:00
fdb46d80ba
Update documentation
2015-05-13 19:06:17 -07:00
58812b326c
Move hass.local_api and hass.components to config object
2015-03-21 22:06:59 -07:00
399b433a06
Fix issue causing blank passwords to no longer be accepted.
2015-03-08 16:21:35 -05:00
0f1307cd81
Fixed http being too strict on the api_password config
2015-03-08 08:41:28 +01:00
ba9f29a04b
Fix http/zwave being too strict on the config
2015-03-05 20:43:20 -08:00
9616a2292e
Add manifest.json
2015-03-03 21:15:15 -08:00
Jan Harkes
Josh Wright
Andrew McClure
Fabian Affolter
Paulus Schoutsen
Fabian Affolter
Philip Lundrigan
Paulus Schoutsen
Jeff Schroeder
Ryan Kraus
jamespcole
andythigpen
theolind