async def test_new_users_admin(mock_hass):
"""Test newly created users are admin."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type':
'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}]
}], [])
ensure_auth_manager_loaded(manager)
user = await manager.async_create_user('Hello')
assert user.is_admin
user_cred = await manager.async_get_or_create_user(
auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=True,
))
assert user_cred.is_admin
async def test_new_users_admin(mock_hass):
"""Test newly created users are admin."""
manager = await auth.auth_manager_from_config(
mock_hass,
[
{
"type": "insecure_example",
"users": [
{
"username": "******",
"password": "******",
"name": "Test Name",
}
],
}
],
[],
)
ensure_auth_manager_loaded(manager)
user = await manager.async_create_user("Hello")
assert user.is_admin
user_cred = await manager.async_get_or_create_user(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=True,
)
)
assert user_cred.is_admin
async def test_auth_module_expired_session(mock_hass):
"""Test login as existing user."""
manager = await auth.auth_manager_from_config(
mock_hass,
[
{
"type": "insecure_example",
"users": [
{
"username": "******",
"password": "******",
"name": "Test Name",
}
],
}
],
[
{
"type": "insecure_example",
"data": [{"user_id": "mock-user", "pin": "test-pin"}],
}
],
)
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id="mock-user", is_owner=False, is_active=False, name="Paulus"
).add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=False,
)
)
step = await manager.login_flow.async_init(("insecure_example", None))
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(
step["flow_id"], {"username": "******", "password": "******"}
)
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
assert step["step_id"] == "mfa"
with patch(
"homeassistant.util.dt.utcnow",
return_value=dt_util.utcnow() + MFA_SESSION_EXPIRATION,
):
step = await manager.login_flow.async_configure(
step["flow_id"], {"pin": "test-pin"}
)
# login flow abort due session timeout
assert step["type"] == data_entry_flow.RESULT_TYPE_ABORT
assert step["reason"] == "login_expired"
async def test_login_as_existing_user(mock_hass):
"""Test login as existing user."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}]
}], [])
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add a fake user that we're not going to log in with
user = MockUser(
id='mock-user2',
is_owner=False,
is_active=False,
name='Not user',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id2',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
step = await manager.login_flow.async_init(('insecure_example', None))
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step['flow_id'], {
'username': '******',
'password': '******',
})
assert step['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
user = step['result']
assert user is not None
assert user.id == 'mock-user'
assert user.is_owner is False
assert user.is_active is False
assert user.name == 'Paulus'
async def test_login_as_existing_user(mock_hass):
"""Test login as existing user."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}]
}], [])
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add a fake user that we're not going to log in with
user = MockUser(
id='mock-user2',
is_owner=False,
is_active=False,
name='Not user',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id2',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
step = await manager.login_flow.async_init(('insecure_example', None))
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step['flow_id'], {
'username': '******',
'password': '******',
})
assert step['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
user = step['result']
assert user is not None
assert user.id == 'mock-user'
assert user.is_owner is False
assert user.is_active is False
assert user.name == 'Paulus'
async def test_new_users(mock_hass):
"""Test newly created users."""
manager = await auth.auth_manager_from_config(
mock_hass,
[{
"type":
"insecure_example",
"users": [
{
"username": "******",
"password": "******",
"name": "Test Name",
},
{
"username": "******",
"password": "******",
"name": "Test Name",
},
{
"username": "******",
"password": "******",
"name": "Test Name",
},
],
}],
[],
)
ensure_auth_manager_loaded(manager)
user = await manager.async_create_user("Hello")
# first user in the system is owner and admin
assert user.is_owner
assert user.is_admin
assert not user.local_only
assert user.groups == []
user = await manager.async_create_user("Hello 2")
assert not user.is_admin
assert user.groups == []
user = await manager.async_create_user("Hello 3",
group_ids=["system-admin"],
local_only=True)
assert user.is_admin
assert user.groups[0].id == "system-admin"
assert user.local_only
user_cred = await manager.async_get_or_create_user(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=True,
))
assert user_cred.is_admin
async def test_auth_module_expired_session(mock_hass):
"""Test login as existing user."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type':
'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}],
}], [{
'type': 'insecure_example',
'data': [{
'user_id': 'mock-user',
'pin': 'test-pin'
}]
}])
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
step = await manager.login_flow.async_init(('insecure_example', None))
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step['flow_id'], {
'username': '******',
'password': '******',
})
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
assert step['step_id'] == 'mfa'
with patch('homeassistant.util.dt.utcnow',
return_value=dt_util.utcnow() + SESSION_EXPIRATION):
step = await manager.login_flow.async_configure(
step['flow_id'], {
'pin': 'test-pin',
})
# login flow abort due session timeout
assert step['type'] == data_entry_flow.RESULT_TYPE_ABORT
assert step['reason'] == 'login_expired'
async def test_auth_module_expired_session(mock_hass):
"""Test login as existing user."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}],
}], [{
'type': 'insecure_example',
'data': [{
'user_id': 'mock-user',
'pin': 'test-pin'
}]
}])
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
step = await manager.login_flow.async_init(('insecure_example', None))
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step['flow_id'], {
'username': '******',
'password': '******',
})
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
assert step['step_id'] == 'mfa'
with patch('homeassistant.util.dt.utcnow',
return_value=dt_util.utcnow() + SESSION_EXPIRATION):
step = await manager.login_flow.async_configure(step['flow_id'], {
'pin': 'test-pin',
})
# login flow abort due session timeout
assert step['type'] == data_entry_flow.RESULT_TYPE_ABORT
assert step['reason'] == 'login_expired'
async def test_async_remove_user(hass):
"""Test removing a user."""
events = []
@callback
def user_removed(event):
events.append(event)
hass.bus.async_listen("user_removed", user_removed)
manager = await auth.auth_manager_from_config(
hass,
[
{
"type": "insecure_example",
"users": [
{
"username": "******",
"password": "******",
"name": "Test Name",
}
],
}
],
[],
)
hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id="mock-user", is_owner=False, is_active=False, name="Paulus"
).add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=False,
)
)
assert len(user.credentials) == 1
await hass.auth.async_remove_user(user)
assert len(await manager.async_get_users()) == 0
assert len(user.credentials) == 0
await hass.async_block_till_done()
assert len(events) == 1
assert events[0].data["user_id"] == user.id
async def async_setup_auth(hass, aiohttp_client, provider_configs=BASE_CONFIG,
setup_api=False):
"""Helper to setup authentication and create a HTTP client."""
hass.auth = await auth.auth_manager_from_config(hass, provider_configs)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth', {
'http': {
'api_password': '******'
}
})
if setup_api:
await async_setup_component(hass, 'api', {})
return await aiohttp_client(hass.http.app)
async def async_setup_auth(hass,
aiohttp_client,
provider_configs=BASE_CONFIG,
setup_api=False):
"""Helper to setup authentication and create a HTTP client."""
hass.auth = await auth.auth_manager_from_config(hass, provider_configs)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth',
{'http': {
'api_password': '******'
}})
if setup_api:
await async_setup_component(hass, 'api', {})
return await aiohttp_client(hass.http.app)
async def async_setup_auth(
hass,
aiohttp_client,
provider_configs=BASE_CONFIG,
module_configs=EMPTY_CONFIG,
setup_api=False,
):
"""Set up authentication and create an HTTP client."""
hass.auth = await auth.auth_manager_from_config(hass, provider_configs,
module_configs)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, "auth", {})
if setup_api:
await async_setup_component(hass, "api", {})
return await aiohttp_client(hass.http.app)
async def async_setup_auth(hass, aiohttp_client, provider_configs=BASE_CONFIG,
setup_api=False):
"""Helper to setup authentication and create a HTTP client."""
hass.auth = await auth.auth_manager_from_config(hass, provider_configs)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth', {
'http': {
'api_password': '******'
}
})
client = auth.Client('Test Client', CLIENT_ID, CLIENT_SECRET,
redirect_uris=[CLIENT_REDIRECT_URI])
hass.auth._store._clients[client.id] = client
if setup_api:
await async_setup_component(hass, 'api', {})
return await aiohttp_client(hass.http.app)
async def test_async_remove_user(hass):
"""Test removing a user."""
events = []
@callback
def user_removed(event):
events.append(event)
hass.bus.async_listen('user_removed', user_removed)
manager = await auth.auth_manager_from_config(hass, [{
'type':
'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}]
}], [])
hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
assert len(user.credentials) == 1
await hass.auth.async_remove_user(user)
assert len(await manager.async_get_users()) == 0
assert len(user.credentials) == 0
await hass.async_block_till_done()
assert len(events) == 1
assert events[0].data['user_id'] == user.id
async def test_async_remove_user(hass):
"""Test removing a user."""
events = []
@callback
def user_removed(event):
events.append(event)
hass.bus.async_listen('user_removed', user_removed)
manager = await auth.auth_manager_from_config(hass, [{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}]
}], [])
hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
assert len(user.credentials) == 1
await hass.auth.async_remove_user(user)
assert len(await manager.async_get_users()) == 0
assert len(user.credentials) == 0
await hass.async_block_till_done()
assert len(events) == 1
assert events[0].data['user_id'] == user.id
async def async_setup_auth(hass,
aiohttp_client,
provider_configs=BASE_CONFIG,
setup_api=False):
"""Helper to setup authentication and create a HTTP client."""
hass.auth = await auth.auth_manager_from_config(hass, provider_configs)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth',
{'http': {
'api_password': '******'
}})
client = auth.Client('Test Client',
CLIENT_ID,
CLIENT_SECRET,
redirect_uris=[CLIENT_REDIRECT_URI])
hass.auth._store._clients[client.id] = client
if setup_api:
await async_setup_component(hass, 'api', {})
return await aiohttp_client(hass.http.app)
async def async_setup_auth(hass,
aiohttp_client,
provider_configs=None,
module_configs=None,
setup_api=False):
"""Set up authentication and create an HTTP client."""
if provider_configs is None:
provider_configs = BASE_CONFIG
if module_configs is None:
module_configs = EMPTY_CONFIG
hass.auth = await auth.auth_manager_from_config(hass, provider_configs,
module_configs)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth',
{'http': {
'api_password': '******'
}})
if setup_api:
await async_setup_component(hass, 'api', {})
return await aiohttp_client(hass.http.app)
async def test_new_users_admin(mock_hass):
"""Test newly created users are admin."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}]
}], [])
ensure_auth_manager_loaded(manager)
user = await manager.async_create_user('Hello')
assert user.is_admin
user_cred = await manager.async_get_or_create_user(auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=True,
))
assert user_cred.is_admin
async def test_ws_setup_depose_mfa(hass, hass_ws_client):
"""Test set up mfa module for current user."""
hass.auth = await auth_manager_from_config(
hass, provider_configs=[{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name',
}]
}], module_configs=[{
'type': 'insecure_example',
'id': 'example_module',
'data': [{'user_id': 'mock-user', 'pin': '123456'}]
}])
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth', {'http': {}})
user = MockUser(id='mock-user').add_to_hass(hass)
cred = await hass.auth.auth_providers[0].async_get_or_create_credentials(
{'username': '******'})
await hass.auth.async_link_user(user, cred)
refresh_token = await hass.auth.async_create_refresh_token(user, CLIENT_ID)
access_token = hass.auth.async_create_access_token(refresh_token)
client = await hass_ws_client(hass, access_token)
await client.send_json({
'id': 10,
'type': mfa_setup_flow.WS_TYPE_SETUP_MFA,
})
result = await client.receive_json()
assert result['id'] == 10
assert result['success'] is False
assert result['error']['code'] == 'no_module'
await client.send_json({
'id': 11,
'type': mfa_setup_flow.WS_TYPE_SETUP_MFA,
'mfa_module_id': 'example_module',
})
result = await client.receive_json()
assert result['id'] == 11
assert result['success']
flow = result['result']
assert flow['type'] == data_entry_flow.RESULT_TYPE_FORM
assert flow['handler'] == 'example_module'
assert flow['step_id'] == 'init'
assert flow['data_schema'][0] == {'type': 'string', 'name': 'pin'}
await client.send_json({
'id': 12,
'type': mfa_setup_flow.WS_TYPE_SETUP_MFA,
'flow_id': flow['flow_id'],
'user_input': {'pin': '654321'},
})
result = await client.receive_json()
assert result['id'] == 12
assert result['success']
flow = result['result']
assert flow['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
assert flow['handler'] == 'example_module'
assert flow['data']['result'] is None
await client.send_json({
'id': 13,
'type': mfa_setup_flow.WS_TYPE_DEPOSE_MFA,
'mfa_module_id': 'invalid_id',
})
result = await client.receive_json()
assert result['id'] == 13
assert result['success'] is False
assert result['error']['code'] == 'disable_failed'
await client.send_json({
'id': 14,
'type': mfa_setup_flow.WS_TYPE_DEPOSE_MFA,
'mfa_module_id': 'example_module',
})
result = await client.receive_json()
assert result['id'] == 14
assert result['success']
assert result['result'] == 'done'
async def test_login_with_multi_auth_module(mock_hass):
"""Test login as existing user with multiple auth modules."""
manager = await auth.auth_manager_from_config(
mock_hass,
[{
"type":
"insecure_example",
"users": [{
"username": "******",
"password": "******",
"name": "Test Name",
}],
}],
[
{
"type": "insecure_example",
"data": [{
"user_id": "mock-user",
"pin": "test-pin"
}],
},
{
"type": "insecure_example",
"id": "module2",
"data": [{
"user_id": "mock-user",
"pin": "test-pin2"
}],
},
],
)
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(id="mock-user",
is_owner=False,
is_active=False,
name="Paulus").add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=False,
))
step = await manager.login_flow.async_init(("insecure_example", None))
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step["flow_id"], {
"username": "******",
"password": "******"
})
# After auth_provider validated, request select auth module
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
assert step["step_id"] == "select_mfa_module"
step = await manager.login_flow.async_configure(
step["flow_id"], {"multi_factor_auth_module": "module2"})
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
assert step["step_id"] == "mfa"
step = await manager.login_flow.async_configure(step["flow_id"],
{"pin": "test-pin2"})
# Finally passed, get credential
assert step["type"] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
assert step["result"]
assert step["result"].id == "mock-id"
async def test_login_as_existing_user(mock_hass):
"""Test login as existing user."""
manager = await auth.auth_manager_from_config(
mock_hass,
[{
"type":
"insecure_example",
"users": [{
"username": "******",
"password": "******",
"name": "Test Name",
}],
}],
[],
)
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add a fake user that we're not going to log in with
user = MockUser(id="mock-user2",
is_owner=False,
is_active=False,
name="Not user").add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id="mock-id2",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=False,
))
# Add fake user with credentials for example auth provider.
user = MockUser(id="mock-user",
is_owner=False,
is_active=False,
name="Paulus").add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=False,
))
step = await manager.login_flow.async_init(("insecure_example", None))
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step["flow_id"], {
"username": "******",
"password": "******"
})
assert step["type"] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
credential = step["result"]
user = await manager.async_get_user_by_credentials(credential)
assert user is not None
assert user.id == "mock-user"
assert user.is_owner is False
assert user.is_active is False
assert user.name == "Paulus"
async def test_login_with_multi_auth_module(mock_hass):
"""Test login as existing user with multiple auth modules."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type': 'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}],
}], [{
'type': 'insecure_example',
'data': [{
'user_id': 'mock-user',
'pin': 'test-pin'
}]
}, {
'type': 'insecure_example',
'id': 'module2',
'data': [{
'user_id': 'mock-user',
'pin': 'test-pin2'
}]
}])
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
step = await manager.login_flow.async_init(('insecure_example', None))
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step['flow_id'], {
'username': '******',
'password': '******',
})
# After auth_provider validated, request select auth module
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
assert step['step_id'] == 'select_mfa_module'
step = await manager.login_flow.async_configure(step['flow_id'], {
'multi_factor_auth_module': 'module2',
})
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
assert step['step_id'] == 'mfa'
step = await manager.login_flow.async_configure(step['flow_id'], {
'pin': 'test-pin2',
})
# Finally passed, get user
assert step['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
user = step['result']
assert user is not None
assert user.id == 'mock-user'
assert user.is_owner is False
assert user.is_active is False
assert user.name == 'Paulus'
async def test_login_with_multi_auth_module(mock_hass):
"""Test login as existing user with multiple auth modules."""
manager = await auth.auth_manager_from_config(mock_hass, [{
'type':
'insecure_example',
'users': [{
'username': '******',
'password': '******',
'name': 'Test Name'
}],
}], [{
'type': 'insecure_example',
'data': [{
'user_id': 'mock-user',
'pin': 'test-pin'
}]
}, {
'type': 'insecure_example',
'id': 'module2',
'data': [{
'user_id': 'mock-user',
'pin': 'test-pin2'
}]
}])
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(
id='mock-user',
is_owner=False,
is_active=False,
name='Paulus',
).add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id='mock-id',
auth_provider_type='insecure_example',
auth_provider_id=None,
data={'username': '******'},
is_new=False,
))
step = await manager.login_flow.async_init(('insecure_example', None))
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step['flow_id'], {
'username': '******',
'password': '******',
})
# After auth_provider validated, request select auth module
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
assert step['step_id'] == 'select_mfa_module'
step = await manager.login_flow.async_configure(
step['flow_id'], {
'multi_factor_auth_module': 'module2',
})
assert step['type'] == data_entry_flow.RESULT_TYPE_FORM
assert step['step_id'] == 'mfa'
step = await manager.login_flow.async_configure(step['flow_id'], {
'pin': 'test-pin2',
})
# Finally passed, get user
assert step['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
user = step['result']
assert user is not None
assert user.id == 'mock-user'
assert user.is_owner is False
assert user.is_active is False
assert user.name == 'Paulus'
async def test_login_with_auth_module(mock_hass):
"""Test login as existing user with auth module."""
manager = await auth.auth_manager_from_config(
mock_hass,
[{
"type":
"insecure_example",
"users": [{
"username": "******",
"password": "******",
"name": "Test Name",
}],
}],
[{
"type": "insecure_example",
"data": [{
"user_id": "mock-user",
"pin": "test-pin"
}],
}],
)
mock_hass.auth = manager
ensure_auth_manager_loaded(manager)
# Add fake user with credentials for example auth provider.
user = MockUser(id="mock-user",
is_owner=False,
is_active=False,
name="Paulus").add_to_auth_manager(manager)
user.credentials.append(
auth_models.Credentials(
id="mock-id",
auth_provider_type="insecure_example",
auth_provider_id=None,
data={"username": "******"},
is_new=False,
))
step = await manager.login_flow.async_init(("insecure_example", None))
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
step = await manager.login_flow.async_configure(step["flow_id"], {
"username": "******",
"password": "******"
})
# After auth_provider validated, request auth module input form
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
assert step["step_id"] == "mfa"
step = await manager.login_flow.async_configure(step["flow_id"],
{"pin": "invalid-pin"})
# Invalid code error
assert step["type"] == data_entry_flow.RESULT_TYPE_FORM
assert step["step_id"] == "mfa"
assert step["errors"] == {"base": "invalid_code"}
step = await manager.login_flow.async_configure(step["flow_id"],
{"pin": "test-pin"})
# Finally passed, get user
assert step["type"] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
user = step["result"]
assert user is not None
assert user.id == "mock-user"
assert user.is_owner is False
assert user.is_active is False
assert user.name == "Paulus"
async def test_ws_setup_depose_mfa(hass, hass_ws_client):
"""Test set up mfa module for current user."""
hass.auth = await auth_manager_from_config(
hass,
provider_configs=[{
"type":
"insecure_example",
"users": [{
"username": "******",
"password": "******",
"name": "Test Name",
}],
}],
module_configs=[{
"type": "insecure_example",
"id": "example_module",
"data": [{
"user_id": "mock-user",
"pin": "123456"
}],
}],
)
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, "auth", {"http": {}})
user = MockUser(id="mock-user").add_to_hass(hass)
cred = await hass.auth.auth_providers[0].async_get_or_create_credentials(
{"username": "******"})
await hass.auth.async_link_user(user, cred)
refresh_token = await hass.auth.async_create_refresh_token(user, CLIENT_ID)
access_token = hass.auth.async_create_access_token(refresh_token)
client = await hass_ws_client(hass, access_token)
await client.send_json({
"id": 10,
"type": mfa_setup_flow.WS_TYPE_SETUP_MFA
})
result = await client.receive_json()
assert result["id"] == 10
assert result["success"] is False
assert result["error"]["code"] == "no_module"
await client.send_json({
"id": 11,
"type": mfa_setup_flow.WS_TYPE_SETUP_MFA,
"mfa_module_id": "example_module",
})
result = await client.receive_json()
assert result["id"] == 11
assert result["success"]
flow = result["result"]
assert flow["type"] == data_entry_flow.RESULT_TYPE_FORM
assert flow["handler"] == "example_module"
assert flow["step_id"] == "init"
assert flow["data_schema"][0] == {
"type": "string",
"name": "pin",
"required": True
}
await client.send_json({
"id": 12,
"type": mfa_setup_flow.WS_TYPE_SETUP_MFA,
"flow_id": flow["flow_id"],
"user_input": {
"pin": "654321"
},
})
result = await client.receive_json()
assert result["id"] == 12
assert result["success"]
flow = result["result"]
assert flow["type"] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
assert flow["handler"] == "example_module"
assert flow["data"]["result"] is None
await client.send_json({
"id": 13,
"type": mfa_setup_flow.WS_TYPE_DEPOSE_MFA,
"mfa_module_id": "invalid_id",
})
result = await client.receive_json()
assert result["id"] == 13
assert result["success"] is False
assert result["error"]["code"] == "disable_failed"
await client.send_json({
"id": 14,
"type": mfa_setup_flow.WS_TYPE_DEPOSE_MFA,
"mfa_module_id": "example_module",
})
result = await client.receive_json()
assert result["id"] == 14
assert result["success"]
assert result["result"] == "done"
async def test_ws_setup_depose_mfa(hass, hass_ws_client):
"""Test set up mfa module for current user."""
hass.auth = await auth_manager_from_config(hass,
provider_configs=[{
'type':
'insecure_example',
'users': [{
'username':
'******',
'password':
'******',
'name':
'Test Name',
}]
}],
module_configs=[{
'type':
'insecure_example',
'id':
'example_module',
'data': [{
'user_id': 'mock-user',
'pin': '123456'
}]
}])
ensure_auth_manager_loaded(hass.auth)
await async_setup_component(hass, 'auth', {'http': {}})
user = MockUser(id='mock-user').add_to_hass(hass)
cred = await hass.auth.auth_providers[0].async_get_or_create_credentials(
{'username': '******'})
await hass.auth.async_link_user(user, cred)
refresh_token = await hass.auth.async_create_refresh_token(user, CLIENT_ID)
access_token = hass.auth.async_create_access_token(refresh_token)
client = await hass_ws_client(hass, access_token)
await client.send_json({
'id': 10,
'type': mfa_setup_flow.WS_TYPE_SETUP_MFA,
})
result = await client.receive_json()
assert result['id'] == 10
assert result['success'] is False
assert result['error']['code'] == 'no_module'
await client.send_json({
'id': 11,
'type': mfa_setup_flow.WS_TYPE_SETUP_MFA,
'mfa_module_id': 'example_module',
})
result = await client.receive_json()
assert result['id'] == 11
assert result['success']
flow = result['result']
assert flow['type'] == data_entry_flow.RESULT_TYPE_FORM
assert flow['handler'] == 'example_module'
assert flow['step_id'] == 'init'
assert flow['data_schema'][0] == {'type': 'string', 'name': 'pin'}
await client.send_json({
'id': 12,
'type': mfa_setup_flow.WS_TYPE_SETUP_MFA,
'flow_id': flow['flow_id'],
'user_input': {
'pin': '654321'
},
})
result = await client.receive_json()
assert result['id'] == 12
assert result['success']
flow = result['result']
assert flow['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY
assert flow['handler'] == 'example_module'
assert flow['data']['result'] is None
await client.send_json({
'id': 13,
'type': mfa_setup_flow.WS_TYPE_DEPOSE_MFA,
'mfa_module_id': 'invalid_id',
})
result = await client.receive_json()
assert result['id'] == 13
assert result['success'] is False
assert result['error']['code'] == 'disable_failed'
await client.send_json({
'id': 14,
'type': mfa_setup_flow.WS_TYPE_DEPOSE_MFA,
'mfa_module_id': 'example_module',
})
result = await client.receive_json()
assert result['id'] == 14
assert result['success']
assert result['result'] == 'done'
