evlli/hass-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Aware comments (#15480)

Browse source 
* Make sure we cannot deactivate the owner

* Use different error code when trying to fetch token for inactive user
This commit is contained in:
Paulus Schoutsen 2018-07-15 23:09:05 +02:00 committed by GitHub
parent 5995c6a2ac
commit 864a254071
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
homeassistant/auth/__init__.py
View file

@ -148,6 +148,8 @@ class AuthManager:
async def async_deactivate_user(self, user): async def async_deactivate_user(self, user):
"""Deactivate a user.""" """Deactivate a user."""
if user.is_owner:
raise ValueError('Unable to deactive the owner')
await self._store.async_deactivate_user(user) await self._store.async_deactivate_user(user)
async def async_remove_credentials(self, credentials): async def async_remove_credentials(self, credentials):

7
homeassistant/components/auth/__init__.py
View file

@ -243,6 +243,7 @@ class GrantTokenView(HomeAssistantView):
if client_id is None or not indieauth.verify_client_id(client_id): if client_id is None or not indieauth.verify_client_id(client_id):
return self.json({ return self.json({
'error': 'invalid_request', 'error': 'invalid_request',
'error_description': 'Invalid client id',
}, status_code=400) }, status_code=400)
grant_type = data.get('grant_type') grant_type = data.get('grant_type')
@ -272,14 +273,16 @@ class GrantTokenView(HomeAssistantView):
if credentials is None: if credentials is None:
return self.json({ return self.json({
'error': 'invalid_request', 'error': 'invalid_request',
'error_description': 'Invalid code',
}, status_code=400) }, status_code=400)
user = await hass.auth.async_get_or_create_user(credentials) user = await hass.auth.async_get_or_create_user(credentials)
if not user.is_active: if not user.is_active:
return self.json({ return self.json({
'error': 'invalid_request', 'error': 'access_denied',
}, status_code=400) 'error_description': 'User is not active',
}, status_code=403)
refresh_token = await hass.auth.async_create_refresh_token(user, refresh_token = await hass.auth.async_create_refresh_token(user,
client_id) client_id)

11
tests/auth/test_init.py
View file

@ -291,3 +291,14 @@ async def test_refresh_token_not_requires_client_for_system_user(hass):
token = await manager.async_create_refresh_token(user) token = await manager.async_create_refresh_token(user)
assert token is not None assert token is not None
assert token.client_id is None assert token.client_id is None
async def test_cannot_deactive_owner(mock_hass):
"""Test that we cannot deactive the owner."""
manager = await auth.auth_manager_from_config(mock_hass, [])
owner = MockUser(
is_owner=True,
).add_to_auth_manager(manager)
with pytest.raises(ValueError):
await manager.async_deactivate_user(owner)

5
tests/components/auth/test_init.py
View file

@ -40,7 +40,10 @@ async def test_login_new_user_and_trying_refresh_token(hass, aiohttp_client):
}) })
# User is not active # User is not active
assert resp.status == 400 assert resp.status == 403
data = await resp.json()
assert data['error'] == 'access_denied'
assert data['error_description'] == 'User is not active'
def test_credential_store_expiration(): def test_credential_store_expiration():