Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove direct authentication via trusted networks or API password #27656

Merged
merged 2 commits into from Oct 14, 2019

Conversation

@balloob
Copy link
Member

balloob commented Oct 14, 2019

Breaking Change:

It is no longer possible to make authenticated requests using trusted networks or by appending ?api_password=X to the url. You will now first need to get an authentication token and use that token to make requests.

These features were deprecated in Home Assistant 0.90 and 0.91 (released around April 2019). It was initially planned to be dropped in Home Assistant 0.96 (released July 17, 2019).

This also removes support of configuring the auth providers for API Password and Trusted Networks via the HTTP configuration. It now needs to be configured in the auth provider section (docs).

Description:

This removes the option to directly authenticate with Home Assistant API endpoints by adding an API password or by making the request from a trusted network. These features have been deprecated since early April of this year and were initially planned to be removed on July 17 with the release of Home Assistant 0.96.

Direct authentication meant that you could make an authenticated request without a bearer token by making the request from a trusted network or appending ?api_password=bla to the url.

These features are still available as authentication providers (docs).

The feature to use API passwords for direct authentication has been deprecated since Home Assistant 0.90 released on March 20, 2019 (#21884).

The feature to use trusted networks for direct authentication has been deprecated since Home Assistant 0.91 released on April 3, 2019 (#22487).

Related issue (if applicable): fixes home-assistant/architecture#174

Pull request with documentation for home-assistant.io (if applicable): home-assistant/home-assistant.io#<home-assistant.io PR number goes here>

Checklist:

  • The code change is tested and works locally.
  • Local tests pass with tox. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist

If the code does not interact with devices:

  • Tests have been added to verify that the new code works.
@probot-home-assistant

This comment has been minimized.

Copy link

probot-home-assistant bot commented Oct 14, 2019

Hey there @home-assistant/core, mind taking a look at this pull request as its been labeled with a integration (http) you are listed as a codeowner for? Thanks!

@probot-home-assistant

This comment has been minimized.

Copy link

probot-home-assistant bot commented Oct 14, 2019

Hey there @home-assistant/core, mind taking a look at this pull request as its been labeled with a integration (auth) you are listed as a codeowner for? Thanks!

@project-bot project-bot bot added this to Needs review in Dev Oct 14, 2019
@probot-home-assistant

This comment has been minimized.

Copy link

probot-home-assistant bot commented Oct 14, 2019

Hey there @home-assistant/core, mind taking a look at this pull request as its been labeled with a integration (websocket_api) you are listed as a codeowner for? Thanks!

Copy link
Member

andrewsayre left a comment

Nice! Looks good.

Dev automation moved this from Needs review to Reviewer approved Oct 14, 2019
@balloob balloob merged commit 3231e22 into dev Oct 14, 2019
10 of 11 checks passed
10 of 11 checks passed
codecov/patch 94.11% of diff hit (target 94.35%)
Details
CI Build #20191014.103 succeeded
Details
CI (FullCheck Mypy) FullCheck Mypy succeeded
Details
CI (FullCheck Pylint) FullCheck Pylint succeeded
Details
CI (Overview CheckFormat) Overview CheckFormat succeeded
Details
CI (Overview Lint) Overview Lint succeeded
Details
CI (Overview Validate) Overview Validate succeeded
Details
CI (Tests PyTest Python36) Tests PyTest Python36 succeeded
Details
CI (Tests PyTest Python37) Tests PyTest Python37 succeeded
Details
cla-bot Everyone involved has signed the CLA
codecov/project 94.32% (target 90%)
Details
Dev automation moved this from Reviewer approved to Done Oct 14, 2019
@delete-merged-branch delete-merged-branch bot deleted the remove-api-password-trusted-networks branch Oct 14, 2019
@lock lock bot locked and limited conversation to collaborators Oct 15, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
Dev
  
Done
3 participants
You can’t perform that action at this time.