Simplistic configuration UI

danielperna84 · May 6, 2018, 11:06pm

It’s not available? It should be. The PR has been merged a while ago. I wasn’t aware of this. Oo

DavidFW1960 · May 6, 2018, 11:08pm

nope - not available. 0.2.7 still showing as current.

danielperna84 · May 6, 2018, 11:11pm

You are right. I just checked and realized, that my PR has not been merged. The notification which I believed was related to this seems to have been for something else.

DavidFW1960 · May 6, 2018, 11:12pm

no worries Daniel. Glad I asked.

danielperna84 · May 7, 2018, 3:15pm

My PR has been merged. It should show up as version 0.3. Apparently there has been a switch in the versioning scheme, which is why the add-on version is now out of sync with the configurator version.

roflcoopter · May 7, 2018, 4:37pm

The docker container haven’t been updated either, since 0.2.6. Is it no longer maintained?

danielperna84 · May 7, 2018, 4:49pm

Docker isn’t maintained by me. I’ll ping the guy who does that. Thanks for mentioning it.

DavidFW1960 · May 7, 2018, 11:51pm

Thanks Daniel - 0.3 this morning.

TheAK · June 18, 2018, 4:47am

@danielperna84 Hi, do you know how I could add the configurator as a panel_iframe to homeassistant and have it authenticate automatically? I tried to set the url to https://username:[email protected]:3218, but it just shows a blank page when clicked on (that port is accessible from the interwebs)

danielperna84 · June 18, 2018, 11:56am

Just to clarify: the URL you use works when directly pasted in the address bar, but not when used in the panel_iframe?

TheAK · June 18, 2018, 11:58am

It does without the authentication bit (https://mydomain.duckdns.org:3218).

danielperna84 · June 18, 2018, 1:53pm

It should work with the authentication bit though. You have to use exactly the string you have configured for the credentials parameter, followed by @… The hass api password is not a part of this.

danielperna84 · June 21, 2018, 8:34pm

I’m about to release a new version. There’s one new feature I would like some feedback about though before I merge the new stuff into the stable version. In the menu on the left I have added an input field labelled Search entity. It does exactly that. You enter something like sensor. and you get a list of all entities which have that in their name. The friendly name is also included in the search. Upon selecting the result it gets inserted in the editor, just like with the old entity-list.

It looks like this right now:

I have chosen to also keep the already existing dropdown with all entities to provide an alternative way to simply browse the entities in case someone doesn’t know what he/she is looking for. Do you agree, that keeping the old dropdown makes sense?

If you want to test it out for yourself you can copy the configurator.py from the dev branch of the repository. The other new features are mentioned in the pull request for the new version.

danielperna84 · June 22, 2018, 2:48pm

I have decided to just do it the way I have implemented it. If anyone is annoyed by the old entity-dropdown it can still be discussed.

So here is the new release and the complete changelog:

Material Icons and HASS-help now open in new tab instead of modal
Open file by URL
Added ENFORCE_BASEPATH option
Cosmetic fix for scaled viewports
Added search-function for entities
Updated Ace Editor to 1.3.3
Updated jQuery to 3.3.1
Updated js-yaml to 3.12.0

Most interesting for you:

Open file by URL: The way this is used is by appending /?loadfile=/path/to/file to the base URL of the configurator. So for example https://192.168.1.123:3218/?loadfile=/home/homeassistant/.homeassistant/configuration.yaml.
ENFORCE_BASEPATH locks the configurator into the path that is defined by BASEPATH. So if BASEPATH is /home/homeassistant/.homeassistant you won’t be able to get to /etc/shadow.
The search function is already mentioned in the post above and explains itself.

As always, the hassio (and Docker) version will take a moment to get updated. But all standalone users can simply copy the latest configurator.py. And if you want to use the ENFORCE_BASEPATH option and use a settings.conf file, then you have to add the parameter there obviously. This is how it looks like when it’s disabled.

UPDATE:
The update should be available for hassio now as well.

4Square · June 29, 2018, 12:39am

I just disabled port forwarding and it doesn’t connect.

Hmmm…can’t reach this page
Myhassio.duckdns.org:3218 is not allowing us to get to the site.

Try this

Checking the connection
ERR_CONNECTION_REFUSED

So I changed ssl to false and then tried to get to the configurator manually 192.168.10.20:3218 and I got this:

This page isn’t working
192.168.10.20 didn’t send any data.
ERR_EMPTY_RESPONSE

danielperna84 · June 29, 2018, 2:25pm

Just as a reminder: If you en-/disable ssl, then you have to change the http(s) in the front of the URL accordingly.

As for the rest I have to admit I have trouble understanding correctly what you have done. If you don’t use a reverse proxy you can’t disable port forwarding. At least when connecting from outside of your network. The IP you use is an internal IP, so this is probably not what you are trying to do. So in that case the reminder about http(s) applies. As long as the service is running on the specified port, you should be able to connect.

danielperna84 · June 30, 2018, 9:24am

I think you post may have ended up in the wrong thread.

akkaria · June 30, 2018, 4:20pm

Ahhh yes, too many tabs open lol my bad.

danielperna84 · July 12, 2018, 11:36pm

A new version has been released just now: 0.3.0 (hassio and Docker following)

The changelog:

Allow passing settings via environment variables
Added basic git stash functionality
Added NOTIFY_SERVICE option
Notifying if used passwords are insecure and if SESAME has been used
CREDENTIALS setting replaced by USERNAME and PASSWORD
PASSWORD can optionally be provided as SHA256 hash
Added SESAME_TOTP_SECRET for TOTP based IP whitelisting
Added git diff functionality
Red colored menu button as indicator for outdated version
The GIT setting can now also be set with static settings file or environment variable
LISTENPORT has been renamed to PORT (LISTENPORT still works though)
Hiding git menu when git is disabled
Removed right dragging area for editor settings
Added IGNORE_SSL option to disable SSL verification when connecting to HASS API

Let me elaborate on some of the new features:

Git related:

Use the git stash feature to discard all changes that haven’t been commited yet
Use the git diff feature so see what has changed inside a file that has been previously commited and has been modified since then.

Security related:

What was the CREDENTIALS option until now is separated into USERNAME and PASSWORD (it’s backwards compatible, so you’re still safe while you haven’t changed your settings file)
Instead of setting your PASSWORD in plaintext you can write it in the form of {sha256}abcdef..., where abcdef is a SHA256-hashed version of your password. You can do this here for example. The benefit of this is, that your plaintext password is not stored on your disk anymore. Important: this does not appliy to the HASS_API_PASSWORD because here we really need the plaintext password to successfully connect.
If you’re using the SESAME option, you now have an alternative that’s more secure: Time based OTP (the pyotp module has to be installed for this). If you set the SESAME_TOTP_SECRET to a valid Base32 encoded string and also add that to your Google Authenticator or similar, the SESAME changes ever 30 seconds to a new one. Your old SESAME (if provided) will keep working in case you are using it in the panel_iframe link.
Somwhat security related is the fact, that you can now pass your options via environment variables instead of the conf-file used until now. This way you don’t have to write your HASS_API_PASSWORD into a file. Of course a process with sufficient rights is able to view the environment variables of any process on the system. But that process would probably also have access to the file where the password is stored. If you’re using systemd, you can have a look at this template on how environment variables can be used. Yes, the HASS_API_PASSWORD would be visible in there too. But you can secure that file by not allowing unprivileged users to access the service file.
The NOTIFY_SERVICE allows you to specify a notification service of HASS which will be used to push notifications to you. The default is to create persistent notifications in HASS. Scenarios where notifications are pushed: Weak HASS_API_PASSWORD, weak PASSWORD (in case it’s provided in plaintext), weak SESAME, SESAME usage (with IP that has been whitelisted).

Other stuff

The LISTENPORT setting has changed to just PORT. The old variant keeps working too, but PORT looks much nicer.
The IGNORE_SSL option allows you to set the HASS_API to your internal IP address instead of the full hostname (when using SSL). This is because otherwise connecting to the API wouldn’t pass the SSL verification check. The worst case would be, that the configurators request path would go outside to the internet and back into your network. By using the internal IP you dodge this behavior.

Everything else is either minor, cosmetic or self explanationary.

I hope you like the new features I have come up with. And even though the notifications about weak passwords could be annoying, they are relevant. Be secure!

danielperna84 · July 15, 2018, 10:04pm

A small update:
There was a bug related to the SESAME / SESAME_TOTP_SECRET feature.
I now have released 0.3.1 which fixes this.

Changelog:

Fix SESAME / SESAME_TOTP_SECRET bug
Added client IP to network status modal
Allow setting logging level with environment variable HC_LOGLEVEL

I’m working on the hassio update now that this is fixed.