New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Legacy API password auth provider is not loading if http config file was in packages folder #16441
Comments
According your log, the legacy_api_password auth provider didn't loaded. We log that message as info level if you enabled legacy_api_password auth provider, waning if not. Not sure if the package messed the config processing function. As a quick fix, you can still keep your "pre 77" config, and maybe add in trusted_networks provider if need. Please post your current core section and http section config in here, so that we can investigate the root cause. |
No worries... HTTP component Interface package:
Cores: configuration.yaml
My occupancy package:
|
OK, I can reproduce your issue by move It is a problem, but we may not be able to fix that since we process I will keep this issue open for now, I may revisit it when I have free time. |
No worries, thanks for looking into it 👍 |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 |
To be fair I think this was an edge case, I moved the http config back to configuration.yaml and it worked fine, and have since abolished all use of the api_password and moved the http configuration back to a package without issue. |
Home Assistant release with the issue: 77.3
Last working Home Assistant release (if known): Pre 77
Operating environment (Hass.io/Docker/Windows/etc.): Debian / Venv
Component/platform: Auth
Description of problem:
I have an API password set - I have removed the 'auth' bits from my configuration so it should be default as per the blog. Anything trying to use the old api password is causing an IP ban. Most recent example thus:
I have a bash script that runs when I sync my config to dropbox, the last line of which is
$1 = https://MY-HA-URL/api/events/done_sync
$2 = my legacy api password
What should happen is it fires an event called done_sync, which then trigger another automation.
I've just run it, and when the script completed I did not receive the event, but got this...
So it knows it's on the legacy password, hence the first warning, but it is still not letting it through and has eaten up two of my three chances before an IP ban.
This is also happening with GPS logger and the IOS app, which I've had to disable because we were getting banned every 40 minutes.
Problem-relevant
configuration.yaml
entries and (fill out even if it seems unimportant):My whole config is in packages, which you can see on my github if you want, but basically I have removed the
...that we had pre 77 and the gpslogger/ios configuration is standard, and the api event call is as per my Description above.
Additional information:
Before the auth system became default and I had
in the config, this was working (albeit with countless warnings about bearer tokens!) and I didn't get locked out.
The text was updated successfully, but these errors were encountered: