From ec470ebb4aba416cdb0887a66e994438703cf1df Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 28 Jun 2018 22:16:46 +0200
Subject: [PATCH 01/33] Bumped version

---
 changelog.txt   | 2 ++
 configurator.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/changelog.txt b/changelog.txt
index 23f070d..afac74c 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,5 @@
+Version 0.3.0 (2018-)
+
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
 - Open file by URL (Issue #95) @danielperna84
diff --git a/configurator.py b/configurator.py
index 689b6fa..7fe0dfe 100755
--- a/configurator.py
+++ b/configurator.py
@@ -77,7 +77,7 @@
     logging.Formatter('%(levelname)s:%(asctime)s:%(name)s:%(message)s'))
 LOG.addHandler(SO)
 RELEASEURL = "https://api.github.com/repos/danielperna84/hass-configurator/releases/latest"
-VERSION = "0.2.9"
+VERSION = "0.3.0"
 BASEDIR = "."
 DEV = False
 HTTPD = None

From c24654418b2c97234cb88abb7d5c192d9785aa99 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 28 Jun 2018 23:38:24 +0200
Subject: [PATCH 02/33] Allow passing settings via environment variables (Issue
 #100)

---
 README.md       |  5 ++-
 changelog.txt   |  1 +
 configurator.py | 84 +++++++++++++++++++++++++++++++------------------
 settings.conf   |  3 +-
 4 files changed, 60 insertions(+), 33 deletions(-)

diff --git a/README.md b/README.md
index c791bb3..dd6229d 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,8 @@ There are no dependencies on Python modules that are not part of the standard li
 
 ### Configuration
 Near the top of the py-file you will find some global variables you can change to customize the configurator a little bit. If you are unfamiliar with Python: when setting variables of the type _string_, you have to write that within quotation marks. The default settings are fine for just checking this out quickly. With more customized setups you will have to change some settings though.  
-To keep your setting across updates it is also possible to save settings in an external file. In that case copy [settings.conf](https://github.com/danielperna84/hass-configurator/blob/master/settings.conf) whereever you like and append the full path to the file to the command when starting the configurator. E.g. `sudo .configurator.py /home/homeassistant/.homeassistant/mysettings.conf`. This file is in JSON format. So make sure it has a valid syntax (you can set the editor to JSON to get syntax highlighting for the settings). The major difference to the settings in the py-file is, that `None` becomes `null`.
+To keep your setting across updates it is also possible to save settings in an external file. In that case copy [settings.conf](https://github.com/danielperna84/hass-configurator/blob/master/settings.conf) whereever you like and append the full path to the file to the command when starting the configurator. E.g. `sudo .configurator.py /home/homeassistant/.homeassistant/mysettings.conf`. This file is in JSON format. So make sure it has a valid syntax (you can set the editor to JSON to get syntax highlighting for the settings). The major difference to the settings in the py-file is, that `None` becomes `null`.  
+Another way of passing settings (except those defined as lists like e.g. `ALLOWED_NETWORKS`) is by using [environment variables](https://en.wikipedia.org/wiki/Environment_variable). All settings passed via environment variables will overwrite the settings you have set in the `settings.conf` file. This allows you to provide settings in you systemd service file or the way it is usually done with Docker. The names of the environment variables have to be named exactly like the regular ones, prepended with the prefix `HC_`. You can customize this prefix in the `settings.conf` by setting `ENV_PREFIX` to something you like. `ENV_PREFIX` can not be set via environment variable.
 
 #### LISTENIP (string)
 The IP address the service is listening on. By default it is binding to `0.0.0.0`, which is every IPv4 interface on the system. When using `::`, all available IPv6- and IPv4-addresses will be used.
@@ -72,6 +73,8 @@ If set to `true`, directories will be displayed at the top.
 If set to _somesecretkeynobodycanguess_, you can browse to `https://your.configurator:3218/somesecretkeynobodycanguess` from any IP, and it will be removed from the `BANNED_IPS` list (in case it has been banned before) and added to the `ALLOWED_NETWORKS` list. Once the request has been processed you will automatically be redirected to the configurator. Think of this as dynamically allowing access from untrusted IPs by providing a secret key (_open sesame!_). Keep in mind, that once the IP has been added, you will either have to restart the configurator or manually remove the IP through the _Network status_ to revoke access.
 #### VERIFY_HOSTNAME (string)
 HTTP requests include the hostname to which the request has been made. To improve security you can set this parameter to `yourdomain.example.com`. This will check if the hostname within the request matches the one you are expecting. If it does not match, a `403 Forbidden` response will be sent. As a result attackers that scan your IP address won't be able to connect unless they know the correct hostname. Be careful with this option though, because it prohibits you from accessing the configurator directly via IP.
+#### ENV_PREFIX (string)
+To modify the default prefix for settings passed as environment variables (`HC_`) change this setting to another value that meets your demands.
  
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:
diff --git a/changelog.txt b/changelog.txt
index afac74c..16bcc77 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,4 +1,5 @@
 Version 0.3.0 (2018-)
+- Allow passing settings (except lists) via environment variables (Issue #100) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index 7fe0dfe..2503b02 100755
--- a/configurator.py
+++ b/configurator.py
@@ -66,6 +66,8 @@
 # Verify the hostname used in the request. Block access if it doesn't match
 # this value
 VERIFY_HOSTNAME = None
+# Prefix for environment variables
+ENV_PREFIX = "HC_"
 ### End of options
 
 LOGLEVEL = logging.INFO
@@ -3352,37 +3354,55 @@ def signal_handler(sig, frame):
 def load_settings(settingsfile):
     global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
-    DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH
-    try:
-        if os.path.isfile(settingsfile):
-            with open(settingsfile) as fptr:
-                settings = json.loads(fptr.read())
-                LISTENIP = settings.get("LISTENIP", LISTENIP)
-                LISTENPORT = settings.get("LISTENPORT", LISTENPORT)
-                BASEPATH = settings.get("BASEPATH", BASEPATH)
-                ENFORCE_BASEPATH = settings.get("ENFORCE_BASEPATH", ENFORCE_BASEPATH)
-                SSL_CERTIFICATE = settings.get("SSL_CERTIFICATE", SSL_CERTIFICATE)
-                SSL_KEY = settings.get("SSL_KEY", SSL_KEY)
-                HASS_API = settings.get("HASS_API", HASS_API)
-                HASS_API_PASSWORD = settings.get("HASS_API_PASSWORD", HASS_API_PASSWORD)
-                CREDENTIALS = settings.get("CREDENTIALS", CREDENTIALS)
-                ALLOWED_NETWORKS = settings.get("ALLOWED_NETWORKS", ALLOWED_NETWORKS)
-                BANNED_IPS = settings.get("BANNED_IPS", BANNED_IPS)
-                BANLIMIT = settings.get("BANLIMIT", BANLIMIT)
-                DEV = settings.get("DEV", DEV)
-                IGNORE_PATTERN = settings.get("IGNORE_PATTERN", IGNORE_PATTERN)
-                DIRSFIRST = settings.get("DIRSFIRST", DIRSFIRST)
-                SESAME = settings.get("SESAME", SESAME)
-                VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
-    except Exception as err:
-        LOG.warning(err)
-        LOG.warning("Not loading static settings")
-    return False
+    DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
+    ENV_PREFIX
+    settings = {}
+    if settingsfile:
+        try:
+            if os.path.isfile(settingsfile):
+                with open(settingsfile) as fptr:
+                    settings = json.loads(fptr.read())
+        except Exception as err:
+            LOG.warning(err)
+            LOG.warning("Not loading settings from file")
+    ENV_PREFIX = settings.get('ENV_PREFIX', ENV_PREFIX)
+    for key, value in os.environ.items():
+        if key.startswith(ENV_PREFIX):
+            # Convert booleans
+            if value in ['true', 'false', 'True', 'False']:
+                value = True if value in ['true', 'True'] else False
+            # Convert None / null
+            elif value in ['none', 'None' 'null']:
+                value = None
+            # Convert plain numbers
+            elif value.isnumeric():
+                value = int(value)
+            settings[key[len(ENV_PREFIX):]] = value
+    LISTENIP = settings.get("LISTENIP", LISTENIP)
+    LISTENPORT = settings.get("LISTENPORT", LISTENPORT)
+    BASEPATH = settings.get("BASEPATH", BASEPATH)
+    ENFORCE_BASEPATH = settings.get("ENFORCE_BASEPATH", ENFORCE_BASEPATH)
+    SSL_CERTIFICATE = settings.get("SSL_CERTIFICATE", SSL_CERTIFICATE)
+    SSL_KEY = settings.get("SSL_KEY", SSL_KEY)
+    HASS_API = settings.get("HASS_API", HASS_API)
+    HASS_API_PASSWORD = settings.get("HASS_API_PASSWORD", HASS_API_PASSWORD)
+    CREDENTIALS = settings.get("CREDENTIALS", CREDENTIALS)
+    ALLOWED_NETWORKS = settings.get("ALLOWED_NETWORKS", ALLOWED_NETWORKS)
+    BANNED_IPS = settings.get("BANNED_IPS", BANNED_IPS)
+    BANLIMIT = settings.get("BANLIMIT", BANLIMIT)
+    DEV = settings.get("DEV", DEV)
+    IGNORE_PATTERN = settings.get("IGNORE_PATTERN", IGNORE_PATTERN)
+    DIRSFIRST = settings.get("DIRSFIRST", DIRSFIRST)
+    SESAME = settings.get("SESAME", SESAME)
+    VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
+
 
 def is_safe_path(basedir, path, follow_symlinks=True):
+    if basedir is None:
+        return True
     if follow_symlinks:
-        return os.path.realpath(path).startswith(basedir)
-    return os.path.abspath(path).startswith(basedir)
+        return os.path.realpath(path).startswith(basedir.encode('utf-8'))
+    return os.path.abspath(path).startswith(basedir.encode('utf-8'))
 
 def get_dircontent(path, repo=None):
     dircontent = []
@@ -3520,7 +3540,7 @@ def do_GET(self):
             try:
                 if filename:
                     filename = unquote(filename[0]).encode('utf-8')
-                    if ENFORCE_BASEPATH and not is_safe_path(BASEPATH.encode('utf-8'), filename):
+                    if ENFORCE_BASEPATH and not is_safe_path(BASEPATH, filename):
                         raise OSError('Access denied.')
                     if os.path.isfile(os.path.join(BASEDIR.encode('utf-8'), filename)):
                         with open(os.path.join(BASEDIR.encode('utf-8'), filename)) as fptr:
@@ -3538,7 +3558,7 @@ def do_GET(self):
             try:
                 if filename:
                     filename = unquote(filename[0]).encode('utf-8')
-                    if ENFORCE_BASEPATH and not is_safe_path(BASEPATH.encode('utf-8'), filename):
+                    if ENFORCE_BASEPATH and not is_safe_path(BASEPATH, filename):
                         raise OSError('Access denied.')
                     LOG.info(filename)
                     if os.path.isfile(os.path.join(BASEDIR.encode('utf-8'), filename)):
@@ -3565,7 +3585,7 @@ def do_GET(self):
                 if dirpath:
                     dirpath = unquote(dirpath[0]).encode('utf-8')
                     if os.path.isdir(dirpath):
-                        if ENFORCE_BASEPATH and not is_safe_path(BASEPATH.encode('utf-8'), dirpath):
+                        if ENFORCE_BASEPATH and not is_safe_path(BASEPATH, dirpath):
                             raise OSError('Access denied.')
                         repo = None
                         activebranch = None
@@ -4396,6 +4416,8 @@ def main(args):
     global HTTPD, CREDENTIALS
     if args:
         load_settings(args[0])
+    else:
+        load_settings(None)
     LOG.info("Starting server")
     CustomServer = SimpleServer
     if ':' in LISTENIP:
diff --git a/settings.conf b/settings.conf
index 2896540..f06c747 100644
--- a/settings.conf
+++ b/settings.conf
@@ -14,5 +14,6 @@
     "IGNORE_PATTERN": [],
     "DIRSFIRST": false,
     "SESAME": null,
-    "VERIFY_HOSTNAME": null
+    "VERIFY_HOSTNAME": null,
+    "ENV_PREFIX": "HC_"
 }

From 8502faee6e67403927b719b761402e942b4e6151 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 29 Jun 2018 00:09:16 +0200
Subject: [PATCH 03/33] Added basic git stash functionality (Issue #16)

---
 changelog.txt   |  1 +
 configurator.py | 63 +++++++++++++++++++++++++++++++++++++++++++++++++
 dev.html        | 31 ++++++++++++++++++++++++
 3 files changed, 95 insertions(+)

diff --git a/changelog.txt b/changelog.txt
index 16bcc77..f2068b7 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,5 +1,6 @@
 Version 0.3.0 (2018-)
 - Allow passing settings (except lists) via environment variables (Issue #100) @danielperna84
+- Added basic git stash functionality (Issue #16) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index 2503b02..4cdd7cc 100755
--- a/configurator.py
+++ b/configurator.py
@@ -699,11 +699,13 @@
         <li><a class="modal-trigger" href="#modal_init" class="nowrap waves-effect">git init</a></li>
         <li><a class="modal-trigger" href="#modal_commit" class="nowrap waves-effect">git commit</a></li>
         <li><a class="modal-trigger" href="#modal_push" class="nowrap waves-effect">git push</a></li>
+        <li><a class="modal-trigger" href="#modal_stash" class="nowrap waves-effect">git stash</a></li>
     </ul>
     <ul id="dropdown_gitmenu_mobile" class="dropdown-content z-depth-4">
         <li><a class="modal-trigger" href="#modal_init" class="nowrap waves-effect">git init</a></li>
         <li><a class="modal-trigger" href="#modal_commit" class="nowrap waves-effect">git commit</a></li>
         <li><a class="modal-trigger" href="#modal_push" class="nowrap waves-effect">git push</a></li>
+        <li><a class="modal-trigger" href="#modal_stash" class="nowrap waves-effect">git stash</a></li>
     </ul>
     <div id="modal_acekeyboard" class="modal bottom-sheet modal-fixed-footer">
         <div class="modal-content centered">
@@ -1311,6 +1313,16 @@
           <a onclick="gitpush()" class=" modal-action modal-close waves-effect waves-green btn-flat light-blue-text">OK</a>
         </div>
     </div>
+    <div id="modal_stash" class="modal">
+        <div class="modal-content">
+          <h4 class="grey-text text-darken-3">git stash<i class="mdi mdi-git right grey-text text-darken-3" style="font-size: 2.48rem;"></i></h4>
+          <p>Are you sure you want to stash your changes?</p>
+        </div>
+        <div class="modal-footer">
+          <a class=" modal-action modal-close waves-effect waves-red btn-flat light-blue-text">Cancel</a>
+          <a onclick="gitstash()" class=" modal-action modal-close waves-effect waves-green btn-flat light-blue-text">OK</a>
+        </div>
+    </div>
     <div id="modal_close" class="modal">
         <div class="modal-content">
             <h4 class="grey-text text-darken-3">Close File<i class="grey-text text-darken-3 material-icons right" style="font-size: 2.28rem;">close</i></h4>
@@ -3084,6 +3096,25 @@
         }
     }
 
+    function gitstash() {
+        var path = document.getElementById("fbheader").innerHTML;
+        if (path.length > 0) {
+            data = new Object();
+            data.path = path;
+            $.post("api/stash", data).done(function(resp) {
+                if (resp.error) {
+                    var $toastContent = $("<div><pre>" + resp.message + "\n" + resp.path + "</pre></div>");
+                    Materialize.toast($toastContent, 5000);
+                }
+                else {
+                    var $toastContent = $("<div><pre>" + resp.message + "</pre></div>");
+                    Materialize.toast($toastContent, 5000);
+                    listdir(document.getElementById('fbheader').innerHTML);
+                }
+            });
+        }
+    }
+
     function checkout(branch) {
         var path = document.getElementById("fbheader").innerHTML;
         if (path.length > 0) {
@@ -4197,6 +4228,38 @@ def do_POST(self):
                         LOG.warning("Exception (no repo): %s" % str(err))
             else:
                 response['message'] = "Missing path or branch"
+        elif req.path.endswith('/api/stash'):
+            try:
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+            except Exception as err:
+                LOG.warning(err)
+                response['message'] = "%s" % (str(err))
+                postvars = {}
+            if 'path' in postvars.keys():
+                if postvars['path']:
+                    try:
+                        repopath = unquote(postvars['path'][0])
+                        response['path'] = repopath
+                        try:
+                            repo = REPO(repopath)
+                            returnvalue = repo.git.stash()
+                            response['error'] = False
+                            response['message'] = "%s\n%s" % (returnvalue, repopath)
+                            self.send_response(200)
+                            self.send_header('Content-type', 'text/json')
+                            self.end_headers()
+                            self.wfile.write(bytes(json.dumps(response), "utf8"))
+                            return
+                        except Exception as err:
+                            response['error'] = True
+                            response['message'] = str(err)
+                            LOG.warning(response)
+
+                    except Exception as err:
+                        response['message'] = "Not a git repository: %s" % (str(err))
+                        LOG.warning("Exception (no repo): %s" % str(err))
+            else:
+                response['message'] = "Missing path or branch"
         elif req.path.endswith('/api/newfolder'):
             try:
                 postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
diff --git a/dev.html b/dev.html
index 9885afc..3121431 100644
--- a/dev.html
+++ b/dev.html
@@ -607,11 +607,13 @@
         <li><a class="modal-trigger" href="#modal_init" class="nowrap waves-effect">git init</a></li>
         <li><a class="modal-trigger" href="#modal_commit" class="nowrap waves-effect">git commit</a></li>
         <li><a class="modal-trigger" href="#modal_push" class="nowrap waves-effect">git push</a></li>
+        <li><a class="modal-trigger" href="#modal_stash" class="nowrap waves-effect">git stash</a></li>
     </ul>
     <ul id="dropdown_gitmenu_mobile" class="dropdown-content z-depth-4">
         <li><a class="modal-trigger" href="#modal_init" class="nowrap waves-effect">git init</a></li>
         <li><a class="modal-trigger" href="#modal_commit" class="nowrap waves-effect">git commit</a></li>
         <li><a class="modal-trigger" href="#modal_push" class="nowrap waves-effect">git push</a></li>
+        <li><a class="modal-trigger" href="#modal_stash" class="nowrap waves-effect">git stash</a></li>
     </ul>
     <div id="modal_acekeyboard" class="modal bottom-sheet modal-fixed-footer">
         <div class="modal-content centered">
@@ -1219,6 +1221,16 @@ <h4 class="grey-text text-darken-3">git push<i class="mdi mdi-git right grey-tex
           <a onclick="gitpush()" class=" modal-action modal-close waves-effect waves-green btn-flat light-blue-text">OK</a>
         </div>
     </div>
+    <div id="modal_stash" class="modal">
+        <div class="modal-content">
+          <h4 class="grey-text text-darken-3">git stash<i class="mdi mdi-git right grey-text text-darken-3" style="font-size: 2.48rem;"></i></h4>
+          <p>Are you sure you want to stash your changes?</p>
+        </div>
+        <div class="modal-footer">
+          <a class=" modal-action modal-close waves-effect waves-red btn-flat light-blue-text">Cancel</a>
+          <a onclick="gitstash()" class=" modal-action modal-close waves-effect waves-green btn-flat light-blue-text">OK</a>
+        </div>
+    </div>
     <div id="modal_close" class="modal">
         <div class="modal-content">
             <h4 class="grey-text text-darken-3">Close File<i class="grey-text text-darken-3 material-icons right" style="font-size: 2.28rem;">close</i></h4>
@@ -2992,6 +3004,25 @@ <h4 class="grey-text text-darken-3"><a class="black-text" href="https://github.c
         }
     }
 
+    function gitstash() {
+        var path = document.getElementById("fbheader").innerHTML;
+        if (path.length > 0) {
+            data = new Object();
+            data.path = path;
+            $.post("api/stash", data).done(function(resp) {
+                if (resp.error) {
+                    var $toastContent = $("<div><pre>" + resp.message + "\n" + resp.path + "</pre></div>");
+                    Materialize.toast($toastContent, 5000);
+                }
+                else {
+                    var $toastContent = $("<div><pre>" + resp.message + "</pre></div>");
+                    Materialize.toast($toastContent, 5000);
+                    listdir(document.getElementById('fbheader').innerHTML);
+                }
+            });
+        }
+    }
+
     function checkout(branch) {
         var path = document.getElementById("fbheader").innerHTML;
         if (path.length > 0) {

From 158cd403978c40ee6dd6ca713c50010e10b88366 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Tue, 3 Jul 2018 22:01:13 +0200
Subject: [PATCH 04/33] Allow passing list-settings via env-variables as well
 (Issue #100)

---
 README.md       | 2 +-
 changelog.txt   | 2 +-
 configurator.py | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index dd6229d..1747e48 100644
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ There are no dependencies on Python modules that are not part of the standard li
 ### Configuration
 Near the top of the py-file you will find some global variables you can change to customize the configurator a little bit. If you are unfamiliar with Python: when setting variables of the type _string_, you have to write that within quotation marks. The default settings are fine for just checking this out quickly. With more customized setups you will have to change some settings though.  
 To keep your setting across updates it is also possible to save settings in an external file. In that case copy [settings.conf](https://github.com/danielperna84/hass-configurator/blob/master/settings.conf) whereever you like and append the full path to the file to the command when starting the configurator. E.g. `sudo .configurator.py /home/homeassistant/.homeassistant/mysettings.conf`. This file is in JSON format. So make sure it has a valid syntax (you can set the editor to JSON to get syntax highlighting for the settings). The major difference to the settings in the py-file is, that `None` becomes `null`.  
-Another way of passing settings (except those defined as lists like e.g. `ALLOWED_NETWORKS`) is by using [environment variables](https://en.wikipedia.org/wiki/Environment_variable). All settings passed via environment variables will overwrite the settings you have set in the `settings.conf` file. This allows you to provide settings in you systemd service file or the way it is usually done with Docker. The names of the environment variables have to be named exactly like the regular ones, prepended with the prefix `HC_`. You can customize this prefix in the `settings.conf` by setting `ENV_PREFIX` to something you like. `ENV_PREFIX` can not be set via environment variable.
+Another way of passing settings is by using [environment variables](https://en.wikipedia.org/wiki/Environment_variable). All settings passed via environment variables will overwrite the settings you have set in the `settings.conf` file. This allows you to provide settings in you systemd service file or the way it is usually done with Docker. The names of the environment variables have to be named exactly like the regular ones, prepended with the prefix `HC_`. You can customize this prefix in the `settings.conf` by setting `ENV_PREFIX` to something you like. `ENV_PREFIX` can not be set via environment variable. For settings that are usually defined as lists (`ALLOWED_NETWORKS` etc.) a comma is used as a separator for each value (e.g. `HC_ALLOWED_NETWORKS="127.0.0.1,192.168.0.0/16"`).
 
 #### LISTENIP (string)
 The IP address the service is listening on. By default it is binding to `0.0.0.0`, which is every IPv4 interface on the system. When using `::`, all available IPv6- and IPv4-addresses will be used.
diff --git a/changelog.txt b/changelog.txt
index f2068b7..8b72e45 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,5 +1,5 @@
 Version 0.3.0 (2018-)
-- Allow passing settings (except lists) via environment variables (Issue #100) @danielperna84
+- Allow passing settings via environment variables (Issue #100) @danielperna84
 - Added basic git stash functionality (Issue #16) @danielperna84
 
 Version 0.2.9 (2018-06-22)
diff --git a/configurator.py b/configurator.py
index 4cdd7cc..b90adf2 100755
--- a/configurator.py
+++ b/configurator.py
@@ -3399,6 +3399,7 @@ def load_settings(settingsfile):
     ENV_PREFIX = settings.get('ENV_PREFIX', ENV_PREFIX)
     for key, value in os.environ.items():
         if key.startswith(ENV_PREFIX):
+            print("Got setting: %s" % key)
             # Convert booleans
             if value in ['true', 'false', 'True', 'False']:
                 value = True if value in ['true', 'True'] else False
@@ -3408,6 +3409,10 @@ def load_settings(settingsfile):
             # Convert plain numbers
             elif value.isnumeric():
                 value = int(value)
+            # Make lists out of comma separated values for list-settings
+            elif key[len(ENV_PREFIX):] in ["ALLOWED_NETWORKS", "BANNED_IPS", "IGNORE_PATTERN"]:
+                print("got networks: %s" % value)
+                value = value.split(',')
             settings[key[len(ENV_PREFIX):]] = value
     LISTENIP = settings.get("LISTENIP", LISTENIP)
     LISTENPORT = settings.get("LISTENPORT", LISTENPORT)

From 60f256997998d0049bc3ae4333a316f6f212a0a9 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Wed, 4 Jul 2018 00:21:23 +0200
Subject: [PATCH 05/33] Log warnings when using insecure passwords (Issue #100)

---
 changelog.txt   |  1 +
 configurator.py | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/changelog.txt b/changelog.txt
index 8b72e45..b20a0fb 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,6 +1,7 @@
 Version 0.3.0 (2018-)
 - Allow passing settings via environment variables (Issue #100) @danielperna84
 - Added basic git stash functionality (Issue #16) @danielperna84
+- Logging warnings if used passwords are insecure (Issue #100) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index b90adf2..c6e400f 100755
--- a/configurator.py
+++ b/configurator.py
@@ -3432,6 +3432,10 @@ def load_settings(settingsfile):
     SESAME = settings.get("SESAME", SESAME)
     VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
 
+    if HASS_API_PASSWORD:
+        password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
+    if CREDENTIALS:
+        password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
 
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:
@@ -3516,6 +3520,27 @@ def get_html():
             LOG.warning("Delivering embedded HTML")
     return INDEX
 
+def password_problems(password, name="UNKNOWN"):
+    problems = 0
+    if password is None:
+        return problems
+    if len(password) < 8:
+        LOG.warning("Password %s is too short" % name)
+        problems += 1
+    if password.isalpha():
+        LOG.warning("Password %s does not contain digits" % name)
+        problems += 1
+    if password.isdigit():
+        LOG.warning("Password %s does not contain alphabetic characters" % name)
+        problems += 1
+    quota = len(set(password)) / len(password)
+    exp = len(password) ** len(set(password))
+    score = exp / quota / 8
+    if score < 65536:
+        LOG.warning("Password %s does not contain enough unique characters (%i)" % (name, len(set(password))))
+        problems += 1
+    return problems
+
 def check_access(clientip):
     global BANNED_IPS
     if clientip in BANNED_IPS:

From 2e87b7cf5fa7e6a20ddd52b844fe0167a020329a Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 5 Jul 2018 01:36:51 +0200
Subject: [PATCH 06/33] Checking SESAME as well (Issue #100)

---
 configurator.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configurator.py b/configurator.py
index c6e400f..73cc414 100755
--- a/configurator.py
+++ b/configurator.py
@@ -3436,6 +3436,8 @@ def load_settings(settingsfile):
         password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
     if CREDENTIALS:
         password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
+    if SESAME:
+        password_problems(SESAME, "SESAME")
 
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:

From 1f24c15b52db93ff71820ca566a753f50561b123 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 6 Jul 2018 20:50:37 +0200
Subject: [PATCH 07/33] Creating persistent notifications in HASS now (Issue
 #100)

---
 configurator.py | 113 +++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 88 insertions(+), 25 deletions(-)

diff --git a/configurator.py b/configurator.py
index 73cc414..67629a5 100755
--- a/configurator.py
+++ b/configurator.py
@@ -21,7 +21,7 @@
 from string import Template
 from http.server import BaseHTTPRequestHandler
 import urllib.request
-from urllib.parse import urlparse, parse_qs, unquote
+from urllib.parse import urlparse, parse_qs, unquote, urlencode
 
 
 ### Some options for you to change
@@ -3432,13 +3432,6 @@ def load_settings(settingsfile):
     SESAME = settings.get("SESAME", SESAME)
     VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
 
-    if HASS_API_PASSWORD:
-        password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
-    if CREDENTIALS:
-        password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
-    if SESAME:
-        password_problems(SESAME, "SESAME")
-
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:
         return True
@@ -3531,16 +3524,16 @@ def password_problems(password, name="UNKNOWN"):
         problems += 1
     if password.isalpha():
         LOG.warning("Password %s does not contain digits" % name)
-        problems += 1
+        problems += 2
     if password.isdigit():
         LOG.warning("Password %s does not contain alphabetic characters" % name)
-        problems += 1
+        problems += 4
     quota = len(set(password)) / len(password)
     exp = len(password) ** len(set(password))
     score = exp / quota / 8
     if score < 65536:
         LOG.warning("Password %s does not contain enough unique characters (%i)" % (name, len(set(password))))
-        problems += 1
+        problems += 8
     return problems
 
 def check_access(clientip):
@@ -3847,23 +3840,27 @@ def do_GET(self):
             events = "[]"
             states = "[]"
             try:
-                headers = {
-                    "Content-Type": "application/json"
-                }
-                if HASS_API_PASSWORD:
-                    headers["x-ha-access"] = HASS_API_PASSWORD
+                if HASS_API:
+                    headers = {
+                        "Content-Type": "application/json"
+                    }
+                    if HASS_API_PASSWORD:
+                        headers["x-ha-access"] = HASS_API_PASSWORD
 
-                req = urllib.request.Request("%sservices" % HASS_API, headers=headers, method='GET')
-                with urllib.request.urlopen(req) as response:
-                    services = response.read().decode('utf-8')
+                    req = urllib.request.Request("%sservices" % HASS_API,
+                                                headers=headers, method='GET')
+                    with urllib.request.urlopen(req) as response:
+                        services = response.read().decode('utf-8')
 
-                req = urllib.request.Request("%sevents" % HASS_API, headers=headers, method='GET')
-                with urllib.request.urlopen(req) as response:
-                    events = response.read().decode('utf-8')
+                    req = urllib.request.Request("%sevents" % HASS_API,
+                                                headers=headers, method='GET')
+                    with urllib.request.urlopen(req) as response:
+                        events = response.read().decode('utf-8')
 
-                req = urllib.request.Request("%sstates" % HASS_API, headers=headers, method='GET')
-                with urllib.request.urlopen(req) as response:
-                    states = response.read().decode('utf-8')
+                    req = urllib.request.Request("%sstates" % HASS_API,
+                                                headers=headers, method='GET')
+                    with urllib.request.urlopen(req) as response:
+                        states = response.read().decode('utf-8')
 
             except Exception as err:
                 LOG.warning("Exception getting bootstrap")
@@ -4507,6 +4504,32 @@ class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
     def __init__(self, server_address, RequestHandlerClass):
         socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass)
 
+def persistent_notification(title="HASS Configurator",
+                            message="Notification by HASS Configurator",
+                            notification_id="HC_PERSISTENT_NOTIFICATION"):
+    if not HASS_API:
+        return
+    headers = {
+        "Content-Type": "application/json"
+    }
+    data = {
+        "title": title,
+        "message": message,
+        "notification_id": notification_id
+    }
+    if HASS_API_PASSWORD:
+        headers["x-ha-access"] = HASS_API_PASSWORD
+    req = urllib.request.Request(
+        "%sservices/persistent_notification/create" % HASS_API,
+        data=bytes(json.dumps(data).encode('utf-8')),
+        headers=headers, method='POST')
+    try:
+        with urllib.request.urlopen(req) as response:
+            message = response.read().decode('utf-8')
+            LOG.debug(message)
+    except Exception as err:
+        LOG.warning("Exception while creating persistent notification: %s" % err)
+
 def main(args):
     global HTTPD, CREDENTIALS
     if args:
@@ -4514,6 +4537,46 @@ def main(args):
     else:
         load_settings(None)
     LOG.info("Starting server")
+
+    try:
+        problems = None
+        if HASS_API_PASSWORD:
+            problems = password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
+        if problems:
+            data = {
+                "title": "HASS Configurator - Password warning",
+                "message": "Your HASS API password seems insecure (%i). " \
+                "Refer to the HASS configurator logs for further information." % problems,
+                "notification_id": "HC_HASS_API_PASSWORD"
+            }
+            persistent_notification(**data)
+
+        problems = None
+        if SESAME:
+            problems = password_problems(SESAME, "SESAME")
+        if problems:
+            data = {
+                "title": "HASS Configurator - Password warning",
+                "message": "Your SESAME seems insecure (%i). " \
+                "Refer to the HASS configurator logs for further information." % problems,
+                "notification_id": "HC_SESAME"
+            }
+            persistent_notification(**data)
+
+        problems = None
+        if CREDENTIALS:
+            problems = password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
+        if problems:
+            data = {
+                "title": "HASS Configurator - Password warning",
+                "message": "Your CREDENTIALS seems insecure (%i). " \
+                "Refer to the HASS configurator logs for further information." % problems,
+                "notification_id": "HC_CREDENTIALS"
+            }
+            persistent_notification(**data)
+    except Exception as err:
+        LOG.warning("Exception while checking passwords: %s" % err)
+
     CustomServer = SimpleServer
     if ':' in LISTENIP:
         CustomServer.address_family = socket.AF_INET6

From ec852f05ad8fa796fb20d2761ea2e0c150ac0821 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 6 Jul 2018 20:59:31 +0200
Subject: [PATCH 08/33] Cleanup / Lint

---
 configurator.py | 91 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 62 insertions(+), 29 deletions(-)

diff --git a/configurator.py b/configurator.py
index 67629a5..27040c2 100755
--- a/configurator.py
+++ b/configurator.py
@@ -3399,7 +3399,6 @@ def load_settings(settingsfile):
     ENV_PREFIX = settings.get('ENV_PREFIX', ENV_PREFIX)
     for key, value in os.environ.items():
         if key.startswith(ENV_PREFIX):
-            print("Got setting: %s" % key)
             # Convert booleans
             if value in ['true', 'false', 'True', 'False']:
                 value = True if value in ['true', 'True'] else False
@@ -3411,7 +3410,6 @@ def load_settings(settingsfile):
                 value = int(value)
             # Make lists out of comma separated values for list-settings
             elif key[len(ENV_PREFIX):] in ["ALLOWED_NETWORKS", "BANNED_IPS", "IGNORE_PATTERN"]:
-                print("got networks: %s" % value)
                 value = value.split(',')
             settings[key[len(ENV_PREFIX):]] = value
     LISTENIP = settings.get("LISTENIP", LISTENIP)
@@ -3517,6 +3515,7 @@ def get_html():
 
 def password_problems(password, name="UNKNOWN"):
     problems = 0
+    password = str(password)
     if password is None:
         return problems
     if len(password) < 8:
@@ -3641,7 +3640,8 @@ def do_GET(self):
                 if dirpath:
                     dirpath = unquote(dirpath[0]).encode('utf-8')
                     if os.path.isdir(dirpath):
-                        if ENFORCE_BASEPATH and not is_safe_path(BASEPATH, dirpath):
+                        if ENFORCE_BASEPATH and not is_safe_path(BASEPATH,
+                                                                 dirpath):
                             raise OSError('Access denied.')
                         repo = None
                         activebranch = None
@@ -3649,7 +3649,8 @@ def do_GET(self):
                         branches = []
                         if REPO:
                             try:
-                                repo = REPO(dirpath.decode('utf-8'), search_parent_directories=True)
+                                repo = REPO(dirpath.decode('utf-8'),
+                                            search_parent_directories=True)
                                 activebranch = repo.active_branch.name
                                 dirty = repo.is_dirty()
                                 for branch in repo.branches:
@@ -3718,7 +3719,9 @@ def do_GET(self):
                 }
                 if HASS_API_PASSWORD:
                     headers["x-ha-access"] = HASS_API_PASSWORD
-                req = urllib.request.Request("%sservices/homeassistant/restart" % HASS_API, headers=headers, method='POST')
+                req = urllib.request.Request(
+                    "%sservices/homeassistant/restart" % HASS_API,
+                    headers=headers, method='POST')
                 with urllib.request.urlopen(req) as response:
                     res = json.loads(response.read().decode('utf-8'))
                     LOG.debug(res)
@@ -3738,7 +3741,9 @@ def do_GET(self):
                 }
                 if HASS_API_PASSWORD:
                     headers["x-ha-access"] = HASS_API_PASSWORD
-                req = urllib.request.Request("%sservices/homeassistant/check_config" % HASS_API, headers=headers, method='POST')
+                req = urllib.request.Request(
+                    "%sservices/homeassistant/check_config" % HASS_API,
+                    headers=headers, method='POST')
                 # with urllib.request.urlopen(req) as response:
                 #     print(json.loads(response.read().decode('utf-8')))
                 #     res['service'] = "called successfully"
@@ -3758,7 +3763,9 @@ def do_GET(self):
                 }
                 if HASS_API_PASSWORD:
                     headers["x-ha-access"] = HASS_API_PASSWORD
-                req = urllib.request.Request("%sservices/automation/reload" % HASS_API, headers=headers, method='POST')
+                req = urllib.request.Request(
+                    "%sservices/automation/reload" % HASS_API,
+                    headers=headers, method='POST')
                 with urllib.request.urlopen(req) as response:
                     LOG.debug(json.loads(response.read().decode('utf-8')))
                     res['service'] = "called successfully"
@@ -3778,7 +3785,9 @@ def do_GET(self):
                 }
                 if HASS_API_PASSWORD:
                     headers["x-ha-access"] = HASS_API_PASSWORD
-                req = urllib.request.Request("%sservices/script/reload" % HASS_API, headers=headers, method='POST')
+                req = urllib.request.Request(
+                    "%sservices/script/reload" % HASS_API,
+                    headers=headers, method='POST')
                 with urllib.request.urlopen(req) as response:
                     LOG.debug(json.loads(response.read().decode('utf-8')))
                     res['service'] = "called successfully"
@@ -3798,7 +3807,9 @@ def do_GET(self):
                 }
                 if HASS_API_PASSWORD:
                     headers["x-ha-access"] = HASS_API_PASSWORD
-                req = urllib.request.Request("%sservices/group/reload" % HASS_API, headers=headers, method='POST')
+                req = urllib.request.Request(
+                    "%sservices/group/reload" % HASS_API,
+                    headers=headers, method='POST')
                 with urllib.request.urlopen(req) as response:
                     LOG.debug(json.loads(response.read().decode('utf-8')))
                     res['service'] = "called successfully"
@@ -3818,7 +3829,9 @@ def do_GET(self):
                 }
                 if HASS_API_PASSWORD:
                     headers["x-ha-access"] = HASS_API_PASSWORD
-                req = urllib.request.Request("%sservices/homeassistant/reload_core_config" % HASS_API, headers=headers, method='POST')
+                req = urllib.request.Request(
+                    "%sservices/homeassistant/reload_core_config" % HASS_API,
+                    headers=headers, method='POST')
                 with urllib.request.urlopen(req) as response:
                     LOG.debug(json.loads(response.read().decode('utf-8')))
                     res['service'] = "called successfully"
@@ -3918,7 +3931,8 @@ def do_POST(self):
         length = int(self.headers['content-length'])
         if req.path.endswith('/api/save'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -3974,7 +3988,8 @@ def do_POST(self):
                 return
         elif req.path.endswith('/api/delete'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4008,7 +4023,8 @@ def do_POST(self):
                 response['message'] = "Missing filename or text"
         elif req.path.endswith('/api/exec_command'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4023,7 +4039,9 @@ def do_POST(self):
                                 timeout = int(postvars['timeout'][0])
                         try:
                             proc = subprocess.Popen(
-                                command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                                command,
+                                stdout=subprocess.PIPE,
+                                stderr=subprocess.PIPE)
                             stdout, stderr = proc.communicate(timeout=timeout)
                             self.send_response(200)
                             self.send_header('Content-type', 'text/json')
@@ -4055,7 +4073,8 @@ def do_POST(self):
                 response['message'] = "Missing command"
         elif req.path.endswith('/api/gitadd'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4064,7 +4083,8 @@ def do_POST(self):
                 if postvars['path']:
                     try:
                         addpath = unquote(postvars['path'][0])
-                        repo = REPO(addpath, search_parent_directories=True)
+                        repo = REPO(addpath,
+                                    search_parent_directories=True)
                         filepath = "/".join(addpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
                         response['path'] = filepath
                         try:
@@ -4088,7 +4108,8 @@ def do_POST(self):
                 response['message'] = "Missing filename"
         elif req.path.endswith('/api/commit'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4099,7 +4120,8 @@ def do_POST(self):
                         commitpath = unquote(postvars['path'][0])
                         response['path'] = commitpath
                         message = unquote(postvars['message'][0])
-                        repo = REPO(commitpath, search_parent_directories=True)
+                        repo = REPO(commitpath,
+                                    search_parent_directories=True)
                         try:
                             repo.index.commit(message)
                             response['error'] = False
@@ -4121,7 +4143,8 @@ def do_POST(self):
                 response['message'] = "Missing path"
         elif req.path.endswith('/api/checkout'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4132,7 +4155,8 @@ def do_POST(self):
                         branchpath = unquote(postvars['path'][0])
                         response['path'] = branchpath
                         branch = unquote(postvars['branch'][0])
-                        repo = REPO(branchpath, search_parent_directories=True)
+                        repo = REPO(branchpath,
+                                    search_parent_directories=True)
                         try:
                             head = [h for h in repo.heads if h.name == branch][0]
                             head.checkout()
@@ -4155,7 +4179,8 @@ def do_POST(self):
                 response['message'] = "Missing path or branch"
         elif req.path.endswith('/api/newbranch'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4166,7 +4191,8 @@ def do_POST(self):
                         branchpath = unquote(postvars['path'][0])
                         response['path'] = branchpath
                         branch = unquote(postvars['branch'][0])
-                        repo = REPO(branchpath, search_parent_directories=True)
+                        repo = REPO(branchpath,
+                                    search_parent_directories=True)
                         try:
                             repo.git.checkout("HEAD", b=branch)
                             response['error'] = False
@@ -4188,7 +4214,8 @@ def do_POST(self):
                 response['message'] = "Missing path or branch"
         elif req.path.endswith('/api/init'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4219,7 +4246,8 @@ def do_POST(self):
                 response['message'] = "Missing path or branch"
         elif req.path.endswith('/api/push'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4259,7 +4287,8 @@ def do_POST(self):
                 response['message'] = "Missing path or branch"
         elif req.path.endswith('/api/stash'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4291,7 +4320,8 @@ def do_POST(self):
                 response['message'] = "Missing path or branch"
         elif req.path.endswith('/api/newfolder'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4320,7 +4350,8 @@ def do_POST(self):
                         LOG.warning(err)
         elif req.path.endswith('/api/newfile'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4352,7 +4383,8 @@ def do_POST(self):
                 response['message'] = "Missing filename or text"
         elif req.path.endswith('/api/allowed_networks'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))
@@ -4389,7 +4421,8 @@ def do_POST(self):
                 response['message'] = "Missing network"
         elif req.path.endswith('/api/banned_ips'):
             try:
-                postvars = parse_qs(self.rfile.read(length).decode('utf-8'), keep_blank_values=1)
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
             except Exception as err:
                 LOG.warning(err)
                 response['message'] = "%s" % (str(err))

From b102e4eaad6e707fbd986b8c803cb1dea1690d8e Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 6 Jul 2018 21:02:02 +0200
Subject: [PATCH 09/33] Lint

---
 configurator.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/configurator.py b/configurator.py
index 27040c2..16a2c7c 100755
--- a/configurator.py
+++ b/configurator.py
@@ -21,7 +21,7 @@
 from string import Template
 from http.server import BaseHTTPRequestHandler
 import urllib.request
-from urllib.parse import urlparse, parse_qs, unquote, urlencode
+from urllib.parse import urlparse, parse_qs, unquote
 
 
 ### Some options for you to change
@@ -3861,17 +3861,17 @@ def do_GET(self):
                         headers["x-ha-access"] = HASS_API_PASSWORD
 
                     req = urllib.request.Request("%sservices" % HASS_API,
-                                                headers=headers, method='GET')
+                                                 headers=headers, method='GET')
                     with urllib.request.urlopen(req) as response:
                         services = response.read().decode('utf-8')
 
                     req = urllib.request.Request("%sevents" % HASS_API,
-                                                headers=headers, method='GET')
+                                                 headers=headers, method='GET')
                     with urllib.request.urlopen(req) as response:
                         events = response.read().decode('utf-8')
 
                     req = urllib.request.Request("%sstates" % HASS_API,
-                                                headers=headers, method='GET')
+                                                 headers=headers, method='GET')
                     with urllib.request.urlopen(req) as response:
                         states = response.read().decode('utf-8')
 

From 6eafd9af8b91b948906a40cd587087cf6f11fc10 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 6 Jul 2018 22:03:13 +0200
Subject: [PATCH 10/33] Switched to generic notify function

---
 configurator.py | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/configurator.py b/configurator.py
index 16a2c7c..2ca2667 100755
--- a/configurator.py
+++ b/configurator.py
@@ -4537,9 +4537,10 @@ class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
     def __init__(self, server_address, RequestHandlerClass):
         socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass)
 
-def persistent_notification(title="HASS Configurator",
-                            message="Notification by HASS Configurator",
-                            notification_id="HC_PERSISTENT_NOTIFICATION"):
+def notify(service="persistent_notification.create",
+           title="HASS Configurator",
+           message="Notification by HASS Configurator",
+           notification_id=None):
     if not HASS_API:
         return
     headers = {
@@ -4547,13 +4548,14 @@ def persistent_notification(title="HASS Configurator",
     }
     data = {
         "title": title,
-        "message": message,
-        "notification_id": notification_id
+        "message": message
     }
+    if notification_id:
+        data["notification_id"] = notification_id
     if HASS_API_PASSWORD:
         headers["x-ha-access"] = HASS_API_PASSWORD
     req = urllib.request.Request(
-        "%sservices/persistent_notification/create" % HASS_API,
+        "%sservices/%s" % (HASS_API, service.replace('.', '/')),
         data=bytes(json.dumps(data).encode('utf-8')),
         headers=headers, method='POST')
     try:
@@ -4561,7 +4563,7 @@ def persistent_notification(title="HASS Configurator",
             message = response.read().decode('utf-8')
             LOG.debug(message)
     except Exception as err:
-        LOG.warning("Exception while creating persistent notification: %s" % err)
+        LOG.warning("Exception while creating notification: %s" % err)
 
 def main(args):
     global HTTPD, CREDENTIALS
@@ -4582,7 +4584,7 @@ def main(args):
                 "Refer to the HASS configurator logs for further information." % problems,
                 "notification_id": "HC_HASS_API_PASSWORD"
             }
-            persistent_notification(**data)
+            notify(**data)
 
         problems = None
         if SESAME:
@@ -4594,7 +4596,7 @@ def main(args):
                 "Refer to the HASS configurator logs for further information." % problems,
                 "notification_id": "HC_SESAME"
             }
-            persistent_notification(**data)
+            notify(**data)
 
         problems = None
         if CREDENTIALS:
@@ -4606,7 +4608,7 @@ def main(args):
                 "Refer to the HASS configurator logs for further information." % problems,
                 "notification_id": "HC_CREDENTIALS"
             }
-            persistent_notification(**data)
+            notify(**data)
     except Exception as err:
         LOG.warning("Exception while checking passwords: %s" % err)
 

From a74ffff976965548283b3917883b2e37ee9c1444 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 6 Jul 2018 22:20:21 +0200
Subject: [PATCH 11/33] Support for custom notification services

---
 README.md       |  2 ++
 changelog.txt   |  1 +
 configurator.py | 13 ++++++++++---
 settings.conf   |  3 ++-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 1747e48..80fe163 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,8 @@ If set to _somesecretkeynobodycanguess_, you can browse to `https://your.configu
 HTTP requests include the hostname to which the request has been made. To improve security you can set this parameter to `yourdomain.example.com`. This will check if the hostname within the request matches the one you are expecting. If it does not match, a `403 Forbidden` response will be sent. As a result attackers that scan your IP address won't be able to connect unless they know the correct hostname. Be careful with this option though, because it prohibits you from accessing the configurator directly via IP.
 #### ENV_PREFIX (string)
 To modify the default prefix for settings passed as environment variables (`HC_`) change this setting to another value that meets your demands.
+#### NOTIFY_SERVICE (string)
+Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable!
  
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:
diff --git a/changelog.txt b/changelog.txt
index b20a0fb..dbc552d 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -2,6 +2,7 @@ Version 0.3.0 (2018-)
 - Allow passing settings via environment variables (Issue #100) @danielperna84
 - Added basic git stash functionality (Issue #16) @danielperna84
 - Logging warnings if used passwords are insecure (Issue #100) @danielperna84
+- Added NOTIFY_SERVICE option @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index 2ca2667..85c54e8 100755
--- a/configurator.py
+++ b/configurator.py
@@ -68,6 +68,9 @@
 VERIFY_HOSTNAME = None
 # Prefix for environment variables
 ENV_PREFIX = "HC_"
+# Notification service like `notify.mytelegram`. Default is `persistent_notification.create`
+NOTIFY_SERVICE_DEFAULT = "persistent_notification.create"
+NOTIFY_SERVICE = NOTIFY_SERVICE_DEFAULT
 ### End of options
 
 LOGLEVEL = logging.INFO
@@ -3386,7 +3389,7 @@ def load_settings(settingsfile):
     global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
-    ENV_PREFIX
+    ENV_PREFIX, NOTIFY_SERVICE
     settings = {}
     if settingsfile:
         try:
@@ -3429,6 +3432,7 @@ def load_settings(settingsfile):
     DIRSFIRST = settings.get("DIRSFIRST", DIRSFIRST)
     SESAME = settings.get("SESAME", SESAME)
     VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
+    NOTIFY_SERVICE = settings.get("NOTIFY_SERVICE", NOTIFY_SERVICE_DEFAULT)
 
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:
@@ -4537,7 +4541,7 @@ class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
     def __init__(self, server_address, RequestHandlerClass):
         socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass)
 
-def notify(service="persistent_notification.create",
+def notify(service=NOTIFY_SERVICE,
            title="HASS Configurator",
            message="Notification by HASS Configurator",
            notification_id=None):
@@ -4550,7 +4554,7 @@ def notify(service="persistent_notification.create",
         "title": title,
         "message": message
     }
-    if notification_id:
+    if notification_id and NOTIFY_SERVICE == NOTIFY_SERVICE_DEFAULT:
         data["notification_id"] = notification_id
     if HASS_API_PASSWORD:
         headers["x-ha-access"] = HASS_API_PASSWORD
@@ -4579,6 +4583,7 @@ def main(args):
             problems = password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
         if problems:
             data = {
+                "service": NOTIFY_SERVICE,
                 "title": "HASS Configurator - Password warning",
                 "message": "Your HASS API password seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,
@@ -4591,6 +4596,7 @@ def main(args):
             problems = password_problems(SESAME, "SESAME")
         if problems:
             data = {
+                "service": NOTIFY_SERVICE,
                 "title": "HASS Configurator - Password warning",
                 "message": "Your SESAME seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,
@@ -4603,6 +4609,7 @@ def main(args):
             problems = password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
         if problems:
             data = {
+                "service": NOTIFY_SERVICE,
                 "title": "HASS Configurator - Password warning",
                 "message": "Your CREDENTIALS seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,
diff --git a/settings.conf b/settings.conf
index f06c747..5075e07 100644
--- a/settings.conf
+++ b/settings.conf
@@ -15,5 +15,6 @@
     "DIRSFIRST": false,
     "SESAME": null,
     "VERIFY_HOSTNAME": null,
-    "ENV_PREFIX": "HC_"
+    "ENV_PREFIX": "HC_",
+    "NOTIFY_SERVICE": "persistent_notification.create"
 }

From e18b11deaecbca4605ae3f79d37ef173e7226a6e Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Mon, 9 Jul 2018 01:05:30 +0200
Subject: [PATCH 12/33] Cleanup and SESAME notification

---
 README.md       |  2 +-
 changelog.txt   |  2 +-
 configurator.py | 14 ++++++++------
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 80fe163..34892b3 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ HTTP requests include the hostname to which the request has been made. To improv
 #### ENV_PREFIX (string)
 To modify the default prefix for settings passed as environment variables (`HC_`) change this setting to another value that meets your demands.
 #### NOTIFY_SERVICE (string)
-Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable!
+Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable! You will be notified if your `HASS_API_PASSWORD`, `SESAME` or `CREDENTIALS` password seems insecure. Additionally a notification with the accessing IP will be sent every time the `SESAME` token has been used for whitelisting.
  
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:
diff --git a/changelog.txt b/changelog.txt
index dbc552d..a8fc9f0 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,8 +1,8 @@
 Version 0.3.0 (2018-)
 - Allow passing settings via environment variables (Issue #100) @danielperna84
 - Added basic git stash functionality (Issue #16) @danielperna84
-- Logging warnings if used passwords are insecure (Issue #100) @danielperna84
 - Added NOTIFY_SERVICE option @danielperna84
+- Notifying if used passwords are insecure (Issue #100) and if SESAME has been used @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index 85c54e8..4a12c84 100755
--- a/configurator.py
+++ b/configurator.py
@@ -3585,6 +3585,12 @@ def do_GET(self):
                 self.send_response(302)
                 self.send_header('Location', url)
                 self.end_headers()
+                data = {
+                    "title": "HASS Configurator - SESAME access",
+                    "message": "Your SESAME token has been used to whitelist " \
+                    "the IP address %s." % self.client_address[0]
+                }
+                notify(**data)
                 return
         if not check_access(self.client_address[0]):
             self.do_BLOCK()
@@ -4541,8 +4547,7 @@ class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
     def __init__(self, server_address, RequestHandlerClass):
         socketserver.TCPServer.__init__(self, server_address, RequestHandlerClass)
 
-def notify(service=NOTIFY_SERVICE,
-           title="HASS Configurator",
+def notify(title="HASS Configurator",
            message="Notification by HASS Configurator",
            notification_id=None):
     if not HASS_API:
@@ -4559,7 +4564,7 @@ def notify(service=NOTIFY_SERVICE,
     if HASS_API_PASSWORD:
         headers["x-ha-access"] = HASS_API_PASSWORD
     req = urllib.request.Request(
-        "%sservices/%s" % (HASS_API, service.replace('.', '/')),
+        "%sservices/%s" % (HASS_API, NOTIFY_SERVICE.replace('.', '/')),
         data=bytes(json.dumps(data).encode('utf-8')),
         headers=headers, method='POST')
     try:
@@ -4583,7 +4588,6 @@ def main(args):
             problems = password_problems(HASS_API_PASSWORD, "HASS_API_PASSWORD")
         if problems:
             data = {
-                "service": NOTIFY_SERVICE,
                 "title": "HASS Configurator - Password warning",
                 "message": "Your HASS API password seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,
@@ -4596,7 +4600,6 @@ def main(args):
             problems = password_problems(SESAME, "SESAME")
         if problems:
             data = {
-                "service": NOTIFY_SERVICE,
                 "title": "HASS Configurator - Password warning",
                 "message": "Your SESAME seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,
@@ -4609,7 +4612,6 @@ def main(args):
             problems = password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
         if problems:
             data = {
-                "service": NOTIFY_SERVICE,
                 "title": "HASS Configurator - Password warning",
                 "message": "Your CREDENTIALS seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,

From a48779f4e3866ac9c99e507b4b61daa6eed7cc20 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Mon, 9 Jul 2018 01:14:17 +0200
Subject: [PATCH 13/33] Allow disabeling notifications

---
 README.md       | 2 +-
 configurator.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 34892b3..e07d6a8 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ HTTP requests include the hostname to which the request has been made. To improv
 #### ENV_PREFIX (string)
 To modify the default prefix for settings passed as environment variables (`HC_`) change this setting to another value that meets your demands.
 #### NOTIFY_SERVICE (string)
-Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable! You will be notified if your `HASS_API_PASSWORD`, `SESAME` or `CREDENTIALS` password seems insecure. Additionally a notification with the accessing IP will be sent every time the `SESAME` token has been used for whitelisting.
+Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable! You will be notified if your `HASS_API_PASSWORD`, `SESAME` or `CREDENTIALS` password seems insecure. Additionally a notification with the accessing IP will be sent every time the `SESAME` token has been used for whitelisting. To disable this feature set the value to `False`.
  
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:
diff --git a/configurator.py b/configurator.py
index 4a12c84..6179c08 100755
--- a/configurator.py
+++ b/configurator.py
@@ -4550,7 +4550,7 @@ def __init__(self, server_address, RequestHandlerClass):
 def notify(title="HASS Configurator",
            message="Notification by HASS Configurator",
            notification_id=None):
-    if not HASS_API:
+    if not HASS_API or not NOTIFY_SERVICE:
         return
     headers = {
         "Content-Type": "application/json"

From 8e3aabb895ab36fdb4926cfea25d0f34e0ed48cd Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Tue, 10 Jul 2018 00:23:21 +0200
Subject: [PATCH 14/33] Replaced CREDENTIALS by USERNAME and PASSWORD

---
 README.md       |  6 +++++-
 configurator.py | 35 ++++++++++++++++++++++-------------
 settings.conf   |  3 ++-
 3 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index e07d6a8..052c1ca 100644
--- a/README.md
+++ b/README.md
@@ -52,8 +52,12 @@ If you're using SSL, set the paths to your SSL files here. This is similar to th
 The configurator fetches some data from your running HASS instance. If the API isn't available through the default URL, modify this variable to fix this.
 #### HASS_API_PASSWORD (string)
 If you plan on using the restart button, you have to set your API password. Calling the restart service of HASS is prohibited without authentication.
+#### USERNAME (string)
+If you want to enable [HTTP basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) you can set the desired username here. The `:` character is not allowed.
+#### PASSWORD (string)
+Set the password that should be used for authentication. Only if `USERNAME` __and__ `PASSWORD` are set authentication will be enabled.
 #### CREDENTIALS (string)
-Set credentials in the form of `"username:password"` if authentication should be required for access.
+The credentials in the form of `"username:password"` are now deprecated and should be removed from you configuration. Replace it by specifying `USERNAME` and `PASSWORD`. It will still work though to ensure backwards compatibility.
 #### ALLOWED_NETWORKS (list)
 Limit access to the configurator by adding allowed IP addresses / networks to the list, e.g `ALLOWED_NETWORKS = ["192.168.0.0/24", "172.16.47.23"]`. If you are using the [hass.io addon](https://www.home-assistant.io/addons/configurator/) of the configurator, add the docker-network `172.30.0.0/16` to this list.
 #### BANNED_IPS (list)
diff --git a/configurator.py b/configurator.py
index 6179c08..677bb14 100755
--- a/configurator.py
+++ b/configurator.py
@@ -42,8 +42,13 @@
 # If a password is required to access the API, set it in the form of "password"
 # if you have HA ignoring SSL locally this is not needed if on same machine.
 HASS_API_PASSWORD = None
-# Enable authentication, set the credentials in the form of "username:password"
+# Using the CREDENTIALS variable is deprecated.
+# It will still work though if USERNAME and PASSWORD are not set.
 CREDENTIALS = None
+# Set the username used for basic authentication.
+USERNAME = None
+# Set the password used for basic authentication.
+PASSWORD = None
 # Limit access to the configurator by adding allowed IP addresses / networks to
 # the list, e.g ALLOWED_NETWORKS = ["192.168.0.0/24", "172.16.47.23"]
 ALLOWED_NETWORKS = []
@@ -3389,7 +3394,7 @@ def load_settings(settingsfile):
     global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
-    ENV_PREFIX, NOTIFY_SERVICE
+    ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD
     settings = {}
     if settingsfile:
         try:
@@ -3433,6 +3438,11 @@ def load_settings(settingsfile):
     SESAME = settings.get("SESAME", SESAME)
     VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
     NOTIFY_SERVICE = settings.get("NOTIFY_SERVICE", NOTIFY_SERVICE_DEFAULT)
+    USERNAME = settings.get("USERNAME", USERNAME)
+    PASSWORD = settings.get("PASSWORD", PASSWORD)
+    if CREDENTIALS and (USERNAME is None or PASSWORD is None):
+        USERNAME = CREDENTIALS.split(":")[0]
+        PASSWORD = ":".join(CREDENTIALS.split(":")[1:])
 
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:
@@ -4485,16 +4495,16 @@ def do_AUTHHEAD(self):
         self.end_headers()
 
     def do_GET(self):
-        global CREDENTIALS
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
             return
         authorization = self.headers.get('Authorization', None)
+        token = base64.b64encode(bytes("%s:%s" % (USERNAME, PASSWORD), "utf-8"))
         if authorization is None:
             self.do_AUTHHEAD()
             self.wfile.write(bytes('no auth header received', 'utf-8'))
             pass
-        elif authorization == 'Basic %s' % CREDENTIALS.decode('utf-8'):
+        elif authorization == 'Basic %s' % token.decode('utf-8'):
             if BANLIMIT:
                 FAIL2BAN_IPS.pop(self.client_address[0], None)
             super().do_GET()
@@ -4513,16 +4523,16 @@ def do_GET(self):
             pass
 
     def do_POST(self):
-        global CREDENTIALS
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
             return
         authorization = self.headers.get('Authorization', None)
+        token = base64.b64encode(bytes("%s:%s" % (USERNAME, PASSWORD), "utf-8"))
         if authorization is None:
             self.do_AUTHHEAD()
             self.wfile.write(bytes('no auth header received', 'utf-8'))
             pass
-        elif authorization == 'Basic %s' % CREDENTIALS.decode('utf-8'):
+        elif authorization == 'Basic %s' % token.decode('utf-8'):
             if BANLIMIT:
                 FAIL2BAN_IPS.pop(self.client_address[0], None)
             super().do_POST()
@@ -4575,7 +4585,7 @@ def notify(title="HASS Configurator",
         LOG.warning("Exception while creating notification: %s" % err)
 
 def main(args):
-    global HTTPD, CREDENTIALS
+    global HTTPD
     if args:
         load_settings(args[0])
     else:
@@ -4608,14 +4618,14 @@ def main(args):
             notify(**data)
 
         problems = None
-        if CREDENTIALS:
-            problems = password_problems(":".join(CREDENTIALS.split(":")[1:]), "CREDENTIALS")
+        if PASSWORD:
+            problems = password_problems(PASSWORD, "PASSWORD")
         if problems:
             data = {
                 "title": "HASS Configurator - Password warning",
-                "message": "Your CREDENTIALS seems insecure (%i). " \
+                "message": "Your PASSWORD seems insecure (%i). " \
                 "Refer to the HASS configurator logs for further information." % problems,
-                "notification_id": "HC_CREDENTIALS"
+                "notification_id": "HC_PASSWORD"
             }
             notify(**data)
     except Exception as err:
@@ -4625,8 +4635,7 @@ def main(args):
     if ':' in LISTENIP:
         CustomServer.address_family = socket.AF_INET6
     server_address = (LISTENIP, LISTENPORT)
-    if CREDENTIALS:
-        CREDENTIALS = base64.b64encode(bytes(CREDENTIALS, "utf-8"))
+    if USERNAME and PASSWORD:
         Handler = AuthHandler
     else:
         Handler = RequestHandler
diff --git a/settings.conf b/settings.conf
index 5075e07..df49a93 100644
--- a/settings.conf
+++ b/settings.conf
@@ -7,7 +7,8 @@
     "SSL_KEY": null,
     "HASS_API": "http://127.0.0.1:8123/api/",
     "HASS_API_PASSWORD": null,
-    "CREDENTIALS": null,
+    "USERNAME": null,
+    "PASSWORD": null,
     "ALLOWED_NETWORKS": [],
     "BANNED_IPS": [],
     "BANLIMIT": 0,

From 2707ba5dccefbf339c39af8168b433c810523f1e Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Tue, 10 Jul 2018 01:00:15 +0200
Subject: [PATCH 15/33] PASSWORD can be provided as SHA256 optionally (Issue
 #100)

---
 README.md       |  2 +-
 configurator.py | 53 ++++++++++++++++++++++++++++++-------------------
 2 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 052c1ca..bef2a57 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you plan on using the restart button, you have to set your API password. Call
 #### USERNAME (string)
 If you want to enable [HTTP basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) you can set the desired username here. The `:` character is not allowed.
 #### PASSWORD (string)
-Set the password that should be used for authentication. Only if `USERNAME` __and__ `PASSWORD` are set authentication will be enabled.
+Set the password that should be used for authentication. Only if `USERNAME` __and__ `PASSWORD` are set authentication will be enabled. You may provide the password as a SHA256-hash with the prefix `{sha256}`. For example `PASSWORD = "test"` is functionally equal to `PASSWORD = "{sha256}9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"`. The hash will be converted to lower case automatically. Using the hash provides extra security by not exposing the actual password in plaintext in your configuration.
 #### CREDENTIALS (string)
 The credentials in the form of `"username:password"` are now deprecated and should be removed from you configuration. Replace it by specifying `USERNAME` and `PASSWORD`. It will still work though to ensure backwards compatibility.
 #### ALLOWED_NETWORKS (list)
diff --git a/configurator.py b/configurator.py
index 677bb14..f0dbde8 100755
--- a/configurator.py
+++ b/configurator.py
@@ -18,6 +18,7 @@
 import subprocess
 import logging
 import fnmatch
+import hashlib
 from string import Template
 from http.server import BaseHTTPRequestHandler
 import urllib.request
@@ -3443,6 +3444,8 @@ def load_settings(settingsfile):
     if CREDENTIALS and (USERNAME is None or PASSWORD is None):
         USERNAME = CREDENTIALS.split(":")[0]
         PASSWORD = ":".join(CREDENTIALS.split(":")[1:])
+    if PASSWORD and PASSWORD.startswith("{sha256}"):
+        PASSWORD = PASSWORD.lower()
 
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:
@@ -4498,18 +4501,24 @@ def do_GET(self):
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
             return
-        authorization = self.headers.get('Authorization', None)
-        token = base64.b64encode(bytes("%s:%s" % (USERNAME, PASSWORD), "utf-8"))
-        if authorization is None:
+        header = self.headers.get('Authorization', None)
+        if header is None:
             self.do_AUTHHEAD()
             self.wfile.write(bytes('no auth header received', 'utf-8'))
-            pass
-        elif authorization == 'Basic %s' % token.decode('utf-8'):
-            if BANLIMIT:
-                FAIL2BAN_IPS.pop(self.client_address[0], None)
-            super().do_GET()
-            pass
         else:
+            authorization = header.split()
+            if len(authorization) == 2 and authorization[0] == "Basic":
+                plain = base64.b64decode(authorization[1]).decode("utf-8")
+                parts = plain.split(':')
+                username = parts[0]
+                password = ":".join(parts[1:])
+                if PASSWORD.startswith("{sha256}"):
+                    password = "{sha256}%s" % hashlib.sha256(password.encode("utf-8")).hexdigest()
+                if username == USERNAME and password == PASSWORD:
+                    if BANLIMIT:
+                        FAIL2BAN_IPS.pop(self.client_address[0], None)
+                    super().do_GET()
+                    return
             if BANLIMIT:
                 bancounter = FAIL2BAN_IPS.get(self.client_address[0], 1)
                 if bancounter >= BANLIMIT:
@@ -4520,24 +4529,29 @@ def do_GET(self):
                     FAIL2BAN_IPS[self.client_address[0]] = bancounter + 1
             self.do_AUTHHEAD()
             self.wfile.write(bytes('Authentication required', 'utf-8'))
-            pass
 
     def do_POST(self):
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
             return
-        authorization = self.headers.get('Authorization', None)
-        token = base64.b64encode(bytes("%s:%s" % (USERNAME, PASSWORD), "utf-8"))
-        if authorization is None:
+        header = self.headers.get('Authorization', None)
+        if header is None:
             self.do_AUTHHEAD()
             self.wfile.write(bytes('no auth header received', 'utf-8'))
-            pass
-        elif authorization == 'Basic %s' % token.decode('utf-8'):
-            if BANLIMIT:
-                FAIL2BAN_IPS.pop(self.client_address[0], None)
-            super().do_POST()
-            pass
         else:
+            authorization = header.split()
+            if len(authorization) == 2 and authorization[0] == "Basic":
+                plain = base64.b64decode(authorization[1]).decode("utf-8")
+                parts = plain.split(':')
+                username = parts[0]
+                password = ":".join(parts[1:])
+                if PASSWORD.startswith("{sha256}"):
+                    password = "{sha256}%s" % hashlib.sha256(password.encode("utf-8")).hexdigest()
+                if username == USERNAME and password == PASSWORD:
+                    if BANLIMIT:
+                        FAIL2BAN_IPS.pop(self.client_address[0], None)
+                    super().do_POST()
+                    return
             if BANLIMIT:
                 bancounter = FAIL2BAN_IPS.get(self.client_address[0], 1)
                 if bancounter >= BANLIMIT:
@@ -4548,7 +4562,6 @@ def do_POST(self):
                     FAIL2BAN_IPS[self.client_address[0]] = bancounter + 1
             self.do_AUTHHEAD()
             self.wfile.write(bytes('Authentication required', 'utf-8'))
-            pass
 
 class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
     daemon_threads = True

From 04b5fbefc990c8736762694db3f0cf1fa0988cb1 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Tue, 10 Jul 2018 01:04:12 +0200
Subject: [PATCH 16/33] Updated changelog

---
 changelog.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/changelog.txt b/changelog.txt
index a8fc9f0..68fb782 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -3,6 +3,8 @@ Version 0.3.0 (2018-)
 - Added basic git stash functionality (Issue #16) @danielperna84
 - Added NOTIFY_SERVICE option @danielperna84
 - Notifying if used passwords are insecure (Issue #100) and if SESAME has been used @danielperna84
+- CREDENTIALS setting replaced by USERNAME and PASSWORD @danielperna84
+- PASSWORD can optionally be provided as SHA256 hash (Issue #100) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84

From ae9b64550023eadf9c3791c9b12aaa9c02a03033 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Tue, 10 Jul 2018 01:09:28 +0200
Subject: [PATCH 17/33] Fix text

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index bef2a57..82a71b4 100644
--- a/README.md
+++ b/README.md
@@ -80,7 +80,7 @@ HTTP requests include the hostname to which the request has been made. To improv
 #### ENV_PREFIX (string)
 To modify the default prefix for settings passed as environment variables (`HC_`) change this setting to another value that meets your demands.
 #### NOTIFY_SERVICE (string)
-Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable! You will be notified if your `HASS_API_PASSWORD`, `SESAME` or `CREDENTIALS` password seems insecure. Additionally a notification with the accessing IP will be sent every time the `SESAME` token has been used for whitelisting. To disable this feature set the value to `False`.
+Define a notification service from your Home Assistant setup that should be used to send notifications, e.g. `notify.mytelegram`. The default is `persistent_notification.create`. Do __NOT__ change the value of the `NOTIFY_SERVICE_DEFAULT` variable! You will be notified if your `HASS_API_PASSWORD`, `SESAME` or `PASSWORD` password seems insecure. Additionally a notification with the accessing IP will be sent every time the `SESAME` token has been used for whitelisting. To disable this feature set the value to `False`.
  
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:

From b04eb10682d428efc5a617401d763c9d9a7c0a9b Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Wed, 11 Jul 2018 01:05:33 +0200
Subject: [PATCH 18/33] Added SESAME_TOTP_SECRET (Issue #100)

---
 README.md       |  2 ++
 changelog.txt   |  1 +
 configurator.py | 26 +++++++++++++++++++++-----
 settings.conf   |  1 +
 4 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 82a71b4..63f66c4 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,8 @@ Verify, that the user that is running the configurator is allowed to push withou
 If set to `true`, directories will be displayed at the top.
 #### SESAME (string)
 If set to _somesecretkeynobodycanguess_, you can browse to `https://your.configurator:3218/somesecretkeynobodycanguess` from any IP, and it will be removed from the `BANNED_IPS` list (in case it has been banned before) and added to the `ALLOWED_NETWORKS` list. Once the request has been processed you will automatically be redirected to the configurator. Think of this as dynamically allowing access from untrusted IPs by providing a secret key (_open sesame!_). Keep in mind, that once the IP has been added, you will either have to restart the configurator or manually remove the IP through the _Network status_ to revoke access.
+#### SESAME_TOTP_SECRET (string)
+Instead of or additionally to the `SESAME` token you may also specify a [Base32](https://en.wikipedia.org/wiki/Base32) encoded string that serves as the token for time based OTP (one time password) IP whitelisting. It works like the regular `SESAME`, but the request path that whitelists your IP changes every 30 seconds. You can add the `SESAME_TOTP_SECRET` to most of the available OTP-Apps (Google Authenticator and alike) and just append the 6-digit number to the URI where your configurator is reachable. For this to work the [pyotp](https://github.com/pyotp/pyotp) module has to be installed.
 #### VERIFY_HOSTNAME (string)
 HTTP requests include the hostname to which the request has been made. To improve security you can set this parameter to `yourdomain.example.com`. This will check if the hostname within the request matches the one you are expecting. If it does not match, a `403 Forbidden` response will be sent. As a result attackers that scan your IP address won't be able to connect unless they know the correct hostname. Be careful with this option though, because it prohibits you from accessing the configurator directly via IP.
 #### ENV_PREFIX (string)
diff --git a/changelog.txt b/changelog.txt
index 68fb782..88cd4c9 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -5,6 +5,7 @@ Version 0.3.0 (2018-)
 - Notifying if used passwords are insecure (Issue #100) and if SESAME has been used @danielperna84
 - CREDENTIALS setting replaced by USERNAME and PASSWORD @danielperna84
 - PASSWORD can optionally be provided as SHA256 hash (Issue #100) @danielperna84
+- Added SESAME_TOTP_SECRET for TOTP based IP whitelisting (Issue #100) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index f0dbde8..dbb667a 100755
--- a/configurator.py
+++ b/configurator.py
@@ -69,6 +69,9 @@
 # Sesame token. Browse to the configurator URL + /secrettoken to unban your
 # client IP and add it to the list of allowed IPs.
 SESAME = None
+# Instead of a static SESAME token you may also use a TOTP based token that
+# changes every 30 seconds. The value needs to be a base 32 encoded string.
+SESAME_TOTP_SECRET = None
 # Verify the hostname used in the request. Block access if it doesn't match
 # this value
 VERIFY_HOSTNAME = None
@@ -91,14 +94,16 @@
 VERSION = "0.3.0"
 BASEDIR = "."
 DEV = False
+TOTP = None
 HTTPD = None
 FAIL2BAN_IPS = {}
 REPO = False
 if GIT:
     try:
         from git import Repo as REPO
-    except Exception:
+    except ImportError:
         LOG.warning("Unable to import Git module")
+
 INDEX = Template(r"""<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -3395,7 +3400,7 @@ def load_settings(settingsfile):
     global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
-    ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD
+    ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD, SESAME_TOTP_SECRET, TOTP
     settings = {}
     if settingsfile:
         try:
@@ -3437,6 +3442,7 @@ def load_settings(settingsfile):
     IGNORE_PATTERN = settings.get("IGNORE_PATTERN", IGNORE_PATTERN)
     DIRSFIRST = settings.get("DIRSFIRST", DIRSFIRST)
     SESAME = settings.get("SESAME", SESAME)
+    SESAME_TOTP_SECRET = settings.get("SESAME_TOTP_SECRET", SESAME_TOTP_SECRET)
     VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
     NOTIFY_SERVICE = settings.get("NOTIFY_SERVICE", NOTIFY_SERVICE_DEFAULT)
     USERNAME = settings.get("USERNAME", USERNAME)
@@ -3446,6 +3452,14 @@ def load_settings(settingsfile):
         PASSWORD = ":".join(CREDENTIALS.split(":")[1:])
     if PASSWORD and PASSWORD.startswith("{sha256}"):
         PASSWORD = PASSWORD.lower()
+    if SESAME_TOTP_SECRET:
+        try:
+            import pyotp
+            TOTP = pyotp.TOTP(SESAME_TOTP_SECRET)
+        except ImportError:
+            LOG.warning("Unable to import pyotp module")
+        except Exception as err:
+            LOG.warning("Unable to create TOTP object: %s" % err)
 
 def is_safe_path(basedir, path, follow_symlinks=True):
     if basedir is None:
@@ -3588,13 +3602,14 @@ def do_GET(self):
             self.do_BLOCK(403, "Forbidden")
             return
         req = urlparse(self.path)
-        if SESAME:
-            if req.path.endswith("/%s" % SESAME):
+        if SESAME or TOTP:
+            chunk = req.path.split("/")[-1]
+            if chunk == SESAME or TOTP.verify(chunk):
                 if self.client_address[0] not in ALLOWED_NETWORKS:
                     ALLOWED_NETWORKS.append(self.client_address[0])
                 if self.client_address[0] in BANNED_IPS:
                     BANNED_IPS.remove(self.client_address[0])
-                url = req.path[:req.path.rfind(SESAME)]
+                url = req.path[:req.path.rfind(chunk)]
                 self.send_response(302)
                 self.send_header('Location', url)
                 self.end_headers()
@@ -4590,6 +4605,7 @@ def notify(title="HASS Configurator",
         "%sservices/%s" % (HASS_API, NOTIFY_SERVICE.replace('.', '/')),
         data=bytes(json.dumps(data).encode('utf-8')),
         headers=headers, method='POST')
+    LOG.info("%s" % data)
     try:
         with urllib.request.urlopen(req) as response:
             message = response.read().decode('utf-8')
diff --git a/settings.conf b/settings.conf
index df49a93..d3d74c2 100644
--- a/settings.conf
+++ b/settings.conf
@@ -15,6 +15,7 @@
     "IGNORE_PATTERN": [],
     "DIRSFIRST": false,
     "SESAME": null,
+    "SESAME_TOTP_SECRET": null,
     "VERIFY_HOSTNAME": null,
     "ENV_PREFIX": "HC_",
     "NOTIFY_SERVICE": "persistent_notification.create"

From a8fbb22feae8299ebca27fded99b4e08b46347d6 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Wed, 11 Jul 2018 23:51:22 +0200
Subject: [PATCH 19/33] Added git diff functionality (Issue #16)

---
 changelog.txt   |  1 +
 configurator.py | 63 +++++++++++++++++++++++++++++++++++++++++++++++++
 dev.html        | 28 ++++++++++++++++++++++
 3 files changed, 92 insertions(+)

diff --git a/changelog.txt b/changelog.txt
index 88cd4c9..133dc47 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -6,6 +6,7 @@ Version 0.3.0 (2018-)
 - CREDENTIALS setting replaced by USERNAME and PASSWORD @danielperna84
 - PASSWORD can optionally be provided as SHA256 hash (Issue #100) @danielperna84
 - Added SESAME_TOTP_SECRET for TOTP based IP whitelisting (Issue #100) @danielperna84
+- Added git diff functionality (Issue #16) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index dbb667a..53f51a4 100755
--- a/configurator.py
+++ b/configurator.py
@@ -2562,6 +2562,14 @@
                 dd_gitadd_a.innerHTML = "git add";
                 dd_gitadd.appendChild(dd_gitadd_a);
                 dropdown.appendChild(dd_gitadd);
+                // git diff button
+                var dd_gitdiff = document.createElement('li');
+                var dd_gitdiff_a = document.createElement('a');
+                dd_gitdiff_a.classList.add('waves-effect', 'fb_dd', 'modal-trigger');
+                dd_gitdiff_a.setAttribute('onclick', "gitdiff()");
+                dd_gitdiff_a.innerHTML = "git diff";
+                dd_gitdiff.appendChild(dd_gitdiff_a);
+                dropdown.appendChild(dd_gitdiff);
             }
         }
 
@@ -3051,6 +3059,26 @@
         }
     }
 
+    function gitdiff() {
+        var path = document.getElementById('fb_currentfile').value;
+        closefile();
+        if (path.length > 0) {
+            data = new Object();
+            data.path = path;
+            $.post("api/gitdiff", data).done(function(resp) {
+                if (resp.error) {
+                    var $toastContent = $("<div><pre>" + resp.message + "\n" + resp.path + "</pre></div>");
+                    Materialize.toast($toastContent, 5000);
+                }
+                else {
+                    editor.setOption('mode', modemapping['diff']);
+                    editor.getSession().setValue(resp.message, -1);
+                    editor.session.getUndoManager().markClean();
+                }
+            });
+        }
+    }
+
     function gitinit() {
         var path = document.getElementById("fbheader").innerHTML;
         if (path.length > 0) {
@@ -4144,6 +4172,41 @@ def do_POST(self):
                         LOG.warning(err)
             else:
                 response['message'] = "Missing filename"
+        elif req.path.endswith('/api/gitdiff'):
+            try:
+                postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
+                                    keep_blank_values=1)
+            except Exception as err:
+                LOG.warning(err)
+                response['message'] = "%s" % (str(err))
+                postvars = {}
+            if 'path' in postvars.keys():
+                if postvars['path']:
+                    try:
+                        diffpath = unquote(postvars['path'][0])
+                        repo = REPO(diffpath,
+                                    search_parent_directories=True)
+                        filepath = "/".join(diffpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
+                        response['path'] = filepath
+                        try:
+                            diff = repo.index.diff(None, create_patch=True, paths=filepath)[0].diff.decode("utf-8")
+                            response['error'] = False
+                            response['message'] = diff
+                            self.send_response(200)
+                            self.send_header('Content-type', 'text/json')
+                            self.end_headers()
+                            self.wfile.write(bytes(json.dumps(response), "utf8"))
+                            return
+                        except Exception as err:
+                            LOG.warning(err)
+                            response['error'] = True
+                            response['message'] = str(err)
+
+                    except Exception as err:
+                        response['message'] = "%s" % (str(err))
+                        LOG.warning(err)
+            else:
+                response['message'] = "Missing filename"
         elif req.path.endswith('/api/commit'):
             try:
                 postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
diff --git a/dev.html b/dev.html
index 3121431..e59714a 100644
--- a/dev.html
+++ b/dev.html
@@ -2456,6 +2456,14 @@ <h4 class="grey-text text-darken-3"><a class="black-text" href="https://github.c
                 dd_gitadd_a.innerHTML = "git add";
                 dd_gitadd.appendChild(dd_gitadd_a);
                 dropdown.appendChild(dd_gitadd);
+                // git diff button
+                var dd_gitdiff = document.createElement('li');
+                var dd_gitdiff_a = document.createElement('a');
+                dd_gitdiff_a.classList.add('waves-effect', 'fb_dd', 'modal-trigger');
+                dd_gitdiff_a.setAttribute('onclick', "gitdiff()");
+                dd_gitdiff_a.innerHTML = "git diff";
+                dd_gitdiff.appendChild(dd_gitdiff_a);
+                dropdown.appendChild(dd_gitdiff);
             }
         }
 
@@ -2945,6 +2953,26 @@ <h4 class="grey-text text-darken-3"><a class="black-text" href="https://github.c
         }
     }
 
+    function gitdiff() {
+        var path = document.getElementById('fb_currentfile').value;
+        closefile();
+        if (path.length > 0) {
+            data = new Object();
+            data.path = path;
+            $.post("api/gitdiff", data).done(function(resp) {
+                if (resp.error) {
+                    var $toastContent = $("<div><pre>" + resp.message + "\n" + resp.path + "</pre></div>");
+                    Materialize.toast($toastContent, 5000);
+                }
+                else {
+                    editor.setOption('mode', modemapping['diff']);
+                    editor.getSession().setValue(resp.message, -1);
+                    editor.session.getUndoManager().markClean();
+                }
+            });
+        }
+    }
+
     function gitinit() {
         var path = document.getElementById("fbheader").innerHTML;
         if (path.length > 0) {

From 196e44456d68b10c14aa0a29f71c3f4a8cf1d4db Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 00:17:28 +0200
Subject: [PATCH 20/33] Colored menu button as version indicator

---
 changelog.txt   | 1 +
 configurator.py | 6 +++---
 dev.html        | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/changelog.txt b/changelog.txt
index 133dc47..94ffab1 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -7,6 +7,7 @@ Version 0.3.0 (2018-)
 - PASSWORD can optionally be provided as SHA256 hash (Issue #100) @danielperna84
 - Added SESAME_TOTP_SECRET for TOTP based IP whitelisting (Issue #100) @danielperna84
 - Added git diff functionality (Issue #16) @danielperna84
+- Red colored menu button as indicator for outdated version @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index 53f51a4..2784335 100755
--- a/configurator.py
+++ b/configurator.py
@@ -659,7 +659,7 @@
                     <li><a class="waves-effect waves-light tooltipped hide-on-small-only markdirty hidesave" data-position="bottom" data-delay="500" data-tooltip="Save" onclick="save_check()"><i class="material-icons">save</i></a></li>
                     <li><a class="waves-effect waves-light tooltipped hide-on-small-only modal-trigger" data-position="bottom" data-delay="500" data-tooltip="Close" href="#modal_close"><i class="material-icons">close</i></a></li>
                     <li><a class="waves-effect waves-light tooltipped hide-on-small-only" data-position="bottom" data-delay="500" data-tooltip="Search" onclick="editor.execCommand('replace')"><i class="material-icons">search</i></a></li>
-                    <li><a class="waves-effect waves-light dropdown-button hide-on-small-only" data-activates="dropdown_menu" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
+                    <li><a class="waves-effect waves-light dropdown-button hide-on-small-only $versionclass" data-activates="dropdown_menu" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up markdirty hidesave" onclick="save_check()"><i class="material-icons">save</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up modal-trigger" href="#modal_close"><i class="material-icons">close</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up" onclick="editor.execCommand('replace')"><i class="material-icons">search</i></a></li>
@@ -3945,12 +3945,12 @@ def do_GET(self):
                 LOG.warning("Exception getting bootstrap")
                 LOG.warning(err)
 
-            color = "green"
+            color = ""
             try:
                 response = urllib.request.urlopen(RELEASEURL)
                 latest = json.loads(response.read().decode('utf-8'))['tag_name']
                 if VERSION != latest:
-                    color = "red"
+                    color = "red-text"
             except Exception as err:
                 LOG.warning("Exception getting release")
                 LOG.warning(err)
diff --git a/dev.html b/dev.html
index e59714a..9750612 100644
--- a/dev.html
+++ b/dev.html
@@ -553,7 +553,7 @@
                     <li><a class="waves-effect waves-light tooltipped hide-on-small-only markdirty hidesave" data-position="bottom" data-delay="500" data-tooltip="Save" onclick="save_check()"><i class="material-icons">save</i></a></li>
                     <li><a class="waves-effect waves-light tooltipped hide-on-small-only modal-trigger" data-position="bottom" data-delay="500" data-tooltip="Close" href="#modal_close"><i class="material-icons">close</i></a></li>
                     <li><a class="waves-effect waves-light tooltipped hide-on-small-only" data-position="bottom" data-delay="500" data-tooltip="Search" onclick="editor.execCommand('replace')"><i class="material-icons">search</i></a></li>
-                    <li><a class="waves-effect waves-light dropdown-button hide-on-small-only" data-activates="dropdown_menu" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
+                    <li><a class="waves-effect waves-light dropdown-button hide-on-small-only $versionclass" data-activates="dropdown_menu" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up markdirty hidesave" onclick="save_check()"><i class="material-icons">save</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up modal-trigger" href="#modal_close"><i class="material-icons">close</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up" onclick="editor.execCommand('replace')"><i class="material-icons">search</i></a></li>

From f287de77b851da28805b682f75e459796236a6b9 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 21:16:25 +0200
Subject: [PATCH 21/33] Nicer diff error when no diff available

---
 configurator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configurator.py b/configurator.py
index 2784335..2df406f 100755
--- a/configurator.py
+++ b/configurator.py
@@ -4200,7 +4200,7 @@ def do_POST(self):
                         except Exception as err:
                             LOG.warning(err)
                             response['error'] = True
-                            response['message'] = str(err)
+                            response['message'] = "Unable to load diff: %s" % str(err)
 
                     except Exception as err:
                         response['message'] = "%s" % (str(err))

From 39b567845a9db60525595807436c3bc9e4570680 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 21:34:04 +0200
Subject: [PATCH 22/33] Trun on/off git via settings/environment

---
 README.md       |  2 +-
 configurator.py | 25 ++++++++++++++++++-------
 settings.conf   |  1 +
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 63f66c4..667a59c 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ Ban IPs after n failed login attempts. Restart service to reset banning. The def
 Files and folders to ignore in the UI, e.g. `IGNORE_PATTERN = [".*", "*.log", "__pycache__"]`
 #### GIT (bool)
 Set this variable to `True` to enable Git integration. This feature requires [GitPython](https://gitpython.readthedocs.io)
- to be installed on the system that is running the configurator. For thechnical reasons this feature can't be enabled with a static configuration file.  
+ to be installed on the system that is running the configurator.  
 To push local commits to a remote repository, you have to add the remote manually: `git remote add origin ssh://somehost:/user/repo.git`  
 Verify, that the user that is running the configurator is allowed to push without any interaction (by using SSH PubKey authentication for example).
 #### DIRSFIRST (bool)
diff --git a/configurator.py b/configurator.py
index 2df406f..9b6e14d 100755
--- a/configurator.py
+++ b/configurator.py
@@ -97,12 +97,7 @@
 TOTP = None
 HTTPD = None
 FAIL2BAN_IPS = {}
-REPO = False
-if GIT:
-    try:
-        from git import Repo as REPO
-    except ImportError:
-        LOG.warning("Unable to import Git module")
+REPO = None
 
 INDEX = Template(r"""<!DOCTYPE html>
 <html lang="en">
@@ -3428,7 +3423,8 @@ def load_settings(settingsfile):
     global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
-    ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD, SESAME_TOTP_SECRET, TOTP
+    ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD, SESAME_TOTP_SECRET, TOTP, \
+    GIT, REPO
     settings = {}
     if settingsfile:
         try:
@@ -3454,6 +3450,13 @@ def load_settings(settingsfile):
             elif key[len(ENV_PREFIX):] in ["ALLOWED_NETWORKS", "BANNED_IPS", "IGNORE_PATTERN"]:
                 value = value.split(',')
             settings[key[len(ENV_PREFIX):]] = value
+    GIT = settings.get("GIT", GIT)
+    if GIT:
+        try:
+            # pylint: disable=redefined-outer-name
+            from git import Repo as REPO
+        except ImportError:
+            LOG.warning("Unable to import Git module")
     LISTENIP = settings.get("LISTENIP", LISTENIP)
     LISTENPORT = settings.get("LISTENPORT", LISTENPORT)
     BASEPATH = settings.get("BASEPATH", BASEPATH)
@@ -3715,6 +3718,7 @@ def do_GET(self):
                         branches = []
                         if REPO:
                             try:
+                                # pylint: disable=not-callable
                                 repo = REPO(dirpath.decode('utf-8'),
                                             search_parent_directories=True)
                                 activebranch = repo.active_branch.name
@@ -4149,6 +4153,7 @@ def do_POST(self):
                 if postvars['path']:
                     try:
                         addpath = unquote(postvars['path'][0])
+                        # pylint: disable=not-callable
                         repo = REPO(addpath,
                                     search_parent_directories=True)
                         filepath = "/".join(addpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
@@ -4184,6 +4189,7 @@ def do_POST(self):
                 if postvars['path']:
                     try:
                         diffpath = unquote(postvars['path'][0])
+                        # pylint: disable=not-callable
                         repo = REPO(diffpath,
                                     search_parent_directories=True)
                         filepath = "/".join(diffpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
@@ -4221,6 +4227,7 @@ def do_POST(self):
                         commitpath = unquote(postvars['path'][0])
                         response['path'] = commitpath
                         message = unquote(postvars['message'][0])
+                        # pylint: disable=not-callable
                         repo = REPO(commitpath,
                                     search_parent_directories=True)
                         try:
@@ -4256,6 +4263,7 @@ def do_POST(self):
                         branchpath = unquote(postvars['path'][0])
                         response['path'] = branchpath
                         branch = unquote(postvars['branch'][0])
+                        # pylint: disable=not-callable
                         repo = REPO(branchpath,
                                     search_parent_directories=True)
                         try:
@@ -4292,6 +4300,7 @@ def do_POST(self):
                         branchpath = unquote(postvars['path'][0])
                         response['path'] = branchpath
                         branch = unquote(postvars['branch'][0])
+                        # pylint: disable=not-callable
                         repo = REPO(branchpath,
                                     search_parent_directories=True)
                         try:
@@ -4359,6 +4368,7 @@ def do_POST(self):
                         repopath = unquote(postvars['path'][0])
                         response['path'] = repopath
                         try:
+                            # pylint: disable=not-callable
                             repo = REPO(repopath)
                             urls = []
                             if repo.remotes:
@@ -4400,6 +4410,7 @@ def do_POST(self):
                         repopath = unquote(postvars['path'][0])
                         response['path'] = repopath
                         try:
+                            # pylint: disable=not-callable
                             repo = REPO(repopath)
                             returnvalue = repo.git.stash()
                             response['error'] = False
diff --git a/settings.conf b/settings.conf
index d3d74c2..77ae050 100644
--- a/settings.conf
+++ b/settings.conf
@@ -1,6 +1,7 @@
 {
     "LISTENIP": "0.0.0.0",
     "LISTENPORT": 3218,
+    "GIT": false,
     "BASEPATH": null,
     "ENFORCE_BASEPATH": false,
     "SSL_CERTIFICATE": null,

From fa9d0d3ee443b5093e41d13e009476e7b92901c3 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 21:46:42 +0200
Subject: [PATCH 23/33] Renamed LISTENPORT to PORT

---
 README.md       |  4 ++--
 configurator.py | 15 +++++++++------
 settings.conf   |  2 +-
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 667a59c..acbec62 100644
--- a/README.md
+++ b/README.md
@@ -40,8 +40,8 @@ Another way of passing settings is by using [environment variables](https://en.w
 
 #### LISTENIP (string)
 The IP address the service is listening on. By default it is binding to `0.0.0.0`, which is every IPv4 interface on the system. When using `::`, all available IPv6- and IPv4-addresses will be used.
-#### LISTENPORT (integer)
-The port the service is listening on. By default it is using 3218, but you can change this if you need to.
+#### PORT (integer)
+The port the service is listening on. By default it is using 3218, but you can change this if you need to. The former setting `LISTENPORT` still works but is deprecated. Please change your settings accordingly.
 #### BASEPATH (string)
 It is possible to place configurator.py somewhere else. Set the `BASEPATH` to something like `"/home/homeassistant/.homeassistant"`, and no matter where you are running the configurator from, it will start serving files from there. This is needed if you plan on running the configurator with systemd.
 #### ENFORCE_BASEPATH (bool)
diff --git a/configurator.py b/configurator.py
index 9b6e14d..38bdfee 100755
--- a/configurator.py
+++ b/configurator.py
@@ -27,7 +27,7 @@
 
 ### Some options for you to change
 LISTENIP = "0.0.0.0"
-LISTENPORT = 3218
+PORT = 3218
 # Set BASEPATH to something like "/home/hass/.homeassistant/" if you're not
 # running the configurator from that path
 BASEPATH = None
@@ -3420,7 +3420,7 @@ def signal_handler(sig, frame):
     sys.exit(0)
 
 def load_settings(settingsfile):
-    global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
+    global LISTENIP, PORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
     ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD, SESAME_TOTP_SECRET, TOTP, \
@@ -3458,7 +3458,10 @@ def load_settings(settingsfile):
         except ImportError:
             LOG.warning("Unable to import Git module")
     LISTENIP = settings.get("LISTENIP", LISTENIP)
-    LISTENPORT = settings.get("LISTENPORT", LISTENPORT)
+    LISTENPORT = settings.get("LISTENPORT", None)
+    PORT = settings.get("PORT", PORT)
+    if LISTENPORT is not None:
+        PORT = LISTENPORT
     BASEPATH = settings.get("BASEPATH", BASEPATH)
     ENFORCE_BASEPATH = settings.get("ENFORCE_BASEPATH", ENFORCE_BASEPATH)
     SSL_CERTIFICATE = settings.get("SSL_CERTIFICATE", SSL_CERTIFICATE)
@@ -3972,7 +3975,7 @@ def do_GET(self):
                                               versionclass=color,
                                               separator="\%s" % os.sep if os.sep == "\\" else os.sep,
                                               listening_address="%s://%s:%i" % (
-                                                  'https' if SSL_CERTIFICATE else 'http', LISTENIP, LISTENPORT),
+                                                  'https' if SSL_CERTIFICATE else 'http', LISTENIP, PORT),
                                               hass_api_address="%s" % (HASS_API, ),
                                               hass_ws_address=ws_api,
                                               api_password=HASS_API_PASSWORD if HASS_API_PASSWORD else "")
@@ -4737,7 +4740,7 @@ def main(args):
     CustomServer = SimpleServer
     if ':' in LISTENIP:
         CustomServer.address_family = socket.AF_INET6
-    server_address = (LISTENIP, LISTENPORT)
+    server_address = (LISTENIP, PORT)
     if USERNAME and PASSWORD:
         Handler = AuthHandler
     else:
@@ -4750,7 +4753,7 @@ def main(args):
                                        server_side=True)
     LOG.info('Listening on: %s://%s:%i' % ('https' if SSL_CERTIFICATE else 'http',
                                            LISTENIP,
-                                           LISTENPORT))
+                                           PORT))
     if BASEPATH:
         os.chdir(BASEPATH)
     HTTPD.serve_forever()
diff --git a/settings.conf b/settings.conf
index 77ae050..59492e3 100644
--- a/settings.conf
+++ b/settings.conf
@@ -1,6 +1,6 @@
 {
     "LISTENIP": "0.0.0.0",
-    "LISTENPORT": 3218,
+    "PORT": 3218,
     "GIT": false,
     "BASEPATH": null,
     "ENFORCE_BASEPATH": false,

From 119df2e05f863ec813a3f66573fdad4ca28ffd32 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 22:07:52 +0200
Subject: [PATCH 24/33] Hiding git menu when git is disabled

---
 configurator.py | 5 +++--
 dev.html        | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/configurator.py b/configurator.py
index 38bdfee..fca608b 100755
--- a/configurator.py
+++ b/configurator.py
@@ -1745,13 +1745,13 @@
               <a class="col s3 waves-effect fbtoolbarbutton tooltipped modal-trigger" href="#modal_newfile" data-position="bottom" data-delay="500" data-tooltip="New File"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">note_add</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton tooltipped modal-trigger" href="#modal_newfolder" data-position="bottom" data-delay="500" data-tooltip="New Folder"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">create_new_folder</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton tooltipped modal-trigger" href="#modal_upload" data-position="bottom" data-delay="500" data-tooltip="Upload File"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">file_upload</i></a>
-              <a class="col s3 waves-effect fbtoolbarbutton tooltipped dropdown-button" data-activates="dropdown_gitmenu" data-alignment='right' data-beloworigin='true' data-delay='500' data-position="bottom" data-tooltip="Git"><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
+              <a class="col s3 waves-effect fbtoolbarbutton tooltipped dropdown-button $githidden" data-activates="dropdown_gitmenu" data-alignment='right' data-beloworigin='true' data-delay='500' data-position="bottom" data-tooltip="Git"><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
             </ul>
             <ul class="row center toolbar_mobile hide-on-med-and-up grey lighten-4" style="margin-bottom: 0;">
               <a class="col s3 waves-effect fbtoolbarbutton modal-trigger" href="#modal_newfile"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">note_add</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton modal-trigger" href="#modal_newfolder"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">create_new_folder</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton modal-trigger" href="#modal_upload"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">file_upload</i></a>
-              <a class="col s3 waves-effect fbtoolbarbutton dropdown-button" data-activates="dropdown_gitmenu_mobile" data-alignment='right' data-beloworigin='true'><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
+              <a class="col s3 waves-effect fbtoolbarbutton dropdown-button $githidden" data-activates="dropdown_gitmenu_mobile" data-alignment='right' data-beloworigin='true'><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
             </ul>
           </li>
           <li>
@@ -3973,6 +3973,7 @@ def do_GET(self):
                                               loadfile=loadfile,
                                               current=VERSION,
                                               versionclass=color,
+                                              githidden="" if GIT else "hiddendiv",
                                               separator="\%s" % os.sep if os.sep == "\\" else os.sep,
                                               listening_address="%s://%s:%i" % (
                                                   'https' if SSL_CERTIFICATE else 'http', LISTENIP, PORT),
diff --git a/dev.html b/dev.html
index 9750612..c207836 100644
--- a/dev.html
+++ b/dev.html
@@ -1644,13 +1644,13 @@ <h4 class="grey-text text-darken-3"><a class="black-text" href="https://github.c
               <a class="col s3 waves-effect fbtoolbarbutton tooltipped modal-trigger" href="#modal_newfile" data-position="bottom" data-delay="500" data-tooltip="New File"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">note_add</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton tooltipped modal-trigger" href="#modal_newfolder" data-position="bottom" data-delay="500" data-tooltip="New Folder"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">create_new_folder</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton tooltipped modal-trigger" href="#modal_upload" data-position="bottom" data-delay="500" data-tooltip="Upload File"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">file_upload</i></a>
-              <a class="col s3 waves-effect fbtoolbarbutton tooltipped dropdown-button" data-activates="dropdown_gitmenu" data-alignment='right' data-beloworigin='true' data-delay='500' data-position="bottom" data-tooltip="Git"><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
+              <a class="col s3 waves-effect fbtoolbarbutton tooltipped dropdown-button $githidden" data-activates="dropdown_gitmenu" data-alignment='right' data-beloworigin='true' data-delay='500' data-position="bottom" data-tooltip="Git"><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
             </ul>
             <ul class="row center toolbar_mobile hide-on-med-and-up grey lighten-4" style="margin-bottom: 0;">
               <a class="col s3 waves-effect fbtoolbarbutton modal-trigger" href="#modal_newfile"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">note_add</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton modal-trigger" href="#modal_newfolder"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">create_new_folder</i></a>
               <a class="col s3 waves-effect fbtoolbarbutton modal-trigger" href="#modal_upload"><i class="grey-text text-darken-2 material-icons fbtoolbarbutton_icon">file_upload</i></a>
-              <a class="col s3 waves-effect fbtoolbarbutton dropdown-button" data-activates="dropdown_gitmenu_mobile" data-alignment='right' data-beloworigin='true'><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
+              <a class="col s3 waves-effect fbtoolbarbutton dropdown-button $githidden" data-activates="dropdown_gitmenu_mobile" data-alignment='right' data-beloworigin='true'><i class="mdi mdi-git grey-text text-darken-2 material-icons" style="padding-top: 17px;"></i></a>
             </ul>
           </li>
           <li>

From f6dca0d717afb45b4ee7ca35b445553d0a52d97e Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 22:09:25 +0200
Subject: [PATCH 25/33] Updated changelog

---
 changelog.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changelog.txt b/changelog.txt
index 94ffab1..4420b71 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -8,6 +8,9 @@ Version 0.3.0 (2018-)
 - Added SESAME_TOTP_SECRET for TOTP based IP whitelisting (Issue #100) @danielperna84
 - Added git diff functionality (Issue #16) @danielperna84
 - Red colored menu button as indicator for outdated version @danielperna84
+- GIT setting can now be set with settings file or environment variable @danielperna84
+- LISTENPORT has been renamed to PORT (LISTENPORT still works though)
+- Hiding git menu when git is disabled @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84

From 63d07b9fdb7651a2bc14876fef0dc1876a3ef34b Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 22:21:03 +0200
Subject: [PATCH 26/33] Removed dragging for editor settings

---
 changelog.txt   | 1 +
 configurator.py | 4 ++--
 dev.html        | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/changelog.txt b/changelog.txt
index 4420b71..5e25160 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -11,6 +11,7 @@ Version 0.3.0 (2018-)
 - GIT setting can now be set with settings file or environment variable @danielperna84
 - LISTENPORT has been renamed to PORT (LISTENPORT still works though)
 - Hiding git menu when git is disabled @danielperna84
+- Removed right dragging area for editor settings (Issue #102) @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index fca608b..6d9f985 100755
--- a/configurator.py
+++ b/configurator.py
@@ -2283,12 +2283,12 @@
             closeOnClick: false,
             draggable: true
         });
-        $('.ace_settings-collapse').sideNav({
+        /*$('.ace_settings-collapse').sideNav({
             menuWidth: 300,
             edge: 'right',
             closeOnClick: true,
             draggable: true
-        });
+        });*/
         // This fixes the dead spaces when trying to close the file browser
         $(document).on('click', '.drag-target', function(){$('.button-collapse').sideNav('hide');})
         listdir('.');
diff --git a/dev.html b/dev.html
index c207836..b6bdaf3 100644
--- a/dev.html
+++ b/dev.html
@@ -2182,12 +2182,12 @@ <h4 class="grey-text text-darken-3"><a class="black-text" href="https://github.c
             closeOnClick: false,
             draggable: true
         });
-        $('.ace_settings-collapse').sideNav({
+        /*$('.ace_settings-collapse').sideNav({
             menuWidth: 300,
             edge: 'right',
             closeOnClick: true,
             draggable: true
-        });
+        });*/
         // This fixes the dead spaces when trying to close the file browser
         $(document).on('click', '.drag-target', function(){$('.button-collapse').sideNav('hide');})
         listdir('.');

From 4a6c13e1a1aa8bd4ae1482439dd85c1e135994af Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 22:34:58 +0200
Subject: [PATCH 27/33] Fix editor settings

---
 configurator.py | 6 +++---
 dev.html        | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/configurator.py b/configurator.py
index 6d9f985..d01b736 100755
--- a/configurator.py
+++ b/configurator.py
@@ -2283,12 +2283,12 @@
             closeOnClick: false,
             draggable: true
         });
-        /*$('.ace_settings-collapse').sideNav({
+        $('.ace_settings-collapse').sideNav({
             menuWidth: 300,
             edge: 'right',
             closeOnClick: true,
-            draggable: true
-        });*/
+            draggable: false
+        });
         // This fixes the dead spaces when trying to close the file browser
         $(document).on('click', '.drag-target', function(){$('.button-collapse').sideNav('hide');})
         listdir('.');
diff --git a/dev.html b/dev.html
index b6bdaf3..29a4eb5 100644
--- a/dev.html
+++ b/dev.html
@@ -2182,12 +2182,12 @@ <h4 class="grey-text text-darken-3"><a class="black-text" href="https://github.c
             closeOnClick: false,
             draggable: true
         });
-        /*$('.ace_settings-collapse').sideNav({
+        $('.ace_settings-collapse').sideNav({
             menuWidth: 300,
             edge: 'right',
             closeOnClick: true,
-            draggable: true
-        });*/
+            draggable: false
+        });
         // This fixes the dead spaces when trying to close the file browser
         $(document).on('click', '.drag-target', function(){$('.button-collapse').sideNav('hide');})
         listdir('.');

From 63d8c591d03df4a8b72bf9bd1fad397081f877bf Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 22:36:51 +0200
Subject: [PATCH 28/33] Version indicator for mobile view

---
 configurator.py | 2 +-
 dev.html        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configurator.py b/configurator.py
index d01b736..91ad644 100755
--- a/configurator.py
+++ b/configurator.py
@@ -658,7 +658,7 @@
                     <li><a class="waves-effect waves-light hide-on-med-and-up markdirty hidesave" onclick="save_check()"><i class="material-icons">save</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up modal-trigger" href="#modal_close"><i class="material-icons">close</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up" onclick="editor.execCommand('replace')"><i class="material-icons">search</i></a></li>
-                    <li><a class="waves-effect waves-light dropdown-button hide-on-med-and-up" data-activates="dropdown_menu_mobile" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
+                    <li><a class="waves-effect waves-light dropdown-button hide-on-med-and-up $versionclass" data-activates="dropdown_menu_mobile" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
                 </ul>
             </div>
         </nav>
diff --git a/dev.html b/dev.html
index 29a4eb5..b4a0605 100644
--- a/dev.html
+++ b/dev.html
@@ -557,7 +557,7 @@
                     <li><a class="waves-effect waves-light hide-on-med-and-up markdirty hidesave" onclick="save_check()"><i class="material-icons">save</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up modal-trigger" href="#modal_close"><i class="material-icons">close</i></a></li>
                     <li><a class="waves-effect waves-light hide-on-med-and-up" onclick="editor.execCommand('replace')"><i class="material-icons">search</i></a></li>
-                    <li><a class="waves-effect waves-light dropdown-button hide-on-med-and-up" data-activates="dropdown_menu_mobile" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
+                    <li><a class="waves-effect waves-light dropdown-button hide-on-med-and-up $versionclass" data-activates="dropdown_menu_mobile" data-beloworigin="true"><i class="material-icons right">more_vert</i></a></li>
                 </ul>
             </div>
         </nav>

From 0435f399f1d1895b9cbcbb3d05c18f95b4df83d5 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 23:24:51 +0200
Subject: [PATCH 29/33] Lint

---
 configurator.py | 149 ++++++++++++++++++++++++++++--------------------
 pylintrc        |  16 +-----
 2 files changed, 90 insertions(+), 75 deletions(-)

diff --git a/configurator.py b/configurator.py
index 91ad644..052f211 100755
--- a/configurator.py
+++ b/configurator.py
@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 # -*- coding: utf-8 -*-
+# pylint: disable=too-many-lines
 """
 Configurator for Home Assistant.
 https://github.com/danielperna84/hass-configurator
@@ -82,6 +83,7 @@
 NOTIFY_SERVICE = NOTIFY_SERVICE_DEFAULT
 ### End of options
 
+
 LOGLEVEL = logging.INFO
 LOG = logging.getLogger(__name__)
 LOG.setLevel(LOGLEVEL)
@@ -94,6 +96,7 @@
 VERSION = "0.3.0"
 BASEDIR = "."
 DEV = False
+LISTENPORT = None
 TOTP = None
 HTTPD = None
 FAIL2BAN_IPS = {}
@@ -3413,6 +3416,7 @@
 </body>
 </html>""")
 
+# pylint: disable=unused-argument
 def signal_handler(sig, frame):
     global HTTPD
     LOG.info("Got signal: %s. Shutting down server", str(sig))
@@ -3420,11 +3424,11 @@ def signal_handler(sig, frame):
     sys.exit(0)
 
 def load_settings(settingsfile):
-    global LISTENIP, PORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
+    global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
     ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD, SESAME_TOTP_SECRET, TOTP, \
-    GIT, REPO
+    GIT, REPO, PORT
     settings = {}
     if settingsfile:
         try:
@@ -3513,11 +3517,17 @@ def get_dircontent(path, repo=None):
         unstaged = {}
         try:
             for element in repo.index.diff("HEAD"):
-                staged["%s%s%s" % (repo.working_dir, os.sep, "%s"%os.sep.join(element.b_path.split('/')))] = element.change_type
+                staged["%s%s%s" % (repo.working_dir,
+                                   os.sep,
+                                   "%s"%os.sep.join(
+                                       element.b_path.split('/')))] = element.change_type
         except Exception as err:
             LOG.warning("Exception: %s", str(err))
         for element in repo.index.diff(None):
-            unstaged["%s%s%s" % (repo.working_dir, os.sep, "%s"%os.sep.join(element.b_path.split('/')))] = element.change_type
+            unstaged["%s%s%s" % (repo.working_dir,
+                                 os.sep,
+                                 "%s"%os.sep.join(
+                                     element.b_path.split('/')))] = element.change_type
     else:
         untracked = []
         staged = {}
@@ -3527,9 +3537,9 @@ def sorted_file_list():
         dirlist = [x for x in os.listdir(path) if os.path.isdir(os.path.join(path, x))]
         filelist = [x for x in os.listdir(path) if not os.path.isdir(os.path.join(path, x))]
         if DIRSFIRST:
-            return sorted(dirlist, key=lambda x: x.lower()) + sorted(filelist, key=lambda x: x.lower())
-        else:
-            return sorted(dirlist + filelist, key=lambda x: x.lower())
+            return sorted(dirlist, key=lambda x: x.lower()) + \
+                sorted(filelist, key=lambda x: x.lower())
+        return sorted(dirlist + filelist, key=lambda x: x.lower())
 
     for elem in sorted_file_list():
         edata = {}
@@ -3596,7 +3606,8 @@ def password_problems(password, name="UNKNOWN"):
     exp = len(password) ** len(set(password))
     score = exp / quota / 8
     if score < 65536:
-        LOG.warning("Password %s does not contain enough unique characters (%i)" % (name, len(set(password))))
+        LOG.warning("Password %s does not contain enough unique characters (%i)" % (
+            name, len(set(password))))
         problems += 8
     return problems
 
@@ -3622,15 +3633,18 @@ def verify_hostname(request_hostname):
     return True
 
 class RequestHandler(BaseHTTPRequestHandler):
+    # pylint: disable=redefined-builtin
     def log_message(self, format, *args):
         LOG.info("%s - %s" % (self.client_address[0], format % args))
         return
 
+    # pylint: disable=invalid-name
     def do_BLOCK(self, status=420, reason="Policy not fulfilled"):
         self.send_response(status)
         self.end_headers()
         self.wfile.write(bytes(reason, "utf8"))
 
+    # pylint: disable=invalid-name
     def do_GET(self):
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
@@ -3691,7 +3705,9 @@ def do_GET(self):
                     if os.path.isfile(os.path.join(BASEDIR.encode('utf-8'), filename)):
                         with open(os.path.join(BASEDIR.encode('utf-8'), filename), 'rb') as fptr:
                             filecontent = fptr.read()
-                        self.send_header('Content-Disposition', 'attachment; filename=%s' % filename.decode('utf-8').split(os.sep)[-1])
+                        self.send_header(
+                            'Content-Disposition',
+                            'attachment; filename=%s' % filename.decode('utf-8').split(os.sep)[-1])
                         self.end_headers()
                         self.wfile.write(filecontent)
                         return
@@ -3731,14 +3747,15 @@ def do_GET(self):
                             except Exception as err:
                                 LOG.debug("Exception (no repo): %s" % str(err))
                         dircontent = get_dircontent(dirpath.decode('utf-8'), repo)
-                        filedata = {'content': dircontent,
-                                    'abspath': os.path.abspath(dirpath).decode('utf-8'),
-                                    'parent': os.path.dirname(os.path.abspath(dirpath)).decode('utf-8'),
-                                    'branches': branches,
-                                    'activebranch': activebranch,
-                                    'dirty': dirty,
-                                    'error': None
-                                   }
+                        filedata = {
+                            'content': dircontent,
+                            'abspath': os.path.abspath(dirpath).decode('utf-8'),
+                            'parent': os.path.dirname(os.path.abspath(dirpath)).decode('utf-8'),
+                            'branches': branches,
+                            'activebranch': activebranch,
+                            'dirty': dirty,
+                            'error': None
+                        }
                         self.wfile.write(bytes(json.dumps(filedata), "utf8"))
             except Exception as err:
                 LOG.warning(err)
@@ -3967,19 +3984,21 @@ def do_GET(self):
                 ws_api = "%s://%swebsocket" % (
                     "wss" if protocol == 'https' else 'ws', uri
                 )
-            html = get_html().safe_substitute(services=services,
-                                              events=events,
-                                              states=states,
-                                              loadfile=loadfile,
-                                              current=VERSION,
-                                              versionclass=color,
-                                              githidden="" if GIT else "hiddendiv",
-                                              separator="\%s" % os.sep if os.sep == "\\" else os.sep,
-                                              listening_address="%s://%s:%i" % (
-                                                  'https' if SSL_CERTIFICATE else 'http', LISTENIP, PORT),
-                                              hass_api_address="%s" % (HASS_API, ),
-                                              hass_ws_address=ws_api,
-                                              api_password=HASS_API_PASSWORD if HASS_API_PASSWORD else "")
+            html = get_html().safe_substitute(
+                services=services,
+                events=events,
+                states=states,
+                loadfile=loadfile,
+                current=VERSION,
+                versionclass=color,
+                githidden="" if GIT else "hiddendiv",
+                # pylint: disable=anomalous-backslash-in-string
+                separator="\%s" % os.sep if os.sep == "\\" else os.sep,
+                listening_address="%s://%s:%i" % (
+                    'https' if SSL_CERTIFICATE else 'http', LISTENIP, PORT),
+                hass_api_address="%s" % (HASS_API, ),
+                hass_ws_address=ws_api,
+                api_password=HASS_API_PASSWORD if HASS_API_PASSWORD else "")
             self.wfile.write(bytes(html, "utf8"))
             return
         else:
@@ -3987,6 +4006,7 @@ def do_GET(self):
             self.end_headers()
             self.wfile.write(bytes("File not found", "utf8"))
 
+    # pylint: disable=invalid-name
     def do_POST(self):
         global ALLOWED_NETWORKS, BANNED_IPS
         if not verify_hostname(self.headers.get('Host', '')):
@@ -4042,24 +4062,24 @@ def do_POST(self):
                 response['message'] = "File too big: %i" % read
                 self.wfile.write(bytes(json.dumps(response), "utf8"))
                 return
-            else:
-                form = cgi.FieldStorage(
-                    fp=self.rfile,
-                    headers=self.headers,
-                    environ={'REQUEST_METHOD': 'POST',
-                             'CONTENT_TYPE': self.headers['Content-Type'],
-                            })
-                filename = form['file'].filename
-                filepath = form['path'].file.read()
-                data = form['file'].file.read()
-                open("%s%s%s" % (filepath, os.sep, filename), "wb").write(data)
-                self.send_response(200)
-                self.send_header('Content-type', 'text/json')
-                self.end_headers()
-                response['error'] = False
-                response['message'] = "Upload successful"
-                self.wfile.write(bytes(json.dumps(response), "utf8"))
-                return
+            form = cgi.FieldStorage(
+                fp=self.rfile,
+                headers=self.headers,
+                environ={
+                    'REQUEST_METHOD': 'POST',
+                    'CONTENT_TYPE': self.headers['Content-Type'],
+                })
+            filename = form['file'].filename
+            filepath = form['path'].file.read()
+            data = form['file'].file.read()
+            open("%s%s%s" % (filepath, os.sep, filename), "wb").write(data)
+            self.send_response(200)
+            self.send_header('Content-type', 'text/json')
+            self.end_headers()
+            response['error'] = False
+            response['message'] = "Upload successful"
+            self.wfile.write(bytes(json.dumps(response), "utf8"))
+            return
         elif req.path.endswith('/api/delete'):
             try:
                 postvars = parse_qs(self.rfile.read(length).decode('utf-8'),
@@ -4160,7 +4180,8 @@ def do_POST(self):
                         # pylint: disable=not-callable
                         repo = REPO(addpath,
                                     search_parent_directories=True)
-                        filepath = "/".join(addpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
+                        filepath = "/".join(
+                            addpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
                         response['path'] = filepath
                         try:
                             repo.index.add([filepath])
@@ -4196,10 +4217,13 @@ def do_POST(self):
                         # pylint: disable=not-callable
                         repo = REPO(diffpath,
                                     search_parent_directories=True)
-                        filepath = "/".join(diffpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
+                        filepath = "/".join(
+                            diffpath.split(os.sep)[len(repo.working_dir.split(os.sep)):])
                         response['path'] = filepath
                         try:
-                            diff = repo.index.diff(None, create_patch=True, paths=filepath)[0].diff.decode("utf-8")
+                            diff = repo.index.diff(None,
+                                                   create_patch=True,
+                                                   paths=filepath)[0].diff.decode("utf-8")
                             response['error'] = False
                             response['message'] = diff
                             self.send_response(200)
@@ -4546,21 +4570,21 @@ def do_POST(self):
             if 'ip' in postvars.keys() and 'method' in postvars.keys():
                 if postvars['ip'] and postvars['method']:
                     try:
-                        ip = unquote(postvars['ip'][0])
+                        ip_address = unquote(postvars['ip'][0])
                         method = unquote(postvars['method'][0])
                         if method == 'unban':
-                            if ip in BANNED_IPS:
-                                BANNED_IPS.remove(ip)
+                            if ip_address in BANNED_IPS:
+                                BANNED_IPS.remove(ip_address)
                             response['error'] = False
                         elif method == 'ban':
-                            ipaddress.ip_network(ip)
-                            BANNED_IPS.append(ip)
+                            ipaddress.ip_network(ip_address)
+                            BANNED_IPS.append(ip_address)
                         else:
                             response['error'] = True
                         self.send_response(200)
                         self.send_header('Content-type', 'text/json')
                         self.end_headers()
-                        response['message'] = "BANNED_IPS (%s): %s" % (method, ip)
+                        response['message'] = "BANNED_IPS (%s): %s" % (method, ip_address)
                         self.wfile.write(bytes(json.dumps(response), "utf8"))
                         return
                     except Exception as err:
@@ -4583,6 +4607,7 @@ def do_BLOCK(self, status=420, reason="Policy not fulfilled"):
         self.end_headers()
         self.wfile.write(bytes(reason, "utf8"))
 
+    # pylint: disable=invalid-name
     def do_AUTHHEAD(self):
         LOG.info("Requesting authorization")
         self.send_response(401)
@@ -4738,15 +4763,15 @@ def main(args):
     except Exception as err:
         LOG.warning("Exception while checking passwords: %s" % err)
 
-    CustomServer = SimpleServer
+    custom_server = SimpleServer
     if ':' in LISTENIP:
-        CustomServer.address_family = socket.AF_INET6
+        custom_server.address_family = socket.AF_INET6
     server_address = (LISTENIP, PORT)
     if USERNAME and PASSWORD:
-        Handler = AuthHandler
+        handler = AuthHandler
     else:
-        Handler = RequestHandler
-    HTTPD = CustomServer(server_address, Handler)
+        handler = RequestHandler
+    HTTPD = custom_server(server_address, handler)
     if SSL_CERTIFICATE:
         HTTPD.socket = ssl.wrap_socket(HTTPD.socket,
                                        certfile=SSL_CERTIFICATE,
diff --git a/pylintrc b/pylintrc
index 5c85bc9..c4f64f2 100644
--- a/pylintrc
+++ b/pylintrc
@@ -2,22 +2,12 @@
 reports=no
 
 disable=
-  too-many-lines,
   missing-docstring,
   global-statement,
-  global-variable-not-assigned,
+  logging-not-lazy,
+  broad-except,
   too-many-return-statements,
   too-many-nested-blocks,
   too-many-statements,
   too-many-branches,
-  too-many-locals,
-  unused-argument,
-  logging-not-lazy,
-  invalid-name,
-  broad-except,
-  line-too-long,
-  unnecessary-pass,
-  anomalous-backslash-in-string,
-  redefined-variable-type,
-  redefined-builtin,
-  no-else-return,
\ No newline at end of file
+  too-many-locals,
\ No newline at end of file

From f0afbad7a82d79d039c24001fefbb15c9d0cf132 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Thu, 12 Jul 2018 23:37:38 +0200
Subject: [PATCH 30/33] Added docstrings

---
 configurator.py | 19 ++++++++++++++++++-
 pylintrc        |  1 -
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/configurator.py b/configurator.py
index 052f211..383a8b8 100755
--- a/configurator.py
+++ b/configurator.py
@@ -83,7 +83,6 @@
 NOTIFY_SERVICE = NOTIFY_SERVICE_DEFAULT
 ### End of options
 
-
 LOGLEVEL = logging.INFO
 LOG = logging.getLogger(__name__)
 LOG.setLevel(LOGLEVEL)
@@ -3418,12 +3417,14 @@
 
 # pylint: disable=unused-argument
 def signal_handler(sig, frame):
+    """Handle signal to shut down server."""
     global HTTPD
     LOG.info("Got signal: %s. Shutting down server", str(sig))
     HTTPD.server_close()
     sys.exit(0)
 
 def load_settings(settingsfile):
+    """Load settings from file and environment."""
     global LISTENIP, LISTENPORT, BASEPATH, SSL_CERTIFICATE, SSL_KEY, HASS_API, \
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
@@ -3500,6 +3501,7 @@ def load_settings(settingsfile):
             LOG.warning("Unable to create TOTP object: %s" % err)
 
 def is_safe_path(basedir, path, follow_symlinks=True):
+    """Check path for malicious traversal."""
     if basedir is None:
         return True
     if follow_symlinks:
@@ -3507,6 +3509,7 @@ def is_safe_path(basedir, path, follow_symlinks=True):
     return os.path.abspath(path).startswith(basedir.encode('utf-8'))
 
 def get_dircontent(path, repo=None):
+    """Get content of directory."""
     dircontent = []
     if repo:
         untracked = [
@@ -3534,6 +3537,7 @@ def get_dircontent(path, repo=None):
         unstaged = {}
 
     def sorted_file_list():
+        """Sort list of files / directories."""
         dirlist = [x for x in os.listdir(path) if os.path.isdir(os.path.join(path, x))]
         filelist = [x for x in os.listdir(path) if not os.path.isdir(os.path.join(path, x))]
         if DIRSFIRST:
@@ -3578,6 +3582,7 @@ def sorted_file_list():
     return dircontent
 
 def get_html():
+    """Load the HTML from file in dev-mode, otherwise embedded."""
     if DEV:
         try:
             with open("dev.html") as fptr:
@@ -3589,6 +3594,7 @@ def get_html():
     return INDEX
 
 def password_problems(password, name="UNKNOWN"):
+    """Rudimentary checks for password strength."""
     problems = 0
     password = str(password)
     if password is None:
@@ -3612,6 +3618,7 @@ def password_problems(password, name="UNKNOWN"):
     return problems
 
 def check_access(clientip):
+    """Check if IP is allowed to access the configurator / API."""
     global BANNED_IPS
     if clientip in BANNED_IPS:
         LOG.warning("Client IP banned.")
@@ -3627,12 +3634,14 @@ def check_access(clientip):
     return False
 
 def verify_hostname(request_hostname):
+    """Verify the provided host header is correct."""
     if VERIFY_HOSTNAME:
         if VERIFY_HOSTNAME not in request_hostname:
             return False
     return True
 
 class RequestHandler(BaseHTTPRequestHandler):
+    """Request handler."""
     # pylint: disable=redefined-builtin
     def log_message(self, format, *args):
         LOG.info("%s - %s" % (self.client_address[0], format % args))
@@ -3640,12 +3649,14 @@ def log_message(self, format, *args):
 
     # pylint: disable=invalid-name
     def do_BLOCK(self, status=420, reason="Policy not fulfilled"):
+        """Customized do_BLOCK method."""
         self.send_response(status)
         self.end_headers()
         self.wfile.write(bytes(reason, "utf8"))
 
     # pylint: disable=invalid-name
     def do_GET(self):
+        """Customized do_GET method."""
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
             return
@@ -4008,6 +4019,7 @@ def do_GET(self):
 
     # pylint: disable=invalid-name
     def do_POST(self):
+        """Customized do_POST method."""
         global ALLOWED_NETWORKS, BANNED_IPS
         if not verify_hostname(self.headers.get('Host', '')):
             self.do_BLOCK(403, "Forbidden")
@@ -4602,6 +4614,7 @@ def do_POST(self):
         return
 
 class AuthHandler(RequestHandler):
+    """Handler to verify auth header."""
     def do_BLOCK(self, status=420, reason="Policy not fulfilled"):
         self.send_response(status)
         self.end_headers()
@@ -4609,6 +4622,7 @@ def do_BLOCK(self, status=420, reason="Policy not fulfilled"):
 
     # pylint: disable=invalid-name
     def do_AUTHHEAD(self):
+        """Request authorization."""
         LOG.info("Requesting authorization")
         self.send_response(401)
         self.send_header('WWW-Authenticate', 'Basic realm=\"HASS-Configurator\"')
@@ -4682,6 +4696,7 @@ def do_POST(self):
             self.wfile.write(bytes('Authentication required', 'utf-8'))
 
 class SimpleServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
+    """Server class."""
     daemon_threads = True
     allow_reuse_address = True
 
@@ -4691,6 +4706,7 @@ def __init__(self, server_address, RequestHandlerClass):
 def notify(title="HASS Configurator",
            message="Notification by HASS Configurator",
            notification_id=None):
+    """Helper function to send notifications via HASS."""
     if not HASS_API or not NOTIFY_SERVICE:
         return
     headers = {
@@ -4717,6 +4733,7 @@ def notify(title="HASS Configurator",
         LOG.warning("Exception while creating notification: %s" % err)
 
 def main(args):
+    """Main function, duh!"""
     global HTTPD
     if args:
         load_settings(args[0])
diff --git a/pylintrc b/pylintrc
index c4f64f2..f2e7c88 100644
--- a/pylintrc
+++ b/pylintrc
@@ -2,7 +2,6 @@
 reports=no
 
 disable=
-  missing-docstring,
   global-statement,
   logging-not-lazy,
   broad-except,

From c40ad42fc9bf090afc462d7e54d2367e042c569b Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 13 Jul 2018 00:45:58 +0200
Subject: [PATCH 31/33] Added IGNORE_SSL option

---
 README.md       | 2 ++
 changelog.txt   | 1 +
 configurator.py | 9 +++++++--
 settings.conf   | 1 +
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index acbec62..30934ff 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,8 @@ If you're using SSL, set the paths to your SSL files here. This is similar to th
 The configurator fetches some data from your running HASS instance. If the API isn't available through the default URL, modify this variable to fix this.
 #### HASS_API_PASSWORD (string)
 If you plan on using the restart button, you have to set your API password. Calling the restart service of HASS is prohibited without authentication.
+#### IGNORE_SSL (bool)
+Set IGNORE_SSL to `True` to disable SSL verification when connecting to the Home Assistant API (while fetching entities etc., not in your browser). This is useful if Home Assistant is configured with SSL, but the configurator accesses it via IP, in which case SSL verification will fail.
 #### USERNAME (string)
 If you want to enable [HTTP basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) you can set the desired username here. The `:` character is not allowed.
 #### PASSWORD (string)
diff --git a/changelog.txt b/changelog.txt
index 5e25160..4944c45 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -12,6 +12,7 @@ Version 0.3.0 (2018-)
 - LISTENPORT has been renamed to PORT (LISTENPORT still works though)
 - Hiding git menu when git is disabled @danielperna84
 - Removed right dragging area for editor settings (Issue #102) @danielperna84
+- Added IGNORE_SSL option to disables SSL verification when connecting to HASS API @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84
diff --git a/configurator.py b/configurator.py
index 383a8b8..4727d3e 100755
--- a/configurator.py
+++ b/configurator.py
@@ -25,7 +25,6 @@
 import urllib.request
 from urllib.parse import urlparse, parse_qs, unquote
 
-
 ### Some options for you to change
 LISTENIP = "0.0.0.0"
 PORT = 3218
@@ -78,6 +77,8 @@
 VERIFY_HOSTNAME = None
 # Prefix for environment variables
 ENV_PREFIX = "HC_"
+# Ignore SSL errors when connecting to the HASS API
+IGNORE_SSL = False
 # Notification service like `notify.mytelegram`. Default is `persistent_notification.create`
 NOTIFY_SERVICE_DEFAULT = "persistent_notification.create"
 NOTIFY_SERVICE = NOTIFY_SERVICE_DEFAULT
@@ -3429,7 +3430,7 @@ def load_settings(settingsfile):
     HASS_API_PASSWORD, CREDENTIALS, ALLOWED_NETWORKS, BANNED_IPS, BANLIMIT, \
     DEV, IGNORE_PATTERN, DIRSFIRST, SESAME, VERIFY_HOSTNAME, ENFORCE_BASEPATH, \
     ENV_PREFIX, NOTIFY_SERVICE, USERNAME, PASSWORD, SESAME_TOTP_SECRET, TOTP, \
-    GIT, REPO, PORT
+    GIT, REPO, PORT, IGNORE_SSL
     settings = {}
     if settingsfile:
         try:
@@ -3484,6 +3485,10 @@ def load_settings(settingsfile):
     SESAME_TOTP_SECRET = settings.get("SESAME_TOTP_SECRET", SESAME_TOTP_SECRET)
     VERIFY_HOSTNAME = settings.get("VERIFY_HOSTNAME", VERIFY_HOSTNAME)
     NOTIFY_SERVICE = settings.get("NOTIFY_SERVICE", NOTIFY_SERVICE_DEFAULT)
+    IGNORE_SSL = settings.get("IGNORE_SSL", IGNORE_SSL)
+    if IGNORE_SSL:
+        # pylint: disable=protected-access
+        ssl._create_default_https_context = ssl._create_unverified_context
     USERNAME = settings.get("USERNAME", USERNAME)
     PASSWORD = settings.get("PASSWORD", PASSWORD)
     if CREDENTIALS and (USERNAME is None or PASSWORD is None):
diff --git a/settings.conf b/settings.conf
index 59492e3..7b295ee 100644
--- a/settings.conf
+++ b/settings.conf
@@ -6,6 +6,7 @@
     "ENFORCE_BASEPATH": false,
     "SSL_CERTIFICATE": null,
     "SSL_KEY": null,
+    "IGNORE_SSL": false,
     "HASS_API": "http://127.0.0.1:8123/api/",
     "HASS_API_PASSWORD": null,
     "USERNAME": null,

From e3b8ae91d15dad9713ca87c3f5d052134f80f1d4 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 13 Jul 2018 00:46:44 +0200
Subject: [PATCH 32/33] Updated systemd template

---
 hass-configurator.systemd | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hass-configurator.systemd b/hass-configurator.systemd
index 5a7c6f6..229fa5f 100644
--- a/hass-configurator.systemd
+++ b/hass-configurator.systemd
@@ -5,8 +5,15 @@ After=network.target
 [Service]
 Type=simple
 User=homeassistant
-#Set the path to your configurator.py location
+# Set configuration options by specifying environment variables
+# Environment=HC_LISTENIP=0.0.0.0
+# Environment=HC_PORT=3218
+# Environment=HC_GIT=false
+# Environment=HC_ALLOWED_NETWORKS=192.168.1.0/24,127.0.0.1
+# ...
+# Set the path to your configurator.py location
 WorkingDirectory=/etc/homeassistant
+# You can also save your static options in a JSON formatted conf-file
 ExecStart=/usr/bin/python3 /etc/homeassistant/configurator.py settings.conf
 Restart=always
 

From 0e46a3b3ec9da5e56fab9f993804aa4f0b6811b4 Mon Sep 17 00:00:00 2001
From: Daniel Perna <danielperna84@gmail.com>
Date: Fri, 13 Jul 2018 00:48:42 +0200
Subject: [PATCH 33/33] Typo

---
 changelog.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog.txt b/changelog.txt
index 4944c45..a21cdc2 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -12,7 +12,7 @@ Version 0.3.0 (2018-)
 - LISTENPORT has been renamed to PORT (LISTENPORT still works though)
 - Hiding git menu when git is disabled @danielperna84
 - Removed right dragging area for editor settings (Issue #102) @danielperna84
-- Added IGNORE_SSL option to disables SSL verification when connecting to HASS API @danielperna84
+- Added IGNORE_SSL option to disable SSL verification when connecting to HASS API @danielperna84
 
 Version 0.2.9 (2018-06-22)
 - Material Icons and HASS-help now open in new tab instead of modal (Issues #85 and #34) @danielperna84