mirror of
https://github.com/home-assistant/supervisor.git
synced 2025-07-08 17:56:33 +00:00
Enable Security API (#710)
* Enable Security API * Update addons.py * Update proxy.py * Update __init__.py * Update security.py * Fix lint
This commit is contained in:
parent
267791833e
commit
52da7605f5
@ -43,13 +43,6 @@ class AddonManager(CoreSysAttributes):
|
||||
"""Return an add-on from slug."""
|
||||
return self.addons_obj.get(addon_slug)
|
||||
|
||||
def from_uuid(self, uuid):
|
||||
"""Return an add-on from UUID."""
|
||||
for addon in self.list_addons:
|
||||
if addon.is_installed and uuid == addon.uuid:
|
||||
return addon
|
||||
return None
|
||||
|
||||
def from_token(self, token):
|
||||
"""Return an add-on from Hass.io token."""
|
||||
for addon in self.list_addons:
|
||||
|
@ -24,7 +24,6 @@ from ..const import (
|
||||
CONTENT_TYPE_PNG, CONTENT_TYPE_BINARY, CONTENT_TYPE_TEXT, REQUEST_FROM)
|
||||
from ..coresys import CoreSysAttributes
|
||||
from ..validate import DOCKER_PORTS, ALSA_DEVICE
|
||||
from ..exceptions import APINotSupportedError
|
||||
|
||||
_LOGGER = logging.getLogger(__name__)
|
||||
|
||||
@ -196,13 +195,6 @@ class APIAddons(CoreSysAttributes):
|
||||
async def security(self, request):
|
||||
"""Store security options for add-on."""
|
||||
addon = self._extract_addon(request)
|
||||
|
||||
# Have Access
|
||||
# REMOVE: don't needed anymore
|
||||
if addon.slug == request[REQUEST_FROM]:
|
||||
_LOGGER.error("Can't self modify his security!")
|
||||
raise APINotSupportedError()
|
||||
|
||||
body = await api_validate(SCHEMA_SECURITY, request)
|
||||
|
||||
if ATTR_PROTECTED in body:
|
||||
|
@ -25,10 +25,6 @@ class APIProxy(CoreSysAttributes):
|
||||
hassio_token = request.headers.get(HEADER_HA_ACCESS)
|
||||
addon = self.sys_addons.from_token(hassio_token)
|
||||
|
||||
# REMOVE 132
|
||||
if not addon:
|
||||
addon = self.sys_addons.from_uuid(hassio_token)
|
||||
|
||||
if not addon:
|
||||
_LOGGER.warning("Unknown Home Assistant API access!")
|
||||
elif not addon.access_homeassistant_api:
|
||||
@ -184,10 +180,6 @@ class APIProxy(CoreSysAttributes):
|
||||
response.get('access_token'))
|
||||
addon = self.sys_addons.from_token(hassio_token)
|
||||
|
||||
# REMOVE 132
|
||||
if not addon:
|
||||
addon = self.sys_addons.from_uuid(hassio_token)
|
||||
|
||||
if not addon or not addon.access_homeassistant_api:
|
||||
_LOGGER.warning("Unauthorized WebSocket access!")
|
||||
await server.send_json({
|
||||
|
@ -12,6 +12,14 @@ from ..coresys import CoreSysAttributes
|
||||
|
||||
_LOGGER = logging.getLogger(__name__)
|
||||
|
||||
|
||||
# Block Anytime
|
||||
BLACKLIST = re.compile(
|
||||
r"^(?:"
|
||||
r"|/homeassistant/api/hassio/.*"
|
||||
r")$"
|
||||
)
|
||||
|
||||
# Free to call or have own security concepts
|
||||
NO_SECURITY_CHECK = re.compile(
|
||||
r"^(?:"
|
||||
@ -74,6 +82,10 @@ class SecurityMiddleware(CoreSysAttributes):
|
||||
request_from = None
|
||||
hassio_token = request.headers.get(HEADER_TOKEN)
|
||||
|
||||
# Blacklist
|
||||
if BLACKLIST.match(request.path):
|
||||
raise HTTPForbidden()
|
||||
|
||||
# Ignore security check
|
||||
if NO_SECURITY_CHECK.match(request.path):
|
||||
_LOGGER.debug("Passthrough %s", request.path)
|
||||
@ -100,9 +112,6 @@ class SecurityMiddleware(CoreSysAttributes):
|
||||
addon = None
|
||||
if hassio_token and not request_from:
|
||||
addon = self.sys_addons.from_token(hassio_token)
|
||||
# REMOVE 132
|
||||
if not addon:
|
||||
addon = self.sys_addons.from_uuid(hassio_token)
|
||||
|
||||
# Check Add-on API access
|
||||
if addon and ADDONS_API_BYPASS.match(request.path):
|
||||
@ -115,7 +124,6 @@ class SecurityMiddleware(CoreSysAttributes):
|
||||
request_from = addon.slug
|
||||
else:
|
||||
_LOGGER.warning("%s no role for %s", request.path, addon.slug)
|
||||
request_from = addon.slug # REMOVE: 132
|
||||
|
||||
if request_from:
|
||||
request[REQUEST_FROM] = request_from
|
||||
|
Loading…
x
Reference in New Issue
Block a user