2018-07-13 13:31:20 +00:00
|
|
|
"""Offer API to configure the Home Assistant auth provider."""
|
2022-10-19 02:15:55 +00:00
|
|
|
from typing import Any
|
|
|
|
|
|
2018-07-13 13:31:20 +00:00
|
|
|
import voluptuous as vol
|
|
|
|
|
|
|
|
|
|
from homeassistant.auth.providers import homeassistant as auth_ha
|
|
|
|
|
from homeassistant.components import websocket_api
|
2022-10-19 02:15:55 +00:00
|
|
|
from homeassistant.core import HomeAssistant
|
2020-08-25 11:49:32 +00:00
|
|
|
from homeassistant.exceptions import Unauthorized
|
2018-07-19 07:39:51 +00:00
|
|
|
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
async def async_setup(hass):
|
|
|
|
|
"""Enable the Home Assistant views."""
|
2022-01-11 17:24:08 +00:00
|
|
|
websocket_api.async_register_command(hass, websocket_create)
|
|
|
|
|
websocket_api.async_register_command(hass, websocket_delete)
|
|
|
|
|
websocket_api.async_register_command(hass, websocket_change_password)
|
|
|
|
|
websocket_api.async_register_command(hass, websocket_admin_change_password)
|
2018-07-13 13:31:20 +00:00
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
2022-10-19 02:15:55 +00:00
|
|
|
@websocket_api.websocket_command(
|
2020-08-25 11:49:32 +00:00
|
|
|
{
|
|
|
|
|
vol.Required("type"): "config/auth_provider/homeassistant/create",
|
|
|
|
|
vol.Required("user_id"): str,
|
|
|
|
|
vol.Required("username"): str,
|
|
|
|
|
vol.Required("password"): str,
|
|
|
|
|
}
|
|
|
|
|
)
|
2018-12-14 09:19:27 +00:00
|
|
|
@websocket_api.require_admin
|
2018-10-01 14:09:31 +00:00
|
|
|
@websocket_api.async_response
|
2022-10-19 02:15:55 +00:00
|
|
|
async def websocket_create(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
connection: websocket_api.ActiveConnection,
|
|
|
|
|
msg: dict[str, Any],
|
|
|
|
|
) -> None:
|
2018-07-13 13:31:20 +00:00
|
|
|
"""Create credentials and attach to a user."""
|
2020-08-25 12:22:50 +00:00
|
|
|
provider = auth_ha.async_get_provider(hass)
|
2018-10-01 14:09:31 +00:00
|
|
|
|
2021-10-31 17:35:27 +00:00
|
|
|
if (user := await hass.auth.async_get_user(msg["user_id"])) is None:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(msg["id"], "not_found", "User not found")
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
2018-07-13 13:31:20 +00:00
|
|
|
|
2018-10-01 14:09:31 +00:00
|
|
|
if user.system_generated:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(
|
|
|
|
|
msg["id"],
|
|
|
|
|
"system_generated",
|
|
|
|
|
"Cannot add credentials to a system generated user.",
|
2019-07-31 19:25:30 +00:00
|
|
|
)
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
try:
|
2020-08-25 11:49:32 +00:00
|
|
|
await provider.async_add_auth(msg["username"], msg["password"])
|
2018-10-01 14:09:31 +00:00
|
|
|
except auth_ha.InvalidUser:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(msg["id"], "username_exists", "Username already exists")
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
|
|
|
|
|
2019-07-31 19:25:30 +00:00
|
|
|
credentials = await provider.async_get_or_create_credentials(
|
|
|
|
|
{"username": msg["username"]}
|
|
|
|
|
)
|
2018-10-01 14:09:31 +00:00
|
|
|
await hass.auth.async_link_user(user, credentials)
|
|
|
|
|
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_result(msg["id"])
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
|
2022-10-19 02:15:55 +00:00
|
|
|
@websocket_api.websocket_command(
|
2020-08-25 11:49:32 +00:00
|
|
|
{
|
|
|
|
|
vol.Required("type"): "config/auth_provider/homeassistant/delete",
|
|
|
|
|
vol.Required("username"): str,
|
|
|
|
|
}
|
|
|
|
|
)
|
2018-12-14 09:19:27 +00:00
|
|
|
@websocket_api.require_admin
|
2018-10-01 14:09:31 +00:00
|
|
|
@websocket_api.async_response
|
2022-10-19 02:15:55 +00:00
|
|
|
async def websocket_delete(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
connection: websocket_api.ActiveConnection,
|
|
|
|
|
msg: dict[str, Any],
|
|
|
|
|
) -> None:
|
2018-07-13 13:31:20 +00:00
|
|
|
"""Delete username and related credential."""
|
2020-08-25 12:22:50 +00:00
|
|
|
provider = auth_ha.async_get_provider(hass)
|
2019-07-31 19:25:30 +00:00
|
|
|
credentials = await provider.async_get_or_create_credentials(
|
|
|
|
|
{"username": msg["username"]}
|
|
|
|
|
)
|
2018-07-19 07:39:51 +00:00
|
|
|
|
2018-10-01 14:09:31 +00:00
|
|
|
# if not new, an existing credential exists.
|
|
|
|
|
# Removing the credential will also remove the auth.
|
|
|
|
|
if not credentials.is_new:
|
|
|
|
|
await hass.auth.async_remove_credentials(credentials)
|
2018-07-19 07:39:51 +00:00
|
|
|
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_result(msg["id"])
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
2018-07-19 07:39:51 +00:00
|
|
|
|
2018-10-01 14:09:31 +00:00
|
|
|
try:
|
2020-08-25 11:49:32 +00:00
|
|
|
await provider.async_remove_auth(msg["username"])
|
2018-10-01 14:09:31 +00:00
|
|
|
except auth_ha.InvalidUser:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(
|
|
|
|
|
msg["id"], "auth_not_found", "Given username was not found."
|
2019-07-31 19:25:30 +00:00
|
|
|
)
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
|
|
|
|
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_result(msg["id"])
|
2018-07-19 07:39:51 +00:00
|
|
|
|
|
|
|
|
|
2022-10-19 02:15:55 +00:00
|
|
|
@websocket_api.websocket_command(
|
2020-08-25 11:49:32 +00:00
|
|
|
{
|
|
|
|
|
vol.Required("type"): "config/auth_provider/homeassistant/change_password",
|
|
|
|
|
vol.Required("current_password"): str,
|
|
|
|
|
vol.Required("new_password"): str,
|
|
|
|
|
}
|
|
|
|
|
)
|
2018-10-01 14:09:31 +00:00
|
|
|
@websocket_api.async_response
|
2022-10-19 02:15:55 +00:00
|
|
|
async def websocket_change_password(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
connection: websocket_api.ActiveConnection,
|
|
|
|
|
msg: dict[str, Any],
|
|
|
|
|
) -> None:
|
2020-08-25 11:49:32 +00:00
|
|
|
"""Change current user password."""
|
2021-10-17 17:56:00 +00:00
|
|
|
if (user := connection.user) is None:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(msg["id"], "user_not_found", "User not found")
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
|
|
|
|
|
2020-08-25 12:22:50 +00:00
|
|
|
provider = auth_ha.async_get_provider(hass)
|
2018-10-01 14:09:31 +00:00
|
|
|
username = None
|
|
|
|
|
for credential in user.credentials:
|
|
|
|
|
if credential.auth_provider_type == provider.type:
|
2019-07-31 19:25:30 +00:00
|
|
|
username = credential.data["username"]
|
2018-10-01 14:09:31 +00:00
|
|
|
break
|
|
|
|
|
|
|
|
|
|
if username is None:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(
|
|
|
|
|
msg["id"], "credentials_not_found", "Credentials not found"
|
2019-07-31 19:25:30 +00:00
|
|
|
)
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
try:
|
2019-07-31 19:25:30 +00:00
|
|
|
await provider.async_validate_login(username, msg["current_password"])
|
2018-10-01 14:09:31 +00:00
|
|
|
except auth_ha.InvalidAuth:
|
2020-12-02 13:24:47 +00:00
|
|
|
connection.send_error(
|
|
|
|
|
msg["id"], "invalid_current_password", "Invalid current password"
|
|
|
|
|
)
|
2018-10-01 14:09:31 +00:00
|
|
|
return
|
|
|
|
|
|
2020-08-25 11:49:32 +00:00
|
|
|
await provider.async_change_password(username, msg["new_password"])
|
2018-10-01 14:09:31 +00:00
|
|
|
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_result(msg["id"])
|
2020-08-25 11:49:32 +00:00
|
|
|
|
|
|
|
|
|
2022-10-19 02:15:55 +00:00
|
|
|
@websocket_api.websocket_command(
|
2020-08-25 11:49:32 +00:00
|
|
|
{
|
|
|
|
|
vol.Required(
|
|
|
|
|
"type"
|
|
|
|
|
): "config/auth_provider/homeassistant/admin_change_password",
|
2020-08-26 21:37:33 +00:00
|
|
|
vol.Required("user_id"): str,
|
2020-08-25 11:49:32 +00:00
|
|
|
vol.Required("password"): str,
|
|
|
|
|
}
|
|
|
|
|
)
|
2022-10-19 02:15:55 +00:00
|
|
|
@websocket_api.require_admin
|
|
|
|
|
@websocket_api.async_response
|
|
|
|
|
async def websocket_admin_change_password(
|
|
|
|
|
hass: HomeAssistant,
|
|
|
|
|
connection: websocket_api.ActiveConnection,
|
|
|
|
|
msg: dict[str, Any],
|
|
|
|
|
) -> None:
|
2020-08-25 11:49:32 +00:00
|
|
|
"""Change password of any user."""
|
|
|
|
|
if not connection.user.is_owner:
|
|
|
|
|
raise Unauthorized(context=connection.context(msg))
|
|
|
|
|
|
2021-10-31 17:35:27 +00:00
|
|
|
if (user := await hass.auth.async_get_user(msg["user_id"])) is None:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(msg["id"], "user_not_found", "User not found")
|
|
|
|
|
return
|
|
|
|
|
|
2020-08-25 12:22:50 +00:00
|
|
|
provider = auth_ha.async_get_provider(hass)
|
2020-08-26 21:37:33 +00:00
|
|
|
|
|
|
|
|
username = None
|
|
|
|
|
for credential in user.credentials:
|
|
|
|
|
if credential.auth_provider_type == provider.type:
|
|
|
|
|
username = credential.data["username"]
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
if username is None:
|
|
|
|
|
connection.send_error(
|
|
|
|
|
msg["id"], "credentials_not_found", "Credentials not found"
|
|
|
|
|
)
|
|
|
|
|
return
|
|
|
|
|
|
2020-08-25 11:49:32 +00:00
|
|
|
try:
|
2020-08-26 21:37:33 +00:00
|
|
|
await provider.async_change_password(username, msg["password"])
|
|
|
|
|
connection.send_result(msg["id"])
|
2020-08-25 11:49:32 +00:00
|
|
|
except auth_ha.InvalidUser:
|
2020-08-26 21:37:33 +00:00
|
|
|
connection.send_error(
|
|
|
|
|
msg["id"], "credentials_not_found", "Credentials not found"
|
2020-08-25 11:49:32 +00:00
|
|
|
)
|
|
|
|
|
return
|
