core/homeassistant/auth/providers/insecure_example.py

"""Example auth provider."""
from __future__ import annotations

from collections.abc import Mapping
import hmac
from typing import Any, cast

import voluptuous as vol

from homeassistant.core import callback
from homeassistant.data_entry_flow import FlowResult
from homeassistant.exceptions import HomeAssistantError

from ..models import Credentials, UserMeta
from . import AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, AuthProvider, LoginFlow

USER_SCHEMA = vol.Schema(
    {
        vol.Required("username"): str,
        vol.Required("password"): str,
        vol.Optional("name"): str,
    }
)


CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend(
    {vol.Required("users"): [USER_SCHEMA]}, extra=vol.PREVENT_EXTRA
)


class InvalidAuthError(HomeAssistantError):
    """Raised when submitting invalid authentication."""


@AUTH_PROVIDERS.register("insecure_example")
class ExampleAuthProvider(AuthProvider):
    """Example auth provider based on hardcoded usernames and passwords."""

    async def async_login_flow(self, context: dict[str, Any] | None) -> LoginFlow:
        """Return a flow to login."""
        return ExampleLoginFlow(self)

    @callback
    def async_validate_login(self, username: str, password: str) -> None:
        """Validate a username and password."""
        user = None

        # Compare all users to avoid timing attacks.
        for usr in self.config["users"]:
            if hmac.compare_digest(
                username.encode("utf-8"), usr["username"].encode("utf-8")
            ):
                user = usr

        if user is None:
            # Do one more compare to make timing the same as if user was found.
            hmac.compare_digest(password.encode("utf-8"), password.encode("utf-8"))
            raise InvalidAuthError

        if not hmac.compare_digest(
            user["password"].encode("utf-8"), password.encode("utf-8")
        ):
            raise InvalidAuthError

    async def async_get_or_create_credentials(
        self, flow_result: Mapping[str, str]
    ) -> Credentials:
        """Get credentials based on the flow result."""
        username = flow_result["username"]

        for credential in await self.async_credentials():
            if credential.data["username"] == username:
                return credential

        # Create new credentials.
        return self.async_create_credentials({"username": username})

    async def async_user_meta_for_credentials(
        self, credentials: Credentials
    ) -> UserMeta:
        """Return extra user metadata for credentials.

        Will be used to populate info when creating a new user.
        """
        username = credentials.data["username"]
        name = None

        for user in self.config["users"]:
            if user["username"] == username:
                name = user.get("name")
                break

        return UserMeta(name=name, is_active=True)


class ExampleLoginFlow(LoginFlow):
    """Handler for the login flow."""

    async def async_step_init(
        self, user_input: dict[str, str] | None = None
    ) -> FlowResult:
        """Handle the step of the form."""
        errors = None

        if user_input is not None:
            try:
                cast(ExampleAuthProvider, self._auth_provider).async_validate_login(
                    user_input["username"], user_input["password"]
                )
            except InvalidAuthError:
                errors = {"base": "invalid_auth"}

            if not errors:
                user_input.pop("password")
                return await self.async_finish(user_input)

        return self.async_show_form(
            step_id="init",
            data_schema=vol.Schema(
                {
                    vol.Required("username"): str,
                    vol.Required("password"): str,
                }
            ),
            errors=errors,
        )
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Example auth provider."""`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`from __future__ import annotations`

Define data flow result type (#49260) * Define data flow result type * Revert explicit definitions * Fix tests * Specific mypy ignore 2021-04-15 17:17:07 +00:00			`from collections.abc import Mapping`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`import hmac`
Avoid some implicit generic Anys (#54577) 2021-08-16 21:12:06 +00:00			`from typing import Any, cast`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
			`import voluptuous as vol`

			`from homeassistant.core import callback`
Rename FlowResultDict to FlowResult (#49847) 2021-04-29 11:40:51 +00:00			`from homeassistant.data_entry_flow import FlowResult`
Sort imports according to PEP8 for 'homeassistant' folder (#29789) Components are already done 2019-12-09 15:42:10 +00:00			`from homeassistant.exceptions import HomeAssistantError`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`from ..models import Credentials, UserMeta`
Replace isort with ruff (#94302) 2023-06-08 21:43:56 +00:00			`from . import AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, AuthProvider, LoginFlow`
Reorg auth (#15443) 2018-07-13 09:43:08 +00:00
Black 2019-07-31 19:25:30 +00:00			`USER_SCHEMA = vol.Schema(`
			`{`
			`vol.Required("username"): str,`
			`vol.Required("password"): str,`
			`vol.Optional("name"): str,`
			`}`
			`)`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00

Black 2019-07-31 19:25:30 +00:00			`CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend(`
			`{vol.Required("users"): [USER_SCHEMA]}, extra=vol.PREVENT_EXTRA`
			`)`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00

Add local auth provider (#14365) * Add local auth provider * Lint * Docstring 2018-05-10 18:09:22 +00:00			`class InvalidAuthError(HomeAssistantError):`
			`"""Raised when submitting invalid authentication."""`


Black 2019-07-31 19:25:30 +00:00			`@AUTH_PROVIDERS.register("insecure_example")`
Reorg auth (#15443) 2018-07-13 09:43:08 +00:00			`class ExampleAuthProvider(AuthProvider):`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Example auth provider based on hardcoded usernames and passwords."""`

Avoid some implicit generic Anys (#54577) 2021-08-16 21:12:06 +00:00			`async def async_login_flow(self, context: dict[str, Any] \| None) -> LoginFlow:`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Return a flow to login."""`
Refactoring login flow (#16104) * Abstract LoginFlow * Lint and typings 2018-08-21 18:03:38 +00:00			`return ExampleLoginFlow(self)`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
			`@callback`
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`def async_validate_login(self, username: str, password: str) -> None:`
Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 (#14557) * Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 * Pydocstyle D401 fixes 2018-08-24 08:28:43 +00:00			`"""Validate a username and password."""`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`user = None`

			`# Compare all users to avoid timing attacks.`
Black 2019-07-31 19:25:30 +00:00			`for usr in self.config["users"]:`
			`if hmac.compare_digest(`
			`username.encode("utf-8"), usr["username"].encode("utf-8")`
			`):`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`user = usr`

			`if user is None:`
			`# Do one more compare to make timing the same as if user was found.`
Black 2019-07-31 19:25:30 +00:00			`hmac.compare_digest(password.encode("utf-8"), password.encode("utf-8"))`
Add local auth provider (#14365) * Add local auth provider * Lint * Docstring 2018-05-10 18:09:22 +00:00			`raise InvalidAuthError`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
Black 2019-07-31 19:25:30 +00:00			`if not hmac.compare_digest(`
			`user["password"].encode("utf-8"), password.encode("utf-8")`
			`):`
Add local auth provider (#14365) * Add local auth provider * Lint * Docstring 2018-05-10 18:09:22 +00:00			`raise InvalidAuthError`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`async def async_get_or_create_credentials(`
Define data flow result type (#49260) * Define data flow result type * Revert explicit definitions * Fix tests * Specific mypy ignore 2021-04-15 17:17:07 +00:00			`self, flow_result: Mapping[str, str]`
Black 2019-07-31 19:25:30 +00:00			`) -> Credentials:`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Get credentials based on the flow result."""`
Black 2019-07-31 19:25:30 +00:00			`username = flow_result["username"]`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
			`for credential in await self.async_credentials():`
Black 2019-07-31 19:25:30 +00:00			`if credential.data["username"] == username:`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`return credential`

			`# Create new credentials.`
Black 2019-07-31 19:25:30 +00:00			`return self.async_create_credentials({"username": username})`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`async def async_user_meta_for_credentials(`
Black 2019-07-31 19:25:30 +00:00			`self, credentials: Credentials`
			`) -> UserMeta:`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Return extra user metadata for credentials.`

			`Will be used to populate info when creating a new user.`
			`"""`
Black 2019-07-31 19:25:30 +00:00			`username = credentials.data["username"]`
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`name = None`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
Black 2019-07-31 19:25:30 +00:00			`for user in self.config["users"]:`
			`if user["username"] == username:`
			`name = user.get("name")`
Allow auth providers to influence is_active (#15557) * Allow auth providers to influence is_active * Fix auth script test 2018-07-19 20:10:36 +00:00			`break`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`return UserMeta(name=name, is_active=True)`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00

Refactoring login flow (#16104) * Abstract LoginFlow * Lint and typings 2018-08-21 18:03:38 +00:00			`class ExampleLoginFlow(LoginFlow):`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Handler for the login flow."""`

Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`async def async_step_init(`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`self, user_input: dict[str, str] \| None = None`
Rename FlowResultDict to FlowResult (#49847) 2021-04-29 11:40:51 +00:00			`) -> FlowResult:`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`"""Handle the step of the form."""`
Handle errors response to be None (#60679) Co-authored-by: Philip Allgaier <mail@spacegaier.de> Co-authored-by: Franck Nijhof <git@frenck.dev> 2021-12-01 12:51:10 +00:00			`errors = None`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
			`if user_input is not None:`
			`try:`
Black 2019-07-31 19:25:30 +00:00			`cast(ExampleAuthProvider, self._auth_provider).async_validate_login(`
			`user_input["username"], user_input["password"]`
			`)`
Add local auth provider (#14365) * Add local auth provider * Lint * Docstring 2018-05-10 18:09:22 +00:00			`except InvalidAuthError:`
Handle errors response to be None (#60679) Co-authored-by: Philip Allgaier <mail@spacegaier.de> Co-authored-by: Franck Nijhof <git@frenck.dev> 2021-12-01 12:51:10 +00:00			`errors = {"base": "invalid_auth"}`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
			`if not errors:`
Black 2019-07-31 19:25:30 +00:00			`user_input.pop("password")`
Refactoring login flow (#16104) * Abstract LoginFlow * Lint and typings 2018-08-21 18:03:38 +00:00			`return await self.async_finish(user_input)`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00
			`return self.async_show_form(`
Mark auth voluptuous schema fields as required (#57003) 2021-10-04 05:02:30 +00:00			`step_id="init",`
			`data_schema=vol.Schema(`
			`{`
			`vol.Required("username"): str,`
			`vol.Required("password"): str,`
			`}`
			`),`
			`errors=errors,`
Foundation for users (#13968) * Add initial user foundation to Home Assistant * Address comments * Address comments * Allow non-ascii passwords * One more utf-8 hmac compare digest * Add new line 2018-05-01 16:20:41 +00:00			`)`