Flooded with aiohttp.server errors since 0.83

Configuration
1

Just upgraded to 0.83.0 and I’m flooded with aiohttp.server errors:

2018-11-29 16:19:11 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 390, in start
    resp = await self._request_handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web_app.py", line 366, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 106, in impl
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/static.py", line 66, in staticresource_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/real_ip.py", line 34, in real_ip_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/ban.py", line 66, in ban_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/auth.py", line 97, in auth_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/real_ip.py", line 34, in real_ip_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/ban.py", line 66, in ban_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/auth.py", line 97, in auth_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/src/app/homeassistant/components/http/view.py", line 112, in handle
    result = handler(request, **request.match_info)
  File "/usr/src/app/homeassistant/components/api.py", line 209, in get
    user = request['hass_user']
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web_request.py", line 201, in __getitem__
    return self._state[key]
KeyError: 'hass_user'

I’m running HA in docker (not hass.io)
No idea where I should start. Any suggestions?

2

omg same here over 5000 errors

3

This is still present in 0.83.1
I’ve had to add the below to my logging level to avoid eating my hard drive:
aiohttp.server: critical

4

Same here. Obviously authentication related.

5

it’s odd because I can access all features and UI ok

6

FWIW my entire config is behind nginx. What’s broken for me are all my external REST calls (curl scripts and such). Oddly they’ve been working fine without even passing any authentication. (Full disclosure I’ve been lazy as hell getting the new authentication setup properly so I’m 99% sure it’s my issue.) . Any folks behind a proxy here?

7

Not saying it’s a good idea but I got my external REST calls working by injecting a long-lived access token into the location section on my NGINX config (quicker than editing all my scripts). (You generate tokens in your user profile)

proxy_set_header Authorization "Bearer crazy_long_access_token_generated_from_user_profile_section";`

Still have

8

…sorry, still have these (but have for a while and can’t tell what it’s impacting honestly)

2018-11-30 08:18:55 INFO (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 127.0.0.1 (auth: True)
2018-11-30 08:18:55 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 127.0.0.1
9

I use nginx as reverse proxy without the bearer token and face the same error. But the UI works fine though…

Edit: Issue is already identified and fixed. Pullrequest is pending. See https://github.com/home-assistant/home-assistant/pull/18844

10

My rpi just couldn’t take it and has stopped working lost internet connection and it’s connected via Ethernet

11

Looks like @balloob fixed it in 0.83.2. Once the docker image is available I’ll test and report.

12

@balloob so my sd card got corrupted due to the over sizing of the error log and I had to use another sd card but I still get the same issues and in addition getting the failed login notification.

13

@bachoo786 set your config logger to ignore these errors for the time being:

# Logging level
logger:
  default: error
  logs:
    aiohttp.server: critical
14

I dont have logger: in my config.

do I just add it?

15

yes, just like above
for more info:

16

Thanks.

Are you also getting this persistent notification?

Like these?

WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from XX.XXX.XXX.XXX
WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from XX.XXX.XXX.XXX
WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from XX.XXX.XXX.XXX
17

no I’m not. How do you connect? HTTP? HTTPS?
Are you connecting using a domain name or an IP Address?
Is it from a Computer/Mobile Phone?
What is the IP Address that shows in the logs? Is it a local IP or an external one?
Do you have any scripts that connect to your HA instance that might be out of date and still use the API password?

18

1). I am using https
2). duckdns and ssl certs
3). I am using a domain name i.e. duckdns.
4). From both my laptop and mobile. I am on my home network where HA is running at the moment.
5). The IP address that shows in the logs is the router’s WAN i.e. external outside ip
6). So I use tasker on my android and it uses my api password but I have been using it ever since and never had any issues until 0.83. I also use GPS Logger app on my android that reports my location to HA.

Regarding the api password on point number 6 above, how else would I then be able to use tasker and GPS Logger?

19

So the logging ban is probably due to access via your mobile phone when not on local network.
Not sure what you upgraded from when you went to 0.83, but since a few versions now (late 0.7x) there is a new authentication method that requires a username and password (not just a password).
The “legacy_api_password” will eventually be deprecated.
You can start looking at Long-Lived Access Tokens or Webhooks for authentication
Might be a better idea to create a new post as this is getting off topic for this thread, at least on the IP ban side…

20

I am on the local network and get the error.

I wonder how will the username and password method be able to fit in things like tasker etc?

Thanks I will do it but before that will search the forum.