* Part 1 of 2 (no breaking changes in part 1).
When integrations configured via the UI block startup or fail to start,
the webserver can remain offline which make it is impossible
to recover without manually changing files in
.storage since the UI is not available.
This change is the foundation that part 2 will build on
and enable a listener to start the webserver when the frontend
is finished loading.
Frontend Changes (home-assistant/frontend#6068)
* Address review comments
* bump timeout to 1800s, adjust comment
* bump timeout to 4h
* remove timeout failsafe
* and the test
* Use asynctest patch instead of mock_coro
* Add test for supervisor ip ban
* Do not ban supervisor ip if set
* Extract supervisor ip helper
* Check supervisor ip before banning
* Remove added blank line
* Clean up get supervisor ip
Co-Authored-By: Pascal Vizeli <pvizeli@syshack.ch>
Co-authored-by: Pascal Vizeli <pvizeli@syshack.ch>
* Store last working HTTP settings
* Add safe mode
* Fix tests
* Add cloud to safe mode
* Update logging text
* Fix camera tests leaving files behind
* Make emulated_hue tests not leave files behind
* Make logbook tests not leave files behind
* Make tts tests not leave files behind
* Make image_processing tests not leave files behind
* Make manual_mqtt tests not leave files behind
* Deprecated http.api_password
* Deprecated ApiConfig.api_password
GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it
* Trigger CI
* Adjust if- elif chain in auth middleware
* Force to use access_token if hass.auth.active
* Not allow Basic auth with api_password if hass.auth.active
* Block websocket api_password auth when hass.auth.active
* Add legacy_api_password auth provider
* lint
* lint
* Use new trusted_proxies setting for X-Forwarded-For whitelist
* Only use the last IP in the header
Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format):
> The last IP address is always the IP address that connects to the last proxy,
> which means it is the most reliable source of information.
* Add two additional tests
* Ignore nonsense header values instead of failing
* Add initial user foundation to Home Assistant
* Address comments
* Address comments
* Allow non-ascii passwords
* One more utf-8 hmac compare digest
* Add new line
