New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide credentials from generated titles in generic camera #70204
Hide credentials from generated titles in generic camera #70204
Conversation
def slug_url(url) -> str | None: | ||
"""Convert a camera url into a string suitable for a camera name.""" | ||
if not url: | ||
return None | ||
url = URL_RE.sub("//", url) | ||
url_no_scheme = urlparse(url)._replace(scheme="") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Untested, but I think it makes sense to do something like _replace(username=None)._replace(password=None)
instead?
https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlparse
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, will try it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use yarl
instead of urlparse. We use that in most other places in Home Assistant that do URL manipulation too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done a0cf823
Proposed change
When the generic camera integration is set up via a config flow, a title is automatically generated based on the url.
Unfortunately the generated string also includes credentials
e.g.
rtsp://username:pass@192.168.0.10/xxx
creates title
username_pass_192_168_0_10_xxx
This PR drops the credentials from the URL before generating the title string.
Update:
To deal with other places there could be sensitive parameters, the PR now just uses the hostname.
Type of change
Additional information
Checklist
black --fast homeassistant tests
)If user exposed functionality or configuration variables are added/changed:
If the code communicates with devices, web services, or third-party tools:
Updated and included derived files by running:
python3 -m script.hassfest
.requirements_all.txt
.Updated by running
python3 -m script.gen_requirements_all
..coveragerc
.The integration reached or maintains the following Integration Quality Scale:
To help with the load of incoming pull requests: