evlli/hass-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove direct authentication via trusted networks or API password (#27656)

Browse source 
* Remove direct authentication via trusted networks and API password

* Fix tests
This commit is contained in:
Paulus Schoutsen 2019-10-14 14:56:45 -07:00 committed by GitHub
parent 97478d1ef4
commit 3231e22ddf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 114 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

72
tests/components/websocket_api/test_auth.py
View file

@ -17,21 +17,10 @@ from homeassistant.setup import async_setup_component
from tests.common import mock_coro
from . import API_PASSWORD
async def test_auth_via_msg(no_auth_websocket_client, legacy_auth):
"""Test authenticating."""
await no_auth_websocket_client.send_json(
{"type": TYPE_AUTH, "api_password": API_PASSWORD}
)
msg = await no_auth_websocket_client.receive_json()
assert msg["type"] == TYPE_AUTH_OK
async def test_auth_events(hass, no_auth_websocket_client, legacy_auth):
async def test_auth_events(
hass, no_auth_websocket_client, legacy_auth, hass_access_token
):
"""Test authenticating."""
connected_evt = []
hass.helpers.dispatcher.async_dispatcher_connect(
@ -42,7 +31,7 @@ async def test_auth_events(hass, no_auth_websocket_client, legacy_auth):
SIGNAL_WEBSOCKET_DISCONNECTED, lambda: disconnected_evt.append(1)
)
await test_auth_via_msg(no_auth_websocket_client, legacy_auth)
await test_auth_active_with_token(hass, no_auth_websocket_client, hass_access_token)
assert len(connected_evt) == 1
assert not disconnected_evt
@ -60,7 +49,7 @@ async def test_auth_via_msg_incorrect_pass(no_auth_websocket_client):
return_value=mock_coro(),
) as mock_process_wrong_login:
await no_auth_websocket_client.send_json(
{"type": TYPE_AUTH, "api_password": API_PASSWORD + "wrong"}
{"type": TYPE_AUTH, "api_password": "wrong"}
)
msg = await no_auth_websocket_client.receive_json()
@ -110,31 +99,25 @@ async def test_pre_auth_only_auth_allowed(no_auth_websocket_client):
assert msg["message"].startswith("Auth message incorrectly formatted")
async def test_auth_active_with_token(hass, aiohttp_client, hass_access_token):
async def test_auth_active_with_token(
hass, no_auth_websocket_client, hass_access_token
):
"""Test authenticating with a token."""
assert await async_setup_component(
hass, "websocket_api", {"http": {"api_password": API_PASSWORD}}
assert await async_setup_component(hass, "websocket_api", {})
await no_auth_websocket_client.send_json(
{"type": TYPE_AUTH, "access_token": hass_access_token}
)
client = await aiohttp_client(hass.http.app)
async with client.ws_connect(URL) as ws:
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_REQUIRED
await ws.send_json({"type": TYPE_AUTH, "access_token": hass_access_token})
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_OK
auth_msg = await no_auth_websocket_client.receive_json()
assert auth_msg["type"] == TYPE_AUTH_OK
async def test_auth_active_user_inactive(hass, aiohttp_client, hass_access_token):
"""Test authenticating with a token."""
refresh_token = await hass.auth.async_validate_access_token(hass_access_token)
refresh_token.user.is_active = False
assert await async_setup_component(
hass, "websocket_api", {"http": {"api_password": API_PASSWORD}}
)
assert await async_setup_component(hass, "websocket_api", {})
client = await aiohttp_client(hass.http.app)
@ -150,9 +133,7 @@ async def test_auth_active_user_inactive(hass, aiohttp_client, hass_access_token
async def test_auth_active_with_password_not_allow(hass, aiohttp_client):
"""Test authenticating with a token."""
assert await async_setup_component(
hass, "websocket_api", {"http": {"api_password": API_PASSWORD}}
)
assert await async_setup_component(hass, "websocket_api", {})
client = await aiohttp_client(hass.http.app)
@ -160,7 +141,7 @@ async def test_auth_active_with_password_not_allow(hass, aiohttp_client):
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_REQUIRED
await ws.send_json({"type": TYPE_AUTH, "api_password": API_PASSWORD})
await ws.send_json({"type": TYPE_AUTH, "api_password": "some-password"})
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_INVALID
@ -168,28 +149,23 @@ async def test_auth_active_with_password_not_allow(hass, aiohttp_client):
async def test_auth_legacy_support_with_password(hass, aiohttp_client, legacy_auth):
"""Test authenticating with a token."""
assert await async_setup_component(
hass, "websocket_api", {"http": {"api_password": API_PASSWORD}}
)
assert await async_setup_component(hass, "websocket_api", {})
client = await aiohttp_client(hass.http.app)
async with client.ws_connect(URL) as ws:
with patch("homeassistant.auth.AuthManager.support_legacy", return_value=True):
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_REQUIRED
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_REQUIRED
await ws.send_json({"type": TYPE_AUTH, "api_password": API_PASSWORD})
await ws.send_json({"type": TYPE_AUTH, "api_password": "some-password"})
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_OK
auth_msg = await ws.receive_json()
assert auth_msg["type"] == TYPE_AUTH_INVALID
async def test_auth_with_invalid_token(hass, aiohttp_client):
"""Test authenticating with a token."""
assert await async_setup_component(
hass, "websocket_api", {"http": {"api_password": API_PASSWORD}}
)
assert await async_setup_component(hass, "websocket_api", {})
client = await aiohttp_client(hass.http.app)