Open nbarrientos opened 4 months ago
This is something that I need to get back to. Part of the issue is setting headers (which I now can do reliably) in HA and ignoring them when the security modes change. The code itself issues a rolling API key but the validation of the key is bypassed for now as it caused some issues early on.
Hardware
LilyGO T-Internet POE
Firmware version
v.2.3.3
Application version
v.2.3.3
What happened? What did you expect to happen?
My instance is username/password protected, however I can dump the credentials with no authentication using the
/getSecurity
endpoint. This does not sound like expected behaviour.How to reproduce it (step by step)
curl http://espsomfyrts.lan/getSecurity -v
Likewise I can download a full backup with no authentication, see https://github.com/rstrouse/ESPSomfy-RTS/issues/274#issuecomment-1974783640