Add regex validation for the entity id filter

[flip-dots]

Breaking change

Proposed change

This adds regex validation for the filter_entity_id parameter in the history part of the REST API to make sure that the provided entity IDs are valid. Previously the API would just return an empty array instead of an error message, which is (probably) not expected behaviour.

This makes it easier to spot if you made a mistake in your request formatting, as you now get a specific error instead of an empty array which could be confusing.

Also for the WebSocket API

Type of change

• Dependency upgrade
• Bugfix (non-breaking change which fixes an issue)
• New integration (thank you!)
• New feature (which adds functionality to an existing integration)
• Deprecation (breaking change to happen in the future)
• Breaking change (fix/feature causing existing functionality to break)
• Code quality improvements to existing code or addition of tests

Additional information

• This PR fixes or closes issue: fixes #
• This PR is related to issue:
• Link to documentation pull request:

Checklist

• The code change is tested and works locally.
• Local tests pass. Your PR cannot be merged unless tests pass
• There is no commented out code in this PR.
• I have followed the development checklist
• I have followed the perfect PR recommendations
• The code has been formatted using Black (black --fast homeassistant tests)
• Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

• Documentation added/updated for www.home-assistant.io

If the code communicates with devices, web services, or third-party tools:

• The manifest file has all fields filled out correctly.
  Updated and included derived files by running: python3 -m script.hassfest.
• New or updated dependencies have been added to requirements_all.txt.
  Updated by running python3 -m script.gen_requirements_all.
• For the updated dependencies - a link to the changelog, or at minimum a diff between library versions is added to the PR description.
• Untested files have been added to .coveragerc.

To help with the load of incoming pull requests:

• I have reviewed two other open pull requests in this repository.

[home-assistant]

Hi @flip-dots

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[home-assistant]

Hey there @home-assistant/core, mind taking a look at this pull request as it has been labeled with an integration (history) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of history can trigger bot actions by commenting:

• @home-assistant close Closes the pull request.
• @home-assistant rename Awesome new title Renames the pull request.
• @home-assistant reopen Reopen the pull request.
• @home-assistant unassign history Removes the current integration label and assignees on the pull request, add the integration domain after the command.

[bdraco]

Please check if it's in the state machine first before calling this check as it can get expensive if the entity id list is large

Also this needs a test.

Thanks

[home-assistant]

Hi @flip-dots

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[home-assistant]

Hi @flip-dots

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[home-assistant]

Hi @flip-dots

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[home-assistant]

Hi @flip-dots

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[home-assistant]

Hi @flip-dots

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[frenck]

As the CLA isn't signed yet, this PR can't be reviewed or merged. Marking this PR draft for now. Please mark it ready for review, once you've signed the CLA.

../Frenck

[phrfpeixoto]

Random reviewer here 🙋🏽‍♂️, no context on what the more extensive code is doing (they said I need to review some to expedite my own review, so...), but couldn't you compile an array of error messages and return altogether?

Also, any particular reason for not reversing the logical check in the IF statement on line 124?
As it stands, your code allows the caller to obtain the state of the entity (if it exists), even though that ID might be "invalid"

Suggested change

	for entity_id in entity_ids:
	if not hass.states.get(entity_id) or not valid_entity_id(entity_id):
	return self.json_message(
	"Invalid filter_entity_id", HTTPStatus.BAD_REQUEST
	)
	for entity_id in entity_ids:
	if not valid_entity_id(entity_id) or not hass.states.get(entity_id):
	return self.json_message(
	"Invalid filter_entity_id", HTTPStatus.BAD_REQUEST
	)

[flip-dots]

Now that I think about it, the regex check in the REST API is redundant when we also check the state machine, since I think we can assume that if an entitiy_id is in the state machine it must be valid, so doing a regex check only makes sense for the Web Socket API where you can subscribe to entity_ids which don't exist yet.