Fix SESAME bug (Issue #103)

changelog.txt

@@ -1,3 +1,6 @@
+Version 0.3.1 (2018-07-15)
+- Fix SESAME / SESAME_TOTP_SECRET bug (Issue #103)
+
 Version 0.3.0 (2018-07-13)
 - Allow passing settings via environment variables (Issue #100) @danielperna84
 - Added basic git stash functionality (Issue #16) @danielperna84

configurator.py

@@ -3668,22 +3668,40 @@ class RequestHandler(BaseHTTPRequestHandler):
         req = urlparse(self.path)
         if SESAME or TOTP:
             chunk = req.path.split("/")[-1]
-            if chunk == SESAME or TOTP.verify(chunk):
+            if SESAME:
-                if self.client_address[0] not in ALLOWED_NETWORKS:
+                if chunk == SESAME:
-                    ALLOWED_NETWORKS.append(self.client_address[0])
+                    if self.client_address[0] not in ALLOWED_NETWORKS:
-                if self.client_address[0] in BANNED_IPS:
+                        ALLOWED_NETWORKS.append(self.client_address[0])
-                    BANNED_IPS.remove(self.client_address[0])
+                    if self.client_address[0] in BANNED_IPS:
-                url = req.path[:req.path.rfind(chunk)]
+                        BANNED_IPS.remove(self.client_address[0])
-                self.send_response(302)
+                    url = req.path[:req.path.rfind(chunk)]
-                self.send_header('Location', url)
+                    self.send_response(302)
-                self.end_headers()
+                    self.send_header('Location', url)
-                data = {
+                    self.end_headers()
-                    "title": "HASS Configurator - SESAME access",
+                    data = {
-                    "message": "Your SESAME token has been used to whitelist " \
+                        "title": "HASS Configurator - SESAME access",
-                    "the IP address %s." % self.client_address[0]
+                        "message": "Your SESAME token has been used to whitelist " \
-                }
+                        "the IP address %s." % self.client_address[0]
-                notify(**data)
+                    }
-                return
+                    notify(**data)
+                    return
+            if TOTP:
+                if TOTP.verify(chunk):
+                    if self.client_address[0] not in ALLOWED_NETWORKS:
+                        ALLOWED_NETWORKS.append(self.client_address[0])
+                    if self.client_address[0] in BANNED_IPS:
+                        BANNED_IPS.remove(self.client_address[0])
+                    url = req.path[:req.path.rfind(chunk)]
+                    self.send_response(302)
+                    self.send_header('Location', url)
+                    self.end_headers()
+                    data = {
+                        "title": "HASS Configurator - SESAME access",
+                        "message": "Your SESAME token has been used to whitelist " \
+                        "the IP address %s." % self.client_address[0]
+                    }
+                    notify(**data)
+                    return
         if not check_access(self.client_address[0]):
             self.do_BLOCK()
             return