App deletes server configuration when connected through an unauthorized network

[mundschenk-at]

iOS device model, version and app version

Model Name: iPhone 12 mini, iPad Pro 11" 3rd Gen Software Version: 17.5.1 App version: 2024.5.1

Home Assistant Core Version 2024.6.4

Describe the bug The app deletes the network configuration when connected to an external network that is not authorized to connect to the HA instance. This is a follow-up to the previously reported issue #2780.

To Reproduce

1. Set up external access with a limitation to what devices are allowed to the HA server. In my specific case, that is handled through CloudFlare ZeroTrust, but that's ab implementation detail.
2. Make two networks connections to switch between (e.g. LTE and WiFi, or plain WiFi and a VPN), with one network allowed to connect to the server and the other not. Both networks should resolve the DNS name to a valid IP though.
3. Set up the HA server while connected to the authorized network. Log in with your user.
4. Exit the app.
5. Switch to the non-authorized network.
6. Open the app. Your server configuration will now be deleted. Even when you switch back to the authorized network, the configuration is still gone.

Expected behavior The app displays an error message that it can't connect to the server instance, but does not delete the configuration.

Additional context I believe the problem surfaces because the app receives a HTTP response to its API calls, but of course not the expected one, so thinks the URL is incorrect. IMHO that is not a valid reason to delete the user's configuration though.

[bgoncal]

The way that the app was designed was: if there is a reachable URL and the user is not authorized, you will be redirected to the onboarding flow to authenticate, anything more specific than that is not expected to work and would be considered a feature request. Let me know in case I missunderstood

[mundschenk-at]

The HTTP status code is 403, correct. However, I don't see why this should be a reason to

1. start a new "onboarding" flow from scratch without user confirmation (since obviously the user was already onboarded)
2. discard existing server and user names even if such an onboarding flow would actually be desired - you can easily keep the data with the existing dialogues

Furthermore, I have now discovered this whole mess creates multiple entries for the same device under the Mobile App integration (that apparently cannot even be deleted).

I am sorry, but that does not meet the "missing feature" definition for me by a wide stretch.

[bgoncal]

The "onboarding" flow is just for convenience of reusing the same login screens, if you reauthenticate nothing will be lost, if you don't, it means the server should be removed indeed considering you can't authenticate to it.

Perhaps the setup you have is not something we support yet, please allow access externally to users that have external URL set or remove the external URL for now.

About not being able to remove the mobile app integration entry, which error do you see when you try to remove?

[mundschenk-at]

Regarding external access: It is limited by country to reduce the attack surface, but I am currently abroad - this causes an issue when I am logged into a WiFi network instead of cellular because obviously the WiFi IP is in the wrong country. Not having access when I am on WiFi is fine, having to reauthenticate everytime I (by habit or because of a notification) switch to HA is not.

Regarding the spurious integration entries: There is no error when I click "delete", they are just not deleted but marked as "unloaded" instead.

[bgoncal]

I understand what you want to achieve, but the app doesn't support this setup, or you have external access always or you don't, for now this is the cases we cover, that's why I mentioned a feature request.

About removing the integration, I'm investigating it now.