Limit OAuth scopes for Netatmo and Home Assistant Cloud (#31538)

* Limit OAuth scopes for Netatmo and Home Assistant Cloud * Fix tests by making order of scopes predictable
2020-02-06 17:00:27 +01:00 · 2020-02-06 17:00:27 +01:00 · 7233048fea
commit 7233048fea
parent 24e9a638d5
2 changed files with 20 additions and 22 deletions
--- a/homeassistant/components/netatmo/config_flow.py
+++ b/homeassistant/components/netatmo/config_flow.py
@ -25,24 +25,22 @@ class NetatmoFlowHandler(
    @property
    def extra_authorize_data(self) -> dict:
        """Extra data that needs to be appended to the authorize url."""
-        return {
+        scopes = [
-            "scope": (
+            "read_camera",
-                " ".join(
+            "read_homecoach",
-                    [
+            "read_presence",
-                        "read_station",
+            "read_smokedetector",
-                        "read_camera",
+            "read_station",
-                        "access_camera",
+            "read_thermostat",
-                        "write_camera",
+            "write_camera",
-                        "read_presence",
+            "write_thermostat",
-                        "access_presence",
+        ]
-                        "read_homecoach",
+
-                        "read_smokedetector",
+        if self.flow_impl.name != "Home Assistant Cloud":
-                        "read_thermostat",
+            scopes.extend(["access_camera", "access_presence"])
-                        "write_thermostat",
+            scopes.sort()
-                    ]
+
-                )
+        return {"scope": " ".join(scopes)}
            )
        }
    async def async_step_user(self, user_input=None):
        """Handle a flow start."""
--- a/tests/components/netatmo/test_config_flow.py
+++ b/tests/components/netatmo/test_config_flow.py
@ -54,15 +54,15 @@ async def test_full_flow(hass, aiohttp_client, aioclient_mock):
    scope = "+".join(
        [
            "read_station",
            "read_camera",
            "access_camera",
            "write_camera",
            "read_presence",
            "access_presence",
            "read_camera",
            "read_homecoach",
            "read_presence",
            "read_smokedetector",
            "read_station",
            "read_thermostat",
            "write_camera",
            "write_thermostat",
        ]
    )