Add user via cmd line creates owner (#15470)

* Add user via cmd line creates owner

* Ensure access tokens are not verified for inactive users

* Stale print

* Lint

tests/components/auth/test_init.py

@@ -10,7 +10,7 @@ from . import async_setup_auth
 from tests.common import CLIENT_ID, CLIENT_REDIRECT_URI
 
 
-async def test_login_new_user_and_refresh_token(hass, aiohttp_client):
+async def test_login_new_user_and_trying_refresh_token(hass, aiohttp_client):
     """Test logging in with new user and refreshing tokens."""
     client = await async_setup_auth(hass, aiohttp_client, setup_api=True)
     resp = await client.post('/auth/login_flow', json={
@@ -34,36 +34,13 @@ async def test_login_new_user_and_refresh_token(hass, aiohttp_client):
 
     # Exchange code for tokens
     resp = await client.post('/auth/token', data={
-            'client_id': CLIENT_ID,
-            'grant_type': 'authorization_code',
-            'code': code
-        })
-
-    assert resp.status == 200
-    tokens = await resp.json()
-
-    assert hass.auth.async_get_access_token(tokens['access_token']) is not None
-
-    # Use refresh token to get more tokens.
-    resp = await client.post('/auth/token', data={
-            'client_id': CLIENT_ID,
-            'grant_type': 'refresh_token',
-            'refresh_token': tokens['refresh_token']
-        })
-
-    assert resp.status == 200
-    tokens = await resp.json()
-    assert 'refresh_token' not in tokens
-    assert hass.auth.async_get_access_token(tokens['access_token']) is not None
-
-    # Test using access token to hit API.
-    resp = await client.get('/api/')
-    assert resp.status == 401
-
-    resp = await client.get('/api/', headers={
-        'authorization': 'Bearer {}'.format(tokens['access_token'])
+        'client_id': CLIENT_ID,
+        'grant_type': 'authorization_code',
+        'code': code
     })
-    assert resp.status == 200
+
+    # User is not active
+    assert resp.status == 400
 
 
 def test_credential_store_expiration():