Hi,
what is that feature for (settings - people). I cannot find anything in the documentation. And google is not veryhelpful too (proxy-feature?, outdated posts?).
Need information / help
thank you so much
wupperbra
Seems pretty self explanatory. If set, then a user can only log in to Home Assistant when connected to the local network. Not if connected remotely, from outside your local network by some means, be it DuckDNS Nabu Casa or other method.
Thank you, sometimes itâs too easy.
Well, actually, not that easy - there are always technical aspects behind such features and lots of what-ifs and etc.
I canât find any documentation talking about how this actual feature works.
I am logged into an instance of HASS with my credentials saved so I donât have to login everytime I close the browser. My friend enabled the âcan only log in from the local networkâ setting on my user yet Iâm still allowed in.
I suspect this only takes effect at logon time - rendering it useless.
I encounter same issue, Once you login in once locally and try the app/browser will save the token for the login!, then you can login from anywhere
This definitely kind of useless!
My more basic question is how is the âlocal networkâ determined? Is it by IP/Netmask? (If so, thatâs a problem in a house like mine with multiple subnets). Is it by Private vs. Public address assumptions? (If so, thatâs a problem in a house like mine where some (most) of the subnets, including the one where HA server lives have public addresses). Is it by use of a proxy service or not? (If so, that seems to be somewhat inherently identical to the previous assumption with a twist, so also not very helpful.).
Other mechanisms I can think of are variants of the above themes (e.g. in the same broadcast domain, within range of an ff02:: multicast from he HA server, etc.)
Honestly, Iâm stumped as to how this could be meaningfully implemented across all likely (let alone all possible) environments.
Welp, definitely not a âself explanatoryâ feature.
I just enabled that for a new user, and tried to login from my local network on a incognito window and saw âError: Login blocked: User cannot authenticate remotelyâ right away.
I wonder if Home Assistant running on a Docker Container (with âhostâ network) might be enough to trigger a âremote environmentâ, even if I hit the local URLâŚ
EDIT: Turns out if I try accessing by IP (not via homeassistant.local
or equivalent) the user can in fact log in. If anyone reading this is interested in understanding how HA decides if itâs local or not, just search for async_user_not_allowed_do_auth
function on homeassistant/components/http/auth.py
on the core
GitHub repository
Also, what does it mean in terms of connectivity when using the companion app?
I mean, can you be logged out and still send location and other sensor data to the server?
My use case is: I want my bonus children to be able to disarm the alarm and toggle their own lights using the companion app, but only every second week when we have care for them, and only when they are ânearâ the house (ie on our LAN).