[BUG] Restricted login disallows switching

StyraHem / ShellyForHASS

Shelly smart home platform for Home Assistant

MIT License

624 stars 112 forks source link

[BUG] Restricted login disallows switching #756

Open alfureu opened 1 year ago

alfureu commented 1 year ago

Environment

ShellyForHASS release with the issue: 1.0.5
Last working ShellyForHASS release (if known): N/A
Home Assistant Core release with the issue: 2023.5.4
Operating environment (Home Assistant/Supervised/Docker/venv): Docker

Describe the bug

If I have enabled the Restrict Login on Shelly Plug S devices, despite the fact that I am connected and authenticated to a Mosquitto server (ie. I am receiving data from the Shelly Plug S), I am unable to turn on/off the Shelly Plug S. The moment I disable the login (quite unsafe to be honest), it works again.

Steps to Reproduce

Enable Restricted login
try to switch
Disable restricted login
try to switch

Expected behavior

To be able to switch it on/off with Restricted Login, or fill-in into ShellyForHass the restricted login details

Screenshots

N/A

Traceback/Error logs

N/A

Additional context

bttfw commented 1 year ago

Disable the hotspot of the device then it's not unsafe anymore then your network has to be compromised to switch it and if this happens you have other problems then somebody switching something on and off

alfureu commented 1 year ago

Yeah, while this sounds like a good-enough solution, it is not quite what I am looking for. What if you have visitors at your home and your router does not support VLAN or other advanced features for creating a guest network. Or, your own teenager kids are toying around with IP addresses and find the frontend of the lamp switch to drive you crazy... I can continue with examples.

Rather than making a device less secure, I would like to see an introduction of the functionality into the plugin. Also, it is beyond my comprehension why the device cannot be turned on-off via MQTT, which needs separate login/password credentials. Why the plugin cannot operate the device via MQTT?

bttfw commented 1 year ago

It's ridiculous to expect that from a cheap iot device or a free plugin either spend the money on devices that secure your network to your liking or have guest and teenage kids that respect you enough not to switch your lights without permission other then that every cheap router in 2023 has the guest network future it's not even advance

alfureu commented 1 year ago

Oh man, give yourself a break and move on, I asked for a functionality and that's it. You have your standards, I have mine, live and let live.

ShellyforHASS devs, would it be please possible to introduce the requested functionality pls?

Scorpoon commented 1 year ago

Bump

Henry-Sir commented 1 year ago

See here:

[FR] Restrict login for Plus/Pro device