Skip to content

v0.16.4 - Config flow fix, phantom ring fix, FCM hardening

Choose a tag to compare

@bvis bvis released this 11 Jun 21:57
4a79711

Stable release consolidating the 0.16.4 betas. Verified on a live Home Assistant instance.

Fixed

  • Config flow could not render on recent Home Assistant versions (#8, #9, #10, #11) — the credentials form used a custom callable HTTPS validator that voluptuous_serialize cannot convert (ValueError: Unable to convert schema: <function _https_url ...>), blocking login entirely. URL fields are now plain strings in the form schema and HTTPS validation runs after submit, returning a translated invalid_url error in all 10 languages. Contributed by @pespinel (#7) — thank you!
  • Phantom doorbell ring on Home Assistant restart — event entities (doorbell ring, door opened, camera on) inherited their availability from the device connection_state. A transient intercom disconnect, or the brief window during an HA restart, flapped them to unavailable and back; on recovery the EventEntity restores its last event (e.g. ring) and Home Assistant fires state triggers, so doorbell automations ran with no push notification involved. Event availability is now decoupled from connectivity, eliminating the flap. Real doorbell rings still fire normally.
  • Hardened the FCM push client against firebase-messaging reconnect storms (#12) — a poisoned StreamReader in the upstream _listen loop re-raises the same exception object every iteration, growing its traceback while logging.exception formats it inside the HA event loop; on Python 3.14 this is quadratic and pegs the core until the Supervisor watchdog kills HA.
    • A logging.Filter on the firebase_messaging.fcmpushclient logger strips exc_info after 3 tracebacks per 5-minute window, defusing the CPU bomb even while the upstream loop spins.
    • abort_on_sequential_error_count is bounded (3) so the client gives up instead of spinning; the watchdog restarts it with a delayed, doubling backoff (5 → 15 min cap) that resets once the listener is healthy. A persistent server-side failure now means "push down for a while" instead of a crash loop.
  • OAuth authentication diagnostics — non-JSON responses, HTTP errors, OAuth error payloads, and missing access_token are handled explicitly with safe, redacted log messages; invalid_client errors point to the OAuth Basic header instead of the user's credentials (#7).
  • APK credential extractionscripts/extract_credentials.py ignores unrelated Basic headers from tracing/telemetry code and generates the OAuth header from OAuthUtils.java + Urls.clientId()/Urls.clientSecret(), detecting the production environment; extracted secrets are redacted in console output (#7).

Upgrade

Update via HACS and restart Home Assistant. The login/credentials form now renders correctly on HA 2026.x.