Fix multiple webhook secrets for Telegram bot (#149103)

2025-07-26 22:57:17 +00:00 · 2025-07-22 13:42:40 +08:00 · 2025-07-22 13:42:40 +08:00 · 42cf4e8db7
commit 42cf4e8db7
parent ef2531d28d
3 changed files with 19 additions and 12 deletions
--- a/homeassistant/components/telegram_bot/webhooks.py
+++ b/homeassistant/components/telegram_bot/webhooks.py
@ -82,7 +82,7 @@ class PushBot(BaseTelegramBot):
        self.base_url = config.data.get(CONF_URL) or get_url(
            hass, require_ssl=True, allow_internal=False
        )
-        self.webhook_url = f"{self.base_url}{TELEGRAM_WEBHOOK_URL}"
+        self.webhook_url = self.base_url + _get_webhook_url(bot)

    async def shutdown(self) -> None:
        """Shutdown the app."""
@ -98,9 +98,11 @@ class PushBot(BaseTelegramBot):
                    api_kwargs={"secret_token": self.secret_token},
                    connect_timeout=5,
                )
-            except TelegramError:
+            except TelegramError as err:
                retry_num += 1
-                _LOGGER.warning("Error trying to set webhook (retry #%d)", retry_num)
+                _LOGGER.warning(
+                    "Error trying to set webhook (retry #%d)", retry_num, exc_info=err
+                )

        return False

@ -143,7 +145,6 @@ class PushBotView(HomeAssistantView):
    """View for handling webhook calls from Telegram."""

    requires_auth = False
-    url = TELEGRAM_WEBHOOK_URL
    name = "telegram_webhooks"

    def __init__(
@ -160,6 +161,7 @@ class PushBotView(HomeAssistantView):
        self.application = application
        self.trusted_networks = trusted_networks
        self.secret_token = secret_token
+        self.url = _get_webhook_url(bot)

    async def post(self, request: HomeAssistantRequest) -> Response | None:
        """Accept the POST from telegram."""
@ -183,3 +185,7 @@ class PushBotView(HomeAssistantView):
        await self.application.process_update(update)

        return None
+
+
+def _get_webhook_url(bot: Bot) -> str:
+    return f"{TELEGRAM_WEBHOOK_URL}_{bot.id}"
--- a/tests/components/telegram_bot/test_telegram_bot.py
+++ b/tests/components/telegram_bot/test_telegram_bot.py
@ -364,7 +364,7 @@ async def test_webhook_endpoint_generates_telegram_text_event(
    events = async_capture_events(hass, "telegram_text")

    response = await client.post(
-        TELEGRAM_WEBHOOK_URL,
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        json=update_message_text,
        headers={"X-Telegram-Bot-Api-Secret-Token": mock_generate_secret_token},
    )
@ -391,7 +391,7 @@ async def test_webhook_endpoint_generates_telegram_command_event(
    events = async_capture_events(hass, "telegram_command")

    response = await client.post(
-        TELEGRAM_WEBHOOK_URL,
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        json=update_message_command,
        headers={"X-Telegram-Bot-Api-Secret-Token": mock_generate_secret_token},
    )
@ -418,7 +418,7 @@ async def test_webhook_endpoint_generates_telegram_callback_event(
    events = async_capture_events(hass, "telegram_callback")

    response = await client.post(
-        TELEGRAM_WEBHOOK_URL,
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        json=update_callback_query,
        headers={"X-Telegram-Bot-Api-Secret-Token": mock_generate_secret_token},
    )
@ -594,7 +594,7 @@ async def test_webhook_endpoint_unauthorized_update_doesnt_generate_telegram_tex
    events = async_capture_events(hass, "telegram_text")

    response = await client.post(
-        TELEGRAM_WEBHOOK_URL,
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        json=unauthorized_update_message_text,
        headers={"X-Telegram-Bot-Api-Secret-Token": mock_generate_secret_token},
    )
@ -618,7 +618,7 @@ async def test_webhook_endpoint_without_secret_token_is_denied(
    async_capture_events(hass, "telegram_text")

    response = await client.post(
-        TELEGRAM_WEBHOOK_URL,
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        json=update_message_text,
    )
    assert response.status == 401
@ -636,7 +636,7 @@ async def test_webhook_endpoint_invalid_secret_token_is_denied(
    async_capture_events(hass, "telegram_text")

    response = await client.post(
-        TELEGRAM_WEBHOOK_URL,
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        json=update_message_text,
        headers={"X-Telegram-Bot-Api-Secret-Token": incorrect_secret_token},
    )
--- a/tests/components/telegram_bot/test_webhooks.py
+++ b/tests/components/telegram_bot/test_webhooks.py
@ -7,6 +7,7 @@ from unittest.mock import AsyncMock, patch
 from telegram import WebhookInfo
 from telegram.error import TimedOut

+from homeassistant.components.telegram_bot.webhooks import TELEGRAM_WEBHOOK_URL
 from homeassistant.config_entries import ConfigEntryState
 from homeassistant.core import HomeAssistant

@ -115,7 +116,7 @@ async def test_webhooks_update_invalid_json(
    client = await hass_client()

    response = await client.post(
-        "/api/telegram_webhooks",
+        f"{TELEGRAM_WEBHOOK_URL}_123456",
        headers={"X-Telegram-Bot-Api-Secret-Token": mock_generate_secret_token},
    )
    assert response.status == 400
@ -139,7 +140,7 @@ async def test_webhooks_unauthorized_network(
        return_value=IPv4Network("1.2.3.4"),
    ) as mock_remote:
        response = await client.post(
-            "/api/telegram_webhooks",
+            f"{TELEGRAM_WEBHOOK_URL}_123456",
            json="mock json",
            headers={"X-Telegram-Bot-Api-Secret-Token": mock_generate_secret_token},
        )