mirror of
https://github.com/home-assistant/core.git
synced 2025-07-22 12:47:08 +00:00
HTTP interface won't check for api password on non existing path's anymore but throw 404.
This commit is contained in:
parent
77a69016d4
commit
a75f396242
@ -91,22 +91,8 @@ class RequestHandler(BaseHTTPRequestHandler):
|
|||||||
|
|
||||||
get_data = parse_qs(url.query)
|
get_data = parse_qs(url.query)
|
||||||
|
|
||||||
# Verify API password
|
if url.path == "/":
|
||||||
if get_data.get('api_password', [''])[0] != self.server.api_password:
|
if self._verify_api_password(get_data.get('api_password', [''])[0], False):
|
||||||
self.send_response(200)
|
|
||||||
self.send_header('Content-type','text/html')
|
|
||||||
self.end_headers()
|
|
||||||
|
|
||||||
write("<html>")
|
|
||||||
write("<form action='/' method='GET'>")
|
|
||||||
write("API password: <input name='api_password' />")
|
|
||||||
write("<input type='submit' value='submit' />")
|
|
||||||
write("</form>")
|
|
||||||
write("</html>")
|
|
||||||
|
|
||||||
|
|
||||||
# Serve debug URL
|
|
||||||
elif url.path == "/":
|
|
||||||
self.send_response(200)
|
self.send_response(200)
|
||||||
self.send_header('Content-type','text/html')
|
self.send_header('Content-type','text/html')
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
@ -185,14 +171,11 @@ class RequestHandler(BaseHTTPRequestHandler):
|
|||||||
self.server.logger.info(post_data)
|
self.server.logger.info(post_data)
|
||||||
self.server.logger.info(action)
|
self.server.logger.info(action)
|
||||||
|
|
||||||
|
given_api_password = post_data.get("api_password", [''])[0]
|
||||||
# Verify API password
|
|
||||||
if post_data.get("api_password", [''])[0] != self.server.api_password:
|
|
||||||
self._message(use_json, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED)
|
|
||||||
|
|
||||||
|
|
||||||
# Action to change the state
|
# Action to change the state
|
||||||
elif action == "state/change":
|
if action == "state/change":
|
||||||
|
if self._verify_api_password(given_api_password, use_json):
|
||||||
category, new_state = post_data['category'][0], post_data['new_state'][0]
|
category, new_state = post_data['category'][0], post_data['new_state'][0]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
@ -205,6 +188,7 @@ class RequestHandler(BaseHTTPRequestHandler):
|
|||||||
|
|
||||||
# Action to fire an event
|
# Action to fire an event
|
||||||
elif action == "event/fire":
|
elif action == "event/fire":
|
||||||
|
if self._verify_api_password(given_api_password, use_json):
|
||||||
try:
|
try:
|
||||||
event_name = post_data['event_name'][0]
|
event_name = post_data['event_name'][0]
|
||||||
event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0])
|
event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0])
|
||||||
@ -217,11 +201,33 @@ class RequestHandler(BaseHTTPRequestHandler):
|
|||||||
# If JSON decode error
|
# If JSON decode error
|
||||||
self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR)
|
self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR)
|
||||||
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
self.send_response(404)
|
self.send_response(404)
|
||||||
|
|
||||||
|
|
||||||
|
def _verify_api_password(self, api_password, use_json):
|
||||||
|
if api_password == self.server.api_password:
|
||||||
|
return True
|
||||||
|
|
||||||
|
elif use_json:
|
||||||
|
self._message(True, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED)
|
||||||
|
|
||||||
|
else:
|
||||||
|
self.send_response(200)
|
||||||
|
self.send_header('Content-type','text/html')
|
||||||
|
self.end_headers()
|
||||||
|
|
||||||
|
write = lambda txt: self.wfile.write(txt+"\n")
|
||||||
|
|
||||||
|
write("<html>")
|
||||||
|
write("<form action='/' method='GET'>")
|
||||||
|
write("API password: <input name='api_password' />")
|
||||||
|
write("<input type='submit' value='submit' />")
|
||||||
|
write("</form>")
|
||||||
|
write("</html>")
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
def _message(self, use_json, message, status=MESSAGE_STATUS_OK):
|
def _message(self, use_json, message, status=MESSAGE_STATUS_OK):
|
||||||
""" Helper method to show a message to the user. """
|
""" Helper method to show a message to the user. """
|
||||||
log_message = "{}: {}".format(status, message)
|
log_message = "{}: {}".format(status, message)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user