Fix snapshot HA / remove API password (#1425)

* Fix snapshot HA / remove API password

* fix lint

* Fix log

* cleanup API

* stale password handling

* fix lint
This commit is contained in:
Pascal Vizeli 2020-01-09 14:35:37 +01:00 committed by GitHub
parent 80bc32243c
commit 0925af91e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 19 additions and 39 deletions

1
API.md
View File

@ -410,7 +410,6 @@ Output is the raw Docker log.
"last_version": "Optional for custom image|null",
"port": "port for access hass",
"ssl": "bool",
"password": "",
"refresh_token": "",
"watchdog": "bool",
"wait_boot": 600

View File

@ -254,10 +254,10 @@ class AddonManager(CoreSysAttributes):
async def restore(self, slug: str, tar_file: tarfile.TarFile) -> None:
"""Restore state of an add-on."""
if slug not in self.local:
_LOGGER.debug("Add-on %s is not local available for restore")
_LOGGER.debug("Add-on %s is not local available for restore", slug)
addon = Addon(self.coresys, slug)
else:
_LOGGER.debug("Add-on %s is local available for restore")
_LOGGER.debug("Add-on %s is local available for restore", slug)
addon = self.local[slug]
await addon.restore(tar_file)

View File

@ -21,7 +21,6 @@ from ..const import (
ATTR_MEMORY_PERCENT,
ATTR_NETWORK_RX,
ATTR_NETWORK_TX,
ATTR_PASSWORD,
ATTR_PORT,
ATTR_REFRESH_TOKEN,
ATTR_SSL,
@ -45,7 +44,6 @@ SCHEMA_OPTIONS = vol.Schema(
vol.Inclusive(ATTR_IMAGE, "custom_hass"): vol.Maybe(docker_image),
vol.Inclusive(ATTR_LAST_VERSION, "custom_hass"): vol.Maybe(vol.Coerce(str)),
vol.Optional(ATTR_PORT): network_port,
vol.Optional(ATTR_PASSWORD): vol.Maybe(vol.Coerce(str)),
vol.Optional(ATTR_SSL): vol.Boolean(),
vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
vol.Optional(ATTR_WAIT_BOOT): vol.All(vol.Coerce(int), vol.Range(min=60)),
@ -92,10 +90,6 @@ class APIHomeAssistant(CoreSysAttributes):
if ATTR_PORT in body:
self.sys_homeassistant.api_port = body[ATTR_PORT]
if ATTR_PASSWORD in body:
self.sys_homeassistant.api_password = body[ATTR_PASSWORD]
self.sys_homeassistant.refresh_token = None
if ATTR_SSL in body:
self.sys_homeassistant.api_ssl = body[ATTR_SSL]
@ -107,7 +101,6 @@ class APIHomeAssistant(CoreSysAttributes):
if ATTR_REFRESH_TOKEN in body:
self.sys_homeassistant.refresh_token = body[ATTR_REFRESH_TOKEN]
self.sys_homeassistant.api_password = None
self.sys_homeassistant.save_data()

View File

@ -22,7 +22,6 @@ from .const import (
ATTR_BOOT,
ATTR_IMAGE,
ATTR_LAST_VERSION,
ATTR_PASSWORD,
ATTR_PORT,
ATTR_REFRESH_TOKEN,
ATTR_SSL,
@ -31,7 +30,6 @@ from .const import (
ATTR_WAIT_BOOT,
ATTR_WATCHDOG,
FILE_HASSIO_HOMEASSISTANT,
HEADER_HA_ACCESS,
)
from .coresys import CoreSys, CoreSysAttributes
from .docker.homeassistant import DockerHomeAssistant
@ -122,16 +120,6 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
"""Set network port for Home Assistant instance."""
self._data[ATTR_PORT] = value
@property
def api_password(self) -> str:
"""Return password for Home Assistant instance."""
return self._data.get(ATTR_PASSWORD)
@api_password.setter
def api_password(self, value: str):
"""Set password for Home Assistant instance."""
self._data[ATTR_PASSWORD] = value
@property
def api_ssl(self) -> bool:
"""Return if we need ssl to Home Assistant instance."""
@ -500,10 +488,6 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
if content_type is not None:
headers[hdrs.CONTENT_TYPE] = content_type
# Set old API Password
if not self.refresh_token and self.api_password:
headers[HEADER_HA_ACCESS] = self.api_password
for _ in (1, 2):
# Prepare Access token
if self.refresh_token:

View File

@ -24,7 +24,6 @@ from ..const import (
ATTR_IMAGE,
ATTR_LAST_VERSION,
ATTR_NAME,
ATTR_PASSWORD,
ATTR_PORT,
ATTR_PROTECTED,
ATTR_REFRESH_TOKEN,
@ -37,16 +36,27 @@ from ..const import (
ATTR_WAIT_BOOT,
ATTR_WATCHDOG,
CRYPTO_AES128,
FOLDER_HOMEASSISTANT,
)
from ..coresys import CoreSys, CoreSysAttributes
from ..exceptions import AddonsError
from ..utils.json import write_json_file
from ..utils.tar import SecureTarFile, secure_path
from ..utils.tar import SecureTarFile, exclude_filter, secure_path
from .utils import key_to_iv, password_for_validating, password_to_key, remove_folder
from .validate import ALL_FOLDERS, SCHEMA_SNAPSHOT
_LOGGER: logging.Logger = logging.getLogger(__name__)
MAP_FOLDER_EXCLUDE = {
FOLDER_HOMEASSISTANT: [
"*.db-wal",
"*.db-shm",
"__pycache__/*",
"*.log",
"OZW_Log.txt",
]
}
class Snapshot(CoreSysAttributes):
"""A single Hass.io snapshot."""
@ -359,7 +369,11 @@ class Snapshot(CoreSysAttributes):
try:
_LOGGER.info("Snapshot folder %s", name)
with SecureTarFile(tar_name, "w", key=self._key) as tar_file:
tar_file.add(origin_dir, arcname=".")
tar_file.add(
origin_dir,
arcname=".",
filter=exclude_filter(MAP_FOLDER_EXCLUDE.get(name, [])),
)
_LOGGER.info("Snapshot folder %s done", name)
self._data[ATTR_FOLDERS].append(name)
@ -428,9 +442,6 @@ class Snapshot(CoreSysAttributes):
self.homeassistant[ATTR_REFRESH_TOKEN] = self._encrypt_data(
self.sys_homeassistant.refresh_token
)
self.homeassistant[ATTR_PASSWORD] = self._encrypt_data(
self.sys_homeassistant.api_password
)
def restore_homeassistant(self):
"""Write all data to the Home Assistant object."""
@ -451,9 +462,6 @@ class Snapshot(CoreSysAttributes):
self.sys_homeassistant.refresh_token = self._decrypt_data(
self.homeassistant[ATTR_REFRESH_TOKEN]
)
self.sys_homeassistant.api_password = self._decrypt_data(
self.homeassistant[ATTR_PASSWORD]
)
# save
self.sys_homeassistant.save_data()

View File

@ -11,7 +11,6 @@ from ..const import (
ATTR_IMAGE,
ATTR_LAST_VERSION,
ATTR_NAME,
ATTR_PASSWORD,
ATTR_PORT,
ATTR_PROTECTED,
ATTR_REFRESH_TOKEN,
@ -64,7 +63,6 @@ SCHEMA_SNAPSHOT = vol.Schema(
vol.Optional(ATTR_BOOT, default=True): vol.Boolean(),
vol.Optional(ATTR_SSL, default=False): vol.Boolean(),
vol.Optional(ATTR_PORT, default=8123): network_port,
vol.Optional(ATTR_PASSWORD): vol.Maybe(vol.Coerce(str)),
vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
vol.Optional(ATTR_WATCHDOG, default=True): vol.Boolean(),
vol.Optional(ATTR_WAIT_BOOT, default=600): vol.All(

View File

@ -21,7 +21,6 @@ from .const import (
ATTR_LAST_BOOT,
ATTR_LAST_VERSION,
ATTR_LOGGING,
ATTR_PASSWORD,
ATTR_PORT,
ATTR_PORTS,
ATTR_REFRESH_TOKEN,
@ -110,7 +109,6 @@ SCHEMA_HASS_CONFIG = vol.Schema(
vol.Inclusive(ATTR_IMAGE, "custom_hass"): docker_image,
vol.Inclusive(ATTR_LAST_VERSION, "custom_hass"): vol.Coerce(str),
vol.Optional(ATTR_PORT, default=8123): network_port,
vol.Optional(ATTR_PASSWORD): vol.Maybe(vol.Coerce(str)),
vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
vol.Optional(ATTR_SSL, default=False): vol.Boolean(),
vol.Optional(ATTR_WATCHDOG, default=True): vol.Boolean(),