Remove direct authentication via trusted networks or API password (#27656)

* Remove direct authentication via trusted networks and API password * Fix tests
2019-10-14 14:56:45 -07:00 · 2019-10-14 14:56:45 -07:00 · 3231e22ddf
commit 3231e22ddf
parent 97478d1ef4
33 changed files with 114 additions and 423 deletions
--- a/homeassistant/components/websocket_api/auth.py
+++ b/homeassistant/components/websocket_api/auth.py
@ -3,7 +3,6 @@ import voluptuous as vol
 from voluptuous.humanize import humanize_error

 from homeassistant.auth.models import RefreshToken, User
-from homeassistant.auth.providers import legacy_api_password
 from homeassistant.components.http.ban import process_wrong_login, process_success_login
 from homeassistant.const import __version__

@ -74,19 +73,6 @@ class AuthPhase:
            if refresh_token is not None:
                return await self._async_finish_auth(refresh_token.user, refresh_token)

-        elif self._hass.auth.support_legacy and "api_password" in msg:
-            self._logger.info(
-                "Received api_password, it is going to deprecate, please use"
-                " access_token instead. For instructions, see https://"
-                "developers.home-assistant.io/docs/en/external_api_websocket"
-                ".html#authentication-phase"
-            )
-            user = await legacy_api_password.async_validate_password(
-                self._hass, msg["api_password"]
-            )
-            if user is not None:
-                return await self._async_finish_auth(user, None)
-
        self._send_message(auth_invalid_message("Invalid access token or password"))
        await process_wrong_login(self._request)
        raise Disconnect