Skip to content

Deprecate http.api_password #21884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 11, 2019
Merged

Deprecate http.api_password #21884

merged 4 commits into from
Mar 11, 2019

Conversation

awarecan
Copy link
Contributor

@awarecan awarecan commented Mar 10, 2019
edited by balloob
Loading

Breaking Changes

http.api_password config is deprecated, please add legacy_api_password auth provider if you still want to use api_password as authentication.

For example, if you have following configuration in previous release

# prior 0.90
homeassistant:
  auth_providers:
   - type: homeassistant
   - type: legacy_api_password
http:
  api_password: 12345678

You will get invalid configuration error in 0.90, because api_password config is required options for legacy_api_password auth provider now. You need to change your configuration.yaml to

# after 0.90
homeassistant:
  auth_providers:
   - type: homeassistant
   - type: legacy_api_password
     api_password: 12345678
http:

However, if you don't have auth_providers under your homeassistant configuration section, for example

# prior 0.90
homeassistant:

http:
  api_password: 12345678

We will give your more time to migrate your configuration, your HA system can still start up, we will load a legacy_api_password auth provider with api_password for you. However, you will receive a warning message to remind you change to the new configuration.

Please note, api_password authentication will eventually be removed, we advise user change to use one of other authentication methods.

Description:

This PR is one more step towards our goal to remove api_password entirely. Now, api_password no long lives in http component, all logic moved to legacy_api_password auth provider.

This PR does not change the way we do authentication, use api_password in query or header is still valid method, but we will print out INFO level log to remind user move away from those method. I am planning increase them to WARN level maybe in 0.91 release.

Detail changes

  • rewrote http auth middleware, better code structure, no function changes
  • deprecated http.api_password
  • removed hass.confg.api.api_password
  • removed password from hassio /homeassistant/options command's payload
  • add few AuthManager helper functions
  • some house clean up

Related issue (if applicable): fixes #

Pull request in home-assistant.io with documentation (if applicable): home-assistant/home-assistant.io#8894

Example entry for configuration.yaml (if applicable):

homeassistant:
  auth_providers:
   - type: homeassistant
   - type: legacy_api_password
      api_password: 12345678
http:

Checklist:

  • The code change is tested and works locally.
  • Local tests pass with tox. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.

If user exposed functionality or configuration variables are added/changed:

If the code does not interact with devices:

  • Tests have been added to verify that the new code works.

@ghost ghost assigned awarecan Mar 10, 2019
@ghost ghost added the in progress label Mar 10, 2019
@awarecan awarecan mentioned this pull request Mar 10, 2019
Merged
2 tasks
@awarecan awarecan marked this pull request as ready for review March 10, 2019 08:55
@awarecan awarecan requested a review from a team as a code owner March 10, 2019 08:55
@awarecan
Deprecated ApiConfig.api_password
a061f07 
GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it
@awarecan awarecan force-pushed the deprecated-api-password branch from 3d4323a to a061f07 Compare March 10, 2019 09:04
balloob
balloob reviewed Mar 10, 2019
View reviewed changes
homeassistant/components/frontend/__init__.py
@@ -407,7 +407,7 @@ def get_template(self, latest):
})

no_auth = '1'
if hass.config.api.api_password and not request[KEY_AUTHENTICATED]:
if not request[KEY_AUTHENTICATED]:
# do not try to auto connect on load
no_auth = '0'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a future PR, this is no longer used.

balloob
balloob reviewed Mar 10, 2019
View reviewed changes
balloob
balloob reviewed Mar 10, 2019
View reviewed changes
balloob
balloob reviewed Mar 10, 2019
View reviewed changes
balloob
balloob reviewed Mar 10, 2019
View reviewed changes
@awarecan awarecan changed the title Deprecated http.api_password Deprecate http.api_password Mar 10, 2019
@balloob balloob merged commit fe1840f into home-assistant:dev Mar 11, 2019
@ghost ghost removed the in progress label Mar 11, 2019
@awarecan awarecan deleted the deprecated-api-password branch March 11, 2019 04:47
@awarecan awarecan mentioned this pull request Mar 11, 2019
Closed
19 tasks
@balloob balloob mentioned this pull request Mar 20, 2019
Merged
@tomhoover tomhoover mentioned this pull request Mar 26, 2019
Closed
@balloob balloob mentioned this pull request Oct 14, 2019
Merged
5 tasks
@DataGhost DataGhost mentioned this pull request Apr 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pvizeli pvizeli pvizeli left review comments

@balloob balloob balloob approved these changes

Assignees

@awarecan awarecan

Labels
breaking-change cla-signed core integration: api integration: frontend integration: hassio integration: http integration: mqtt integration: proxy integration: websocket_api integration: zeroconf
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@awarecan @balloob @pvizeli @homeassistant