async def test_ip_bans_file_creation(hass, aiohttp_client): """Testing if banned IP file created.""" app = web.Application() app['hass'] = hass async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get('/', unauth_handler) setup_bans(hass, app, 2) mock_real_ip(app)("200.201.202.204") with patch('homeassistant.components.http.ban.async_load_ip_bans_config', return_value=mock_coro( [IpBan(banned_ip) for banned_ip in BANNED_IPS])): client = await aiohttp_client(app) m = mock_open() with patch('homeassistant.components.http.ban.open', m, create=True): resp = await client.get('/') assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) assert m.call_count == 0 resp = await client.get('/') assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1 m.assert_called_once_with(hass.config.path(IP_BANS_FILE), 'a') resp = await client.get('/') assert resp.status == 403 assert m.call_count == 1
async def test_ip_bans_file_creation(hass, aiohttp_client): """Testing if banned IP file created.""" app = web.Application() app['hass'] = hass async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get('/', unauth_handler) setup_bans(hass, app, 1) mock_real_ip(app)("200.201.202.204") with patch('homeassistant.components.http.ban.async_load_ip_bans_config', return_value=mock_coro([IpBan(banned_ip) for banned_ip in BANNED_IPS])): client = await aiohttp_client(app) m = mock_open() with patch('homeassistant.components.http.ban.open', m, create=True): resp = await client.get('/') assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) assert m.call_count == 0 resp = await client.get('/') assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1 m.assert_called_once_with(hass.config.path(IP_BANS_FILE), 'a') resp = await client.get('/') assert resp.status == 403 assert m.call_count == 1
async def test_access_from_supervisor_ip(remote_addr, bans, status, hass, aiohttp_client, hassio_env): """Test accessing to server from supervisor IP.""" app = web.Application() app["hass"] = hass async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get("/", unauth_handler) setup_bans(hass, app, 1) mock_real_ip(app)(remote_addr) with patch("homeassistant.components.http.ban.async_load_ip_bans_config", return_value=[]): client = await aiohttp_client(app) assert await async_setup_component(hass, "hassio", {"hassio": {}}) m_open = mock_open() with patch.dict(os.environ, {"SUPERVISOR": SUPERVISOR_IP}), patch( "homeassistant.components.http.ban.open", m_open, create=True): resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == bans assert m_open.call_count == bans # second request should be forbidden if banned resp = await client.get("/") assert resp.status == status assert len(app[KEY_BANNED_IPS]) == bans
async def test_access_from_banned_ip_with_partially_broken_yaml_file( hass, aiohttp_client, caplog ): """Test accessing to server from banned IP. Both trusted and not. We inject some garbage into the yaml file to make sure it can still load the bans. """ app = web.Application() app["hass"] = hass setup_bans(hass, app, 5) set_real_ip = mock_real_ip(app) data = {banned_ip: {"banned_at": "2016-11-16T19:20:03"} for banned_ip in BANNED_IPS} data["5.3.3.3"] = {"banned_at": "garbage"} with patch( "homeassistant.components.http.ban.load_yaml_config_file", return_value=data, ): client = await aiohttp_client(app) for remote_addr in BANNED_IPS: set_real_ip(remote_addr) resp = await client.get("/") assert resp.status == HTTPStatus.FORBIDDEN # Ensure garbage data is ignored set_real_ip("5.3.3.3") resp = await client.get("/") assert resp.status == HTTPStatus.NOT_FOUND assert "Failed to load IP ban" in caplog.text
async def test_failed_login_attempts_counter(hass, aiohttp_client): """Testing if failed login attempts counter increased.""" app = web.Application() app["hass"] = hass async def auth_handler(request): """Return 200 status code.""" return None, 200 app.router.add_get( "/auth_true", request_handler_factory(Mock(requires_auth=True), auth_handler) ) app.router.add_get( "/auth_false", request_handler_factory(Mock(requires_auth=True), auth_handler) ) app.router.add_get( "/", request_handler_factory(Mock(requires_auth=False), auth_handler) ) setup_bans(hass, app, 5) remote_ip = ip_address("200.201.202.204") mock_real_ip(app)("200.201.202.204") @middleware async def mock_auth(request, handler): """Mock auth middleware.""" if "auth_true" in request.path: request[KEY_AUTHENTICATED] = True else: request[KEY_AUTHENTICATED] = False return await handler(request) app.middlewares.append(mock_auth) client = await aiohttp_client(app) resp = await client.get("/auth_false") assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1 resp = await client.get("/auth_false") assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 resp = await client.get("/") assert resp.status == 200 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 # This used to check that with trusted networks we reset login attempts # We no longer support trusted networks. resp = await client.get("/auth_true") assert resp.status == 200 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
async def test_ip_bans_file_creation(hass, aiohttp_client, caplog): """Testing if banned IP file created.""" app = web.Application() app["hass"] = hass async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get("/example", unauth_handler) setup_bans(hass, app, 2) mock_real_ip(app)("200.201.202.204") with patch( "homeassistant.components.http.ban.load_yaml_config_file", return_value={ banned_ip: {"banned_at": "2016-11-16T19:20:03"} for banned_ip in BANNED_IPS }, ): client = await aiohttp_client(app) manager: IpBanManager = app[KEY_BAN_MANAGER] m_open = mock_open() with patch("homeassistant.components.http.ban.open", m_open, create=True): resp = await client.get("/example") assert resp.status == HTTPStatus.UNAUTHORIZED assert len(manager.ip_bans_lookup) == len(BANNED_IPS) assert m_open.call_count == 0 resp = await client.get("/example") assert resp.status == HTTPStatus.UNAUTHORIZED assert len(manager.ip_bans_lookup) == len(BANNED_IPS) + 1 m_open.assert_called_once_with( hass.config.path(IP_BANS_FILE), "a", encoding="utf8" ) resp = await client.get("/example") assert resp.status == HTTPStatus.FORBIDDEN assert m_open.call_count == 1 assert ( len(notifications := hass.states.async_all("persistent_notification")) == 2 ) assert ( notifications[0].attributes["message"] == "Login attempt or request with invalid authentication from example.com (200.201.202.204). See the log for details." ) assert ( "Login attempt or request with invalid authentication from example.com (200.201.202.204). Requested URL: '/example'." in caplog.text )
async def test_failed_login_attempts_counter(hass, aiohttp_client): """Testing if failed login attempts counter increased.""" app = web.Application() app['hass'] = hass async def auth_handler(request): """Return 200 status code.""" return None, 200 app.router.add_get( '/auth_true', request_handler_factory(Mock(requires_auth=True), auth_handler)) app.router.add_get( '/auth_false', request_handler_factory(Mock(requires_auth=True), auth_handler)) app.router.add_get( '/', request_handler_factory(Mock(requires_auth=False), auth_handler)) setup_bans(hass, app, 5) remote_ip = ip_address("200.201.202.204") mock_real_ip(app)("200.201.202.204") @middleware async def mock_auth(request, handler): """Mock auth middleware.""" if 'auth_true' in request.path: request[KEY_AUTHENTICATED] = True else: request[KEY_AUTHENTICATED] = False return await handler(request) app.middlewares.append(mock_auth) client = await aiohttp_client(app) resp = await client.get('/auth_false') assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1 resp = await client.get('/auth_false') assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 resp = await client.get('/') assert resp.status == 200 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 resp = await client.get('/auth_true') assert resp.status == 200 assert remote_ip not in app[KEY_FAILED_LOGIN_ATTEMPTS]
async def test_access_from_banned_ip(hass, aiohttp_client): """Test accessing to server from banned IP. Both trusted and not.""" app = web.Application() setup_bans(hass, app, 5) set_real_ip = mock_real_ip(app) with patch('homeassistant.components.http.ban.load_ip_bans_config', return_value=[IpBan(banned_ip) for banned_ip in BANNED_IPS]): client = await aiohttp_client(app) for remote_addr in BANNED_IPS: set_real_ip(remote_addr) resp = await client.get('/') assert resp.status == 403
async def test_access_from_banned_ip(hass, aiohttp_client): """Test accessing to server from banned IP. Both trusted and not.""" app = web.Application() setup_bans(hass, app, 5) set_real_ip = mock_real_ip(app) with patch('homeassistant.components.http.ban.async_load_ip_bans_config', return_value=mock_coro([IpBan(banned_ip) for banned_ip in BANNED_IPS])): client = await aiohttp_client(app) for remote_addr in BANNED_IPS: set_real_ip(remote_addr) resp = await client.get('/') assert resp.status == 403
async def test_failed_login_attempts_counter(hass, aiohttp_client): """Testing if failed login attempts counter increased.""" app = web.Application() app['hass'] = hass async def auth_handler(request): """Return 200 status code.""" return None, 200 app.router.add_get('/auth_true', request_handler_factory( Mock(requires_auth=True), auth_handler)) app.router.add_get('/auth_false', request_handler_factory( Mock(requires_auth=True), auth_handler)) app.router.add_get('/', request_handler_factory( Mock(requires_auth=False), auth_handler)) setup_bans(hass, app, 5) remote_ip = ip_address("200.201.202.204") mock_real_ip(app)("200.201.202.204") @middleware async def mock_auth(request, handler): """Mock auth middleware.""" if 'auth_true' in request.path: request[KEY_AUTHENTICATED] = True else: request[KEY_AUTHENTICATED] = False return await handler(request) app.middlewares.append(mock_auth) client = await aiohttp_client(app) resp = await client.get('/auth_false') assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1 resp = await client.get('/auth_false') assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 resp = await client.get('/') assert resp.status == 200 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 resp = await client.get('/auth_true') assert resp.status == 200 assert remote_ip not in app[KEY_FAILED_LOGIN_ATTEMPTS]
async def test_failure_loading_ip_bans_file(hass, aiohttp_client): """Test failure loading ip bans file.""" app = web.Application() app["hass"] = hass setup_bans(hass, app, 5) set_real_ip = mock_real_ip(app) with patch( "homeassistant.components.http.ban.load_yaml_config_file", side_effect=HomeAssistantError, ): client = await aiohttp_client(app) set_real_ip("4.3.2.1") resp = await client.get("/") assert resp.status == HTTPStatus.NOT_FOUND
async def test_ip_bans_file_creation(hass, aiohttp_client): """Testing if banned IP file created.""" notification_calls = async_mock_service(hass, "persistent_notification", "create") app = web.Application() app["hass"] = hass async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get("/", unauth_handler) setup_bans(hass, app, 2) mock_real_ip(app)("200.201.202.204") with patch( "homeassistant.components.http.ban.async_load_ip_bans_config", return_value=[IpBan(banned_ip) for banned_ip in BANNED_IPS], ): client = await aiohttp_client(app) m_open = mock_open() with patch("homeassistant.components.http.ban.open", m_open, create=True): resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) assert m_open.call_count == 0 resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1 m_open.assert_called_once_with( hass.config.path(IP_BANS_FILE), "a", encoding="utf8" ) resp = await client.get("/") assert resp.status == HTTP_FORBIDDEN assert m_open.call_count == 1 assert len(notification_calls) == 3 assert ( notification_calls[0].data["message"] == "Login attempt or request with invalid authentication from example.com (200.201.202.204). See the log for details." )
async def test_access_from_banned_ip(hass, aiohttp_client): """Test accessing to server from banned IP. Both trusted and not.""" app = web.Application() app["hass"] = hass setup_bans(hass, app, 5) set_real_ip = mock_real_ip(app) with patch( "homeassistant.components.http.ban.load_yaml_config_file", return_value={ banned_ip: {"banned_at": "2016-11-16T19:20:03"} for banned_ip in BANNED_IPS }, ): client = await aiohttp_client(app) for remote_addr in BANNED_IPS: set_real_ip(remote_addr) resp = await client.get("/") assert resp.status == HTTPStatus.FORBIDDEN
async def test_ip_ban_manager_never_started(hass, aiohttp_client, caplog): """Test we handle the ip ban manager not being started.""" app = web.Application() app["hass"] = hass setup_bans(hass, app, 5) set_real_ip = mock_real_ip(app) with patch( "homeassistant.components.http.ban.load_yaml_config_file", side_effect=FileNotFoundError, ): client = await aiohttp_client(app) # Mock the manager never being started del app[KEY_BAN_MANAGER] set_real_ip("4.3.2.1") resp = await client.get("/") assert resp.status == HTTPStatus.NOT_FOUND assert "IP Ban middleware loaded but banned IPs not loaded" in caplog.text