Cleanup and SESAME notification

2018-07-09 01:05:30 +02:00 · 2018-07-09 01:05:30 +02:00 · e18b11deae
commit e18b11deae
parent a74ffff976
3 changed files with 10 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -76,7 +76,7 @@ HTTP requests include the hostname to which the request has been made. To improv
 #### ENV_PREFIX (string)
 To modify the default prefix for settings passed as environment variables (`HC_`) change this setting to another value that meets your demands.
 #### NOTIFY_SERVICE (string)
-Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable!
+Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable! You will be notified if your `HASS_API_PASSWORD`, `SESAME` or `CREDENTIALS` password seems insecure. Additionally a notification with the accessing IP will be sent every time the `SESAME` token has been used for whitelisting.
 
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:
--- a/changelog.txt
+++ b/changelog.txt
@ -1,8 +1,8 @@
 Version 0.3.0 (2018-)
 - Allow passing settings via environment variables (Issue #100) @danielperna84
 - Added basic git stash functionality (Issue #16) @danielperna84
- Logging warnings if used passwords are insecure (Issue #100) @danielperna84
 - Added NOTIFY_SERVICE option @danielperna84
+- Notifying if used passwords are insecure (Issue #100) and if SESAME has been used @danielperna84

 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
--- a/configurator.py
+++ b/configurator.py
@ -3585,6 +3585,12 @@ class RequestHandler(BaseHTTPRequestHandler):
                self.send_response(302)
                self.send_header('Location', url)
                self.end_headers()
+                data = {
+                    "title": "HASS Configurator - SESAME access",
+                    "message": "Your SESAME token has been used to whitelist " \
+                    "the IP address %s." % self.client_address[0]
+                }
+                notify(**data)
                return
        if not check_access(self.client_address[0]):
            self.do_BLOCK()
@ -4541,8 +4547,7 @@ class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
    def __init__(self, server_address, RequestHandlerClass):
        socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass)

-def notify(service=NOTIFY_SERVICE,
-           title="HASS Configurator",
+def notify(title="HASS Configurator",
           message="Notification by HASS Configurator",
           notification_id=None):
    if not HASS_API:
@ -4559,7 +4564,7 @@ def notify(service=NOTIFY_SERVICE,
    if HASS_API_PASSWORD:
        headers["x-ha-access"] = HASS_API_PASSWORD
    req = urllib.request.Request(
-        "%sservices/%s" % (HASS_API, service.replace('.', '/')),
+        "%sservices/%s" % (HASS_API, NOTIFY_SERVICE.replace('.', '/')),
        data=bytes(json.dumps(data).encode('utf-8')),
        headers=headers, method='POST')
    try:
@ -4583,7 +4588,6 @@ def main(args):
            problems = password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
        if problems:
            data = {
-                "service": NOTIFY_SERVICE,
                "title": "HASS Configurator - Password warning",
                "message": "Your HASS API password seems insecure (%i). " \
                "Refer to the HASS configurator logs for further information." % problems,
@ -4596,7 +4600,6 @@ def main(args):
            problems = password_problems(SESAME, "SESAME")
        if problems:
            data = {
-                "service": NOTIFY_SERVICE,
                "title": "HASS Configurator - Password warning",
                "message": "Your SESAME seems insecure (%i). " \
                "Refer to the HASS configurator logs for further information." % problems,
@ -4609,7 +4612,6 @@ def main(args):
            problems = password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
        if problems:
            data = {
-                "service": NOTIFY_SERVICE,
                "title": "HASS Configurator - Password warning",
                "message": "Your CREDENTIALS seems insecure (%i). " \
                "Refer to the HASS configurator logs for further information." % problems,