hass-core/tests/auth/test_auth_store.py

"""Tests for the auth store."""

import asyncio
from datetime import timedelta
from typing import Any
from unittest.mock import patch

from freezegun import freeze_time
from freezegun.api import FrozenDateTimeFactory
import pytest

from homeassistant.auth import auth_store
from homeassistant.core import HomeAssistant
from homeassistant.util import dt as dt_util

MOCK_STORAGE_DATA = {
    "version": 1,
    "data": {
        "credentials": [],
        "users": [
            {
                "id": "user-id",
                "is_active": True,
                "is_owner": True,
                "name": "Paulus",
                "system_generated": False,
            },
            {
                "id": "system-id",
                "is_active": True,
                "is_owner": True,
                "name": "Hass.io",
                "system_generated": True,
            },
        ],
        "refresh_tokens": [
            {
                "access_token_expiration": 1800.0,
                "client_id": "http://localhost:8123/",
                "created_at": "2018-10-03T13:43:19.774637+00:00",
                "id": "user-token-id",
                "jwt_key": "some-key",
                "last_used_at": "2018-10-03T13:43:19.774712+00:00",
                "token": "some-token",
                "user_id": "user-id",
                "version": "1.2.3",
            },
            {
                "access_token_expiration": 1800.0,
                "client_id": None,
                "created_at": "2018-10-03T13:43:19.774637+00:00",
                "id": "system-token-id",
                "jwt_key": "some-key",
                "last_used_at": "2018-10-03T13:43:19.774712+00:00",
                "token": "some-token",
                "user_id": "system-id",
            },
            {
                "access_token_expiration": 1800.0,
                "client_id": "http://localhost:8123/",
                "created_at": "2018-10-03T13:43:19.774637+00:00",
                "id": "hidden-because-no-jwt-id",
                "last_used_at": "2018-10-03T13:43:19.774712+00:00",
                "token": "some-token",
                "user_id": "user-id",
            },
        ],
    },
}


async def test_loading_no_group_data_format(
    hass: HomeAssistant, hass_storage: dict[str, Any]
) -> None:
    """Test we correctly load old data without any groups."""
    hass_storage[auth_store.STORAGE_KEY] = MOCK_STORAGE_DATA

    store = auth_store.AuthStore(hass)
    await store.async_load()
    groups = await store.async_get_groups()
    assert len(groups) == 3
    admin_group = groups[0]
    assert admin_group.name == auth_store.GROUP_NAME_ADMIN
    assert admin_group.system_generated
    assert admin_group.id == auth_store.GROUP_ID_ADMIN
    read_group = groups[1]
    assert read_group.name == auth_store.GROUP_NAME_READ_ONLY
    assert read_group.system_generated
    assert read_group.id == auth_store.GROUP_ID_READ_ONLY
    user_group = groups[2]
    assert user_group.name == auth_store.GROUP_NAME_USER
    assert user_group.system_generated
    assert user_group.id == auth_store.GROUP_ID_USER

    users = await store.async_get_users()
    assert len(users) == 2

    owner, system = users

    assert owner.system_generated is False
    assert owner.groups == [admin_group]
    assert len(owner.refresh_tokens) == 1
    owner_token = list(owner.refresh_tokens.values())[0]
    assert owner_token.id == "user-token-id"
    assert owner_token.version == "1.2.3"

    assert system.system_generated is True
    assert system.groups == []
    assert len(system.refresh_tokens) == 1
    system_token = list(system.refresh_tokens.values())[0]
    assert system_token.id == "system-token-id"
    assert system_token.version is None


async def test_loading_all_access_group_data_format(
    hass: HomeAssistant, hass_storage: dict[str, Any]
) -> None:
    """Test we correctly load old data with single group."""
    hass_storage[auth_store.STORAGE_KEY] = MOCK_STORAGE_DATA

    store = auth_store.AuthStore(hass)
    await store.async_load()
    groups = await store.async_get_groups()
    assert len(groups) == 3
    admin_group = groups[0]
    assert admin_group.name == auth_store.GROUP_NAME_ADMIN
    assert admin_group.system_generated
    assert admin_group.id == auth_store.GROUP_ID_ADMIN
    read_group = groups[1]
    assert read_group.name == auth_store.GROUP_NAME_READ_ONLY
    assert read_group.system_generated
    assert read_group.id == auth_store.GROUP_ID_READ_ONLY
    user_group = groups[2]
    assert user_group.name == auth_store.GROUP_NAME_USER
    assert user_group.system_generated
    assert user_group.id == auth_store.GROUP_ID_USER

    users = await store.async_get_users()
    assert len(users) == 2

    owner, system = users

    assert owner.system_generated is False
    assert owner.groups == [admin_group]
    assert len(owner.refresh_tokens) == 1
    owner_token = list(owner.refresh_tokens.values())[0]
    assert owner_token.id == "user-token-id"
    assert owner_token.version == "1.2.3"

    assert system.system_generated is True
    assert system.groups == []
    assert len(system.refresh_tokens) == 1
    system_token = list(system.refresh_tokens.values())[0]
    assert system_token.id == "system-token-id"
    assert system_token.version is None


async def test_loading_empty_data(
    hass: HomeAssistant, hass_storage: dict[str, Any]
) -> None:
    """Test we correctly load with no existing data."""
    store = auth_store.AuthStore(hass)
    await store.async_load()
    groups = await store.async_get_groups()
    assert len(groups) == 3
    admin_group = groups[0]
    assert admin_group.name == auth_store.GROUP_NAME_ADMIN
    assert admin_group.system_generated
    assert admin_group.id == auth_store.GROUP_ID_ADMIN
    user_group = groups[1]
    assert user_group.name == auth_store.GROUP_NAME_USER
    assert user_group.system_generated
    assert user_group.id == auth_store.GROUP_ID_USER
    read_group = groups[2]
    assert read_group.name == auth_store.GROUP_NAME_READ_ONLY
    assert read_group.system_generated
    assert read_group.id == auth_store.GROUP_ID_READ_ONLY

    users = await store.async_get_users()
    assert len(users) == 0


async def test_system_groups_store_id_and_name(
    hass: HomeAssistant, hass_storage: dict[str, Any]
) -> None:
    """Test that for system groups we store the ID and name.

    Name is stored so that we remain backwards compat with < 0.82.
    """
    store = auth_store.AuthStore(hass)
    await store.async_load()
    data = store._data_to_save()
    assert len(data["users"]) == 0
    assert data["groups"] == [
        {"id": auth_store.GROUP_ID_ADMIN, "name": auth_store.GROUP_NAME_ADMIN},
        {"id": auth_store.GROUP_ID_USER, "name": auth_store.GROUP_NAME_USER},
        {"id": auth_store.GROUP_ID_READ_ONLY, "name": auth_store.GROUP_NAME_READ_ONLY},
    ]


async def test_loading_only_once(hass: HomeAssistant) -> None:
    """Test only one storage load is allowed."""
    store = auth_store.AuthStore(hass)
    with (
        patch("homeassistant.helpers.entity_registry.async_get") as mock_ent_registry,
        patch("homeassistant.helpers.device_registry.async_get") as mock_dev_registry,
        patch(
            "homeassistant.helpers.storage.Store.async_load", return_value=None
        ) as mock_load,
    ):
        await store.async_load()
        with pytest.raises(RuntimeError, match="Auth storage is already loaded"):
            await store.async_load()

        results = await asyncio.gather(store.async_get_users(), store.async_get_users())

        mock_ent_registry.assert_called_once_with(hass)
        mock_dev_registry.assert_called_once_with(hass)
        mock_load.assert_called_once_with()
        assert results[0] == results[1]


async def test_add_expire_at_property(
    hass: HomeAssistant, hass_storage: dict[str, Any]
) -> None:
    """Test we correctly add expired_at property if not existing."""
    now = dt_util.utcnow()
    with freeze_time(now):
        hass_storage[auth_store.STORAGE_KEY] = {
            "version": 1,
            "data": {
                "credentials": [],
                "users": [
                    {
                        "id": "user-id",
                        "is_active": True,
                        "is_owner": True,
                        "name": "Paulus",
                        "system_generated": False,
                    },
                    {
                        "id": "system-id",
                        "is_active": True,
                        "is_owner": True,
                        "name": "Hass.io",
                        "system_generated": True,
                    },
                ],
                "refresh_tokens": [
                    {
                        "access_token_expiration": 1800.0,
                        "client_id": "http://localhost:8123/",
                        "created_at": "2018-10-03T13:43:19.774637+00:00",
                        "id": "user-token-id",
                        "jwt_key": "some-key",
                        "last_used_at": str(now - timedelta(days=10)),
                        "token": "some-token",
                        "user_id": "user-id",
                        "version": "1.2.3",
                    },
                    {
                        "access_token_expiration": 1800.0,
                        "client_id": "http://localhost:8123/",
                        "created_at": "2018-10-03T13:43:19.774637+00:00",
                        "id": "user-token-id2",
                        "jwt_key": "some-key2",
                        "token": "some-token",
                        "user_id": "user-id",
                    },
                ],
            },
        }

        store = auth_store.AuthStore(hass)
        await store.async_load()

    users = await store.async_get_users()

    assert len(users[0].refresh_tokens) == 2
    token1, token2 = users[0].refresh_tokens.values()
    assert token1.expire_at
    assert token1.expire_at == now.timestamp() + timedelta(days=80).total_seconds()
    assert token2.expire_at
    assert token2.expire_at == now.timestamp() + timedelta(days=90).total_seconds()


async def test_loading_does_not_write_right_away(
    hass: HomeAssistant, hass_storage: dict[str, Any], freezer: FrozenDateTimeFactory
) -> None:
    """Test after calling load we wait five minutes to write."""
    hass_storage[auth_store.STORAGE_KEY] = MOCK_STORAGE_DATA

    store = auth_store.AuthStore(hass)
    await store.async_load()

    # Wipe storage so we can verify if it was written
    hass_storage[auth_store.STORAGE_KEY] = {}

    freezer.tick(auth_store.DEFAULT_SAVE_DELAY)
    await hass.async_block_till_done()
    assert hass_storage[auth_store.STORAGE_KEY] == {}
    freezer.tick(auth_store.INITIAL_LOAD_SAVE_DELAY)
    # Once for scheduling the task
    await hass.async_block_till_done()
    # Once for the task
    await hass.async_block_till_done()
    assert hass_storage[auth_store.STORAGE_KEY] != {}


async def test_add_remove_user_affects_tokens(
    hass: HomeAssistant, hass_storage: dict[str, Any]
) -> None:
    """Test adding and removing a user removes the tokens."""
    store = auth_store.AuthStore(hass)
    await store.async_load()
    user = await store.async_create_user("Test User")
    assert user.name == "Test User"
    refresh_token = await store.async_create_refresh_token(
        user, "client_id", "access_token_expiration"
    )
    assert user.refresh_tokens == {refresh_token.id: refresh_token}
    assert await store.async_get_user(user.id) == user
    assert store.async_get_refresh_token(refresh_token.id) == refresh_token
    assert store.async_get_refresh_token_by_token(refresh_token.token) == refresh_token
    await store.async_remove_user(user)
    assert store.async_get_refresh_token(refresh_token.id) is None
    assert store.async_get_refresh_token_by_token(refresh_token.token) is None
    assert user.refresh_tokens == {}
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00			`"""Tests for the auth store."""`
Add empty line after module docstring (2) [other] (#112738) 2024-03-08 19:16:38 +01:00
Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00			`import asyncio`
Add expiration of unused refresh tokens (#108428) Co-authored-by: J. Nick Koston <nick@koston.org> 2024-01-25 00:24:22 +01:00			`from datetime import timedelta`
Add type hints to core tests (#88478) 2023-02-20 11:42:56 +01:00			`from typing import Any`
Drop asynctest (#44746) 2021-01-01 22:31:56 +01:00			`from unittest.mock import patch`
Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00
Add expiration of unused refresh tokens (#108428) Co-authored-by: J. Nick Koston <nick@koston.org> 2024-01-25 00:24:22 +01:00			`from freezegun import freeze_time`
Avoid saving auth right after we load it during startup (#112008) 2024-03-09 11:03:22 -10:00			`from freezegun.api import FrozenDateTimeFactory`
Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`import pytest`

Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00			`from homeassistant.auth import auth_store`
Add typing to tests with single hass argument (2) (#87675) * Add typing to tests with single hass argument (2) * a few more 2023-02-08 08:51:43 +01:00			`from homeassistant.core import HomeAssistant`
Add expiration of unused refresh tokens (#108428) Co-authored-by: J. Nick Koston <nick@koston.org> 2024-01-25 00:24:22 +01:00			`from homeassistant.util import dt as dt_util`
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00
Avoid saving auth right after we load it during startup (#112008) 2024-03-09 11:03:22 -10:00			`MOCK_STORAGE_DATA = {`
			`"version": 1,`
			`"data": {`
			`"credentials": [],`
			`"users": [`
			`{`
			`"id": "user-id",`
			`"is_active": True,`
			`"is_owner": True,`
			`"name": "Paulus",`
			`"system_generated": False,`
			`},`
			`{`
			`"id": "system-id",`
			`"is_active": True,`
			`"is_owner": True,`
			`"name": "Hass.io",`
			`"system_generated": True,`
			`},`
			`],`
			`"refresh_tokens": [`
			`{`
			`"access_token_expiration": 1800.0,`
			`"client_id": "http://localhost:8123/",`
			`"created_at": "2018-10-03T13:43:19.774637+00:00",`
			`"id": "user-token-id",`
			`"jwt_key": "some-key",`
			`"last_used_at": "2018-10-03T13:43:19.774712+00:00",`
			`"token": "some-token",`
			`"user_id": "user-id",`
			`"version": "1.2.3",`
			`},`
			`{`
			`"access_token_expiration": 1800.0,`
			`"client_id": None,`
			`"created_at": "2018-10-03T13:43:19.774637+00:00",`
			`"id": "system-token-id",`
			`"jwt_key": "some-key",`
			`"last_used_at": "2018-10-03T13:43:19.774712+00:00",`
			`"token": "some-token",`
			`"user_id": "system-id",`
			`},`
			`{`
			`"access_token_expiration": 1800.0,`
			`"client_id": "http://localhost:8123/",`
			`"created_at": "2018-10-03T13:43:19.774637+00:00",`
			`"id": "hidden-because-no-jwt-id",`
			`"last_used_at": "2018-10-03T13:43:19.774712+00:00",`
			`"token": "some-token",`
			`"user_id": "user-id",`
			`},`
			`],`
			`},`
			`}`

Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00
Add type hints to core tests (#88478) 2023-02-20 11:42:56 +01:00			`async def test_loading_no_group_data_format(`
			`hass: HomeAssistant, hass_storage: dict[str, Any]`
			`) -> None:`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`"""Test we correctly load old data without any groups."""`
Avoid saving auth right after we load it during startup (#112008) 2024-03-09 11:03:22 -10:00			`hass_storage[auth_store.STORAGE_KEY] = MOCK_STORAGE_DATA`
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00
			`store = auth_store.AuthStore(hass)`
Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`await store.async_load()`
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00			`groups = await store.async_get_groups()`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`assert len(groups) == 3`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`admin_group = groups[0]`
			`assert admin_group.name == auth_store.GROUP_NAME_ADMIN`
			`assert admin_group.system_generated`
			`assert admin_group.id == auth_store.GROUP_ID_ADMIN`
			`read_group = groups[1]`
			`assert read_group.name == auth_store.GROUP_NAME_READ_ONLY`
			`assert read_group.system_generated`
			`assert read_group.id == auth_store.GROUP_ID_READ_ONLY`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`user_group = groups[2]`
			`assert user_group.name == auth_store.GROUP_NAME_USER`
			`assert user_group.system_generated`
			`assert user_group.id == auth_store.GROUP_ID_USER`
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00
			`users = await store.async_get_users()`
			`assert len(users) == 2`

			`owner, system = users`

			`assert owner.system_generated is False`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`assert owner.groups == [admin_group]`
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00			`assert len(owner.refresh_tokens) == 1`
			`owner_token = list(owner.refresh_tokens.values())[0]`
			`assert owner_token.id == "user-token-id"`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 12:06:20 +01:00			`assert owner_token.version == "1.2.3"`
Add group foundation (#16935) Add group foundation 2018-10-08 16:35:38 +02:00
			`assert system.system_generated is True`
			`assert system.groups == []`
			`assert len(system.refresh_tokens) == 1`
			`system_token = list(system.refresh_tokens.values())[0]`
			`assert system_token.id == "system-token-id"`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 12:06:20 +01:00			`assert system_token.version is None`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00

Add type hints to core tests (#88478) 2023-02-20 11:42:56 +01:00			`async def test_loading_all_access_group_data_format(`
			`hass: HomeAssistant, hass_storage: dict[str, Any]`
			`) -> None:`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`"""Test we correctly load old data with single group."""`
Avoid saving auth right after we load it during startup (#112008) 2024-03-09 11:03:22 -10:00			`hass_storage[auth_store.STORAGE_KEY] = MOCK_STORAGE_DATA`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00
			`store = auth_store.AuthStore(hass)`
Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`await store.async_load()`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`groups = await store.async_get_groups()`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`assert len(groups) == 3`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`admin_group = groups[0]`
			`assert admin_group.name == auth_store.GROUP_NAME_ADMIN`
			`assert admin_group.system_generated`
			`assert admin_group.id == auth_store.GROUP_ID_ADMIN`
			`read_group = groups[1]`
			`assert read_group.name == auth_store.GROUP_NAME_READ_ONLY`
			`assert read_group.system_generated`
			`assert read_group.id == auth_store.GROUP_ID_READ_ONLY`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`user_group = groups[2]`
			`assert user_group.name == auth_store.GROUP_NAME_USER`
			`assert user_group.system_generated`
			`assert user_group.id == auth_store.GROUP_ID_USER`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00
			`users = await store.async_get_users()`
			`assert len(users) == 2`

			`owner, system = users`

			`assert owner.system_generated is False`
			`assert owner.groups == [admin_group]`
			`assert len(owner.refresh_tokens) == 1`
			`owner_token = list(owner.refresh_tokens.values())[0]`
			`assert owner_token.id == "user-token-id"`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 12:06:20 +01:00			`assert owner_token.version == "1.2.3"`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00
			`assert system.system_generated is True`
			`assert system.groups == []`
			`assert len(system.refresh_tokens) == 1`
			`system_token = list(system.refresh_tokens.values())[0]`
			`assert system_token.id == "system-token-id"`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 12:06:20 +01:00			`assert system_token.version is None`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00

Add type hints to core tests (#88478) 2023-02-20 11:42:56 +01:00			`async def test_loading_empty_data(`
			`hass: HomeAssistant, hass_storage: dict[str, Any]`
			`) -> None:`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`"""Test we correctly load with no existing data."""`
			`store = auth_store.AuthStore(hass)`
Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`await store.async_load()`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`groups = await store.async_get_groups()`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`assert len(groups) == 3`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`admin_group = groups[0]`
			`assert admin_group.name == auth_store.GROUP_NAME_ADMIN`
			`assert admin_group.system_generated`
			`assert admin_group.id == auth_store.GROUP_ID_ADMIN`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`user_group = groups[1]`
			`assert user_group.name == auth_store.GROUP_NAME_USER`
			`assert user_group.system_generated`
			`assert user_group.id == auth_store.GROUP_ID_USER`
			`read_group = groups[2]`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`assert read_group.name == auth_store.GROUP_NAME_READ_ONLY`
			`assert read_group.system_generated`
			`assert read_group.id == auth_store.GROUP_ID_READ_ONLY`

			`users = await store.async_get_users()`
			`assert len(users) == 0`


Add type hints to core tests (#88478) 2023-02-20 11:42:56 +01:00			`async def test_system_groups_store_id_and_name(`
			`hass: HomeAssistant, hass_storage: dict[str, Any]`
			`) -> None:`
Make auth backwards compat again (#18792) * Made auth not backwards compat * Fix tests 2018-11-29 22:26:19 +01:00			`"""Test that for system groups we store the ID and name.`

			`Name is stored so that we remain backwards compat with < 0.82.`
			`"""`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`store = auth_store.AuthStore(hass)`
Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`await store.async_load()`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`data = store._data_to_save()`
			`assert len(data["users"]) == 0`
			`assert data["groups"] == [`
Make auth backwards compat again (#18792) * Made auth not backwards compat * Fix tests 2018-11-29 22:26:19 +01:00			`{"id": auth_store.GROUP_ID_ADMIN, "name": auth_store.GROUP_NAME_ADMIN},`
Add user group (#21832) * Add user group * Rename system group to plural 2019-03-09 20:07:29 -08:00			`{"id": auth_store.GROUP_ID_USER, "name": auth_store.GROUP_NAME_USER},`
Make auth backwards compat again (#18792) * Made auth not backwards compat * Fix tests 2018-11-29 22:26:19 +01:00			`{"id": auth_store.GROUP_ID_READ_ONLY, "name": auth_store.GROUP_NAME_READ_ONLY},`
System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 12:57:00 +01:00			`]`
Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00

Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`async def test_loading_only_once(hass: HomeAssistant) -> None:`
			`"""Test only one storage load is allowed."""`
Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00			`store = auth_store.AuthStore(hass)`
Use built-in test helpers on 3.8 (#34901) 2020-04-30 13:29:50 -07:00			`with (`
Clean up accessing entity_registry.async_get_registry helper via hass (#72005) 2022-05-17 16:40:45 +02:00			`patch("homeassistant.helpers.entity_registry.async_get") as mock_ent_registry,`
			`patch("homeassistant.helpers.device_registry.async_get") as mock_dev_registry,`
Use built-in test helpers on 3.8 (#34901) 2020-04-30 13:29:50 -07:00			`patch(`
			`"homeassistant.helpers.storage.Store.async_load", return_value=None`
Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00			`) as mock_load,`
			`):`
Always load auth storage at startup (#108543) 2024-01-20 16:16:43 -10:00			`await store.async_load()`
			`with pytest.raises(RuntimeError, match="Auth storage is already loaded"):`
			`await store.async_load()`

Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00			`results = await asyncio.gather(store.async_get_users(), store.async_get_users())`

Add area permission check (#21835) 2019-03-11 11:02:37 -07:00			`mock_ent_registry.assert_called_once_with(hass)`
			`mock_dev_registry.assert_called_once_with(hass)`
Resolve auth_store loading race condition (#21794) * Add lock in auth_store._async_load() * Python 3.5 does not like assert_called_once() 2019-03-08 14:50:24 -08:00			`mock_load.assert_called_once_with()`
			`assert results[0] == results[1]`
Add expiration of unused refresh tokens (#108428) Co-authored-by: J. Nick Koston <nick@koston.org> 2024-01-25 00:24:22 +01:00

			`async def test_add_expire_at_property(`
			`hass: HomeAssistant, hass_storage: dict[str, Any]`
			`) -> None:`
			`"""Test we correctly add expired_at property if not existing."""`
			`now = dt_util.utcnow()`
			`with freeze_time(now):`
			`hass_storage[auth_store.STORAGE_KEY] = {`
			`"version": 1,`
			`"data": {`
			`"credentials": [],`
			`"users": [`
			`{`
			`"id": "user-id",`
			`"is_active": True,`
			`"is_owner": True,`
			`"name": "Paulus",`
			`"system_generated": False,`
			`},`
			`{`
			`"id": "system-id",`
			`"is_active": True,`
			`"is_owner": True,`
			`"name": "Hass.io",`
			`"system_generated": True,`
			`},`
			`],`
			`"refresh_tokens": [`
			`{`
			`"access_token_expiration": 1800.0,`
			`"client_id": "http://localhost:8123/",`
			`"created_at": "2018-10-03T13:43:19.774637+00:00",`
			`"id": "user-token-id",`
			`"jwt_key": "some-key",`
			`"last_used_at": str(now - timedelta(days=10)),`
			`"token": "some-token",`
			`"user_id": "user-id",`
			`"version": "1.2.3",`
			`},`
			`{`
			`"access_token_expiration": 1800.0,`
			`"client_id": "http://localhost:8123/",`
			`"created_at": "2018-10-03T13:43:19.774637+00:00",`
			`"id": "user-token-id2",`
			`"jwt_key": "some-key2",`
			`"token": "some-token",`
			`"user_id": "user-id",`
			`},`
			`],`
			`},`
			`}`

			`store = auth_store.AuthStore(hass)`
			`await store.async_load()`

			`users = await store.async_get_users()`

			`assert len(users[0].refresh_tokens) == 2`
			`token1, token2 = users[0].refresh_tokens.values()`
			`assert token1.expire_at`
			`assert token1.expire_at == now.timestamp() + timedelta(days=80).total_seconds()`
			`assert token2.expire_at`
			`assert token2.expire_at == now.timestamp() + timedelta(days=90).total_seconds()`
Avoid saving auth right after we load it during startup (#112008) 2024-03-09 11:03:22 -10:00

			`async def test_loading_does_not_write_right_away(`
			`hass: HomeAssistant, hass_storage: dict[str, Any], freezer: FrozenDateTimeFactory`
			`) -> None:`
			`"""Test after calling load we wait five minutes to write."""`
			`hass_storage[auth_store.STORAGE_KEY] = MOCK_STORAGE_DATA`

			`store = auth_store.AuthStore(hass)`
			`await store.async_load()`

			`# Wipe storage so we can verify if it was written`
			`hass_storage[auth_store.STORAGE_KEY] = {}`

			`freezer.tick(auth_store.DEFAULT_SAVE_DELAY)`
			`await hass.async_block_till_done()`
			`assert hass_storage[auth_store.STORAGE_KEY] == {}`
			`freezer.tick(auth_store.INITIAL_LOAD_SAVE_DELAY)`
			`# Once for scheduling the task`
			`await hass.async_block_till_done()`
			`# Once for the task`
			`await hass.async_block_till_done()`
			`assert hass_storage[auth_store.STORAGE_KEY] != {}`
Index auth token ids to avoid linear search (#116583) * Index auth token ids to avoid linear search * async_remove_refresh_token * coverage 2024-05-05 15:47:26 -05:00

			`async def test_add_remove_user_affects_tokens(`
			`hass: HomeAssistant, hass_storage: dict[str, Any]`
			`) -> None:`
			`"""Test adding and removing a user removes the tokens."""`
			`store = auth_store.AuthStore(hass)`
			`await store.async_load()`
			`user = await store.async_create_user("Test User")`
			`assert user.name == "Test User"`
			`refresh_token = await store.async_create_refresh_token(`
			`user, "client_id", "access_token_expiration"`
			`)`
			`assert user.refresh_tokens == {refresh_token.id: refresh_token}`
			`assert await store.async_get_user(user.id) == user`
			`assert store.async_get_refresh_token(refresh_token.id) == refresh_token`
			`assert store.async_get_refresh_token_by_token(refresh_token.token) == refresh_token`
			`await store.async_remove_user(user)`
			`assert store.async_get_refresh_token(refresh_token.id) is None`
			`assert store.async_get_refresh_token_by_token(refresh_token.token) is None`
			`assert user.refresh_tokens == {}`