mirror/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-02-18 23:45:40 -07:00
Code Issues Packages Projects Releases Wiki Activity
22,232 Commits 114 Branches 586 Tags
4b59ea322a47f93f0ba3cbbea767fc5924051749
Commit Graph

2784 Commits

Author SHA1 Message Date
J. Nick Koston
75c952eaef Merge branch 'template_water_heater_onoff' into integration 2026-02-10 06:21:45 -06:00
J. Nick Koston
1b3f3c04b9 Use mutable globals in water heater test fixture 
Use globals for away/is_on lambdas and sync them in set_action
so optimistic state changes persist across loop iterations.
 2026-02-10 06:17:52 -06:00
J. Nick Koston
6410c6cf9b improve tests 2026-02-10 06:14:41 -06:00
J. Nick Koston
0503760af4 Add integration tests for toggling away and on/off state flags 2026-02-10 06:09:18 -06:00
J. Nick Koston
22b038f6a4 Import WaterHeaterFeature from aioesphomeapi instead of redefining locally 2026-02-10 05:47:46 -06:00
J. Nick Koston
50aaea6bf1 Merge branch 'dev' into template_water_heater_onoff 2026-02-10 05:38:01 -06:00
Cody Cutrer
b97a728cf1 [ld2450] add on_data callback (#13601) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-09 22:40:44 -05:00
J. Nick Koston
13ef9d0fcd Merge remote-tracking branch 'upstream/dev' into integration 2026-02-09 16:46:03 -06:00
Jonathan Swoboda
475db750e0 [uart] Change available() return type from int to size_t (#13893) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 17:41:16 -05:00
tronikos
1419ac8ad8 Merge branch 'dev' into template_water_heater_onoff 2026-02-09 13:03:50 -08:00
J. Nick Koston
b6fdd29953 [voice_assistant] Replace timer unordered_map with vector to eliminate per-tick heap allocation (#13857) 2026-02-09 14:42:40 -06:00
Clyde Stubbs
00256e3ca0 [mipi_rgb] Allow use on P4 (#13740) 2026-02-10 06:35:41 +11:00
J. Nick Koston
e0712cc53b [scheduler] Make core timer ID collisions impossible with type-safe internal IDs (#13882) 
Co-authored-by: Jonathan Swoboda <154711427+swoboda1337@users.noreply.github.com>
 2026-02-09 13:16:22 -06:00
J. Nick Koston
abb88f6b0f Merge remote-tracking branch 'origin/api-flash-string-progmem' into integration 2026-02-09 11:16:41 -06:00
J. Nick Koston
5d5344cf91 Add tests for cg.templatable() auto FlashStringLiteral wrapping 
Cover the new automatic ESPHOME_F() wrapping behavior: static strings
with std::string output_type, non-string values, None output_type,
to_exp callable/dict, and lambda passthrough.
 2026-02-09 10:56:56 -06:00
J. Nick Koston
66af998098 [dashboard] Handle malformed Basic Auth headers gracefully (#13866) 2026-02-09 08:45:03 -06:00
J. Nick Koston
8b8acb3b27 [dashboard] Use constant-time comparison for username check (#13865) 2026-02-09 08:31:06 -06:00
J. Nick Koston
1c60efa4b6 [ota] Use secrets module for OTA authentication cnonce (#13863) 2026-02-09 08:30:49 -06:00
J. Nick Koston
c990da265a Add unit tests for FlashStringLiteral 
Cover the three lines reported uncovered by codecov in
cpp_generator.py (FlashStringLiteral.__init__ and __str__).
 2026-02-09 07:45:03 -06:00
J. Nick Koston
a6345eea08 Merge branch 'scheduler_uint32t_core_filters' into integration 2026-02-09 06:32:01 -06:00
J. Nick Koston
3d2b9641a4 [scheduler] Add integration test for internal vs numeric ID isolation 
Verifies that NUMERIC_ID_INTERNAL and NUMERIC_ID are completely
independent matching namespaces — same uint32_t value on the same
component does not collide. Tests that cancelling one type does not
affect the other, and that string names also don't cross-match.
 2026-02-09 06:05:13 -06:00
tronikos
2cf853d6a1 Merge branch 'dev' into template_water_heater_onoff 2026-02-09 02:04:15 -08:00
J. Nick Koston
5370687001 [wizard] Use secrets module for fallback AP password generation (#13864) 2026-02-09 03:25:41 -06:00
J. Nick Koston
6ee185c58a [dashboard] Use resolve/relative_to for download path validation (#13867) 2026-02-09 03:25:23 -06:00
tronikos
0c510ff1e7 update 2026-02-08 22:09:08 -08:00
tronikos
2d22bd4951 fix 2026-02-08 21:35:29 -08:00
Clyde Stubbs
756f1c6b7e [lvgl] Fix crash with unconfigured top_layer (#13846) 2026-02-08 21:53:43 -05:00
J. Nick Koston
5cb3af9e0e Merge branch 'hardening/api-varint-guard' into integration 2026-02-08 08:38:46 -06:00
J. Nick Koston
41fedaedb3 [udp] Eliminate per-loop heap allocation using std::span (#13838) 
Co-authored-by: Clyde Stubbs <2366188+clydebarrow@users.noreply.github.com>
 2026-02-08 08:26:47 -06:00
J. Nick Koston
b283f1ae75 Merge all hardening branches into integration 
Resolve conflict in web_server_idf.cpp: keep constant-time compare
logic adapted to stack-allocated digest buffer from integration.
 2026-02-08 08:03:23 -06:00
J. Nick Koston
2ceb6ee95b Add comment explaining Windows-specific multiple_dots behavior 
On Windows, Path.resolve() treats '....' as parent traversal (403),
while on Unix it is a literal directory name that stays inside the
base directory (404).
 2026-02-08 07:55:48 -06:00
J. Nick Koston
4cdd73904f Encode usernames as UTF-8 bytes for hmac.compare_digest 
hmac.compare_digest() on str inputs raises TypeError if either
contains non-ASCII characters. Encode both sides as UTF-8 bytes.
Add test with non-ASCII username to prevent regressions.
 2026-02-08 07:49:53 -06:00
J. Nick Koston
b8cad678b1 URL-encode whitespace in empty file name test parameter 
Replace raw spaces with %20%20 to avoid flakiness from HTTP clients
handling unencoded spaces differently.
 2026-02-08 07:48:41 -06:00
J. Nick Koston
5c5bf50e49 Update test docstring to reflect validation instead of sanitization 2026-02-08 07:41:00 -06:00
J. Nick Koston
401d3c2056 Fix idedata test mock to use Path instead of str 
The test set mock_image.path to str, but FlashImage.path is a Path.
This masked a pre-existing bug where Path.endswith() doesn't exist.
Fix the mock to match the real type so as_posix() works correctly.
 2026-02-08 07:36:02 -06:00
J. Nick Koston
30662bc11b Update module docstring to reflect auth test coverage 2026-02-08 07:34:14 -06:00
J. Nick Koston
b650d2df31 Reject empty file names and fix FlashImage.path endswith call 
- Return 400 for empty or whitespace-only file_name to prevent the
  idedata fallback from matching everything via empty-string suffix.
- Use image.path.as_posix().endswith() since FlashImage.path is a Path
  object which does not have a string endswith method.
- Add parametrized test for empty/whitespace file name values.
 2026-02-08 07:32:00 -06:00
J. Nick Koston
4795971f1c Use usefixtures for tests that don't reference mock_auth_settings 
Replace unused mock_auth_settings parameter with
@pytest.mark.usefixtures decorator to avoid PLW0613 lint warnings.
 2026-02-08 07:25:19 -06:00
J. Nick Koston
ea99593575 Build auth_settings on dashboard_settings and monkeypatch env 
- Refactor auth_settings fixture to extend dashboard_settings instead
  of duplicating setup.
- Explicitly clear DISABLE_HA_AUTHENTICATION in HA add-on test to
  prevent order-dependent flakiness.
 2026-02-08 07:24:44 -06:00
J. Nick Koston
bf7ede1d43 Make mock_token_hex strict on unexpected nbytes 
Raise ValueError for unexpected nbytes values so tests fail clearly
if production code starts calling token_hex with an incorrect size.
 2026-02-08 07:24:11 -06:00
J. Nick Koston
43448d55f1 Guard against None firmware_bin_path and mock subprocess in tests 
- Add None check for storage_json.firmware_bin_path before computing
  base_dir (covers configs from StorageJSON.from_wizard()).
- Mock async_run_system_command in path traversal tests so paths that
  pass validation but don't exist return 404 deterministically.
- Add test for firmware_bin_path=None case.
 2026-02-08 07:23:24 -06:00
J. Nick Koston
e362e6fe2f Fix multiple_dots test for Windows path resolution 
On Windows, ....//secrets.yaml escapes the base directory (403),
while on Unix it stays inside (404). Use sys.platform to set the
expected status code per platform.
 2026-02-08 07:22:08 -06:00
J. Nick Koston
82d9616f1b Add explicit binascii.Error catch and bad-padding test 
binascii.Error is already a subclass of ValueError, but listing it
explicitly makes the intent clear. Added test for incorrect base64
padding (e.g. "Basic abc").
 2026-02-08 07:18:29 -06:00
J. Nick Koston
a167332518 Fix password_hash type and add HA add-on regression test 
Initialize password_hash as b"" (bytes) to match password_hash()
return type, preventing TypeError in hmac.compare_digest when
HA add-on auth is enabled without a password.
 2026-02-08 07:14:20 -06:00
J. Nick Koston
1b7efdd051 Match cnonce length to hash algorithm digest size 
Use nonce_size // 2 as token_hex argument so MD5 auth produces
a 32-char cnonce and SHA256 auth produces a 64-char cnonce,
matching the original protocol behavior.

Rename mock_random fixture to mock_token_hex and use separate
mock cnonce constants per hash algorithm.
 2026-02-08 07:11:56 -06:00
J. Nick Koston
caff93d7b8 Add test coverage for secrets.choice in fallback PSK generation 
Verifies that wizard_file uses secrets.choice (not random.choice)
to generate the 12-character fallback hotspot password.
 2026-02-08 07:08:25 -06:00
J. Nick Koston
806a86a6ad Add test coverage for is_authenticated base64 handling 
Tests malformed base64, invalid UTF-8, missing colon separator,
valid credentials, wrong credentials, and auth-disabled cases.
 2026-02-08 07:06:24 -06:00
J. Nick Koston
42126bae72 Add test coverage for check_password 
Tests correct credentials, wrong password, wrong username,
both wrong, and auth-disabled cases.
 2026-02-08 07:03:29 -06:00
J. Nick Koston
803b9a7a18 Update path traversal tests for resolve/relative_to behavior 
Real traversals that escape the base directory now return 403.
Paths like '....' that resolve inside the base directory but
don't exist return 404.
 2026-02-08 07:01:37 -06:00
J. Nick Koston
a8fd6c132e Update tests to mock secrets.token_hex instead of random.random 
The cnonce generation was changed to use secrets.token_hex(32),
so the test mocks and assertions need to match.
 2026-02-08 06:59:32 -06:00