jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-26 22:57:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve authentication handling for camera view (#75979)

Browse Source
This commit is contained in:
Franck Nijhof 2022-07-31 18:00:42 +02:00 committed by GitHub
parent 1a8ccfeb56
commit c795597511
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
homeassistant/components/camera/__init__.py
View File

@ -14,7 +14,7 @@ import os
from random import SystemRandom from random import SystemRandom
from typing import Final, Optional, cast, final from typing import Final, Optional, cast, final
from aiohttp import web from aiohttp import hdrs, web
import async_timeout import async_timeout
import attr import attr
import voluptuous as vol import voluptuous as vol
@ -715,8 +715,11 @@ class CameraView(HomeAssistantView):
) )
if not authenticated: if not authenticated:
if request[KEY_AUTHENTICATED]: # Attempt with invalid bearer token, raise unauthorized
# so ban middleware can handle it.
if hdrs.AUTHORIZATION in request.headers:
raise web.HTTPUnauthorized() raise web.HTTPUnauthorized()
# Invalid sigAuth or camera access token
raise web.HTTPForbidden() raise web.HTTPForbidden()
if not camera.is_on: if not camera.is_on: