fix(v6): raise HoleAuthenticationError for invalid password on HTTP 200#38
Open
qnorsten wants to merge 1 commit into
Conversation
Pi-hole v6 returns HTTP 200 with {"session":{"valid":false}} when a wrong
password is supplied, rather than HTTP 401. The previous code raised a plain
HoleError("Authentication unsuccessful: Invalid session") for this path,
inconsistent with the HTTP 401 path which raises HoleAuthenticationError
("Authentication failed: Invalid password").
This inconsistency breaks Home Assistant's determine_api_version() helper,
which calls authenticate() with a deliberately wrong password to probe whether
the instance is v6. It catches HoleError and checks the message string for
"Authentication failed: Invalid password" to confirm v6. The mismatched
message caused version detection to always fall through to the v5 path,
making the integration fail to set up on any instance where the HTTP 200
response completes faster than the timeout (including after the timeout was
fixed in recent versions).
Change the HTTP 200 / valid=false path to raise HoleAuthenticationError with
the same message as the 401 path (status=200) so all "wrong password" cases
are handled uniformly regardless of the HTTP status code Pi-hole returns.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pi-hole v6 returns HTTP 200 with
{"session":{"valid":false}}when a wrongpassword is supplied, rather than HTTP 401. The previous code raised a plain
HoleError("Authentication unsuccessful: Invalid session")for this path,inconsistent with the HTTP 401 path which raises
HoleAuthenticationError("Authentication failed: Invalid password").
This inconsistency breaks Home Assistant's
determine_api_version()helper,which calls
authenticate()with a deliberately wrong password to probewhether the instance is v6. It catches
HoleErrorand checks the messagestring for
"Authentication failed: Invalid password"to confirm v6. Themismatched message caused version detection to always fall through to the v5
path, making the integration fail to set up entirely.
Fix by raising
HoleAuthenticationErrorwith the same message as the 401path (
status=200) so all "wrong password" cases are handled uniformlyregardless of which HTTP status Pi-hole returns.
Confirmed on a Pi-hole v6 instance running on a Raspberry Pi 1 Model A.