jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-23 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bugfix: Allow accessing API via api_password in url

Browse Source
This commit is contained in:
Paulus Schoutsen 2015-12-06 21:09:39 -08:00
parent fd9da7f9de
commit 39e3a3c463
2 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
homeassistant/components/http.py
View File

@ -202,17 +202,12 @@ class RequestHandler(SimpleHTTPRequestHandler):
"Error parsing JSON", HTTP_UNPROCESSABLE_ENTITY) "Error parsing JSON", HTTP_UNPROCESSABLE_ENTITY)
return return
if self.server.api_password is None: self.authenticated = (self.server.api_password is None
self.authenticated = True or self.headers.get(HTTP_HEADER_HA_AUTH) ==
elif HTTP_HEADER_HA_AUTH in self.headers: self.server.api_password
api_password = self.headers.get(HTTP_HEADER_HA_AUTH) or data.get(DATA_API_PASSWORD) ==
self.server.api_password
if not api_password and DATA_API_PASSWORD in data: or self.verify_session())
api_password = data[DATA_API_PASSWORD]
self.authenticated = api_password == self.server.api_password
else:
self.authenticated = self.verify_session()
if '_METHOD' in data: if '_METHOD' in data:
method = data.pop('_METHOD') method = data.pop('_METHOD')

19
tests/components/test_api.py
View File

@ -66,18 +66,31 @@ class TestAPI(unittest.TestCase):
# TODO move back to http component and test with use_auth. # TODO move back to http component and test with use_auth.
def test_access_denied_without_password(self): def test_access_denied_without_password(self):
req = requests.get( req = requests.get(_url(const.URL_API))
_url(const.URL_API_STATES_ENTITY.format("test")))
self.assertEqual(401, req.status_code) self.assertEqual(401, req.status_code)
def test_access_denied_with_wrong_password(self): def test_access_denied_with_wrong_password(self):
req = requests.get( req = requests.get(
_url(const.URL_API_STATES_ENTITY.format("test")), _url(const.URL_API),
headers={const.HTTP_HEADER_HA_AUTH: 'wrongpassword'}) headers={const.HTTP_HEADER_HA_AUTH: 'wrongpassword'})
self.assertEqual(401, req.status_code) self.assertEqual(401, req.status_code)
def test_access_with_password_in_url(self):
req = requests.get(
"{}?api_password={}".format(_url(const.URL_API), API_PASSWORD))
self.assertEqual(200, req.status_code)
def test_access_via_session(self):
session = requests.Session()
req = session.get(_url(const.URL_API), headers=HA_HEADERS)
self.assertEqual(200, req.status_code)
req = session.get(_url(const.URL_API))
self.assertEqual(200, req.status_code)
def test_api_list_state_entities(self): def test_api_list_state_entities(self):
""" Test if the debug interface allows us to list state entities. """ """ Test if the debug interface allows us to list state entities. """
req = requests.get(_url(const.URL_API_STATES), req = requests.get(_url(const.URL_API_STATES),