Update cloud auth (#9357)

* Update cloud logic

* Lint

* Update test requirements

* Address commments, fix tests

* Add credentials

homeassistant/components/cloud/http_api.py

@@ -1,14 +1,16 @@
 """The HTTP api to control the cloud integration."""
 import asyncio
+from functools import wraps
 import logging
 
 import voluptuous as vol
 import async_timeout
 
-from homeassistant.components.http import HomeAssistantView
+from homeassistant.components.http import (
+    HomeAssistantView, RequestDataValidator)
 
-from . import cloud_api
-from .const import DOMAIN, REQUEST_TIMEOUT
+from . import auth_api
+from .const import REQUEST_TIMEOUT
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -19,6 +21,42 @@ def async_setup(hass):
     hass.http.register_view(CloudLoginView)
     hass.http.register_view(CloudLogoutView)
     hass.http.register_view(CloudAccountView)
+    hass.http.register_view(CloudRegisterView)
+    hass.http.register_view(CloudConfirmRegisterView)
+    hass.http.register_view(CloudForgotPasswordView)
+    hass.http.register_view(CloudConfirmForgotPasswordView)
+
+
+_CLOUD_ERRORS = {
+    auth_api.UserNotFound: (400, "User does not exist."),
+    auth_api.UserNotConfirmed: (400, 'Email not confirmed.'),
+    auth_api.Unauthenticated: (401, 'Authentication failed.'),
+    auth_api.PasswordChangeRequired: (400, 'Password change required.'),
+    auth_api.ExpiredCode: (400, 'Confirmation code has expired.'),
+    auth_api.InvalidCode: (400, 'Invalid confirmation code.'),
+    asyncio.TimeoutError: (502, 'Unable to reach the Home Assistant cloud.')
+}
+
+
+def _handle_cloud_errors(handler):
+    """Helper method to handle auth errors."""
+    @asyncio.coroutine
+    @wraps(handler)
+    def error_handler(view, request, *args, **kwargs):
+        """Handle exceptions that raise from the wrapped request handler."""
+        try:
+            result = yield from handler(view, request, *args, **kwargs)
+            return result
+
+        except (auth_api.CloudError, asyncio.TimeoutError) as err:
+            err_info = _CLOUD_ERRORS.get(err.__class__)
+            if err_info is None:
+                err_info = (502, 'Unexpected error: {}'.format(err))
+            status, msg = err_info
+            return view.json_message(msg, status_code=status,
+                                     message_code=err.__class__.__name__)
+
+    return error_handler
 
 
 class CloudLoginView(HomeAssistantView):
@@ -26,52 +64,23 @@ class CloudLoginView(HomeAssistantView):
 
     url = '/api/cloud/login'
     name = 'api:cloud:login'
-    schema = vol.Schema({
-        vol.Required('username'): str,
-        vol.Required('password'): str,
-    })
 
     @asyncio.coroutine
-    def post(self, request):
-        """Validate config and return results."""
-        try:
-            data = yield from request.json()
-        except ValueError:
-            _LOGGER.error('Login with invalid JSON')
-            return self.json_message('Invalid JSON.', 400)
-
-        try:
-            self.schema(data)
-        except vol.Invalid as err:
-            _LOGGER.error('Login with invalid formatted data')
-            return self.json_message(
-                'Message format incorrect: {}'.format(err), 400)
-
+    @_handle_cloud_errors
+    @RequestDataValidator(vol.Schema({
+        vol.Required('email'): str,
+        vol.Required('password'): str,
+    }))
+    def post(self, request, data):
+        """Handle login request."""
         hass = request.app['hass']
-        phase = 1
-        try:
-            with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
-                cloud = yield from cloud_api.async_login(
-                    hass, data['username'], data['password'])
+        auth = hass.data['cloud']['auth']
 
-            phase += 1
+        with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
+            yield from hass.async_add_job(auth.login, data['email'],
+                                          data['password'])
 
-            with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
-                yield from cloud.async_refresh_account_info()
-
-        except cloud_api.Unauthenticated:
-            return self.json_message(
-                'Authentication failed (phase {}).'.format(phase), 401)
-        except cloud_api.UnknownError:
-            return self.json_message(
-                'Unknown error occurred (phase {}).'.format(phase), 500)
-        except asyncio.TimeoutError:
-            return self.json_message(
-                'Unable to reach Home Assistant cloud '
-                '(phase {}).'.format(phase), 502)
-
-        hass.data[DOMAIN]['cloud'] = cloud
-        return self.json(cloud.account)
+        return self.json(_auth_data(auth))
 
 
 class CloudLogoutView(HomeAssistantView):
@@ -81,39 +90,133 @@ class CloudLogoutView(HomeAssistantView):
     name = 'api:cloud:logout'
 
     @asyncio.coroutine
+    @_handle_cloud_errors
     def post(self, request):
-        """Validate config and return results."""
+        """Handle logout request."""
         hass = request.app['hass']
-        try:
-            with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
-                yield from \
-                    hass.data[DOMAIN]['cloud'].async_revoke_access_token()
+        auth = hass.data['cloud']['auth']
 
-            hass.data[DOMAIN].pop('cloud')
+        with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
+            yield from hass.async_add_job(auth.logout)
 
-            return self.json({
-                'result': 'ok',
-            })
-        except asyncio.TimeoutError:
-            return self.json_message("Could not reach the server.", 502)
-        except cloud_api.UnknownError as err:
-            return self.json_message(
-                "Error communicating with the server ({}).".format(err.status),
-                502)
+        return self.json_message('ok')
 
 
 class CloudAccountView(HomeAssistantView):
-    """Log out of the Home Assistant cloud."""
+    """View to retrieve account info."""
 
     url = '/api/cloud/account'
     name = 'api:cloud:account'
 
     @asyncio.coroutine
     def get(self, request):
-        """Validate config and return results."""
+        """Get account info."""
         hass = request.app['hass']
+        auth = hass.data['cloud']['auth']
 
-        if 'cloud' not in hass.data[DOMAIN]:
+        if not auth.is_logged_in:
             return self.json_message('Not logged in', 400)
 
-        return self.json(hass.data[DOMAIN]['cloud'].account)
+        return self.json(_auth_data(auth))
+
+
+class CloudRegisterView(HomeAssistantView):
+    """Register on the Home Assistant cloud."""
+
+    url = '/api/cloud/register'
+    name = 'api:cloud:register'
+
+    @asyncio.coroutine
+    @_handle_cloud_errors
+    @RequestDataValidator(vol.Schema({
+        vol.Required('email'): str,
+        vol.Required('password'): vol.All(str, vol.Length(min=6)),
+    }))
+    def post(self, request, data):
+        """Handle registration request."""
+        hass = request.app['hass']
+
+        with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
+            yield from hass.async_add_job(
+                auth_api.register, hass, data['email'], data['password'])
+
+        return self.json_message('ok')
+
+
+class CloudConfirmRegisterView(HomeAssistantView):
+    """Confirm registration on the Home Assistant cloud."""
+
+    url = '/api/cloud/confirm_register'
+    name = 'api:cloud:confirm_register'
+
+    @asyncio.coroutine
+    @_handle_cloud_errors
+    @RequestDataValidator(vol.Schema({
+        vol.Required('confirmation_code'): str,
+        vol.Required('email'): str,
+    }))
+    def post(self, request, data):
+        """Handle registration confirmation request."""
+        hass = request.app['hass']
+
+        with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
+            yield from hass.async_add_job(
+                auth_api.confirm_register, hass, data['confirmation_code'],
+                data['email'])
+
+        return self.json_message('ok')
+
+
+class CloudForgotPasswordView(HomeAssistantView):
+    """View to start Forgot Password flow.."""
+
+    url = '/api/cloud/forgot_password'
+    name = 'api:cloud:forgot_password'
+
+    @asyncio.coroutine
+    @_handle_cloud_errors
+    @RequestDataValidator(vol.Schema({
+        vol.Required('email'): str,
+    }))
+    def post(self, request, data):
+        """Handle forgot password request."""
+        hass = request.app['hass']
+
+        with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
+            yield from hass.async_add_job(
+                auth_api.forgot_password, hass, data['email'])
+
+        return self.json_message('ok')
+
+
+class CloudConfirmForgotPasswordView(HomeAssistantView):
+    """View to finish Forgot Password flow.."""
+
+    url = '/api/cloud/confirm_forgot_password'
+    name = 'api:cloud:confirm_forgot_password'
+
+    @asyncio.coroutine
+    @_handle_cloud_errors
+    @RequestDataValidator(vol.Schema({
+        vol.Required('confirmation_code'): str,
+        vol.Required('email'): str,
+        vol.Required('new_password'): vol.All(str, vol.Length(min=6))
+    }))
+    def post(self, request, data):
+        """Handle forgot password confirm request."""
+        hass = request.app['hass']
+
+        with async_timeout.timeout(REQUEST_TIMEOUT, loop=hass.loop):
+            yield from hass.async_add_job(
+                auth_api.confirm_forgot_password, hass,
+                data['confirmation_code'], data['email'],
+                data['new_password'])
+
+        return self.json_message('ok')
+
+
+def _auth_data(auth):
+    """Generate the auth data JSON response."""
+    return {
+        'email': auth.account.email
+    }