Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication and security issue #15

Open
0R2YPsALXTVed6y opened this issue May 30, 2023 · 3 comments
Open

Authentication and security issue #15

0R2YPsALXTVed6y opened this issue May 30, 2023 · 3 comments
Labels
help wanted Extra attention is needed

Comments

@0R2YPsALXTVed6y
Copy link

Hi there,
Can you please help me/us find a way to fix authentication for diyhue. Since we have to use port 80, diyhue is very exposed. Anyone who opens the hass url locally as well as publicly (all over the world!) has access to diyhue. The next security issue is that the long-lived hass token is plain displayed. So everyone can access hass if they want. User and password change are not a problem with the debugging workaround, but with the forced auto-login it makes no sense. Hopefully there is a solution because of all the options for emulated hue, diyhue is the only real working way to do it ATM!

@mariusmotea
Copy link
Member

Need some help here, maybe somebody with better skills in flask can provide some advice.

@mariusmotea mariusmotea added the help wanted Extra attention is needed label May 30, 2023
@0R2YPsALXTVed6y
Copy link
Author

Hi! Thanks for you quick reply.
If you search for:
#@flask_login.login_required
in de main source, you can see login is comment out a few times. I don't know for sure, but maybe it's the solution. Hopefully someone with skills of flask can confirm this.

@hendriksen-mark
Copy link
Member

this should be fixed now, port 80 and 443 are not changebel, the hue app needs these ports to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

3 participants