Verifies that NUMERIC_ID_INTERNAL and NUMERIC_ID are completely
independent matching namespaces — same uint32_t value on the same
component does not collide. Tests that cancelling one type does not
affect the other, and that string names also don't cross-match.
On Windows, Path.resolve() treats '....' as parent traversal (403),
while on Unix it is a literal directory name that stays inside the
base directory (404).
hmac.compare_digest() on str inputs raises TypeError if either
contains non-ASCII characters. Encode both sides as UTF-8 bytes.
Add test with non-ASCII username to prevent regressions.
The test set mock_image.path to str, but FlashImage.path is a Path.
This masked a pre-existing bug where Path.endswith() doesn't exist.
Fix the mock to match the real type so as_posix() works correctly.
- Return 400 for empty or whitespace-only file_name to prevent the
idedata fallback from matching everything via empty-string suffix.
- Use image.path.as_posix().endswith() since FlashImage.path is a Path
object which does not have a string endswith method.
- Add parametrized test for empty/whitespace file name values.
- Refactor auth_settings fixture to extend dashboard_settings instead
of duplicating setup.
- Explicitly clear DISABLE_HA_AUTHENTICATION in HA add-on test to
prevent order-dependent flakiness.
- Add None check for storage_json.firmware_bin_path before computing
base_dir (covers configs from StorageJSON.from_wizard()).
- Mock async_run_system_command in path traversal tests so paths that
pass validation but don't exist return 404 deterministically.
- Add test for firmware_bin_path=None case.
On Windows, ....//secrets.yaml escapes the base directory (403),
while on Unix it stays inside (404). Use sys.platform to set the
expected status code per platform.
binascii.Error is already a subclass of ValueError, but listing it
explicitly makes the intent clear. Added test for incorrect base64
padding (e.g. "Basic abc").
Initialize password_hash as b"" (bytes) to match password_hash()
return type, preventing TypeError in hmac.compare_digest when
HA add-on auth is enabled without a password.
Use nonce_size // 2 as token_hex argument so MD5 auth produces
a 32-char cnonce and SHA256 auth produces a 64-char cnonce,
matching the original protocol behavior.
Rename mock_random fixture to mock_token_hex and use separate
mock cnonce constants per hash algorithm.
Replace the temporary std::vector copy with in-place compaction using a
read/write pointer pattern. This avoids a heap allocation+deallocation
cycle during scheduler cleanup, reducing heap fragmentation on
long-running ESP devices.
The new approach compacts valid items forward in the existing vector,
recycles removed items as they are encountered, then resizes the vector
(no reallocation since size only shrinks). Same O(n) complexity, same
behavior, zero allocations.
When a subprocess exited, _proc_on_exit sent the exit event but never
closed the server-side WebSocket. This left zombie connections open
until the client eventually disconnected.
