jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-21 20:27:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTTP interface won't check for api password on non existing path's anymore but throw 404.

Browse Source
This commit is contained in:
Paulus Schoutsen 2013-09-29 23:47:53 -07:00
parent 77a69016d4
commit a75f396242
1 changed files with 82 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
homeassistant/httpinterface.py
View File

@ -91,77 +91,63 @@ class RequestHandler(BaseHTTPRequestHandler):
get_data = parse_qs(url.query) get_data = parse_qs(url.query)
# Verify API password if url.path == "/":
if get_data.get('api_password', [''])[0] != self.server.api_password: if self._verify_api_password(get_data.get('api_password', [''])[0], False):
self.send_response(200) self.send_response(200)
self.send_header('Content-type','text/html') self.send_header('Content-type','text/html')
self.end_headers() self.end_headers()
write("<html>")
write("<form action='/' method='GET'>")
write("API password: <input name='api_password' />")
write("<input type='submit' value='submit' />")
write("</form>")
write("</html>")
# Serve debug URL write("<html>")
elif url.path == "/":
self.send_response(200)
self.send_header('Content-type','text/html')
self.end_headers()
# Flash message support
if self.server.flash_message is not None:
write("<h3>{}</h3>".format(self.server.flash_message))
write("<html>") self.server.flash_message = None
# Flash message support # Describe state machine:
if self.server.flash_message is not None: categories = []
write("<h3>{}</h3>".format(self.server.flash_message))
self.server.flash_message = None write("<table>")
write("<tr><th>Name</th><th>State</th><th>Last Changed</th></tr>")
# Describe state machine: for category, state, last_changed in self.server.statemachine.get_states():
categories = [] categories.append(category)
write("<table>") write("<tr><td>{}</td><td>{}</td><td>{}</td></tr>".format(category, state, last_changed.strftime("%H:%M:%S %d-%m-%Y")))
write("<tr><th>Name</th><th>State</th><th>Last Changed</th></tr>")
for category, state, last_changed in self.server.statemachine.get_states(): write("</table>")
categories.append(category)
write("<tr><td>{}</td><td>{}</td><td>{}</td></tr>".format(category, state, last_changed.strftime("%H:%M:%S %d-%m-%Y"))) # Small form to change the state
write("<br />Change state:<br />")
write("<form action='state/change' method='POST'>")
write("<input type='hidden' name='api_password' value='{}' />".format(self.server.api_password))
write("<select name='category'>")
write("</table>") for category in categories:
write("<option>{}</option>".format(category))
# Small form to change the state write("</select>")
write("<br />Change state:<br />")
write("<form action='state/change' method='POST'>")
write("<input type='hidden' name='api_password' value='{}' />".format(self.server.api_password))
write("<select name='category'>")
for category in categories: write("<input name='new_state' />")
write("<option>{}</option>".format(category)) write("<input type='submit' value='set state' />")
write("</form>")
write("</select>") # Describe event bus:
for category in self.server.eventbus.listeners:
write("Event {}: {} listeners<br />".format(category, len(self.server.eventbus.listeners[category])))
write("<input name='new_state' />") # Form to allow firing events
write("<input type='submit' value='set state' />") write("<br /><br />")
write("</form>") write("<form action='event/fire' method='POST'>")
write("<input type='hidden' name='api_password' value='{}' />".format(self.server.api_password))
write("Event name: <input name='event_name' /><br />")
write("Event data (json): <input name='event_data' /><br />")
write("<input type='submit' value='fire event' />")
write("</form>")
# Describe event bus: write("</html>")
for category in self.server.eventbus.listeners:
write("Event {}: {} listeners<br />".format(category, len(self.server.eventbus.listeners[category])))
# Form to allow firing events
write("<br /><br />")
write("<form action='event/fire' method='POST'>")
write("<input type='hidden' name='api_password' value='{}' />".format(self.server.api_password))
write("Event name: <input name='event_name' /><br />")
write("Event data (json): <input name='event_data' /><br />")
write("<input type='submit' value='fire event' />")
write("</form>")
write("</html>")
else: else:
@ -185,43 +171,63 @@ class RequestHandler(BaseHTTPRequestHandler):
self.server.logger.info(post_data) self.server.logger.info(post_data)
self.server.logger.info(action) self.server.logger.info(action)
given_api_password = post_data.get("api_password", [''])[0]
# Verify API password
if post_data.get("api_password", [''])[0] != self.server.api_password:
self._message(use_json, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED)
# Action to change the state # Action to change the state
elif action == "state/change": if action == "state/change":
category, new_state = post_data['category'][0], post_data['new_state'][0] if self._verify_api_password(given_api_password, use_json):
category, new_state = post_data['category'][0], post_data['new_state'][0]
try: try:
self.server.statemachine.set_state(category, new_state) self.server.statemachine.set_state(category, new_state)
self._message(use_json, "State of {} changed to {}.".format(category, new_state)) self._message(use_json, "State of {} changed to {}.".format(category, new_state))
except CategoryDoesNotExistException: except CategoryDoesNotExistException:
self._message(use_json, "Category does not exist.", MESSAGE_STATUS_ERROR) self._message(use_json, "Category does not exist.", MESSAGE_STATUS_ERROR)
# Action to fire an event # Action to fire an event
elif action == "event/fire": elif action == "event/fire":
try: if self._verify_api_password(given_api_password, use_json):
event_name = post_data['event_name'][0] try:
event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0]) event_name = post_data['event_name'][0]
event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0])
self.server.eventbus.fire(Event(event_name, event_data)) self.server.eventbus.fire(Event(event_name, event_data))
self._message(use_json, "Event {} fired.".format(event_name)) self._message(use_json, "Event {} fired.".format(event_name))
except ValueError:
# If JSON decode error
self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR)
except ValueError:
# If JSON decode error
self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR)
else: else:
self.send_response(404) self.send_response(404)
def _verify_api_password(self, api_password, use_json):
if api_password == self.server.api_password:
return True
elif use_json:
self._message(True, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED)
else:
self.send_response(200)
self.send_header('Content-type','text/html')
self.end_headers()
write = lambda txt: self.wfile.write(txt+"\n")
write("<html>")
write("<form action='/' method='GET'>")
write("API password: <input name='api_password' />")
write("<input type='submit' value='submit' />")
write("</form>")
write("</html>")
return False
def _message(self, use_json, message, status=MESSAGE_STATUS_OK): def _message(self, use_json, message, status=MESSAGE_STATUS_OK):
""" Helper method to show a message to the user. """ """ Helper method to show a message to the user. """
log_message = "{}: {}".format(status, message) log_message = "{}: {}".format(status, message)