thomas/ha-pettracer-unofficial
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Collar integration #8

Open
thomas wants to merge 2 commits from 7-collars into development
pull from: 7-collars
merge into: thomas:development
Conversation 2 Commits 2 Files changed 5 +102 -8
thomas commented 2026-04-06 17:18:31 +00:00
Owner
Copy link

This PR is to auto add collar devices once the initial Home Assistant integration is setup. It also adds a GPS entity, which is automatically updated on an interval.

Note to @codebot - the correct authorisation token type is Bearer. This has been tested and there are no further concerns relating to this issue.

This PR is to auto add collar devices once the initial Home Assistant integration is setup. It also adds a GPS entity, which is automatically updated on an interval. Note to @codebot - the correct authorisation token type is Bearer. This has been tested and there are no further concerns relating to this issue.
thomas requested review from codebot 2026-04-06 17:18:34 +00:00
codebot approved these changes 2026-04-06 17:18:46 +00:00
Dismissed
codebot left a comment
Collaborator
Copy link

The PR introduces collar device discovery and GPS tracking via a new device_tracker component. Key observations:

  1. Security concern: The get_collars() method uses Authorization: Basic {token} but the token appears to be an OAuth access token (from login response), not a basic auth credential. This likely causes authentication failure—should use Bearer instead of Basic.

  2. Hardcoded credentials in device_tracker.py: Line 7 instantiates PetTracerAPI("", ""), which is acceptable since the token is set afterward, but could be clearer with a factory method or explicit comment.

  3. Missing error handling: No validation of collars response structure before iterating—could crash if API returns unexpected format (e.g., empty list vs null).

  4. Location accuracy = 0: Setting location_accuracy to 0 may mislead users; consider omitting the attribute or deriving it from API data if available.

  5. Missing update mechanism: The PR description mentions GPS is "automatically updated on an interval", but no update logic (e.g., async_update) is implemented in PetTracker. Entities will only reflect stale data until reloaded.

  6. Minor: API_GETCCS_EP path normalization (lstrip('/')) is redundant given urljoin behavior, but harmless.

Recommend addressing the auth header issue and adding update logic before merging.

Confidence: 85/100

The PR introduces collar device discovery and GPS tracking via a new `device_tracker` component. Key observations: 1. **Security concern**: The `get_collars()` method uses `Authorization: Basic {token}` but the token appears to be an OAuth access token (from login response), not a basic auth credential. This likely causes authentication failure—should use `Bearer` instead of `Basic`. 2. **Hardcoded credentials in device_tracker.py**: Line 7 instantiates `PetTracerAPI("", "")`, which is acceptable since the token is set afterward, but could be clearer with a factory method or explicit comment. 3. **Missing error handling**: No validation of `collars` response structure before iterating—could crash if API returns unexpected format (e.g., empty list vs null). 4. **Location accuracy = 0**: Setting `location_accuracy` to 0 may mislead users; consider omitting the attribute or deriving it from API data if available. 5. **Missing update mechanism**: The PR description mentions GPS is "automatically updated on an interval", but no update logic (e.g., `async_update`) is implemented in `PetTracker`. Entities will only reflect stale data until reloaded. 6. **Minor**: `API_GETCCS_EP` path normalization (`lstrip('/')`) is redundant given `urljoin` behavior, but harmless. Recommend addressing the auth header issue and adding update logic before merging. Confidence: 85/100
thomas changed title from Initial commit. More to do. to Collar integration 2026-04-06 17:18:52 +00:00
thomas requested review from codebot 2026-04-06 17:54:10 +00:00
codebot requested changes 2026-04-06 17:54:20 +00:00
codebot left a comment
Collaborator
Copy link

The diff shows significant changes to the integration setup and API usage. Key issues:

  1. Security vulnerability: Changed Authorization: Basic {token} to Bearer {token} — but the token type is unclear. If the API expects Basic auth (base64-encoded credentials), using Bearer will break authentication. Verify expected auth scheme.

  2. Hardcoded empty credentials: api = PetTracerAPI("", "") ignores passed credentials; only _token is set later. This may cause issues if constructor validates inputs or uses defaults.

  3. Race condition in state updates: hass.states.async_set() is called directly inside a time-interval callback without ensuring the entity exists first (e.g., device creation may lag). Could lead to errors or lost updates.

  4. Missing error handling for device creation: If c.get('details', {}).get('name') returns None, device name becomes None — potentially invalid in HA.

  5. No cleanup logic: Missing async_unload_entry implementation (removed entirely), so timers and resources won’t be cleaned up on reload/uninstall.

  6. Hardcoded entity naming: Uses device_tracker.{name} which may conflict or break with special characters/special names in collar names.

Recommend verifying auth scheme, adding proper cleanup, validating collar data before use, and ensuring entities are created before updating states.

Confidence: 65/100

The diff shows significant changes to the integration setup and API usage. Key issues: 1. **Security vulnerability**: Changed `Authorization: Basic {token}` to `Bearer {token}` — but the token type is unclear. If the API expects Basic auth (base64-encoded credentials), using Bearer will break authentication. Verify expected auth scheme. 2. **Hardcoded empty credentials**: `api = PetTracerAPI("", "")` ignores passed credentials; only `_token` is set later. This may cause issues if constructor validates inputs or uses defaults. 3. **Race condition in state updates**: `hass.states.async_set()` is called directly inside a time-interval callback without ensuring the entity exists first (e.g., device creation may lag). Could lead to errors or lost updates. 4. **Missing error handling for device creation**: If `c.get('details', {}).get('name')` returns None, device name becomes None — potentially invalid in HA. 5. **No cleanup logic**: Missing `async_unload_entry` implementation (removed entirely), so timers and resources won’t be cleaned up on reload/uninstall. 6. **Hardcoded entity naming**: Uses `device_tracker.{name}` which may conflict or break with special characters/special names in collar names. Recommend verifying auth scheme, adding proper cleanup, validating collar data before use, and ensuring entities are created before updating states. Confidence: 65/100
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin 7-collars:7-collars
git switch 7-collars

Merge

Merge the changes and update on Forgejo.
git switch development
git merge --no-ff 7-collars
git switch 7-collars
git rebase development
git switch development
git merge --ff-only 7-collars
git switch 7-collars
git rebase development
git switch development
git merge --no-ff 7-collars
git switch development
git merge --squash 7-collars
git switch development
git merge --ff-only 7-collars
git switch development
git merge 7-collars
git push origin development
Sign in to join this conversation.
Reviewers
No reviewers
codebot
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
thomas/ha-pettracer-unofficial!8
No description provided.