From 7d9e2577131e121a365d632de650753d073584b5 Mon Sep 17 00:00:00 2001
From: Paulus Schoutsen <paulus@home-assistant.io>
Date: Wed, 12 Dec 2018 17:17:27 +0100
Subject: [PATCH] Fix owntracks topic in encrypted ios (#19220)

* Fix owntracks topic

* Warn if per-topic secret and using HTTP
---
 homeassistant/components/device_tracker/owntracks.py | 9 +++++++--
 homeassistant/components/owntracks/__init__.py       | 9 +++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/homeassistant/components/device_tracker/owntracks.py b/homeassistant/components/device_tracker/owntracks.py
index ae2b9d6146b..e85ebbe6fe1 100644
--- a/homeassistant/components/device_tracker/owntracks.py
+++ b/homeassistant/components/device_tracker/owntracks.py
@@ -316,14 +316,19 @@ async def async_handle_waypoints_message(hass, context, message):
 @HANDLERS.register('encrypted')
 async def async_handle_encrypted_message(hass, context, message):
     """Handle an encrypted message."""
-    plaintext_payload = _decrypt_payload(context.secret, message['topic'],
+    if 'topic' not in message and isinstance(context.secret, dict):
+        _LOGGER.error("You cannot set per topic secrets when using HTTP")
+        return
+
+    plaintext_payload = _decrypt_payload(context.secret, message.get('topic'),
                                          message['data'])
 
     if plaintext_payload is None:
         return
 
     decrypted = json.loads(plaintext_payload)
-    decrypted['topic'] = message['topic']
+    if 'topic' in message and 'topic' not in decrypted:
+        decrypted['topic'] = message['topic']
 
     await async_handle_message(hass, context, decrypted)
 
diff --git a/homeassistant/components/owntracks/__init__.py b/homeassistant/components/owntracks/__init__.py
index 7dc88be9764..5e6a99741e8 100644
--- a/homeassistant/components/owntracks/__init__.py
+++ b/homeassistant/components/owntracks/__init__.py
@@ -137,15 +137,16 @@ async def handle_webhook(hass, webhook_id, request):
         user = headers.get('X-Limit-U')
         device = headers.get('X-Limit-D', user)
 
-        if user is None:
+        if user:
+            topic_base = re.sub('/#$', '', context.mqtt_topic)
+            message['topic'] = '{}/{}/{}'.format(topic_base, user, device)
+
+        elif message['_type'] != 'encrypted':
             _LOGGER.warning('No topic or user found in message. If on Android,'
                             ' set a username in Connection -> Identification')
             # Keep it as a 200 response so the incorrect packet is discarded
             return json_response([])
 
-        topic_base = re.sub('/#$', '', context.mqtt_topic)
-        message['topic'] = '{}/{}/{}'.format(topic_base, user, device)
-
     hass.helpers.dispatcher.async_dispatcher_send(
         DOMAIN, hass, context, message)
     return json_response([])