core/homeassistant/components/auth/mfa_setup_flow.py

"""Helpers to setup multi-factor auth module."""
import logging

import voluptuous as vol

from homeassistant import data_entry_flow
from homeassistant.components import websocket_api
from homeassistant.core import callback, HomeAssistant

WS_TYPE_SETUP_MFA = "auth/setup_mfa"
SCHEMA_WS_SETUP_MFA = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend(
    {
        vol.Required("type"): WS_TYPE_SETUP_MFA,
        vol.Exclusive("mfa_module_id", "module_or_flow_id"): str,
        vol.Exclusive("flow_id", "module_or_flow_id"): str,
        vol.Optional("user_input"): object,
    }
)

WS_TYPE_DEPOSE_MFA = "auth/depose_mfa"
SCHEMA_WS_DEPOSE_MFA = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend(
    {vol.Required("type"): WS_TYPE_DEPOSE_MFA, vol.Required("mfa_module_id"): str}
)

DATA_SETUP_FLOW_MGR = "auth_mfa_setup_flow_manager"

_LOGGER = logging.getLogger(__name__)


async def async_setup(hass):
    """Init mfa setup flow manager."""

    async def _async_create_setup_flow(handler, context, data):
        """Create a setup flow. handler is a mfa module."""
        mfa_module = hass.auth.get_auth_mfa_module(handler)
        if mfa_module is None:
            raise ValueError("Mfa module {} is not found".format(handler))

        user_id = data.pop("user_id")
        return await mfa_module.async_setup_flow(user_id)

    async def _async_finish_setup_flow(flow, flow_result):
        _LOGGER.debug("flow_result: %s", flow_result)
        return flow_result

    hass.data[DATA_SETUP_FLOW_MGR] = data_entry_flow.FlowManager(
        hass, _async_create_setup_flow, _async_finish_setup_flow
    )

    hass.components.websocket_api.async_register_command(
        WS_TYPE_SETUP_MFA, websocket_setup_mfa, SCHEMA_WS_SETUP_MFA
    )

    hass.components.websocket_api.async_register_command(
        WS_TYPE_DEPOSE_MFA, websocket_depose_mfa, SCHEMA_WS_DEPOSE_MFA
    )


@callback
@websocket_api.ws_require_user(allow_system_user=False)
def websocket_setup_mfa(
    hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg
):
    """Return a setup flow for mfa auth module."""

    async def async_setup_flow(msg):
        """Return a setup flow for mfa auth module."""
        flow_manager = hass.data[DATA_SETUP_FLOW_MGR]

        flow_id = msg.get("flow_id")
        if flow_id is not None:
            result = await flow_manager.async_configure(flow_id, msg.get("user_input"))
            connection.send_message(
                websocket_api.result_message(msg["id"], _prepare_result_json(result))
            )
            return

        mfa_module_id = msg.get("mfa_module_id")
        mfa_module = hass.auth.get_auth_mfa_module(mfa_module_id)
        if mfa_module is None:
            connection.send_message(
                websocket_api.error_message(
                    msg["id"],
                    "no_module",
                    "MFA module {} is not found".format(mfa_module_id),
                )
            )
            return

        result = await flow_manager.async_init(
            mfa_module_id, data={"user_id": connection.user.id}
        )

        connection.send_message(
            websocket_api.result_message(msg["id"], _prepare_result_json(result))
        )

    hass.async_create_task(async_setup_flow(msg))


@callback
@websocket_api.ws_require_user(allow_system_user=False)
def websocket_depose_mfa(
    hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg
):
    """Remove user from mfa module."""

    async def async_depose(msg):
        """Remove user from mfa auth module."""
        mfa_module_id = msg["mfa_module_id"]
        try:
            await hass.auth.async_disable_user_mfa(
                connection.user, msg["mfa_module_id"]
            )
        except ValueError as err:
            connection.send_message(
                websocket_api.error_message(
                    msg["id"],
                    "disable_failed",
                    "Cannot disable MFA Module {}: {}".format(mfa_module_id, err),
                )
            )
            return

        connection.send_message(websocket_api.result_message(msg["id"], "done"))

    hass.async_create_task(async_depose(msg))


def _prepare_result_json(result):
    """Convert result to JSON."""
    if result["type"] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
        data = result.copy()
        return data

    if result["type"] != data_entry_flow.RESULT_TYPE_FORM:
        return result

    import voluptuous_serialize

    data = result.copy()

    schema = data["data_schema"]
    if schema is None:
        data["data_schema"] = []
    else:
        data["data_schema"] = voluptuous_serialize.convert(schema)

    return data
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`"""Helpers to setup multi-factor auth module."""`
			`import logging`

			`import voluptuous as vol`

			`from homeassistant import data_entry_flow`
			`from homeassistant.components import websocket_api`
			`from homeassistant.core import callback, HomeAssistant`

Black 2019-07-31 19:25:30 +00:00			`WS_TYPE_SETUP_MFA = "auth/setup_mfa"`
			`SCHEMA_WS_SETUP_MFA = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend(`
			`{`
			`vol.Required("type"): WS_TYPE_SETUP_MFA,`
			`vol.Exclusive("mfa_module_id", "module_or_flow_id"): str,`
			`vol.Exclusive("flow_id", "module_or_flow_id"): str,`
			`vol.Optional("user_input"): object,`
			`}`
			`)`

			`WS_TYPE_DEPOSE_MFA = "auth/depose_mfa"`
			`SCHEMA_WS_DEPOSE_MFA = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend(`
			`{vol.Required("type"): WS_TYPE_DEPOSE_MFA, vol.Required("mfa_module_id"): str}`
			`)`

			`DATA_SETUP_FLOW_MGR = "auth_mfa_setup_flow_manager"`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
			`_LOGGER = logging.getLogger(__name__)`


			`async def async_setup(hass):`
			`"""Init mfa setup flow manager."""`
Black 2019-07-31 19:25:30 +00:00
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`async def _async_create_setup_flow(handler, context, data):`
Spelling fixes (#25666) 2019-08-02 21:20:07 +00:00			`"""Create a setup flow. handler is a mfa module."""`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`mfa_module = hass.auth.get_auth_mfa_module(handler)`
			`if mfa_module is None:`
Black 2019-07-31 19:25:30 +00:00			`raise ValueError("Mfa module {} is not found".format(handler))`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
Black 2019-07-31 19:25:30 +00:00			`user_id = data.pop("user_id")`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`return await mfa_module.async_setup_flow(user_id)`

			`async def _async_finish_setup_flow(flow, flow_result):`
Black 2019-07-31 19:25:30 +00:00			`_LOGGER.debug("flow_result: %s", flow_result)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`return flow_result`

			`hass.data[DATA_SETUP_FLOW_MGR] = data_entry_flow.FlowManager(`
Black 2019-07-31 19:25:30 +00:00			`hass, _async_create_setup_flow, _async_finish_setup_flow`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
			`hass.components.websocket_api.async_register_command(`
Black 2019-07-31 19:25:30 +00:00			`WS_TYPE_SETUP_MFA, websocket_setup_mfa, SCHEMA_WS_SETUP_MFA`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
			`hass.components.websocket_api.async_register_command(`
Black 2019-07-31 19:25:30 +00:00			`WS_TYPE_DEPOSE_MFA, websocket_depose_mfa, SCHEMA_WS_DEPOSE_MFA`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00

			`@callback`
			`@websocket_api.ws_require_user(allow_system_user=False)`
			`def websocket_setup_mfa(`
Black 2019-07-31 19:25:30 +00:00			`hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg`
			`):`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`"""Return a setup flow for mfa auth module."""`
Black 2019-07-31 19:25:30 +00:00
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`async def async_setup_flow(msg):`
			`"""Return a setup flow for mfa auth module."""`
			`flow_manager = hass.data[DATA_SETUP_FLOW_MGR]`

Black 2019-07-31 19:25:30 +00:00			`flow_id = msg.get("flow_id")`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`if flow_id is not None:`
Black 2019-07-31 19:25:30 +00:00			`result = await flow_manager.async_configure(flow_id, msg.get("user_input"))`
Break up websocket 2 (#17028) * Break up websocket 2 * Lint+Test * Lintttt * Rename 2018-10-01 14:09:31 +00:00			`connection.send_message(`
Black 2019-07-31 19:25:30 +00:00			`websocket_api.result_message(msg["id"], _prepare_result_json(result))`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`return`

Black 2019-07-31 19:25:30 +00:00			`mfa_module_id = msg.get("mfa_module_id")`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`mfa_module = hass.auth.get_auth_mfa_module(mfa_module_id)`
			`if mfa_module is None:`
Black 2019-07-31 19:25:30 +00:00			`connection.send_message(`
			`websocket_api.error_message(`
			`msg["id"],`
			`"no_module",`
			`"MFA module {} is not found".format(mfa_module_id),`
			`)`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`return`

			`result = await flow_manager.async_init(`
Black 2019-07-31 19:25:30 +00:00			`mfa_module_id, data={"user_id": connection.user.id}`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
Break up websocket 2 (#17028) * Break up websocket 2 * Lint+Test * Lintttt * Rename 2018-10-01 14:09:31 +00:00			`connection.send_message(`
Black 2019-07-31 19:25:30 +00:00			`websocket_api.result_message(msg["id"], _prepare_result_json(result))`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
			`hass.async_create_task(async_setup_flow(msg))`


			`@callback`
			`@websocket_api.ws_require_user(allow_system_user=False)`
			`def websocket_depose_mfa(`
Black 2019-07-31 19:25:30 +00:00			`hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg`
			`):`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`"""Remove user from mfa module."""`
Black 2019-07-31 19:25:30 +00:00
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`async def async_depose(msg):`
			`"""Remove user from mfa auth module."""`
Black 2019-07-31 19:25:30 +00:00			`mfa_module_id = msg["mfa_module_id"]`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`try:`
			`await hass.auth.async_disable_user_mfa(`
Black 2019-07-31 19:25:30 +00:00			`connection.user, msg["mfa_module_id"]`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`except ValueError as err:`
Black 2019-07-31 19:25:30 +00:00			`connection.send_message(`
			`websocket_api.error_message(`
			`msg["id"],`
			`"disable_failed",`
			`"Cannot disable MFA Module {}: {}".format(mfa_module_id, err),`
			`)`
			`)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`return`

Black 2019-07-31 19:25:30 +00:00			`connection.send_message(websocket_api.result_message(msg["id"], "done"))`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
			`hass.async_create_task(async_depose(msg))`


			`def _prepare_result_json(result):`
			`"""Convert result to JSON."""`
Black 2019-07-31 19:25:30 +00:00			`if result["type"] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY:`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`data = result.copy()`
			`return data`

Black 2019-07-31 19:25:30 +00:00			`if result["type"] != data_entry_flow.RESULT_TYPE_FORM:`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`return result`

			`import voluptuous_serialize`

			`data = result.copy()`

Black 2019-07-31 19:25:30 +00:00			`schema = data["data_schema"]`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`if schema is None:`
Black 2019-07-31 19:25:30 +00:00			`data["data_schema"] = []`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00			`else:`
Black 2019-07-31 19:25:30 +00:00			`data["data_schema"] = voluptuous_serialize.convert(schema)`
Add multi-factor auth module setup flow (#16141) * Add mfa setup flow * Lint * Address code review comment * Fix unit test * Add assertion for WS response ordering * Missed a return * Remove setup_schema from MFA base class * Move auth.util.validate_current_user -> webscoket_api.ws_require_user 2018-08-24 17:17:43 +00:00
			`return data`