async def test_basic_auth_works(app, aiohttp_client, hass, legacy_auth): """Test access with basic authentication.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get( '/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 assert await req.json() == { 'user_id': user.id, } req = await client.get( '/', auth=BasicAuth('wrong_username', API_PASSWORD)) assert req.status == 401 req = await client.get( '/', auth=BasicAuth('homeassistant', 'wrong password')) assert req.status == 401 req = await client.get( '/', headers={ 'authorization': 'NotBasic abcdefg' }) assert req.status == 401
async def test_basic_auth_works(app, aiohttp_client): """Test access with basic authentication.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get( '/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 req = await client.get( '/', auth=BasicAuth('wrong_username', API_PASSWORD)) assert req.status == 401 req = await client.get( '/', auth=BasicAuth('homeassistant', 'wrong password')) assert req.status == 401 req = await client.get( '/', headers={ 'authorization': 'NotBasic abcdefg' }) assert req.status == 401
async def test_access_without_password(app, aiohttp_client): """Test access without password.""" setup_auth(app, [], False, api_password=None) client = await aiohttp_client(app) resp = await client.get('/') assert resp.status == 200
def test_access_without_password(app, test_client): """Test access without password.""" setup_auth(app, [], None) client = yield from test_client(app) resp = yield from client.get('/') assert resp.status == 200
async def test_auth_legacy_support_api_password_access(app, aiohttp_client, legacy_auth, hass): """Test access using api_password if auth.support_legacy.""" setup_auth(app, [], API_PASSWORD) client = await aiohttp_client(app) user = await legacy_api_password.async_get_user(hass) req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == { 'refresh_token_id': None, 'user_id': user.id, } resp = await client.get('/', params={'api_password': API_PASSWORD}) assert resp.status == 200 assert await resp.json() == { 'refresh_token_id': None, 'user_id': user.id, } req = await client.get('/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 assert await req.json() == { 'refresh_token_id': None, 'user_id': user.id, }
async def test_auth_active_access_with_access_token_in_header( hass, app, aiohttp_client, hass_access_token): """Test access with access token in header.""" token = hass_access_token setup_auth(hass, app) client = await aiohttp_client(app) refresh_token = await hass.auth.async_validate_access_token( hass_access_token) req = await client.get("/", headers={"Authorization": f"Bearer {token}"}) assert req.status == HTTPStatus.OK assert await req.json() == {"user_id": refresh_token.user.id} req = await client.get("/", headers={"AUTHORIZATION": f"Bearer {token}"}) assert req.status == HTTPStatus.OK assert await req.json() == {"user_id": refresh_token.user.id} req = await client.get("/", headers={"authorization": f"Bearer {token}"}) assert req.status == HTTPStatus.OK assert await req.json() == {"user_id": refresh_token.user.id} req = await client.get("/", headers={"Authorization": token}) assert req.status == HTTPStatus.UNAUTHORIZED req = await client.get("/", headers={"Authorization": f"BEARER {token}"}) assert req.status == HTTPStatus.UNAUTHORIZED refresh_token = await hass.auth.async_validate_access_token( hass_access_token) refresh_token.user.is_active = False req = await client.get("/", headers={"Authorization": f"Bearer {token}"}) assert req.status == HTTPStatus.UNAUTHORIZED
async def test_auth_active_access_with_access_token_in_header( app, aiohttp_client): """Test access with access token in header.""" setup_auth(app, [], True, api_password=None) client = await aiohttp_client(app) req = await client.get( '/', headers={'Authorization': 'Bearer {}'.format(ACCESS_TOKEN)}) assert req.status == 200 req = await client.get( '/', headers={'AUTHORIZATION': 'Bearer {}'.format(ACCESS_TOKEN)}) assert req.status == 200 req = await client.get( '/', headers={'authorization': 'Bearer {}'.format(ACCESS_TOKEN)}) assert req.status == 200 req = await client.get('/', headers={'Authorization': ACCESS_TOKEN}) assert req.status == 401 req = await client.get( '/', headers={'Authorization': 'BEARER {}'.format(ACCESS_TOKEN)}) assert req.status == 401 req = await client.get('/', headers={'Authorization': 'Bearer wrong-pass'}) assert req.status == 401
async def test_auth_active_access_with_access_token_in_header( app, aiohttp_client): """Test access with access token in header.""" setup_auth(app, [], True, api_password=None) client = await aiohttp_client(app) req = await client.get( '/', headers={'Authorization': 'Bearer {}'.format(ACCESS_TOKEN)}) assert req.status == 200 req = await client.get( '/', headers={'AUTHORIZATION': 'Bearer {}'.format(ACCESS_TOKEN)}) assert req.status == 200 req = await client.get( '/', headers={'authorization': 'Bearer {}'.format(ACCESS_TOKEN)}) assert req.status == 200 req = await client.get( '/', headers={'Authorization': ACCESS_TOKEN}) assert req.status == 401 req = await client.get( '/', headers={'Authorization': 'BEARER {}'.format(ACCESS_TOKEN)}) assert req.status == 401 req = await client.get( '/', headers={'Authorization': 'Bearer wrong-pass'}) assert req.status == 401
async def test_auth_legacy_support_api_password_access( app, aiohttp_client, legacy_auth, hass): """Test access using api_password if auth.support_legacy.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == { 'user_id': user.id, } resp = await client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 200 assert await resp.json() == { 'user_id': user.id, } req = await client.get( '/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 assert await req.json() == { 'user_id': user.id, }
def test_basic_auth_works(app, test_client): """Test access with basic authentication.""" setup_auth(app, [], API_PASSWORD) client = yield from test_client(app) req = yield from client.get( '/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 req = yield from client.get( '/', auth=BasicAuth('wrong_username', API_PASSWORD)) assert req.status == 401 req = yield from client.get( '/', auth=BasicAuth('homeassistant', 'wrong password')) assert req.status == 401 req = yield from client.get( '/', headers={ 'authorization': 'NotBasic abcdefg' }) assert req.status == 401
async def test_auth_active_access_with_access_token_in_header( hass, app, aiohttp_client, hass_access_token): """Test access with access token in header.""" token = hass_access_token setup_auth(app, [], True, api_password=None) client = await aiohttp_client(app) req = await client.get( '/', headers={'Authorization': 'Bearer {}'.format(token)}) assert req.status == 200 req = await client.get( '/', headers={'AUTHORIZATION': 'Bearer {}'.format(token)}) assert req.status == 200 req = await client.get( '/', headers={'authorization': 'Bearer {}'.format(token)}) assert req.status == 200 req = await client.get('/', headers={'Authorization': token}) assert req.status == 401 req = await client.get( '/', headers={'Authorization': 'BEARER {}'.format(token)}) assert req.status == 401 refresh_token = await hass.auth.async_validate_access_token( hass_access_token) refresh_token.user.is_active = False req = await client.get( '/', headers={'Authorization': 'Bearer {}'.format(token)}) assert req.status == 401
async def test_auth_active_access_with_access_token_in_header( hass, app, aiohttp_client, hass_access_token): """Test access with access token in header.""" token = hass_access_token setup_auth(app, [], True, api_password=None) client = await aiohttp_client(app) req = await client.get( '/', headers={'Authorization': 'Bearer {}'.format(token)}) assert req.status == 200 req = await client.get( '/', headers={'AUTHORIZATION': 'Bearer {}'.format(token)}) assert req.status == 200 req = await client.get( '/', headers={'authorization': 'Bearer {}'.format(token)}) assert req.status == 200 req = await client.get( '/', headers={'Authorization': token}) assert req.status == 401 req = await client.get( '/', headers={'Authorization': 'BEARER {}'.format(token)}) assert req.status == 401 refresh_token = await hass.auth.async_validate_access_token( hass_access_token) refresh_token.user.is_active = False req = await client.get( '/', headers={'Authorization': 'Bearer {}'.format(token)}) assert req.status == 401
async def test_access_with_password_in_header(app, aiohttp_client): """Test access with password in header.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
async def test_cant_access_with_password_in_header(app, aiohttp_client, legacy_auth, hass): """Test access with password in header.""" setup_auth(hass, app) client = await aiohttp_client(app) req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == HTTPStatus.UNAUTHORIZED req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: "wrong-pass"}) assert req.status == HTTPStatus.UNAUTHORIZED
async def test_access_with_password_in_header(app, aiohttp_client): """Test access with password in header.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
def test_access_with_password_in_header(app, test_client): """Test access with password in URL.""" setup_auth(app, [], API_PASSWORD) client = yield from test_client(app) req = yield from client.get('/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 req = yield from client.get('/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
async def test_access_with_password_in_header(app, aiohttp_client, legacy_auth, hass): """Test access with password in header.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == {"user_id": user.id} req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: "wrong-pass"}) assert req.status == 401
def test_access_with_password_in_header(app, test_client): """Test access with password in URL.""" setup_auth(app, [], API_PASSWORD) client = yield from test_client(app) req = yield from client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 req = yield from client.get( '/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
async def test_auth_legacy_support_api_password_access(app, aiohttp_client): """Test access using api_password if auth.support_legacy.""" setup_auth(app, [], True, support_legacy=True, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 resp = await client.get('/', params={'api_password': API_PASSWORD}) assert resp.status == 200 req = await client.get('/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200
async def test_access_with_password_in_query(app, test_client): """Test access without password.""" setup_auth(app, [], API_PASSWORD) client = await test_client(app) resp = await client.get('/', params={'api_password': API_PASSWORD}) assert resp.status == 200 resp = await client.get('/') assert resp.status == 401 resp = await client.get('/', params={'api_password': '******'}) assert resp.status == 401
async def test_auth_active_blocked_api_password_access(app, aiohttp_client): """Test access using api_password should be blocked when auth.active.""" setup_auth(app, [], True, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 401 resp = await client.get('/', params={'api_password': API_PASSWORD}) assert resp.status == 401 req = await client.get('/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 401
async def test_access_with_password_in_query(app, aiohttp_client): """Test access with password in URL.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) resp = await client.get('/', params={'api_password': API_PASSWORD}) assert resp.status == 200 resp = await client.get('/') assert resp.status == 401 resp = await client.get('/', params={'api_password': '******'}) assert resp.status == 401
async def test_cant_access_with_password_in_query(app, aiohttp_client, legacy_auth, hass): """Test access with password in URL.""" setup_auth(hass, app) client = await aiohttp_client(app) resp = await client.get("/", params={"api_password": API_PASSWORD}) assert resp.status == HTTPStatus.UNAUTHORIZED resp = await client.get("/") assert resp.status == HTTPStatus.UNAUTHORIZED resp = await client.get("/", params={"api_password": "******"}) assert resp.status == HTTPStatus.UNAUTHORIZED
async def test_auth_legacy_support_api_password_cannot_access( app, aiohttp_client, legacy_auth, hass): """Test access using api_password if auth.support_legacy.""" setup_auth(hass, app) client = await aiohttp_client(app) req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == HTTPStatus.UNAUTHORIZED resp = await client.get("/", params={"api_password": API_PASSWORD}) assert resp.status == HTTPStatus.UNAUTHORIZED req = await client.get("/", auth=BasicAuth("homeassistant", API_PASSWORD)) assert req.status == HTTPStatus.UNAUTHORIZED
async def test_access_with_password_in_query(app, aiohttp_client, legacy_auth, hass): """Test access with password in URL.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) resp = await client.get("/", params={"api_password": API_PASSWORD}) assert resp.status == 200 assert await resp.json() == {"user_id": user.id} resp = await client.get("/") assert resp.status == 401 resp = await client.get("/", params={"api_password": "******"}) assert resp.status == 401
async def test_basic_auth_does_not_work(app, aiohttp_client, hass, legacy_auth): """Test access with basic authentication.""" setup_auth(hass, app) client = await aiohttp_client(app) req = await client.get("/", auth=BasicAuth("homeassistant", API_PASSWORD)) assert req.status == 401 req = await client.get("/", auth=BasicAuth("wrong_username", API_PASSWORD)) assert req.status == 401 req = await client.get("/", auth=BasicAuth("homeassistant", "wrong password")) assert req.status == 401 req = await client.get("/", headers={"authorization": "NotBasic abcdefg"}) assert req.status == 401
async def test_access_with_password_in_header(app, aiohttp_client, legacy_auth, hass): """Test access with password in header.""" setup_auth(app, [], api_password=API_PASSWORD) client = await aiohttp_client(app) user = await legacy_api_password.async_get_user(hass) req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == { 'refresh_token_id': None, 'user_id': user.id, } req = await client.get('/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
async def test_cannot_access_with_trusted_ip(hass, app2, trusted_networks_auth, aiohttp_client, hass_owner_user): """Test access with an untrusted ip address.""" setup_auth(hass, app2) set_mock_ip = mock_real_ip(app2) client = await aiohttp_client(app2) for remote_addr in UNTRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get("/") assert resp.status == 401, f"{remote_addr} shouldn't be trusted" for remote_addr in TRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get("/") assert resp.status == 401, f"{remote_addr} shouldn't be trusted"
async def test_access_with_password_in_header(app, aiohttp_client, legacy_auth, hass): """Test access with password in header.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == { 'user_id': user.id, } req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
def test_access_with_password_in_query(app, test_client): """Test access without password.""" setup_auth(app, [], API_PASSWORD) client = yield from test_client(app) resp = yield from client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 200 resp = yield from client.get('/') assert resp.status == 401 resp = yield from client.get('/', params={ 'api_password': '******' }) assert resp.status == 401
async def test_access_with_password_in_query(app, aiohttp_client): """Test access with password in URL.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) resp = await client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 200 resp = await client.get('/') assert resp.status == 401 resp = await client.get('/', params={ 'api_password': '******' }) assert resp.status == 401
async def test_access_with_password_in_header(app, aiohttp_client, legacy_auth, hass): """Test access with password in header.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) user = await legacy_api_password.async_get_user(hass) req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == { 'refresh_token_id': None, 'user_id': user.id, } req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: 'wrong-pass'}) assert req.status == 401
async def test_basic_auth_works(app, aiohttp_client, hass, legacy_auth): """Test access with basic authentication.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get("/", auth=BasicAuth("homeassistant", API_PASSWORD)) assert req.status == 200 assert await req.json() == {"user_id": user.id} req = await client.get("/", auth=BasicAuth("wrong_username", API_PASSWORD)) assert req.status == 401 req = await client.get("/", auth=BasicAuth("homeassistant", "wrong password")) assert req.status == 401 req = await client.get("/", headers={"authorization": "NotBasic abcdefg"}) assert req.status == 401
async def test_auth_legacy_support_api_password_access(app, aiohttp_client): """Test access using api_password if auth.support_legacy.""" setup_auth(app, [], True, support_legacy=True, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 resp = await client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 200 req = await client.get( '/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200
async def test_auth_active_blocked_api_password_access(app, aiohttp_client): """Test access using api_password should be blocked when auth.active.""" setup_auth(app, [], True, api_password=API_PASSWORD) client = await aiohttp_client(app) req = await client.get( '/', headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 401 resp = await client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 401 req = await client.get( '/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 401
async def test_auth_active_access_with_trusted_ip(app2, aiohttp_client): """Test access with an untrusted ip address.""" setup_auth(app2, TRUSTED_NETWORKS, True, api_password=None) set_mock_ip = mock_real_ip(app2) client = await aiohttp_client(app2) for remote_addr in UNTRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get('/') assert resp.status == 401, \ "{} shouldn't be trusted".format(remote_addr) for remote_addr in TRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get('/') assert resp.status == 200, \ "{} should be trusted".format(remote_addr)
async def test_auth_legacy_support_api_password_access( app, aiohttp_client, legacy_auth, hass ): """Test access using api_password if auth.support_legacy.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get("/", headers={HTTP_HEADER_HA_AUTH: API_PASSWORD}) assert req.status == 200 assert await req.json() == {"user_id": user.id} resp = await client.get("/", params={"api_password": API_PASSWORD}) assert resp.status == 200 assert await resp.json() == {"user_id": user.id} req = await client.get("/", auth=BasicAuth("homeassistant", API_PASSWORD)) assert req.status == 200 assert await req.json() == {"user_id": user.id}
async def test_auth_active_access_with_trusted_ip( hass, app2, trusted_networks_auth, aiohttp_client, hass_owner_user ): """Test access with an untrusted ip address.""" setup_auth(hass, app2) set_mock_ip = mock_real_ip(app2) client = await aiohttp_client(app2) for remote_addr in UNTRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get("/") assert resp.status == 401, "{} shouldn't be trusted".format(remote_addr) for remote_addr in TRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get("/") assert resp.status == 200, "{} should be trusted".format(remote_addr) assert await resp.json() == {"user_id": hass_owner_user.id}
async def test_access_with_password_in_query(app, aiohttp_client, legacy_auth, hass): """Test access with password in URL.""" setup_auth(app, [], api_password=API_PASSWORD) client = await aiohttp_client(app) user = await legacy_api_password.async_get_user(hass) resp = await client.get('/', params={'api_password': API_PASSWORD}) assert resp.status == 200 assert await resp.json() == { 'refresh_token_id': None, 'user_id': user.id, } resp = await client.get('/') assert resp.status == 401 resp = await client.get('/', params={'api_password': '******'}) assert resp.status == 401
async def test_auth_access_signed_path( hass, app, aiohttp_client, hass_access_token): """Test access with signed url.""" app.router.add_post('/', mock_handler) app.router.add_get('/another_path', mock_handler) setup_auth(app, [], True, api_password=None) client = await aiohttp_client(app) refresh_token = await hass.auth.async_validate_access_token( hass_access_token) signed_path = async_sign_path( hass, refresh_token.id, '/', timedelta(seconds=5) ) req = await client.get(signed_path) assert req.status == 200 data = await req.json() assert data['refresh_token_id'] == refresh_token.id assert data['user_id'] == refresh_token.user.id # Use signature on other path req = await client.get( '/another_path?{}'.format(signed_path.split('?')[1])) assert req.status == 401 # We only allow GET req = await client.post(signed_path) assert req.status == 401 # Never valid as expired in the past. expired_signed_path = async_sign_path( hass, refresh_token.id, '/', timedelta(seconds=-5) ) req = await client.get(expired_signed_path) assert req.status == 401 # refresh token gone should also invalidate signature await hass.auth.async_remove_refresh_token(refresh_token) req = await client.get(signed_path) assert req.status == 401
def test_access_with_trusted_ip(test_client): """Test access with an untrusted ip address.""" app = web.Application() app.router.add_get('/', mock_handler) setup_auth(app, TRUSTED_NETWORKS, 'some-pass') set_mock_ip = mock_real_ip(app) client = yield from test_client(app) for remote_addr in UNTRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = yield from client.get('/') assert resp.status == 401, \ "{} shouldn't be trusted".format(remote_addr) for remote_addr in TRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = yield from client.get('/') assert resp.status == 200, \ "{} should be trusted".format(remote_addr)
async def test_basic_auth_works(app, aiohttp_client, hass, legacy_auth): """Test access with basic authentication.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) req = await client.get('/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 assert await req.json() == { 'user_id': user.id, } req = await client.get('/', auth=BasicAuth('wrong_username', API_PASSWORD)) assert req.status == 401 req = await client.get('/', auth=BasicAuth('homeassistant', 'wrong password')) assert req.status == 401 req = await client.get('/', headers={'authorization': 'NotBasic abcdefg'}) assert req.status == 401
def test_basic_auth_works(app, test_client): """Test access with basic authentication.""" setup_auth(app, [], API_PASSWORD) client = yield from test_client(app) req = yield from client.get('/', auth=BasicAuth('homeassistant', API_PASSWORD)) assert req.status == 200 req = yield from client.get('/', auth=BasicAuth('wrong_username', API_PASSWORD)) assert req.status == 401 req = yield from client.get('/', auth=BasicAuth('homeassistant', 'wrong password')) assert req.status == 401 req = yield from client.get('/', headers={'authorization': 'NotBasic abcdefg'}) assert req.status == 401
async def test_access_with_trusted_ip(app2, aiohttp_client, hass_owner_user): """Test access with an untrusted ip address.""" setup_auth(app2, TRUSTED_NETWORKS, False, api_password='******') set_mock_ip = mock_real_ip(app2) client = await aiohttp_client(app2) for remote_addr in UNTRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get('/') assert resp.status == 401, \ "{} shouldn't be trusted".format(remote_addr) for remote_addr in TRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get('/') assert resp.status == 200, \ "{} should be trusted".format(remote_addr) assert await resp.json() == { 'refresh_token_id': None, 'user_id': hass_owner_user.id, }
async def test_access_with_password_in_query(app, aiohttp_client, legacy_auth, hass): """Test access with password in URL.""" setup_auth(hass, app) client = await aiohttp_client(app) user = await get_legacy_user(hass.auth) resp = await client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 200 assert await resp.json() == { 'user_id': user.id, } resp = await client.get('/') assert resp.status == 401 resp = await client.get('/', params={ 'api_password': '******' }) assert resp.status == 401
async def test_access_with_trusted_ip(hass, app2, trusted_networks_auth, aiohttp_client, hass_owner_user): """Test access with an untrusted ip address.""" setup_auth(hass, app2) set_mock_ip = mock_real_ip(app2) client = await aiohttp_client(app2) for remote_addr in UNTRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get('/') assert resp.status == 401, \ "{} shouldn't be trusted".format(remote_addr) for remote_addr in TRUSTED_ADDRESSES: set_mock_ip(remote_addr) resp = await client.get('/') assert resp.status == 200, \ "{} should be trusted".format(remote_addr) assert await resp.json() == { 'user_id': hass_owner_user.id, }
async def test_no_auth_no_token(aioclient_mock, hass, aiohttp_client): """Test cases where aiohttp_client is not auth.""" await async_setup_component(hass, 'camera', { 'camera': { 'platform': 'push', 'name': 'config_test', }}) setup_auth(hass.http.app, [], True, api_password=None) client = await aiohttp_client(hass.http.app) # no token files = {'image': io.BytesIO(b'fake')} resp = await client.post('/api/camera_push/camera.config_test', data=files) assert resp.status == 401 # fake token files = {'image': io.BytesIO(b'fake')} resp = await client.post( '/api/camera_push/camera.config_test?token=12345678', data=files) assert resp.status == 401
async def test_access_with_password_in_query(app, aiohttp_client, legacy_auth, hass): """Test access with password in URL.""" setup_auth(app, [], False, api_password=API_PASSWORD) client = await aiohttp_client(app) user = await legacy_api_password.async_get_user(hass) resp = await client.get('/', params={ 'api_password': API_PASSWORD }) assert resp.status == 200 assert await resp.json() == { 'refresh_token_id': None, 'user_id': user.id, } resp = await client.get('/') assert resp.status == 401 resp = await client.get('/', params={ 'api_password': '******' }) assert resp.status == 401