[ota.esphome] Handle blank password the same as no password defined (#11271)

2025-10-25 21:23:53 +01:00 · 2025-10-16 13:07:37 +13:00
parent b190f37ae7
commit 3054c2bc29
5 changed files with 22 additions and 18 deletions
--- a/esphome/main.py
+++ b/esphome/main.py
@@ -606,7 +606,7 @@ def upload_program(
    from esphome import espota2

    remote_port = int(ota_conf[CONF_PORT])
-    password = ota_conf.get(CONF_PASSWORD, "")
+    password = ota_conf.get(CONF_PASSWORD)
    if getattr(args, "file", None) is not None:
        binary = Path(args.file)
    else:
--- a/esphome/components/esphome/ota/init.py
+++ b/esphome/components/esphome/ota/init.py
@@ -19,6 +19,7 @@ from esphome.const import (
 from esphome.core import CORE, coroutine_with_priority
 from esphome.coroutine import CoroPriority
 import esphome.final_validate as fv
+from esphome.types import ConfigType

 _LOGGER = logging.getLogger(__name__)

@@ -136,11 +137,12 @@ FINAL_VALIDATE_SCHEMA = ota_esphome_final_validate


@coroutine_with_priority(CoroPriority.OTA_UPDATES)
-async def to_code(config):
+async def to_code(config: ConfigType) -> None:
    var = cg.new_Pvariable(config[CONF_ID])
    cg.add(var.set_port(config[CONF_PORT]))

-    if CONF_PASSWORD in config:
+    # Password could be set to an empty string and we can assume that means no password
+    if config.get(CONF_PASSWORD):
        cg.add(var.set_auth_password(config[CONF_PASSWORD]))
        cg.add_define("USE_OTA_PASSWORD")
        # Only include hash algorithms when password is configured
--- a/esphome/espota2.py
+++ b/esphome/espota2.py
@@ -242,7 +242,7 @@ def send_check(


 def perform_ota(
-    sock: socket.socket, password: str, file_handle: io.IOBase, filename: Path
+    sock: socket.socket, password: str | None, file_handle: io.IOBase, filename: Path
 ) -> None:
    file_contents = file_handle.read()
    file_size = len(file_contents)
@@ -278,13 +278,13 @@ def perform_ota(

    def perform_auth(
        sock: socket.socket,
-        password: str,
+        password: str | None,
        hash_func: Callable[..., Any],
        nonce_size: int,
        hash_name: str,
    ) -> None:
        """Perform challenge-response authentication using specified hash algorithm."""
-        if not password:
+        if password is None:
            raise OTAError("ESP requests password, but no password given!")

        nonce_bytes = receive_exactly(
@@ -385,7 +385,7 @@ def perform_ota(


 def run_ota_impl_(
-    remote_host: str | list[str], remote_port: int, password: str, filename: Path
+    remote_host: str | list[str], remote_port: int, password: str | None, filename: Path
 ) -> tuple[int, str | None]:
    from esphome.core import CORE

@@ -436,7 +436,7 @@ def run_ota_impl_(


 def run_ota(
-    remote_host: str | list[str], remote_port: int, password: str, filename: Path
+    remote_host: str | list[str], remote_port: int, password: str | None, filename: Path
 ) -> tuple[int, str | None]:
    try:
        return run_ota_impl_(remote_host, remote_port, password, filename)