Skip to content

Solve aiohttp BascicAuth depreciation#890

Merged
bouwew merged 7 commits into
mainfrom
basic_auth
Jul 5, 2026
Merged

Solve aiohttp BascicAuth depreciation#890
bouwew merged 7 commits into
mainfrom
basic_auth

Conversation

@bouwew

@bouwew bouwew commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Bug Fixes

    • Improved SmileComm HTTP compatibility by replacing deprecated BasicAuth usage with a reusable Authorization header.
    • Updated request handling for common HTTP methods, including adjusted Accept-Encoding and Content-Type headers.
  • Chores

    • Tightened the aiohttp requirement to version 3.14+.
    • Refreshed the changelog to note the BasicAuth deprecation fix.

@bouwew bouwew requested a review from a team as a code owner July 5, 2026 06:33
@bouwew bouwew requested review from CoMPaTech and removed request for a team July 5, 2026 06:33
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@bouwew, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 55 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1c0360bd-bc9c-4930-b808-0c530b23e961

📥 Commits

Reviewing files that changed from the base of the PR and between c9fc54f and 123fbc3.

📒 Files selected for processing (1)
  • CHANGELOG.md
📝 Walkthrough

Walkthrough

Replaces aiohttp BasicAuth in SmileComm with a precomputed Authorization header, updates request verb handling to use shared headers, and adjusts the aiohttp dependency plus changelog entry.

Changes

Auth header refactor and metadata updates

Layer / File(s) Summary
Auth header construction and imports
plugwise/smilecomm.py
Replaces BasicAuth with encode_basic_auth and stores a reusable _base_header containing the encoded Authorization value.
Request verb dispatch using shared headers
plugwise/smilecomm.py
_request now sends delete/get/post/put with headers=self._base_header, adding Accept-Encoding: gzip for get and Content-type: text/xml for post/put.
Version requirement and changelog entry
pyproject.toml, CHANGELOG.md
Raises the aiohttp requirement to >=3.14 and adds an Ongoing changelog note for the BasicAuth deprecation fix.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant SmileComm
  participant AiohttpSession

  Caller->>SmileComm: _request(method, url)
  SmileComm->>SmileComm: start from _base_header
  alt method is get
    SmileComm->>SmileComm: add Accept-Encoding: gzip
  else method is post or put
    SmileComm->>SmileComm: add Content-type: text/xml
  end
  SmileComm->>AiohttpSession: request with headers
  AiohttpSession-->>SmileComm: response
  SmileComm-->>Caller: return response
Loading

Suggested labels: quality

Suggested reviewers: CoMPaTech

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: resolving aiohttp BasicAuth deprecation, despite minor spelling errors.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch basic_auth

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot added the quality label Jul 5, 2026
@bouwew bouwew force-pushed the basic_auth branch 2 times, most recently from ad52751 to 8a6a8e6 Compare July 5, 2026 06:37

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CHANGELOG.md`:
- Line 5: The CHANGELOG entry has an empty markdown link placeholder in the
“Solve aiohttp BasicAuth deprecation via PR” bullet, which triggers the
markdownlint no-empty-links rule. Update that bullet to use a real PR URL in the
existing link syntax so the link is no longer empty, and keep the change
localized to the changelog entry.

In `@plugwise/smilecomm.py`:
- Around line 18-24: The import in smilecomm.py depends on encode_basic_auth,
which is only available in aiohttp 3.14+, so update the package constraint to
require aiohttp >=3.14 in pyproject.toml and keep the existing import in
smilecomm.py aligned with that minimum version.
- Around line 51-53: The BasicAuth header generation in smilecomm.py changed the
wire format for non-ASCII credentials because encode_basic_auth() now uses the
default encoding. Update the _base_header initialization to explicitly pass
encoding="latin1" in the encode_basic_auth call inside the relevant SmileComm
setup so the Authorization value matches the previous behavior.

In `@pyproject.toml`:
- Line 27: The project Python floor was raised too high in the package metadata,
which will block installs on 3.13 while CI still supports it. Update the
requires-python setting in pyproject.toml to keep the minimum below 3.14,
aligned with the current pytest matrix and the aiohttp/auth change; verify the
package metadata still matches the supported versions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7965db2a-0258-47f4-8e34-546382c39785

📥 Commits

Reviewing files that changed from the base of the PR and between e9e558f and ddb3e32.

📒 Files selected for processing (3)
  • CHANGELOG.md
  • plugwise/smilecomm.py
  • pyproject.toml

Comment thread CHANGELOG.md Outdated
Comment thread plugwise/smilecomm.py
Comment thread plugwise/smilecomm.py
Comment thread pyproject.toml Outdated
@codecov

codecov Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (af974b3) to head (123fbc3).

Additional details and impacted files
@@            Coverage Diff            @@
##              main      #890   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           21        21           
  Lines         3484      3484           
=========================================
  Hits          3484      3484           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@CoMPaTech

Copy link
Copy Markdown
Member

Updated the project’s supported Python version requirement to 3.14 and documented the change in the changelog.```

@coderabbitai you might want to recheck your bearings there was an update to 3.14 but it was a dependency

@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
fd pyproject.toml
cat pyproject.toml

Length of output: 18740


@CoMPaTech You're right, thanks for the catch. Looking at pyproject.toml again, requires-python stays at >=3.13 — the actual change is in the dependencies list, bumping aiohttp>=3.14. That makes sense given this PR is specifically addressing the aiohttp BasicAuth deprecation, so the minimum aiohttp version needed to be raised. I'll make sure to describe this correctly as a dependency bump rather than a Python version requirement change going forward.


✏️ Learnings added
Learnt from: CoMPaTech
URL: https://github.com/plugwise/python-plugwise/pull/890

Timestamp: 2026-07-05T08:55:50.612Z
Learning: In plugwise/python-plugwise, when pyproject.toml changes bump a version number near Python version classifiers (e.g., "3.14"), verify whether the change is to `requires-python` (Python version support) or to an entry in `dependencies` (e.g., `aiohttp>=3.14`). PR `#890` bumped the `aiohttp` dependency's minimum version to >=3.14 as part of solving an aiohttp BasicAuth deprecation, not the project's supported Python version requirement.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

Comment thread pyproject.toml
dependencies = [
"aiofiles",
"aiohttp",
"aiohttp>=3.14",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should figure out where (if any) this comes from, I've purposely did not set the specific version to ingest whatever we get from the core package constraints and requirements. As core specifies ==3.14.1

@bouwew bouwew Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The BasicAuth depreciation is solved by using the encode_basic_auth() function, which is introduced in aiohttp version 3.14.0, see https://github.com/aio-libs/aiohttp/releases/tag/v3.14.0

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which is appropriately set through our setup scripts from https://github.com/home-assistant/core/blob/d6fe80d208b2dc96a34447fc749b31f4d249fdd2/homeassistant/package_constraints.txt#L9 so while we could >= it we shouldn't necessarily have to but we can surely add it here, we just need to make sure that we update it ourselves whenever core moves

@coderabbitai coderabbitai Bot requested a review from CoMPaTech July 5, 2026 13:13
@sonarqubecloud

sonarqubecloud Bot commented Jul 5, 2026

Copy link
Copy Markdown

@bouwew bouwew merged commit e67106e into main Jul 5, 2026
18 checks passed
@bouwew bouwew deleted the basic_auth branch July 5, 2026 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants