0461ec1566
Fix auth_sign_path with query params (take 2) ( #73829 )
2022-06-22 10:09:21 -05:00
1e0a3246f4
Revert "Fix auth_sign_path with query params ( #73240 )" ( #73808 )
2022-06-21 22:45:16 -05:00
67618311fa
Fix auth_sign_path with query params ( #73240 )
...
Co-authored-by: J. Nick Koston <nick@koston.org>
2022-06-21 14:21:47 -05:00
3a0111e65d
Use supervisor envs instead of hassio ( #72601 )
2022-05-30 12:00:13 +02:00
3afadf8adb
Revert "Block peer certs on supervisor" ( #67104 )
2022-02-23 12:32:07 +01:00
938b64081b
Block peer certs on supervisor ( #66837 )
...
Co-authored-by: Pascal Vizeli <pvizeli@syshack.ch>
Co-authored-by: Mike Degatano <michael.degatano@gmail.com>
2022-02-22 13:59:40 -08:00
3bf2be1765
Startup with an emergency self signed cert if the ssl certificate cannot be loaded ( #66707 )
2022-02-18 16:08:26 -08:00
63f8e437ed
Add Home Assistant Content user ( #64337 )
2022-01-21 10:06:39 -08:00
914f7f85ec
Add local only users ( #57598 )
2021-11-29 14:01:03 -08:00
28c07f5c43
Fix CORS ( #59360 )
...
* Fix CORS
* rename
* Update view.py
2021-11-09 18:30:51 +01:00
b52c5c82b1
Use http.HTTPStatus in components/[gh]* ( #58246 )
2021-10-23 20:34:53 +02:00
a4d9019ffc
Refactor persistent notification to no longer route all data via a service ( #57157 )
...
* Convert persistent notification tests to async
* Create/dismiss persistent notifications in exposed functions, not service calls
* Fix notify persistent_notification
* Remove setting up persistent_notification
* Drop more setups
* Empty methods
* Undeprecate sync methods because too big task
* Fix setup clearing notifications
* Fix a bunch of tests
* Fix more tests
* Uno mas
* Test persistent notification events
* Clean up stale comment
Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
2021-10-07 12:58:00 +02:00
f6682ba99d
Block tests from opening sockets ( #55516 )
2021-10-05 14:46:09 -10:00
1aa7c87151
Remove redundant aiohttp response status=200 kwargs ( #56417 )
...
* Remove redundant aiohttp response status=200 kwargs
* Remove some more in h.c.auth
* Restore explicit status=HTTP_OK for auth and webhook per review request
2021-09-21 10:51:12 -07:00
acdddabe1f
Use hass_client_no_auth test fixture in integrations h-p ( #55583 )
2021-09-02 14:49:40 +02:00
38a7bdbcf3
Do not process forwarded for headers for cloud requests ( #54364 )
2021-08-10 01:45:56 +02:00
10bfc78365
Fix missing encoding with open() ( #53593 )
...
* Fix missing encoding with open()
* Fix tests
* Improve open - frontend
2021-07-28 09:41:45 +02:00
d339e3bd8c
Reject trusted network access from proxies ( #52388 )
2021-07-02 11:49:42 +02:00
eedf1c3ebe
Reject requests from the proxy itself ( #52073 )
...
* Reject requests from the proxy itself
* Adjust tests
2021-06-27 19:02:51 +02:00
33e08f38da
Raise bad request when receiving HTTP request from untrusted proxy ( #51839 )
...
* Raise bad request when receiving HTTP request from untrusted proxy
* Fix code comment
2021-06-17 04:41:19 +02:00
cdd1f6b2f0
Always load middle to handle forwarded proxy data ( #51332 )
2021-06-01 09:38:55 -07:00
a4432557d3
Defer writing http config until after startup has calmed down ( #50000 )
2021-05-02 19:48:49 -10:00
e3105c7eb1
Revert CORS changes for my home assistant ( #47064 )
...
* Revert CORS changes for my home assistant
* Update test_init.py
* Update test_init.py
2021-02-25 15:28:22 -08:00
22389043eb
Remove base_url fallback ( #46316 )
2021-02-10 14:31:11 +01:00
6f446cf627
Add my component ( #46058 )
...
Co-authored-by: Franck Nijhof <git@frenck.dev>
Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
2021-02-08 14:44:46 +01:00
cf9ea6f82d
Sanitize user-agent in wrong_login message ( #45251 )
2021-01-18 09:21:30 +01:00
e1427c45f2
Bump aioHTTP 3.7.3 - YARL 1.6.3 ( #45180 )
2021-01-15 13:19:22 +01:00
dee0f887de
Extend filter and filter tests ( #45179 )
2021-01-15 10:30:29 +01:00
f047d04882
Add filtering
2021-01-14 20:02:01 +01:00
65cf2fcb6f
Drop asynctest ( #44746 )
2021-01-01 22:31:56 +01:00
1c2ebdf307
Upgrade black to 20.8b1 ( #39287 )
2020-08-27 13:56:20 +02:00
475e70986b
Extend IP ban / failed login notification information ( #39020 )
2020-08-18 23:32:19 +02:00
cc4ebc925c
Improve X-Forwarded-* request headers handling ( #38696 )
...
Co-authored-by: Paulus Schoutsen <balloob@gmail.com>
Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
Co-authored-by: Franck Nijhof <git@frenck.dev>
Co-authored-by: Pascal Vizeli <pvizeli@syshack.ch>
2020-08-11 22:57:50 +02:00
20710d8605
Add current request context to get_url helper ( #38602 )
2020-08-09 14:07:31 +02:00
578d4a9b6a
Make the frontend available sooner (Part 1 of 2) ( #36263 )
...
* Part 1 of 2 (no breaking changes in part 1).
When integrations configured via the UI block startup or fail to start,
the webserver can remain offline which make it is impossible
to recover without manually changing files in
.storage since the UI is not available.
This change is the foundation that part 2 will build on
and enable a listener to start the webserver when the frontend
is finished loading.
Frontend Changes (home-assistant/frontend#6068 )
* Address review comments
* bump timeout to 1800s, adjust comment
* bump timeout to 4h
* remove timeout failsafe
* and the test
2020-06-02 13:54:11 -05:00
acbffb511d
Fix base_url extract stack ( #36331 )
...
* Fix base_url extract stack
* Fix tests
2020-06-01 11:44:45 -07:00
ed014e3c96
Revert "Ensure frontend is available if integrations fail to start - Part 1 of 2 ( #36093 )" ( #36251 )
...
This reverts commit fbe7b4ddfa
2020-05-29 10:18:39 +02:00
fbe7b4ddfa
Ensure frontend is available if integrations fail to start - Part 1 of 2 ( #36093 )
...
Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io>
2020-05-28 21:09:07 -07:00
e3e3a113e9
async_get_url -> get_url ( #35382 )
2020-05-08 21:53:28 +02:00
e56dd8ed50
Detect use of deprecated base_url ( #35353 )
...
* Detect use of deprecated base_url
* Update get_url helper
* Update core migration
* Migrate all tests
2020-05-08 17:52:32 +02:00
2223592486
Add get_url helper, deprecate base_url ( #35224 )
2020-05-08 02:29:47 +02:00
2af984917e
Use asynctest-mock in most places ( #35109 )
...
* Use asynctest-mock in most places
* Fix broken patch in pilight
2020-05-03 11:27:19 -07:00
76f392476b
Use a future for mock coro ( #34989 )
2020-04-30 16:31:00 -07:00
ec47216388
Use built-in test helpers on 3.8 ( #34901 )
2020-04-30 13:29:50 -07:00
bc26be3c11
Add and use HTTP_FORBIDDEN constant ( #33839 )
2020-04-09 17:41:17 +02:00
c3decc6531
Do not ban supervisor ip if set ( #33781 )
...
* Use asynctest patch instead of mock_coro
* Add test for supervisor ip ban
* Do not ban supervisor ip if set
* Extract supervisor ip helper
* Check supervisor ip before banning
* Remove added blank line
* Clean up get supervisor ip
Co-Authored-By: Pascal Vizeli <pvizeli@syshack.ch>
Co-authored-by: Pascal Vizeli <pvizeli@syshack.ch>
2020-04-08 10:31:44 -07:00
d7e9959442
String formatting improvements for tests (2) ( #33666 )
2020-04-05 00:33:07 +02:00
33361f8580
Fix HTTP config serialization ( #31319 )
2020-01-30 09:47:16 -08:00
5fdc60e067
Add Safe Mode ( #30723 )
...
* Store last working HTTP settings
* Add safe mode
* Fix tests
* Add cloud to safe mode
* Update logging text
* Fix camera tests leaving files behind
* Make emulated_hue tests not leave files behind
* Make logbook tests not leave files behind
* Make tts tests not leave files behind
* Make image_processing tests not leave files behind
* Make manual_mqtt tests not leave files behind
2020-01-14 13:03:02 -08:00
3d10bb3647
Sort imports according to PEP8 for http ( #29679 )
2019-12-09 11:59:38 +01:00
3231e22ddf
Remove direct authentication via trusted networks or API password ( #27656 )
...
* Remove direct authentication via trusted networks and API password
* Fix tests
2019-10-14 14:56:45 -07:00
57f84cbbaa
Update HTTP defaults ( #25702 )
...
* Update HTTP defaults
* Fix tests
2019-08-05 08:24:54 +02:00
4de97abc3a
Black
2019-07-31 12:25:30 -07:00
0df1bb5029
Fix python 3.5 test
2019-07-26 16:15:46 -07:00
fae3546910
Allow cors for static files ( #25468 )
2019-07-25 13:52:27 +02:00
6f903db8c4
Fix cors on the index view ( #24283 )
2019-06-03 11:43:13 -07:00
fe1840f901
Deprecate http.api_password ( #21884 )
...
* Deprecated http.api_password
* Deprecated ApiConfig.api_password
GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it
* Trigger CI
* Adjust if- elif chain in auth middleware
2019-03-10 19:55:36 -07:00
4d9cf15c45
Fix authorization header in cors ( #21662 )
...
* Fix authorization headers in cors
* Use aiohttp authorization header instead of custom const
2019-03-09 10:00:10 -08:00
d39784906b
Fix HTTP login attempts check triggering too late ( #20431 )
2019-01-26 03:13:44 +01:00
bb21cb6c89
Remove trailing slash from base_url and added ability to generate webhook path. ( #20295 )
2019-01-21 20:50:41 +01:00
d1a621601d
No more opt-out auth ( #18854 )
...
* No more opt-out auth
* Fix var
2018-12-02 16:32:53 +01:00
df21dd21f2
RFC: Call services directly ( #18720 )
...
* Call services directly
* Simplify
* Type
* Lint
* Update name
* Fix tests
* Catch exceptions in HTTP view
* Lint
* Handle ServiceNotFound in API endpoints that call services
* Type
* Don't crash recorder on non-JSON serializable objects
2018-11-30 21:28:35 +01:00
d014517ce2
Always set hass_user ( #18844 )
2018-11-30 17:32:47 +01:00
a2386f871d
Forbid float NaN in JSON ( #18757 )
2018-11-28 13:25:23 +01:00
c2f8dfcb9f
Legacy api fix ( #18733 )
...
* Set user for API password requests
* Fix tests
* Fix typing
2018-11-27 10:41:44 +01:00
1341ecd2eb
Use proper signals ( #18613 )
...
* Emulated Hue not use deprecated handler
* Remove no longer needed workaround
* Add middleware directly
* Dont always load the ban config file
* Update homeassistant/components/http/ban.py
Co-Authored-By: balloob <paulus@home-assistant.io>
* Update __init__.py
2018-11-21 20:55:21 +01:00
312d49caec
Allow creating signed urls ( #17759 )
...
* Allow creating signed urls
* Fix parameter
* Lint
2018-10-25 16:44:57 +02:00
dd9d53c83e
Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 ( #14557 )
...
* Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0
* Pydocstyle D401 fixes
2018-08-24 10:28:43 +02:00
dbd0763f83
Grammar and spelling fixes ( #16065 )
2018-08-19 22:29:08 +02:00
e776f88eec
Use JWT for access tokens ( #15972 )
...
* Use JWT for access tokens
* Update requirements
* Improvements
2018-08-14 21:14:12 +02:00
6540d2e073
Switch to intermediate Mozilla cert profile ( #15957 )
...
* Allow choosing intermediate SSL profile
* Fix tests
2018-08-14 08:20:17 +02:00
272be7cdae
Remove remote.API from core.Config ( #15951 )
...
* Use core.ApiConfig replace remote.API in core.Config
* Move ApiConfig to http
2018-08-13 09:26:20 +02:00
6f2000f5e2
Make sure use_x_forward_for and trusted_proxies must config together ( #15804 )
...
* Make sure use_x_forward_for and trusted_proxies must config together
* Fix unit test
2018-08-03 13:52:34 +02:00
169c8d793a
Fix CORS duplicate registration ( #15670 )
2018-07-25 11:36:44 +02:00
f1286f8e6b
Reset failed login attempts counter when login success ( #15564 )
2018-07-20 12:09:48 +02:00
2a76a0852f
Allow CORS requests to token endpoint ( #15519 )
...
* Allow CORS requests to token endpoint
* Tests
* Fuck emulated hue
* Clean up
* Only cors existing methods
2018-07-19 08:37:00 +02:00
70fe463ef0
User management ( #15420 )
...
* User management
* Lint
* Fix dict
* Reuse data instance
* OrderedDict all the way
2018-07-13 15:31:20 +02:00
b6ca03ce47
Reorg auth ( #15443 )
2018-07-13 11:43:08 +02:00
f874efb224
By default to use access_token if hass.auth.active ( #15212 )
...
* Force to use access_token if hass.auth.active
* Not allow Basic auth with api_password if hass.auth.active
* Block websocket api_password auth when hass.auth.active
* Add legacy_api_password auth provider
* lint
* lint
2018-06-30 22:31:36 -04:00
fd38caa287
X-Forwarded-For improvements and bug fixes ( #15204 )
...
* Use new trusted_proxies setting for X-Forwarded-For whitelist
* Only use the last IP in the header
Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format ):
> The last IP address is always the IP address that connects to the last proxy,
> which means it is the most reliable source of information.
* Add two additional tests
* Ignore nonsense header values instead of failing
2018-06-29 16:27:06 -04:00
19f2bbf52f
Only use the X-Forwarded-For header if connection is from a trusted network ( #15182 )
...
See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569
2018-06-28 09:16:11 -04:00
cdd45e7878
Foundation for users ( #13968 )
...
* Add initial user foundation to Home Assistant
* Address comments
* Address comments
* Allow non-ascii passwords
* One more utf-8 hmac compare digest
* Add new line
2018-05-01 18:20:41 +02:00
89a19c89a7
Fix aiohttp deprecation warnings ( #13240 )
...
* Fix aiohttp deprecation warnings
* Fix Ring deprecation warning
* Lint
2018-03-15 21:49:49 +01:00
0a2e949e0a
Remove crazy JSON encoding things that are no longer used ( #13029 )
...
Catch JSON encoding errors in HTTP view
2018-03-12 23:22:08 +01:00
321eb2ec6f
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] ( #12982 )
...
* Move HomeAssistantView to separate file. Convert http to async syntax.
* pylint
* websocket api
* update emulated_hue for async/await
* Lint
2018-03-08 17:51:49 -08:00
f32911d036
Cleanup http ( #12424 )
...
* Clean up HTTP component
* Clean up HTTP mock
* Remove unused import
* Fix test
* Lint
2018-02-15 22:06:14 +01:00
78c44180f4
Extract data validator to own file and add tests ( #12401 )
2018-02-14 21:06:03 +01:00
a9a3e24bde
Update aiohttp to 2.3.1 ( #10139 )
...
* Update aiohttp to 2.3.1
* set timeout 10sec
* fix freeze with new middleware handling
* Convert middleware auth
* Convert mittleware ipban
* convert middleware static
* fix lint
* Update ban.py
* Update auth.py
* fix lint
* Fix tests
2017-11-05 18:42:31 -08:00
de9d19d6f4
Use constants for HTTP headers ( #10313 )
...
* Use constants for HTTP headers
* Fix ordering
* Move 'no-cache' to platform
2017-11-04 12:04:05 -07:00
6fb55b363a
Add OwnTracks over HTTP ( #9582 )
...
* Add OwnTracks over HTTP
* Fix tests
2017-09-28 09:49:35 +02:00
d369d70ca5
Fix tests ( #7659 )
...
* Remove global hass
* Http.auth test no longer spin up server
* Remove server usage from http.ban test
* Remove setupModule from test device_sun_light_trigger
* Update common.py
2017-05-19 07:37:39 -07:00
2650c73a89
Split bootstrap into bs + setup ( #6416 )
...
* Split bootstrap into bs + setup
* Lint
2017-03-05 10:41:54 +01:00
41f558b181
Bootstrap / Component setup async ( #6264 )
...
* Bootstrap / Entiy setup async
* Cleanup add_job stuff / return task/future object
* Address paulus comments / part 1
* fix install pip
* Cleanup bootstrap / move config stuff to config.py
* Make demo async
* Further bootstrap improvement
* Address Martin's comments
* Fix initial tests
* Fix final tests
* Fix bug with prepare loader
* Remove no longer needed things
* Log error when invalid config
* More cleanup
* Cleanups platform events & fix lint
* Use a non blocking add_entities callback for platform
* Fix Autoamtion is setup befor entity is ready
* Better automation fix
* Address paulus comments
* Typo
* fix lint
* rename functions
* fix tests
* fix test
* change exceptions
* fix spell
2017-02-28 20:33:19 -08:00
d6818c7015
Fix reporting on bad login ( #6201 )
2017-02-24 16:33:58 -08:00
f0b1874d2d
Fix up docstring for tests ( #5090 )
2016-12-28 20:04:59 +02:00
ed0d14c902
Base url: Fix external port different from internal port ( #4990 )
...
* Base url: Fix external port different from internal port
* Add base_url example to new config
2016-12-18 14:59:45 -08:00
f8af6e7863
Allow setting base url ( #4985 )
2016-12-18 12:56:07 -08:00
1b35f0878e
Fix CORS when static resources registered ( #4727 )
2016-12-04 10:57:24 -08:00
0d734303a4
HTTP: Fix registering views after start ( #4604 )
2016-11-27 14:01:12 -08:00
32ffd006fa
Reorganize HTTP component ( #4575 )
...
* Move HTTP to own folder
* Break HTTP into middlewares
* Lint
* Split tests per middleware
* Clean up HTTP tests
* Make HomeAssistantViews more stateless
* Lint
* Make HTTP setup async
2016-11-25 13:04:06 -08:00
Christopher Bailey
J. Nick Koston
Joakim Sørensen
Franck Nijhof
Paulus Schoutsen
Bram Kragten
Ville Skyttä
Erik Montnemery
Marc Mueller
Joakim Plate
gregod
Pascal Vizeli
springstan
Martin Hjelmare
Bas Nijholt
Jason Hu
Paul Bottein
Louis Matthijssen
Andrew Sayre
Paulus Schoutsen
Paulus Schoutsen
Colin O'Dell
Boyi C
Pascal Vizeli
Fabian Affolter
Johann Kellerman