From 5c4d3665188b7c204710db05c552afc351ac823f Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Tue, 7 Aug 2018 23:41:11 +0200 Subject: [PATCH 1/7] Allow numeric passwords, fixes #108 --- changelog.txt | 3 +++ configurator.py | 1 + 2 files changed, 4 insertions(+) diff --git a/changelog.txt b/changelog.txt index 30088b3..4f5ef25 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,6 @@ +Version 0.3.2 (2018-) +- Allow `PASSWORD` to be numeric (Issue #108) @danielperna84 + Version 0.3.1 (2018-07-15) - Fix SESAME / SESAME_TOTP_SECRET bug (Issue #103) @danielperna84 - Added client IP to network status modal @danielperna84 diff --git a/configurator.py b/configurator.py index 11b767d..2f94fb1 100755 --- a/configurator.py +++ b/configurator.py @@ -3504,6 +3504,7 @@ def load_settings(settingsfile): ssl._create_default_https_context = ssl._create_unverified_context USERNAME = settings.get("USERNAME", USERNAME) PASSWORD = settings.get("PASSWORD", PASSWORD) + PASSWORD = str(PASSWORD) if PASSWORD else None if CREDENTIALS and (USERNAME is None or PASSWORD is None): USERNAME = CREDENTIALS.split(":")[0] PASSWORD = ":".join(CREDENTIALS.split(":")[1:]) From 6cc43ece3c20ddc64d4f912535886fd2ed1ef131 Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Tue, 7 Aug 2018 23:43:13 +0200 Subject: [PATCH 2/7] Bump version --- configurator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurator.py b/configurator.py index 2f94fb1..a661435 100755 --- a/configurator.py +++ b/configurator.py @@ -101,7 +101,7 @@ SO.setFormatter( logging.Formatter('%(levelname)s:%(asctime)s:%(name)s:%(message)s')) LOG.addHandler(SO) RELEASEURL = "https://api.github.com/repos/danielperna84/hass-configurator/releases/latest" -VERSION = "0.3.1" +VERSION = "0.3.2" BASEDIR = "." DEV = False LISTENPORT = None From aa88023191c228f962f5b1a24d4f2985b3e6983d Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Wed, 8 Aug 2018 00:05:00 +0200 Subject: [PATCH 3/7] Lint --- configurator.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/configurator.py b/configurator.py index a661435..a3138a8 100755 --- a/configurator.py +++ b/configurator.py @@ -3664,7 +3664,6 @@ class RequestHandler(BaseHTTPRequestHandler): # pylint: disable=redefined-builtin def log_message(self, format, *args): LOG.info("%s - %s" % (self.client_address[0], format % args)) - return # pylint: disable=invalid-name def do_BLOCK(self, status=420, reason="Policy not fulfilled"): @@ -3719,6 +3718,7 @@ class RequestHandler(BaseHTTPRequestHandler): return query = parse_qs(req.query) self.send_response(200) + # pylint: disable=no-else-return if req.path.endswith('/api/file'): content = "" self.send_header('Content-type', 'text/text') @@ -3757,8 +3757,7 @@ class RequestHandler(BaseHTTPRequestHandler): self.end_headers() self.wfile.write(filecontent) return - else: - content = "File not found" + content = "File not found" except Exception as err: LOG.warning(err) content = str(err) @@ -4693,8 +4692,7 @@ class AuthHandler(RequestHandler): LOG.warning("Blocking access from %s" % self.client_address[0]) self.do_BLOCK() return - else: - FAIL2BAN_IPS[self.client_address[0]] = bancounter + 1 + FAIL2BAN_IPS[self.client_address[0]] = bancounter + 1 self.do_AUTHHEAD() self.wfile.write(bytes('Authentication required', 'utf-8')) @@ -4726,8 +4724,7 @@ class AuthHandler(RequestHandler): LOG.warning("Blocking access from %s" % self.client_address[0]) self.do_BLOCK() return - else: - FAIL2BAN_IPS[self.client_address[0]] = bancounter + 1 + FAIL2BAN_IPS[self.client_address[0]] = bancounter + 1 self.do_AUTHHEAD() self.wfile.write(bytes('Authentication required', 'utf-8')) From ed1d6f0d574ed2d94d9ffd769696e2c7d89cbff6 Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Wed, 8 Aug 2018 00:32:58 +0200 Subject: [PATCH 4/7] Sanity check for list-options, fixes Issue #109 --- changelog.txt | 1 + configurator.py | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/changelog.txt b/changelog.txt index 4f5ef25..c484606 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,6 @@ Version 0.3.2 (2018-) - Allow `PASSWORD` to be numeric (Issue #108) @danielperna84 +- Sanity check for `ALLOWED_NETWORKS`, `BANNED_IPS` and `IGNORE_PATTERN` (Issue #109) @danielperna84 Version 0.3.1 (2018-07-15) - Fix SESAME / SESAME_TOTP_SECRET bug (Issue #103) @danielperna84 diff --git a/configurator.py b/configurator.py index a3138a8..602fb7d 100755 --- a/configurator.py +++ b/configurator.py @@ -3489,10 +3489,29 @@ def load_settings(settingsfile): HASS_API_PASSWORD = settings.get("HASS_API_PASSWORD", HASS_API_PASSWORD) CREDENTIALS = settings.get("CREDENTIALS", CREDENTIALS) ALLOWED_NETWORKS = settings.get("ALLOWED_NETWORKS", ALLOWED_NETWORKS) + if ALLOWED_NETWORKS and not all(ALLOWED_NETWORKS): + LOG.warning("Invalid value for ALLOWED_NETWORKS. Using empty list.") + ALLOWED_NETWORKS = [] + for net in ALLOWED_NETWORKS: + try: + ipaddress.ip_network(net) + except Exception: + LOG.warning("Invalid network in ALLOWED_NETWORKS: %s", net) BANNED_IPS = settings.get("BANNED_IPS", BANNED_IPS) + if BANNED_IPS and not all(BANNED_IPS): + LOG.warning("Invalid value for BANNED_IPS. Using empty list.") + BANNED_IPS = [] + for banned_ip in BANNED_IPS: + try: + ipaddress.ip_address(banned_ip) + except Exception: + LOG.warning("Invalid IP address in BANNED_IPS: %s", banned_ip) BANLIMIT = settings.get("BANLIMIT", BANLIMIT) DEV = settings.get("DEV", DEV) IGNORE_PATTERN = settings.get("IGNORE_PATTERN", IGNORE_PATTERN) + if IGNORE_PATTERN and not all(IGNORE_PATTERN): + LOG.warning("Invalid value for IGNORE_PATTERN. Using empty list.") + IGNORE_PATTERN = [] DIRSFIRST = settings.get("DIRSFIRST", DIRSFIRST) SESAME = settings.get("SESAME", SESAME) SESAME_TOTP_SECRET = settings.get("SESAME_TOTP_SECRET", SESAME_TOTP_SECRET) From 6979de093150b80ae0d88597df186a4dc20fa52d Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Wed, 8 Aug 2018 01:00:52 +0200 Subject: [PATCH 5/7] Reading files as UTF-8, fixes #80 --- changelog.txt | 1 + configurator.py | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/changelog.txt b/changelog.txt index c484606..3c472d1 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,6 +1,7 @@ Version 0.3.2 (2018-) - Allow `PASSWORD` to be numeric (Issue #108) @danielperna84 - Sanity check for `ALLOWED_NETWORKS`, `BANNED_IPS` and `IGNORE_PATTERN` (Issue #109) @danielperna84 +- Reading files as UTF-8 (Issue #80) @danielperna84 Version 0.3.1 (2018-07-15) - Fix SESAME / SESAME_TOTP_SECRET bug (Issue #103) @danielperna84 diff --git a/configurator.py b/configurator.py index 602fb7d..87af57e 100755 --- a/configurator.py +++ b/configurator.py @@ -3749,8 +3749,8 @@ class RequestHandler(BaseHTTPRequestHandler): if ENFORCE_BASEPATH and not is_safe_path(BASEPATH, filename): raise OSError('Access denied.') if os.path.isfile(os.path.join(BASEDIR.encode('utf-8'), filename)): - with open(os.path.join(BASEDIR.encode('utf-8'), filename)) as fptr: - content += fptr.read() + with open(os.path.join(BASEDIR.encode('utf-8'), filename), 'rb') as fptr: + content += fptr.read().decode('utf-8') else: content = "File not found" except Exception as err: From bd4d23f4a94144671ceaadaf7cc67f0eb19a6483 Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Thu, 9 Aug 2018 00:09:41 +0200 Subject: [PATCH 6/7] Updated changelog --- changelog.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.txt b/changelog.txt index 3c472d1..fa88746 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,4 +1,4 @@ -Version 0.3.2 (2018-) +Version 0.3.2 (2018-08-09) - Allow `PASSWORD` to be numeric (Issue #108) @danielperna84 - Sanity check for `ALLOWED_NETWORKS`, `BANNED_IPS` and `IGNORE_PATTERN` (Issue #109) @danielperna84 - Reading files as UTF-8 (Issue #80) @danielperna84 From e2266672c2115ba9461df6f807729f4fc1f5b6ba Mon Sep 17 00:00:00 2001 From: Daniel Perna Date: Thu, 9 Aug 2018 00:23:52 +0200 Subject: [PATCH 7/7] Removing invalid values in case they slip through, Issue #109 --- configurator.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurator.py b/configurator.py index 87af57e..f053d95 100755 --- a/configurator.py +++ b/configurator.py @@ -3497,6 +3497,7 @@ def load_settings(settingsfile): ipaddress.ip_network(net) except Exception: LOG.warning("Invalid network in ALLOWED_NETWORKS: %s", net) + ALLOWED_NETWORKS.remove(net) BANNED_IPS = settings.get("BANNED_IPS", BANNED_IPS) if BANNED_IPS and not all(BANNED_IPS): LOG.warning("Invalid value for BANNED_IPS. Using empty list.") @@ -3506,6 +3507,7 @@ def load_settings(settingsfile): ipaddress.ip_address(banned_ip) except Exception: LOG.warning("Invalid IP address in BANNED_IPS: %s", banned_ip) + BANNED_IPS.remove(banned_ip) BANLIMIT = settings.get("BANLIMIT", BANLIMIT) DEV = settings.get("DEV", DEV) IGNORE_PATTERN = settings.get("IGNORE_PATTERN", IGNORE_PATTERN)