fix: respect hide_pins on child lock parent-view dashboard#600
Open
raman325 wants to merge 2 commits intoFutureTense:mainfrom
Open
fix: respect hide_pins on child lock parent-view dashboard#600raman325 wants to merge 2 commits intoFutureTense:mainfrom
raman325 wants to merge 2 commits intoFutureTense:mainfrom
Conversation
…se#597) The child lock's auto-generated dashboard has a parent-view card (shown when override_parent is off) that displayed the parent's PIN using `type: simple-entity`. That card type renders the raw entity state, bypassing the text entity's `TextMode.PASSWORD` masking — so PINs were visible on the child dashboard even when hide_pins was enabled on both parent and child. When hide_pins is true, replace the simple-entity PIN row with a read-only Jinja2 markdown card that shows "Slot occupied" or "Empty" without revealing the PIN value. When hide_pins is false, keep the existing simple-entity behavior. Also extract `resolve_entity_id()` from the `_map_property_to_entity_id` pipeline so callers can resolve individual property paths to real HA entity IDs without running the full recursive mapping. The markdown card needs the resolved entity ID at generation time for the Jinja2 template. Fixes FutureTense#597. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
raman325
changed the title
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #600 +/- ##
==========================================
+ Coverage 84.14% 90.24% +6.09%
==========================================
Files 10 28 +18
Lines 801 3535 +2734
==========================================
+ Hits 674 3190 +2516
- Misses 127 345 +218
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a security/privacy leak where a child lock’s parent-view dashboard could display the parent lock’s PINs in plaintext despite hide_pins being enabled.
Changes:
- Plumbs
hide_pinsthrough lovelace generation entrypoints (setup/service/websocket) into view/section generation. - Updates child-lock parent-view generation to replace the parent PIN row when
hide_pins=True. - Adds tests covering hide-pins vs non-hide-pins behavior for child lock parent-view.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
custom_components/keymaster/lovelace.py |
Adds hide_pins support, resolves parent PIN entity id, and changes child parent-view PIN rendering. |
custom_components/keymaster/__init__.py |
Passes hide_pins from config entry into lovelace generation at setup time. |
custom_components/keymaster/services.py |
Passes hide_pins into regenerated lovelace output. |
custom_components/keymaster/websocket.py |
Includes hide_pins in websocket-generated section config. |
tests/test_lovelace.py |
Adds tests asserting the PIN row structure changes based on hide_pins. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The markdown card type cannot be used as an entities-row inside an entities card. When hide_pins is active, wrap the parent-view content in a vertical-stack: the entities card (with the PIN row removed) plus a standalone markdown card showing slot occupancy. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
hide_pinswas enabled on both locks.hide_pinsis true, removes thesimple-entityPIN row from the parent-view entities card and adds a read-only Jinja2 markdown card (viavertical-stack) showing "Slot occupied" / "Empty" instead.resolve_entity_id()from the_map_property_to_entity_idpipeline so callers can resolve individual property paths to real HA entity IDs without the full recursive mapping.Why
The child lock's parent-view card (shown when
override_parentis off) usedtype: simple-entityfor all parent entities including the PIN. Thesimple-entitycard type renders the raw entity state, bypassingTextMode.PASSWORDmasking — so PINs were visible on the child dashboard even whenhide_pinswas enabled.The default text entity row can't be used either because it has inline editing that
tap_action: nonedoesn't block. Amarkdowncard is read-only by nature, uses no custom card dependencies, and uses Jinja2 to show occupancy status without revealing the PIN value. Sincemarkdownis a card type (not a valid entities-row type), it's placed alongside the entities card in avertical-stack.Test plan
pytest --no-cov -q— 648 passedtest_generate_view_config_child_lock_hide_pins— verifiesvertical-stackstructure: entities card (no PIN row) + markdown card with "Slot occupied"/"Empty" templatetest_generate_view_config_child_lock_no_hide_pins— verifies entities card keepssimple-entityPIN row, no vertical-stackhide_pinsenabled🤖 Generated with Claude Code