2016-11-25 13:04:06 -08:00
|
|
|
"""The tests for the Home Assistant HTTP component."""
|
2024-03-08 14:50:04 +01:00
|
|
|
|
2021-10-23 21:34:53 +03:00
|
|
|
from http import HTTPStatus
|
2018-07-20 03:09:48 -07:00
|
|
|
from ipaddress import ip_address
|
2020-04-08 19:31:44 +02:00
|
|
|
import os
|
2021-01-01 22:31:56 +01:00
|
|
|
from unittest.mock import Mock, mock_open, patch
|
2016-11-25 13:04:06 -08:00
|
|
|
|
2018-02-15 13:06:14 -08:00
|
|
|
from aiohttp import web
|
|
|
|
|
from aiohttp.web_exceptions import HTTPUnauthorized
|
2018-07-20 03:09:48 -07:00
|
|
|
from aiohttp.web_middlewares import middleware
|
2020-04-08 19:31:44 +02:00
|
|
|
import pytest
|
2016-11-25 13:04:06 -08:00
|
|
|
|
2024-04-01 11:11:59 +02:00
|
|
|
from homeassistant.components import http
|
2024-03-07 13:37:48 +01:00
|
|
|
from homeassistant.components.http import KEY_AUTHENTICATED, KEY_HASS
|
2018-02-15 13:06:14 -08:00
|
|
|
from homeassistant.components.http.ban import (
|
2018-07-20 03:09:48 -07:00
|
|
|
IP_BANS_FILE,
|
2022-07-07 03:57:44 -05:00
|
|
|
KEY_BAN_MANAGER,
|
2018-07-20 03:09:48 -07:00
|
|
|
KEY_FAILED_LOGIN_ATTEMPTS,
|
2023-11-07 03:48:34 -06:00
|
|
|
process_success_login,
|
2019-12-09 11:59:38 +01:00
|
|
|
setup_bans,
|
2018-07-20 03:09:48 -07:00
|
|
|
)
|
2019-12-09 11:59:38 +01:00
|
|
|
from homeassistant.components.http.view import request_handler_factory
|
2023-02-08 18:12:56 +01:00
|
|
|
from homeassistant.core import HomeAssistant
|
2022-07-07 03:57:44 -05:00
|
|
|
from homeassistant.exceptions import HomeAssistantError
|
2019-12-09 11:59:38 +01:00
|
|
|
from homeassistant.setup import async_setup_component
|
2016-11-25 13:04:06 -08:00
|
|
|
|
2023-05-25 22:09:13 -05:00
|
|
|
from tests.common import async_get_persistent_notifications
|
2023-11-24 17:11:54 +01:00
|
|
|
from tests.test_util import mock_real_ip
|
2023-02-08 18:12:56 +01:00
|
|
|
from tests.typing import ClientSessionGenerator
|
|
|
|
|
|
2020-04-08 19:31:44 +02:00
|
|
|
SUPERVISOR_IP = "1.2.3.4"
|
2018-02-15 13:06:14 -08:00
|
|
|
BANNED_IPS = ["200.201.202.203", "100.64.0.2"]
|
2024-03-16 18:37:20 +01:00
|
|
|
BANNED_IPS_WITH_SUPERVISOR = [*BANNED_IPS, SUPERVISOR_IP]
|
2020-04-08 19:31:44 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(name="hassio_env")
|
|
|
|
|
def hassio_env_fixture():
|
|
|
|
|
"""Fixture to inject hassio env."""
|
2022-05-30 12:00:13 +02:00
|
|
|
with (
|
|
|
|
|
patch.dict(os.environ, {"SUPERVISOR": "127.0.0.1"}),
|
|
|
|
|
patch(
|
2020-04-08 19:31:44 +02:00
|
|
|
"homeassistant.components.hassio.HassIO.is_connected",
|
|
|
|
|
return_value={"result": "ok", "data": {}},
|
2022-05-30 12:00:13 +02:00
|
|
|
),
|
|
|
|
|
patch.dict(os.environ, {"SUPERVISOR_TOKEN": "123456"}),
|
|
|
|
|
):
|
2020-04-08 19:31:44 +02:00
|
|
|
yield
|
2017-05-19 07:37:39 -07:00
|
|
|
|
|
|
|
|
|
2020-08-18 23:32:19 +02:00
|
|
|
@pytest.fixture(autouse=True)
|
|
|
|
|
def gethostbyaddr_mock():
|
|
|
|
|
"""Fixture to mock out I/O on getting host by address."""
|
|
|
|
|
with patch(
|
|
|
|
|
"homeassistant.components.http.ban.gethostbyaddr",
|
|
|
|
|
return_value=("example.com", ["0.0.0.0.in-addr.arpa"], ["0.0.0.0"]),
|
|
|
|
|
):
|
|
|
|
|
yield
|
|
|
|
|
|
|
|
|
|
|
2023-02-08 18:12:56 +01:00
|
|
|
async def test_access_from_banned_ip(
|
|
|
|
|
hass: HomeAssistant, aiohttp_client: ClientSessionGenerator
|
|
|
|
|
) -> None:
|
2017-05-19 07:37:39 -07:00
|
|
|
"""Test accessing to server from banned IP. Both trusted and not."""
|
2018-02-15 13:06:14 -08:00
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2018-02-15 13:06:14 -08:00
|
|
|
setup_bans(hass, app, 5)
|
|
|
|
|
set_real_ip = mock_real_ip(app)
|
|
|
|
|
|
2018-11-21 20:55:21 +01:00
|
|
|
with patch(
|
2022-07-07 03:57:44 -05:00
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
return_value={
|
|
|
|
|
banned_ip: {"banned_at": "2016-11-16T19:20:03"} for banned_ip in BANNED_IPS
|
|
|
|
|
},
|
2018-11-21 20:55:21 +01:00
|
|
|
):
|
2018-03-15 13:49:49 -07:00
|
|
|
client = await aiohttp_client(app)
|
2018-02-15 13:06:14 -08:00
|
|
|
|
2017-05-19 07:37:39 -07:00
|
|
|
for remote_addr in BANNED_IPS:
|
2018-02-15 13:06:14 -08:00
|
|
|
set_real_ip(remote_addr)
|
2018-03-09 09:51:49 +08:00
|
|
|
resp = await client.get("/")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.FORBIDDEN
|
2017-05-19 07:37:39 -07:00
|
|
|
|
|
|
|
|
|
2022-07-07 03:57:44 -05:00
|
|
|
async def test_access_from_banned_ip_with_partially_broken_yaml_file(
|
2023-02-13 10:25:26 +01:00
|
|
|
hass: HomeAssistant,
|
|
|
|
|
aiohttp_client: ClientSessionGenerator,
|
|
|
|
|
caplog: pytest.LogCaptureFixture,
|
|
|
|
|
) -> None:
|
2022-07-07 03:57:44 -05:00
|
|
|
"""Test accessing to server from banned IP. Both trusted and not.
|
|
|
|
|
|
|
|
|
|
We inject some garbage into the yaml file to make sure it can
|
|
|
|
|
still load the bans.
|
|
|
|
|
"""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2022-07-07 03:57:44 -05:00
|
|
|
setup_bans(hass, app, 5)
|
|
|
|
|
set_real_ip = mock_real_ip(app)
|
|
|
|
|
|
|
|
|
|
data = {banned_ip: {"banned_at": "2016-11-16T19:20:03"} for banned_ip in BANNED_IPS}
|
|
|
|
|
data["5.3.3.3"] = {"banned_at": "garbage"}
|
|
|
|
|
|
|
|
|
|
with patch(
|
|
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
return_value=data,
|
|
|
|
|
):
|
|
|
|
|
client = await aiohttp_client(app)
|
|
|
|
|
|
|
|
|
|
for remote_addr in BANNED_IPS:
|
|
|
|
|
set_real_ip(remote_addr)
|
|
|
|
|
resp = await client.get("/")
|
|
|
|
|
assert resp.status == HTTPStatus.FORBIDDEN
|
|
|
|
|
|
|
|
|
|
# Ensure garbage data is ignored
|
|
|
|
|
set_real_ip("5.3.3.3")
|
|
|
|
|
resp = await client.get("/")
|
|
|
|
|
assert resp.status == HTTPStatus.NOT_FOUND
|
|
|
|
|
|
|
|
|
|
assert "Failed to load IP ban" in caplog.text
|
|
|
|
|
|
|
|
|
|
|
2023-02-08 18:12:56 +01:00
|
|
|
async def test_no_ip_bans_file(
|
|
|
|
|
hass: HomeAssistant, aiohttp_client: ClientSessionGenerator
|
|
|
|
|
) -> None:
|
2022-07-07 03:57:44 -05:00
|
|
|
"""Test no ip bans file."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2022-07-07 03:57:44 -05:00
|
|
|
setup_bans(hass, app, 5)
|
|
|
|
|
set_real_ip = mock_real_ip(app)
|
|
|
|
|
|
|
|
|
|
with patch(
|
|
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
side_effect=FileNotFoundError,
|
|
|
|
|
):
|
|
|
|
|
client = await aiohttp_client(app)
|
|
|
|
|
|
|
|
|
|
set_real_ip("4.3.2.1")
|
|
|
|
|
resp = await client.get("/")
|
|
|
|
|
assert resp.status == HTTPStatus.NOT_FOUND
|
|
|
|
|
|
|
|
|
|
|
2023-02-08 18:12:56 +01:00
|
|
|
async def test_failure_loading_ip_bans_file(
|
|
|
|
|
hass: HomeAssistant, aiohttp_client: ClientSessionGenerator
|
|
|
|
|
) -> None:
|
2022-07-07 03:57:44 -05:00
|
|
|
"""Test failure loading ip bans file."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2022-07-07 03:57:44 -05:00
|
|
|
setup_bans(hass, app, 5)
|
|
|
|
|
set_real_ip = mock_real_ip(app)
|
|
|
|
|
|
|
|
|
|
with patch(
|
|
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
side_effect=HomeAssistantError,
|
|
|
|
|
):
|
|
|
|
|
client = await aiohttp_client(app)
|
|
|
|
|
|
|
|
|
|
set_real_ip("4.3.2.1")
|
|
|
|
|
resp = await client.get("/")
|
|
|
|
|
assert resp.status == HTTPStatus.NOT_FOUND
|
|
|
|
|
|
|
|
|
|
|
2023-02-13 10:25:26 +01:00
|
|
|
async def test_ip_ban_manager_never_started(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
aiohttp_client: ClientSessionGenerator,
|
|
|
|
|
caplog: pytest.LogCaptureFixture,
|
|
|
|
|
) -> None:
|
2022-07-07 03:57:44 -05:00
|
|
|
"""Test we handle the ip ban manager not being started."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2022-07-07 03:57:44 -05:00
|
|
|
setup_bans(hass, app, 5)
|
|
|
|
|
set_real_ip = mock_real_ip(app)
|
|
|
|
|
|
|
|
|
|
with patch(
|
|
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
side_effect=FileNotFoundError,
|
|
|
|
|
):
|
|
|
|
|
client = await aiohttp_client(app)
|
|
|
|
|
|
|
|
|
|
# Mock the manager never being started
|
|
|
|
|
del app[KEY_BAN_MANAGER]
|
|
|
|
|
|
|
|
|
|
set_real_ip("4.3.2.1")
|
|
|
|
|
resp = await client.get("/")
|
|
|
|
|
assert resp.status == HTTPStatus.NOT_FOUND
|
|
|
|
|
assert "IP Ban middleware loaded but banned IPs not loaded" in caplog.text
|
|
|
|
|
|
|
|
|
|
|
2020-04-08 19:31:44 +02:00
|
|
|
@pytest.mark.parametrize(
|
2023-02-15 14:09:50 +01:00
|
|
|
("remote_addr", "bans", "status"),
|
2020-04-09 17:41:17 +02:00
|
|
|
list(
|
|
|
|
|
zip(
|
2021-10-23 21:34:53 +03:00
|
|
|
BANNED_IPS_WITH_SUPERVISOR,
|
|
|
|
|
[1, 1, 0],
|
|
|
|
|
[HTTPStatus.FORBIDDEN, HTTPStatus.FORBIDDEN, HTTPStatus.UNAUTHORIZED],
|
2024-04-14 07:14:26 +02:00
|
|
|
strict=False,
|
2020-04-09 17:41:17 +02:00
|
|
|
)
|
|
|
|
|
),
|
2020-04-08 19:31:44 +02:00
|
|
|
)
|
|
|
|
|
async def test_access_from_supervisor_ip(
|
2023-02-13 10:25:26 +01:00
|
|
|
remote_addr,
|
|
|
|
|
bans,
|
|
|
|
|
status,
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
aiohttp_client: ClientSessionGenerator,
|
|
|
|
|
hassio_env,
|
|
|
|
|
) -> None:
|
2020-04-08 19:31:44 +02:00
|
|
|
"""Test accessing to server from supervisor IP."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2020-04-08 19:31:44 +02:00
|
|
|
|
|
|
|
|
async def unauth_handler(request):
|
|
|
|
|
"""Return a mock web response."""
|
|
|
|
|
raise HTTPUnauthorized
|
|
|
|
|
|
|
|
|
|
app.router.add_get("/", unauth_handler)
|
|
|
|
|
setup_bans(hass, app, 1)
|
|
|
|
|
mock_real_ip(app)(remote_addr)
|
|
|
|
|
|
|
|
|
|
with patch(
|
2022-07-07 03:57:44 -05:00
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
return_value={},
|
2020-04-08 19:31:44 +02:00
|
|
|
):
|
|
|
|
|
client = await aiohttp_client(app)
|
|
|
|
|
|
2024-03-08 11:13:24 +01:00
|
|
|
manager = app[KEY_BAN_MANAGER]
|
2022-07-07 03:57:44 -05:00
|
|
|
|
2022-10-31 09:57:54 -04:00
|
|
|
with patch(
|
|
|
|
|
"homeassistant.components.hassio.HassIO.get_resolution_info",
|
|
|
|
|
return_value={
|
|
|
|
|
"unsupported": [],
|
|
|
|
|
"unhealthy": [],
|
|
|
|
|
"suggestions": [],
|
|
|
|
|
"issues": [],
|
|
|
|
|
"checks": [],
|
|
|
|
|
},
|
|
|
|
|
):
|
|
|
|
|
assert await async_setup_component(hass, "hassio", {"hassio": {}})
|
2020-04-08 19:31:44 +02:00
|
|
|
|
|
|
|
|
m_open = mock_open()
|
|
|
|
|
|
|
|
|
|
with (
|
|
|
|
|
patch.dict(os.environ, {"SUPERVISOR": SUPERVISOR_IP}),
|
|
|
|
|
patch("homeassistant.components.http.ban.open", m_open, create=True),
|
|
|
|
|
):
|
|
|
|
|
resp = await client.get("/")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
2022-07-07 03:57:44 -05:00
|
|
|
assert len(manager.ip_bans_lookup) == bans
|
2020-04-08 19:31:44 +02:00
|
|
|
assert m_open.call_count == bans
|
|
|
|
|
|
|
|
|
|
# second request should be forbidden if banned
|
|
|
|
|
resp = await client.get("/")
|
|
|
|
|
assert resp.status == status
|
2022-07-07 03:57:44 -05:00
|
|
|
assert len(manager.ip_bans_lookup) == bans
|
2020-04-08 19:31:44 +02:00
|
|
|
|
|
|
|
|
|
2023-02-08 18:12:56 +01:00
|
|
|
async def test_ban_middleware_not_loaded_by_config(hass: HomeAssistant) -> None:
|
2017-05-19 07:37:39 -07:00
|
|
|
"""Test accessing to server from banned IP when feature is off."""
|
2018-02-15 13:06:14 -08:00
|
|
|
with patch("homeassistant.components.http.setup_bans") as mock_setup:
|
2018-03-09 09:51:49 +08:00
|
|
|
await async_setup_component(
|
2018-02-15 13:06:14 -08:00
|
|
|
hass, "http", {"http": {http.CONF_IP_BAN_ENABLED: False}}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
assert len(mock_setup.mock_calls) == 0
|
2017-05-19 07:37:39 -07:00
|
|
|
|
|
|
|
|
|
2023-02-08 18:12:56 +01:00
|
|
|
async def test_ban_middleware_loaded_by_default(hass: HomeAssistant) -> None:
|
2018-02-15 13:06:14 -08:00
|
|
|
"""Test accessing to server from banned IP when feature is off."""
|
|
|
|
|
with patch("homeassistant.components.http.setup_bans") as mock_setup:
|
2018-03-09 09:51:49 +08:00
|
|
|
await async_setup_component(hass, "http", {"http": {}})
|
2017-05-19 07:37:39 -07:00
|
|
|
|
2018-02-15 13:06:14 -08:00
|
|
|
assert len(mock_setup.mock_calls) == 1
|
|
|
|
|
|
|
|
|
|
|
2023-02-13 10:25:26 +01:00
|
|
|
async def test_ip_bans_file_creation(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
aiohttp_client: ClientSessionGenerator,
|
|
|
|
|
caplog: pytest.LogCaptureFixture,
|
|
|
|
|
) -> None:
|
2018-02-15 13:06:14 -08:00
|
|
|
"""Testing if banned IP file created."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2017-05-19 07:37:39 -07:00
|
|
|
|
2018-03-09 09:51:49 +08:00
|
|
|
async def unauth_handler(request):
|
2018-02-15 13:06:14 -08:00
|
|
|
"""Return a mock web response."""
|
|
|
|
|
raise HTTPUnauthorized
|
|
|
|
|
|
2022-07-14 21:43:14 +02:00
|
|
|
app.router.add_get("/example", unauth_handler)
|
2019-01-26 03:13:44 +01:00
|
|
|
setup_bans(hass, app, 2)
|
2018-02-15 13:06:14 -08:00
|
|
|
mock_real_ip(app)("200.201.202.204")
|
|
|
|
|
|
2018-11-21 20:55:21 +01:00
|
|
|
with patch(
|
2022-07-07 03:57:44 -05:00
|
|
|
"homeassistant.components.http.ban.load_yaml_config_file",
|
|
|
|
|
return_value={
|
|
|
|
|
banned_ip: {"banned_at": "2016-11-16T19:20:03"} for banned_ip in BANNED_IPS
|
|
|
|
|
},
|
2018-11-21 20:55:21 +01:00
|
|
|
):
|
2018-03-15 13:49:49 -07:00
|
|
|
client = await aiohttp_client(app)
|
2018-02-15 13:06:14 -08:00
|
|
|
|
2024-03-08 11:13:24 +01:00
|
|
|
manager = app[KEY_BAN_MANAGER]
|
2020-04-08 19:31:44 +02:00
|
|
|
m_open = mock_open()
|
2017-05-19 07:37:39 -07:00
|
|
|
|
2020-04-08 19:31:44 +02:00
|
|
|
with patch("homeassistant.components.http.ban.open", m_open, create=True):
|
2022-07-14 21:43:14 +02:00
|
|
|
resp = await client.get("/example")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
2022-07-07 03:57:44 -05:00
|
|
|
assert len(manager.ip_bans_lookup) == len(BANNED_IPS)
|
2020-04-08 19:31:44 +02:00
|
|
|
assert m_open.call_count == 0
|
2017-05-19 07:37:39 -07:00
|
|
|
|
2022-07-14 21:43:14 +02:00
|
|
|
resp = await client.get("/example")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
2022-07-07 03:57:44 -05:00
|
|
|
assert len(manager.ip_bans_lookup) == len(BANNED_IPS) + 1
|
2021-07-28 09:41:45 +02:00
|
|
|
m_open.assert_called_once_with(
|
|
|
|
|
hass.config.path(IP_BANS_FILE), "a", encoding="utf8"
|
|
|
|
|
)
|
2017-05-19 07:37:39 -07:00
|
|
|
|
2022-07-14 21:43:14 +02:00
|
|
|
resp = await client.get("/example")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.FORBIDDEN
|
2020-04-08 19:31:44 +02:00
|
|
|
assert m_open.call_count == 1
|
2018-07-20 03:09:48 -07:00
|
|
|
|
2023-05-25 22:09:13 -05:00
|
|
|
notifications = async_get_persistent_notifications(hass)
|
|
|
|
|
assert len(notifications) == 2
|
2020-08-18 23:32:19 +02:00
|
|
|
assert (
|
2023-05-25 22:09:13 -05:00
|
|
|
notifications["http-login"]["message"]
|
2021-01-18 08:21:30 +00:00
|
|
|
== "Login attempt or request with invalid authentication from example.com (200.201.202.204). See the log for details."
|
2020-08-18 23:32:19 +02:00
|
|
|
)
|
|
|
|
|
|
2022-07-14 21:43:14 +02:00
|
|
|
assert (
|
|
|
|
|
"Login attempt or request with invalid authentication from example.com (200.201.202.204). Requested URL: '/example'."
|
|
|
|
|
in caplog.text
|
|
|
|
|
)
|
|
|
|
|
|
2018-07-20 03:09:48 -07:00
|
|
|
|
2023-02-08 18:12:56 +01:00
|
|
|
async def test_failed_login_attempts_counter(
|
|
|
|
|
hass: HomeAssistant, aiohttp_client: ClientSessionGenerator
|
|
|
|
|
) -> None:
|
2018-07-20 03:09:48 -07:00
|
|
|
"""Testing if failed login attempts counter increased."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2018-07-20 03:09:48 -07:00
|
|
|
|
|
|
|
|
async def auth_handler(request):
|
|
|
|
|
"""Return 200 status code."""
|
|
|
|
|
return None, 200
|
|
|
|
|
|
2023-11-07 03:48:34 -06:00
|
|
|
async def auth_true_handler(request):
|
|
|
|
|
"""Return 200 status code."""
|
|
|
|
|
process_success_login(request)
|
|
|
|
|
return None, 200
|
|
|
|
|
|
2018-07-20 03:09:48 -07:00
|
|
|
app.router.add_get(
|
2023-05-21 13:36:03 -05:00
|
|
|
"/auth_true",
|
2023-11-07 03:48:34 -06:00
|
|
|
request_handler_factory(hass, Mock(requires_auth=True), auth_true_handler),
|
2019-07-31 12:25:30 -07:00
|
|
|
)
|
2018-07-20 03:09:48 -07:00
|
|
|
app.router.add_get(
|
2023-05-21 13:36:03 -05:00
|
|
|
"/auth_false",
|
|
|
|
|
request_handler_factory(hass, Mock(requires_auth=True), auth_handler),
|
2019-07-31 12:25:30 -07:00
|
|
|
)
|
2018-07-20 03:09:48 -07:00
|
|
|
app.router.add_get(
|
2023-05-21 13:36:03 -05:00
|
|
|
"/", request_handler_factory(hass, Mock(requires_auth=False), auth_handler)
|
2019-07-31 12:25:30 -07:00
|
|
|
)
|
2018-07-20 03:09:48 -07:00
|
|
|
|
|
|
|
|
setup_bans(hass, app, 5)
|
|
|
|
|
remote_ip = ip_address("200.201.202.204")
|
|
|
|
|
mock_real_ip(app)("200.201.202.204")
|
|
|
|
|
|
|
|
|
|
@middleware
|
|
|
|
|
async def mock_auth(request, handler):
|
|
|
|
|
"""Mock auth middleware."""
|
|
|
|
|
if "auth_true" in request.path:
|
|
|
|
|
request[KEY_AUTHENTICATED] = True
|
|
|
|
|
else:
|
|
|
|
|
request[KEY_AUTHENTICATED] = False
|
|
|
|
|
return await handler(request)
|
|
|
|
|
|
|
|
|
|
app.middlewares.append(mock_auth)
|
|
|
|
|
|
|
|
|
|
client = await aiohttp_client(app)
|
|
|
|
|
|
|
|
|
|
resp = await client.get("/auth_false")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
2018-07-20 03:09:48 -07:00
|
|
|
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1
|
|
|
|
|
|
|
|
|
|
resp = await client.get("/auth_false")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
2018-07-20 03:09:48 -07:00
|
|
|
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
|
|
|
|
|
|
|
|
|
|
resp = await client.get("/")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.OK
|
2018-07-20 03:09:48 -07:00
|
|
|
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
|
|
|
|
|
|
2019-10-14 14:56:45 -07:00
|
|
|
# This used to check that with trusted networks we reset login attempts
|
|
|
|
|
# We no longer support trusted networks.
|
2018-07-20 03:09:48 -07:00
|
|
|
resp = await client.get("/auth_true")
|
2021-10-23 21:34:53 +03:00
|
|
|
assert resp.status == HTTPStatus.OK
|
2023-11-07 03:48:34 -06:00
|
|
|
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 0
|
|
|
|
|
|
|
|
|
|
resp = await client.get("/auth_false")
|
|
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
|
|
|
|
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1
|
|
|
|
|
|
|
|
|
|
resp = await client.get("/auth_false")
|
|
|
|
|
assert resp.status == HTTPStatus.UNAUTHORIZED
|
2019-10-14 14:56:45 -07:00
|
|
|
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
|
2023-11-14 08:13:14 -08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_single_ban_file_entry(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
) -> None:
|
|
|
|
|
"""Test that only one item is added to ban file."""
|
|
|
|
|
app = web.Application()
|
2024-03-07 13:37:48 +01:00
|
|
|
app[KEY_HASS] = hass
|
2023-11-14 08:13:14 -08:00
|
|
|
|
|
|
|
|
async def unauth_handler(request):
|
|
|
|
|
"""Return a mock web response."""
|
|
|
|
|
raise HTTPUnauthorized
|
|
|
|
|
|
|
|
|
|
app.router.add_get("/example", unauth_handler)
|
|
|
|
|
setup_bans(hass, app, 2)
|
|
|
|
|
mock_real_ip(app)("200.201.202.204")
|
|
|
|
|
|
2024-03-08 11:13:24 +01:00
|
|
|
manager = app[KEY_BAN_MANAGER]
|
2023-11-14 08:13:14 -08:00
|
|
|
m_open = mock_open()
|
|
|
|
|
|
|
|
|
|
with patch("homeassistant.components.http.ban.open", m_open, create=True):
|
|
|
|
|
remote_ip = ip_address("200.201.202.204")
|
|
|
|
|
await manager.async_add_ban(remote_ip)
|
|
|
|
|
await manager.async_add_ban(remote_ip)
|
|
|
|
|
|
|
|
|
|
assert m_open.call_count == 1
|
