Allow encrypted passwords

2025-07-23 05:07:41 +00:00 · 2016-03-19 22:15:23 +01:00 · 2016-03-19 22:15:23 +01:00 · 505b3b198e
commit 505b3b198e
parent 0bf13dbf26
2 changed files with 33 additions and 6 deletions
--- a/homeassistant/components/http.py
+++ b/homeassistant/components/http.py
@ -32,6 +32,8 @@ from homeassistant.const import (

 DOMAIN = "http"

+REQUIREMENTS = ["passlib==1.6.5"]
+
 CONF_API_PASSWORD = "api_password"
 CONF_SERVER_HOST = "server_host"
 CONF_SERVER_PORT = "server_port"
@ -176,6 +178,8 @@ class RequestHandler(SimpleHTTPRequestHandler):

    def _handle_request(self, method):  # pylint: disable=too-many-branches
        """Perform some common checks and call appropriate method."""
+        from passlib import hash
+
        url = urlparse(self.path)

        # Read query input. parse_qs gives a list for each value, we want last
@ -198,12 +202,20 @@ class RequestHandler(SimpleHTTPRequestHandler):
                    "Error parsing JSON", HTTP_UNPROCESSABLE_ENTITY)
                return

+        try:
+            self.authenticated = (hash.sha256_crypt.verify(
+                                      self.headers.get(HTTP_HEADER_HA_AUTH),
+                                      self.server.api_password) or
+                                  hash.sha256_crypt.verify(
+                                      data.get(DATA_API_PASSWORD),
+                                      self.server.api_password) or
+                                  self.verify_session())
+        except (TypeError, ValueError):
            self.authenticated = (self.server.api_password is None or
                                  self.headers.get(HTTP_HEADER_HA_AUTH) ==
                                  self.server.api_password or
                                  data.get(DATA_API_PASSWORD) ==
-                              self.server.api_password or
-                              self.verify_session())
+                                  self.server.api_password)

        if '_METHOD' in data:
            method = data.pop('_METHOD')
--- a/script/gen_hash.py
+++ b/script/gen_hash.py
@ -0,0 +1,15 @@
+#!/usr/bin/python3
+"""Generate hashes from given strings."""
+import getpass
+from passlib import hash
+
+response1 = getpass.getpass('Please enter your string/password/API key: ')
+response2 = getpass.getpass('Please enter the string/password/API key again: ')
+
+hashed = hash.sha256_crypt.encrypt(response1)
+
+if hash.sha256_crypt.verify(response2, hashed):
+    print('Put the hash in your configuration.yaml file.')
+    print(hashed)
+else:
+    print('No match! Please try again.')