mirror of
https://github.com/home-assistant/core.git
synced 2025-07-22 20:57:21 +00:00
Bugfix: Allow accessing API via api_password in url
This commit is contained in:
parent
fd9da7f9de
commit
39e3a3c463
@ -202,17 +202,12 @@ class RequestHandler(SimpleHTTPRequestHandler):
|
||||
"Error parsing JSON", HTTP_UNPROCESSABLE_ENTITY)
|
||||
return
|
||||
|
||||
if self.server.api_password is None:
|
||||
self.authenticated = True
|
||||
elif HTTP_HEADER_HA_AUTH in self.headers:
|
||||
api_password = self.headers.get(HTTP_HEADER_HA_AUTH)
|
||||
|
||||
if not api_password and DATA_API_PASSWORD in data:
|
||||
api_password = data[DATA_API_PASSWORD]
|
||||
|
||||
self.authenticated = api_password == self.server.api_password
|
||||
else:
|
||||
self.authenticated = self.verify_session()
|
||||
self.authenticated = (self.server.api_password is None
|
||||
or self.headers.get(HTTP_HEADER_HA_AUTH) ==
|
||||
self.server.api_password
|
||||
or data.get(DATA_API_PASSWORD) ==
|
||||
self.server.api_password
|
||||
or self.verify_session())
|
||||
|
||||
if '_METHOD' in data:
|
||||
method = data.pop('_METHOD')
|
||||
|
@ -66,18 +66,31 @@ class TestAPI(unittest.TestCase):
|
||||
|
||||
# TODO move back to http component and test with use_auth.
|
||||
def test_access_denied_without_password(self):
|
||||
req = requests.get(
|
||||
_url(const.URL_API_STATES_ENTITY.format("test")))
|
||||
req = requests.get(_url(const.URL_API))
|
||||
|
||||
self.assertEqual(401, req.status_code)
|
||||
|
||||
def test_access_denied_with_wrong_password(self):
|
||||
req = requests.get(
|
||||
_url(const.URL_API_STATES_ENTITY.format("test")),
|
||||
_url(const.URL_API),
|
||||
headers={const.HTTP_HEADER_HA_AUTH: 'wrongpassword'})
|
||||
|
||||
self.assertEqual(401, req.status_code)
|
||||
|
||||
def test_access_with_password_in_url(self):
|
||||
req = requests.get(
|
||||
"{}?api_password={}".format(_url(const.URL_API), API_PASSWORD))
|
||||
|
||||
self.assertEqual(200, req.status_code)
|
||||
|
||||
def test_access_via_session(self):
|
||||
session = requests.Session()
|
||||
req = session.get(_url(const.URL_API), headers=HA_HEADERS)
|
||||
self.assertEqual(200, req.status_code)
|
||||
|
||||
req = session.get(_url(const.URL_API))
|
||||
self.assertEqual(200, req.status_code)
|
||||
|
||||
def test_api_list_state_entities(self):
|
||||
""" Test if the debug interface allows us to list state entities. """
|
||||
req = requests.get(_url(const.URL_API_STATES),
|
||||
|
Loading…
x
Reference in New Issue
Block a user