Ways to filter/supress notifications of "Login attempt or request with invalid authentication ..." from specific IPs

For a long time (since the new auth system was put in place) I occasionally see:

“Login attempt or request with invalid authentication from 192.168.x.x”

popping up as notifications in the HA GUI.

The IP address is always either my laptop, my desktop or (in the past, I believe) my android phone. I noticed that the notifications tend to happen when the laptop/desktop wake up from suspend (or hibernation), and possibly (not 100% certain on this yet) when I use the android HA app after a longer period of not using it.

I use firefox as my browser on linux (desktop) and mac (laptop). It seems when the OS wakes up, firefox still tries to use an expired token when it refreshes the page for the first time and this triggers the HA notification/warning.

I’d like to suppress these “false positive” notifications.

Is it possible to use the notification as a trigger, compare the notification string with known strings (I use fixed IPs via DHCP on laptop and desktop, and could do the same for my phone) and if there is a match, and then remove the notification from HA?

Or: any other idea / any way to prevent these notifications from popping up in the first place. I still want generic “login attempt” notifications but I don’t need those when the issue is a refresh token going stale in my own browsers or my own android app.

Using “Trusted Networks” as auth provider is a no-go for me. I’d rather use normal token-based auth.

I browsed the community postings for these, I see a many people posting questions but no proposed solution. Ideas welcome

Figured this out. in case it helps someone,

  #
  # Failed HTTP login attempt notification auto-dismiss, for known IP sources
  #
  - alias: "Failed HTTP login attempt notification auto-dismiss"
    trigger:
      - platform: state
        entity_id: persistent_notification.http_login
    condition:
      condition: and
      conditions: 
        - condition: template
          value_template: "{{ trigger.to_state.state != 'None' }}"
        - condition: or
          conditions:
            - condition: template  # mac
              value_template: '{{ "192.168.1.2" in states.persistent_notification.http_login.attributes.message }}'
            - condition: template  # dummy second entry (placeholder for the next device to add)
              value_template: '{{ "192.168.1.2" in states.persistent_notification.http_login.attributes.message }}'
    action:
      - service: persistent_notification.dismiss
        data:
          notification_id: 'http_login'  
5 Likes

I’m getting these errors too after 0.107.x I think. Did you manage to find out why this is happening rather than just suppressing them? Driving me nuts. :flushed:

Yes, or at least I think we so. In my case the behavior was consistent, every time the laptop comes back from sleep and there was a browser opened on the HA page, the notification pops up. Clearly the browser is trying to reuse the token it got before the laptop was suspended, automatically, when the laptop resumes, instead of refreshing the token as it should be doing. Looks like a browser behavior issue rather than HA, but luckily the suppression configuration below works really well.