Trusted Network Configuration

GaryK · March 7, 2019, 8:28pm

So, I saw the notice of deprecated trusted network configuration under http: in the log after my update to 89.0. So I’m attempting to move to auth_providers: like so:

homeassistant:
  # Name of the location where Home Assistant is running
  name: Milla Alta
  # Location required to calculate the time the sun rises and sets
  latitude: 32.296755
  longitude: -106.602996
  # Impacts weather/sunrise data (altitude above sea level in meters)
  elevation: 1609
  # metric for Metric, imperial for Imperial
  unit_system: imperial
  # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
  time_zone: America/Denver
  # Customization file
  customize: !include customize.yaml

# authentication services
  auth_providers:
   - type: homeassistant
   - type: trusted_networks
           trusted_networks:
             - 192.168.3.0/24
             - 127.0.0.1

I’m getting the error:

2019-03-07 13:11:31 ERROR (MainThread) [homeassistant.auth.providers] Unable to load auth provider trusted_networks trusted_networks - 192.168.3.0/24 - 127.0.0.1: No module named 'homeassistant.auth.providers.trusted_networks trusted_networks - 192'

Anyone see an error in my config?

rhodges · March 7, 2019, 8:47pm

Spacing issue?

# authentication services
  auth_providers:
   - type: homeassistant
   - type: trusted_networks
     trusted_networks:
       - 192.168.3.0/24
       - 127.0.0.1

GaryK · March 7, 2019, 8:47pm

I’ll give it a try. Thanks!

edit: That was it. been at this too long today. So, now I am seeing these errors.:

Login attempt or request with invalid authentication from 192.168.3.1

I was using legacy_auth/trusted networks previously.

Ernst · March 7, 2019, 9:27pm

Should we also remove trusted_options: from the http: section in configuration.yaml?

GaryK · March 7, 2019, 9:29pm

It’s OK to leave it for now (@awarecan)

tube0013 · March 7, 2019, 9:34pm

this authentication method still requires a user selection. I just had to update a local network service that was calling the rest api, to use the long lived tokens for auth as trusted networks no longer works.

awarecan · March 7, 2019, 10:14pm

Eventually, the http.trusted_networks will be removed. I advice you start migrating your application to long-lived access token or signed path

GaryK · March 7, 2019, 10:27pm

So, what option replaces legacy_auth, homeassistant? I’m getting invalid authentication errors with api_password: commented out.

awarecan · March 7, 2019, 11:13pm

No plan to move api_password around. The plan is sunset http.api_password and legacy auth provider together, probably before 1.0

GaryK · March 7, 2019, 11:17pm

Can I expect these errors to go away at that time? homeassistant becoming the only auth_provider needed for user authentication?

awarecan · March 7, 2019, 11:32pm

Not exactly.

Trusted Network Auth Provider will not be removed. Only Legacy API Password Auth Provider will discontinue (as its name suggested, and we already communicated about it many times)

Besides Homeassistant Auth Provider, we also have “Command Line Auth Provider” just released in 0.88

GaryK · March 7, 2019, 11:51pm

OK. Thank you for helping me understand these changes. I’ll keep trusted auth and homeassistant in my configuration.yaml.

xbmcnut · March 9, 2019, 11:43pm

I have a dashboard calling five cameras streams that is now causing an IP ban on the tablet displaying the dashboard after upgrading to 0.89.1 and re-working the trusted networks as per below. Anyone know why?

  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 127.0.0.1
        - 10.0.1.0/24
        - 10.8.0.0/24

The banned device is on 10.0.1.87 and is trying to access the following:
/api/camera_proxy/camera.camera_proxy_camera_front_porch?token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

awarecan · March 10, 2019, 1:46am

Please keep trusted networks in both auth provider and http until 0.89.2 released

xbmcnut · March 10, 2019, 2:50am

Who knew. Thank you so much. That worked.

finity · March 10, 2019, 3:08am

Just to clarify the docs on this.

Once I update to v89 (I’m on v88 now) then I need to move my “trusted_networks:” entry from under the “http:” section to the “auth_providers:” section under “homeassistant:”?

I now have this:

http:
  ip_ban_enabled: True
  login_attempts_threshold: 5
  trusted_networks:
    - 127.0.0.1
    - 192.168.1.0/24
    - 172.17.0.0/24

and I right now have no “auth_providers:” entry in the “homeassistant:” section.

But after I update to v89.2 I will need this:

homeassistant:
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 127.0.0.1
        - 192.168.1.0/24
        - 172.17.0.0/24

http:
  ip_ban_enabled: True
  login_attempts_threshold: 5

DavidFW1960 · March 10, 2019, 3:19am

That’s exactly what I have right now in 0.89.1… But I’m not using webhooks or anything like that so I am having no problems but you have read the changes correctly so far as I can see.

wifi75 · April 20, 2020, 7:24pm

Hello why it doesn’t work if I login from the local network, it tell me that the pc is not in the white list and yet my code is this: it seems ok …

  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.1.0/24
        - 127.0.0.1
        - fd00::/8
        - ::1
      trusted_users:
        192.168.1.0/24: 
          - user_id1
          - user_id2
      allow_bypass_login: true
    - type: homeassistant

see below

wifi75 · June 29, 2021, 11:59am

can anyone help me?

GaryK · June 29, 2021, 1:57pm

Only difference in mine is I have type: homeassistant listed above type: trusted_networks and I’m not using allow_bypass.