Fix CLI/Observer access token property (#5973)

The access token token_validation() code in the security middleware potentially accesses the access token property before the Supervisor starts the CLI/Observer plugins, which leads to an KeyError when trying to access the `access_token` property. This change ensures that no key error is raised, but just None is returned.
2025-07-14 20:56:30 +00:00 · 2025-06-24 12:10:36 +02:00 · 2025-06-24 12:10:36 +02:00 · d747a59696
commit d747a59696
parent 3ee7c082ec
2 changed files with 4 additions and 6 deletions
--- a/supervisor/plugins/cli.py
+++ b/supervisor/plugins/cli.py
@ -6,7 +6,6 @@ Code: https://github.com/home-assistant/plugin-cli
 from collections.abc import Awaitable
 import logging
 import secrets
-from typing import cast

 from awesomeversion import AwesomeVersion

@ -54,9 +53,9 @@ class PluginCli(PluginBase):
        return self.sys_updater.version_cli

    @property
-    def supervisor_token(self) -> str:
+    def supervisor_token(self) -> str | None:
        """Return an access token for the Supervisor API."""
-        return cast(str, self._data[ATTR_ACCESS_TOKEN])
+        return self._data.get(ATTR_ACCESS_TOKEN)

    @Job(
        name="plugin_cli_update",
--- a/supervisor/plugins/observer.py
+++ b/supervisor/plugins/observer.py
@ -5,7 +5,6 @@ Code: https://github.com/home-assistant/plugin-observer

 import logging
 import secrets
-from typing import cast

 import aiohttp
 from awesomeversion import AwesomeVersion
@ -60,9 +59,9 @@ class PluginObserver(PluginBase):
        return self.sys_updater.version_observer

    @property
-    def supervisor_token(self) -> str:
+    def supervisor_token(self) -> str | None:
        """Return an access token for the Observer API."""
-        return cast(str, self._data[ATTR_ACCESS_TOKEN])
+        return self._data.get(ATTR_ACCESS_TOKEN)

    @Job(
        name="plugin_observer_update",