diff --git a/homeassistant/httpinterface.py b/homeassistant/httpinterface.py index 5dde42e153a..391d4c4da5b 100644 --- a/homeassistant/httpinterface.py +++ b/homeassistant/httpinterface.py @@ -91,77 +91,63 @@ class RequestHandler(BaseHTTPRequestHandler): get_data = parse_qs(url.query) - # Verify API password - if get_data.get('api_password', [''])[0] != self.server.api_password: - self.send_response(200) - self.send_header('Content-type','text/html') - self.end_headers() - - write("") - write("
") - write("API password: ") - write("") - write("
") - write("") + if url.path == "/": + if self._verify_api_password(get_data.get('api_password', [''])[0], False): + self.send_response(200) + self.send_header('Content-type','text/html') + self.end_headers() - # Serve debug URL - elif url.path == "/": - self.send_response(200) - self.send_header('Content-type','text/html') - self.end_headers() + write("") + # Flash message support + if self.server.flash_message is not None: + write("

{}

".format(self.server.flash_message)) - write("") + self.server.flash_message = None - # Flash message support - if self.server.flash_message is not None: - write("

{}

".format(self.server.flash_message)) + # Describe state machine: + categories = [] - self.server.flash_message = None + write("") + write("") - # Describe state machine: - categories = [] + for category, state, last_changed in self.server.statemachine.get_states(): + categories.append(category) - write("
NameStateLast Changed
") - write("") + write("".format(category, state, last_changed.strftime("%H:%M:%S %d-%m-%Y"))) - for category, state, last_changed in self.server.statemachine.get_states(): - categories.append(category) + write("
NameStateLast Changed
{}{}{}
") - write("{}{}{}".format(category, state, last_changed.strftime("%H:%M:%S %d-%m-%Y"))) + # Small form to change the state + write("
Change state:
") + write("
") + write("".format(self.server.api_password)) + write("".format(self.server.api_password)) - write("") - for category in categories: - write("".format(category)) + write("") + write("") + write("
") - write("") + # Describe event bus: + for category in self.server.eventbus.listeners: + write("Event {}: {} listeners
".format(category, len(self.server.eventbus.listeners[category]))) - write("") - write("") - write("") + # Form to allow firing events + write("

") + write("
") + write("".format(self.server.api_password)) + write("Event name:
") + write("Event data (json):
") + write("") + write("
") - # Describe event bus: - for category in self.server.eventbus.listeners: - write("Event {}: {} listeners
".format(category, len(self.server.eventbus.listeners[category]))) - - # Form to allow firing events - write("

") - write("
") - write("".format(self.server.api_password)) - write("Event name:
") - write("Event data (json):
") - write("") - write("
") - - write("") + write("") else: @@ -185,43 +171,63 @@ class RequestHandler(BaseHTTPRequestHandler): self.server.logger.info(post_data) self.server.logger.info(action) - - # Verify API password - if post_data.get("api_password", [''])[0] != self.server.api_password: - self._message(use_json, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED) - + given_api_password = post_data.get("api_password", [''])[0] # Action to change the state - elif action == "state/change": - category, new_state = post_data['category'][0], post_data['new_state'][0] + if action == "state/change": + if self._verify_api_password(given_api_password, use_json): + category, new_state = post_data['category'][0], post_data['new_state'][0] - try: - self.server.statemachine.set_state(category, new_state) + try: + self.server.statemachine.set_state(category, new_state) - self._message(use_json, "State of {} changed to {}.".format(category, new_state)) + self._message(use_json, "State of {} changed to {}.".format(category, new_state)) - except CategoryDoesNotExistException: - self._message(use_json, "Category does not exist.", MESSAGE_STATUS_ERROR) + except CategoryDoesNotExistException: + self._message(use_json, "Category does not exist.", MESSAGE_STATUS_ERROR) # Action to fire an event elif action == "event/fire": - try: - event_name = post_data['event_name'][0] - event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0]) + if self._verify_api_password(given_api_password, use_json): + try: + event_name = post_data['event_name'][0] + event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0]) - self.server.eventbus.fire(Event(event_name, event_data)) + self.server.eventbus.fire(Event(event_name, event_data)) - self._message(use_json, "Event {} fired.".format(event_name)) - - except ValueError: - # If JSON decode error - self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR) + self._message(use_json, "Event {} fired.".format(event_name)) + except ValueError: + # If JSON decode error + self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR) else: self.send_response(404) + def _verify_api_password(self, api_password, use_json): + if api_password == self.server.api_password: + return True + + elif use_json: + self._message(True, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED) + + else: + self.send_response(200) + self.send_header('Content-type','text/html') + self.end_headers() + + write = lambda txt: self.wfile.write(txt+"\n") + + write("") + write("
") + write("API password: ") + write("") + write("
") + write("") + + return False + def _message(self, use_json, message, status=MESSAGE_STATUS_OK): """ Helper method to show a message to the user. """ log_message = "{}: {}".format(status, message)