Add new webhook action to allow enabling encryption in an exis… (#31743)

* Add new webhook action to allow enabling encryption in an existing registration * Harden tests * Make requested fixes
2020-02-11 23:56:22 -08:00 · 2020-02-11 23:56:22 -08:00 · 0700d38d1f
commit 0700d38d1f
parent f5be9ef7fb
3 changed files with 137 additions and 25 deletions
--- a/homeassistant/components/mobile_app/webhook.py
+++ b/homeassistant/components/mobile_app/webhook.py
@ -1,8 +1,10 @@
 """Webhook handlers for mobile_app."""
 from functools import wraps
 import logging
+import secrets

-from aiohttp.web import HTTPBadRequest, Request, Response
+from aiohttp.web import HTTPBadRequest, Request, Response, json_response
+from nacl.secret import SecretBox
 import voluptuous as vol

 from homeassistant.components.binary_sensor import (
@ -71,6 +73,8 @@ from .const import (
    DATA_DELETED_IDS,
    DATA_STORE,
    DOMAIN,
+    ERR_ENCRYPTION_ALREADY_ENABLED,
+    ERR_ENCRYPTION_NOT_AVAILABLE,
    ERR_ENCRYPTION_REQUIRED,
    ERR_SENSOR_DUPLICATE_UNIQUE_ID,
    ERR_SENSOR_NOT_REGISTERED,
@ -84,6 +88,7 @@ from .helpers import (
    registration_context,
    safe_registration,
    savable_state,
+    supports_encryption,
    webhook_response,
 )

@ -307,6 +312,34 @@ async def webhook_update_registration(hass, config_entry, data):
    )


+@WEBHOOK_COMMANDS.register("enable_encryption")
+async def webhook_enable_encryption(hass, config_entry, data):
+    """Handle a encryption enable webhook."""
+    if config_entry.data[ATTR_SUPPORTS_ENCRYPTION]:
+        _LOGGER.warning(
+            "Refusing to enable encryption for %s because it is already enabled!",
+            config_entry.data[ATTR_DEVICE_NAME],
+        )
+        return error_response(
+            ERR_ENCRYPTION_ALREADY_ENABLED, "Encryption already enabled"
+        )
+
+    if not supports_encryption():
+        _LOGGER.warning(
+            "Unable to enable encryption for %s because libsodium is unavailable!",
+            config_entry.data[ATTR_DEVICE_NAME],
+        )
+        return error_response(ERR_ENCRYPTION_NOT_AVAILABLE, "Encryption is unavailable")
+
+    secret = secrets.token_hex(SecretBox.KEY_SIZE)
+
+    data = {**config_entry.data, ATTR_SUPPORTS_ENCRYPTION: True, CONF_SECRET: secret}
+
+    hass.config_entries.async_update_entry(config_entry, data=data)
+
+    return json_response({"secret": secret})
+
+
@WEBHOOK_COMMANDS.register("register_sensor")
@validate_schema(
    {