jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-04-23 16:57:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Frontend password checking is now done in polymer

Browse Source
This commit is contained in:
Paulus Schoutsen 2014-10-28 00:38:25 -07:00
parent b9d0316903
commit 3bab3f4be1
6 changed files with 212 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_polymer
View File

@ -4,7 +4,7 @@ cd homeassistant/components/http/www_static/polymer
bower install
cd ..
cp polymer/bower_components/platform/platform.js polymer_platform.js
vulcanize -o frontend.html --inline polymer/home-assistant-main.html
vulcanize -o frontend.html --inline polymer/splash-login.html
cd ..
echo '""" DO NOT MODIFY. Auto-generated by build_polymer script """' > frontend.py
echo 'VERSION = "'`md5 -q www_static/frontend.html`'"' >> frontend.py

52
homeassistant/components/http/__init__.py
View File

@ -301,10 +301,12 @@ class RequestHandler(SimpleHTTPRequestHandler):
# Did we find a handler for the incoming request?
if handle_request_method:
# Do not enforce api password for static files
if handle_request_method == self._handle_get_static or \
self._verify_api_password(api_password):
# For API calls we need a valid password
if self.use_json and api_password != self.server.api_password:
self._message(
"API password missing or incorrect.", HTTP_UNAUTHORIZED)
else:
handle_request_method(path_match, data)
elif path_matched_but_not_method:
@ -333,44 +335,6 @@ class RequestHandler(SimpleHTTPRequestHandler):
""" DELETE request handler. """
self._handle_request('DELETE')
def _verify_api_password(self, api_password):
""" Helper method to verify the API password
and take action if incorrect. """
if api_password == self.server.api_password:
return True
elif self.use_json:
self._message(
"API password missing or incorrect.", HTTP_UNAUTHORIZED)
else:
self.send_response(HTTP_OK)
self.send_header('Content-type', 'text/html')
self.end_headers()
self.wfile.write((
"<html>"
"<head><title>Home Assistant</title>"
"<link rel='shortcut icon' href='/static/favicon.ico' />"
"<link rel='icon' type='image/png' "
" href='/static/favicon-192x192.png' sizes='192x192'>"
"</head>"
"<body>"
"<div>"
"<form class='form-signin' action='{}' method='POST'>"
"<input type='text' name='api_password' "
" placeholder='API Password for Home Assistant' "
" required autofocus>"
"<button type='submit'>Enter</button>"
"</form>"
"</div>"
"</body></html>").format(self.path).encode("UTF-8"))
return False
# pylint: disable=unused-argument
def _handle_get_root(self, path_match, data):
""" Renders the debug interface. """
@ -382,7 +346,7 @@ class RequestHandler(SimpleHTTPRequestHandler):
self.end_headers()
if self.server.development:
app_url = "polymer/home-assistant-main.html"
app_url = "polymer/splash-login.html"
else:
app_url = "frontend-{}.html".format(frontend.VERSION)
@ -400,8 +364,8 @@ class RequestHandler(SimpleHTTPRequestHandler):
" minimum-scale=1.0, maximum-scale=1.0' />"
"</head>"
"<body fullbleed>"
"<home-assistant-main auth='{}'></home-assistant-main>"
"</body></html>").format(app_url, self.server.api_password))
"<splash-login auth='{}'></splash-login>"
"</body></html>").format(app_url, data.get('api_password', '')))
# pylint: disable=unused-argument
def _handle_get_api(self, path_match, data):

2
homeassistant/components/http/frontend.py
View File

@ -1,2 +1,2 @@
""" DO NOT MODIFY. Auto-generated by build_polymer script """
VERSION = "2242f67744e2c8bb92362bbd1489319f"
VERSION = "460fa7f075841b858b102678f13fb070"

117
homeassistant/components/http/www_static/frontend.html
View File

@ -674,8 +674,8 @@ mode: cover
</script>
</polymer-element>
</div>
<div hidden><!--
<!--
Copyright (c) 2014 The Polymer Project Authors. All rights reserved.
This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt
@ -869,8 +869,8 @@ polyfill-next-selector { content: ':host .indent'; }
</template>
<script>Polymer('core-toolbar');</script></polymer-element>
</div>
<div hidden><!--
<!--
Copyright (c) 2014 The Polymer Project Authors. All rights reserved.
This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt
@ -2076,8 +2076,8 @@ core-icon {
</script>
</polymer-element>
</div>
<div hidden><!--
<!--
Copyright (c) 2014 The Polymer Project Authors. All rights reserved.
This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt
@ -3267,9 +3267,9 @@ root if there is one. This implies:
</script>
</polymer-element>
</div>
<div hidden>
<!--
Copyright (c) 2014 The Polymer Project Authors. All rights reserved.
This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
@ -9375,8 +9375,8 @@ core-item {
});
</script>
</polymer-element>
</div>
<div hidden>
<script>//! moment.js
//! version : 2.8.3
//! authors : Tim Wood, Iskren Chernev, Moment.js contributors
@ -12762,7 +12762,7 @@ subject to an additional IP rights grant found at http://polymer.github.io/PATEN
});
</script>
</polymer-element>
</div>
<polymer-element name="home-assistant-main" attributes="auth" assetpath="polymer/">
<template>
@ -12845,3 +12845,98 @@ subject to an additional IP rights grant found at http://polymer.github.io/PATEN
});
</script>
</polymer-element>
</div>
<div hidden>undefined</div>
<div hidden>undefined</div>
<polymer-element name="splash-login" attributes="auth" assetpath="polymer/">
<template>
<style type="text/css">
:host {
font-family: 'RobotoDraft', sans-serif;
height: 100%;
overflow: auto;
}
.login paper-button {
margin-left: 242px;
}
.login .interact {
height: 110px;
}
</style>
<template if="{{state == 'no_auth'}}">
<div layout="" horizontal="" center="" fit="" class="login">
<div layout="" vertical="" center="" flex="">
<img src="/static/favicon-192x192.png">
<h1>Home Assistant</h1>
<div class="interact" layout="" vertical="">
<div id="loginform">
<paper-input id="passwordInput" label="Password" type="password" value="{{auth}}"></paper-input>
<paper-button on-click="{{validatePassword}}">Log In</paper-button>
</div>
<div id="validateMessage" hidden>Validating password...</div>
</div>
</div>
</div>
</template>
<template if="{{state == 'valid_auth'}}">
<home-assistant-main auth="{{auth}}"></home-assistant-main>
</template>
</template>
<script>
Polymer('splash-login',{
// can be no_auth, test_auth, valid_auth
state: "no_auth",
auth: "",
ready: function() {
},
domReady: function() {
if(this.auth) {
this.validatePassword();
}
},
validatePassword: function() {
this.$.passwordInput.commit();
this.$.loginform.setAttribute('hidden', null)
this.$.validateMessage.removeAttribute('hidden')
var req = new XMLHttpRequest();
req.open("GET", "/api/", true);
req.setRequestHeader("HA-access", this.auth);
req.onreadystatechange = function() {
if(req.readyState == 4) {
if(req.status == 200) {
this.state = 'valid_auth'
} else {
this.auth = "";
this.$.passwordInput.error = "Invalid Password";
this.$.passwordInput.required = 1;
this.$.loginform.removeAttribute('hidden');
this.$.validateMessage.setAttribute('hidden', null);
this.state = 'no_auth'
}
}
}.bind(this)
req.send();
},
});
</script>
</polymer-element>

1
homeassistant/components/http/www_static/polymer/home-assistant-main.html
View File

@ -1,4 +1,3 @@
<link rel="import" href="bower_components/font-roboto/roboto.html">
<link rel="import" href="bower_components/core-header-panel/core-header-panel.html">
<link rel="import" href="bower_components/core-toolbar/core-toolbar.html">
<link rel="import" href="bower_components/core-icon-button/core-icon-button.html">

96
homeassistant/components/http/www_static/polymer/splash-login.html Normal file
View File

@ -0,0 +1,96 @@
<link rel="import" href="bower_components/font-roboto/roboto.html">
<link rel="import" href="home-assistant-main.html">
<link rel="import" href="bower_components/paper-button/paper-button.html">
<link rel="import" href="bower_components/paper-input/paper-input.html">
<polymer-element name="splash-login" attributes="auth">
<template>
<style type="text/css">
:host {
font-family: 'RobotoDraft', sans-serif;
height: 100%;
overflow: auto;
}
.login paper-button {
margin-left: 242px;
}
.login .interact {
height: 110px;
}
</style>
<template if="{{state == 'no_auth'}}">
<div layout horizontal center fit class='login'>
<div layout vertical center flex>
<img src="/static/favicon-192x192.png" />
<h1>Home Assistant</h1>
<div class='interact' layout vertical>
<div id='loginform'>
<paper-input id="passwordInput" label="Password" type="password" value="{{auth}}"></paper-input>
<paper-button on-click={{validatePassword}}>Log In</paper-button>
</div>
<div id="validateMessage" hidden>Validating password...</div>
</div>
</div>
</div>
</template>
<template if="{{state == 'valid_auth'}}">
<home-assistant-main auth="{{auth}}"></home-assistant-main>
</template>
</template>
<script>
Polymer({
// can be no_auth, test_auth, valid_auth
state: "no_auth",
auth: "",
ready: function() {
},
domReady: function() {
if(this.auth) {
this.validatePassword();
}
},
validatePassword: function() {
this.$.passwordInput.commit();
this.$.loginform.setAttribute('hidden', null)
this.$.validateMessage.removeAttribute('hidden')
var req = new XMLHttpRequest();
req.open("GET", "/api/", true);
req.setRequestHeader("HA-access", this.auth);
req.onreadystatechange = function() {
if(req.readyState == 4) {
if(req.status == 200) {
this.state = 'valid_auth'
} else {
this.auth = "";
this.$.passwordInput.error = "Invalid Password";
this.$.passwordInput.required = 1;
this.$.loginform.removeAttribute('hidden');
this.$.validateMessage.setAttribute('hidden', null);
this.state = 'no_auth'
}
}
}.bind(this)
req.send();
},
});
</script>
</polymer-element>