Do not ensure token for calls to gestalt

[jschlyter]

Calling gestalt does not require an authentication token.

Closes #48

Summary by CodeRabbit

• Refactor
  • Enhanced API request handling with flexible authentication requirements
  • Certain operations can now function without requiring authentication when not needed
  • Full backward compatibility maintained across all public interfaces

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds an optional require_token boolean parameter to the internal _post and _get HTTP methods, defaulting to True. When set to False, token enforcement is bypassed. Applied in get_details() to skip token validation for the gestalt endpoint, which does not require authentication according to the Twinkly API.

Changes

Cohort / File(s)	Change Summary
Token enforcement control ttls/client.py	Modified _post() and _get() methods to accept optional require_token parameter (default True). Updated get_details() to call _get("gestalt", require_token=False), bypassing token enforcement for the gestalt endpoint.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Small, focused change confined to a single file
• Clear, straightforward conditional logic addition
• Well-motivated by issue requirement (gestalt endpoint doesn't require authentication)
• Minimal surface area: 3 method modifications with consistent pattern

Poem

🐰 A token bypass, light and clean,
The gestalt endpoint now unseen,
No auth required, let it flow,
Discovery free—no token woe! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: skipping token enforcement for gestalt endpoint calls, which matches the PR's core objective.
Linked Issues check	✅ Passed	The PR fully addresses issue #48 by adding a require_token parameter to skip token enforcement specifically for gestalt endpoint calls, preventing token invalidation during discovery.
Out of Scope Changes check	✅ Passed	All changes are scoped to the linked issue objective: adding optional token enforcement control to internal HTTP methods and applying it to the gestalt endpoint.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch gestalt_no_token

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

ttls/client.py (1)

216-216: Consider updating test mocks for consistency.

The test mocks in tests/test_generic.py (lines 23-30) don't explicitly declare the require_token parameter. They'll work correctly since **kwargs absorbs it, but you may want to update them for documentation purposes:

async def _post(self, endpoint: str, require_token: bool = True, **kwargs) -> Any:
async def _get(self, endpoint: str, require_token: bool = True, **kwargs) -> Any:

This is optional—the tests will pass either way.

Also applies to: 241-241

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a56530f and 1e17ebb.

📒 Files selected for processing (1)

• ttls/client.py (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

ttls/client.py (1)

tests/test_generic.py (2)

• _post (24-25)
• _get (27-31)

🔇 Additional comments (3)

ttls/client.py (3)

216-219: LGTM!

Clean implementation with backward-compatible default. The conditional token enforcement is clear and maintainable.

---

241-244: Approve with minor note on retry behavior.

The implementation is correct. However, note that _handle_authorized (line 283) doesn't forward the require_token parameter when retrying—it defaults back to True. This is acceptable for the gestalt endpoint since it won't return 401, and for other endpoints using the default require_token=True, this behavior is correct.

If you later add other endpoints with require_token=False that might return 401 for other reasons, consider preserving the parameter:

 async def _handle_authorized(self, request_method: Callable, endpoint: str, exception: Exception, **kwargs) -> None:
     # ...
-    return await request_method(endpoint, headers=self._headers, retry_num=retry_num, **kwargs)
+    return await request_method(endpoint, require_token=kwargs.pop("require_token", True), headers=self._headers, retry_num=retry_num, **kwargs)

For the current use case, this is not necessary.

Also applies to: 260-266

---

338-339: LGTM! Correctly addresses issue #48.

This change prevents ensure_token() from being called for the gestalt endpoint, which doesn't require authentication. This fixes the Home Assistant discovery issue where token handling was being triggered unnecessarily.

[StillTravelling]

Can confirm this is working for me as expected.
ttls --host 192.168.0.245 details
returns the details and my twinkly flow in not impacted.

ttls --host 192.168.0.245 mode
returns mode and my twinkly flow is impacted which is expected as the mode endpoint requires the token