core/homeassistant/auth/providers/trusted_networks.py

"""Trusted Networks auth provider.

It shows list of users if access from trusted network.
Abort login flow if not access from trusted network.
"""
from __future__ import annotations

from collections.abc import Mapping
from ipaddress import (
    IPv4Address,
    IPv4Network,
    IPv6Address,
    IPv6Network,
    ip_address,
    ip_network,
)
from typing import Any, Dict, List, Union, cast

import voluptuous as vol

from homeassistant.core import callback
from homeassistant.data_entry_flow import FlowResult
from homeassistant.exceptions import HomeAssistantError
import homeassistant.helpers.config_validation as cv

from . import AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, AuthProvider, LoginFlow
from .. import InvalidAuthError
from ..models import Credentials, RefreshToken, UserMeta

# mypy: disallow-any-generics

IPAddress = Union[IPv4Address, IPv6Address]
IPNetwork = Union[IPv4Network, IPv6Network]

CONF_TRUSTED_NETWORKS = "trusted_networks"
CONF_TRUSTED_USERS = "trusted_users"
CONF_GROUP = "group"
CONF_ALLOW_BYPASS_LOGIN = "allow_bypass_login"

CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend(
    {
        vol.Required(CONF_TRUSTED_NETWORKS): vol.All(cv.ensure_list, [ip_network]),
        vol.Optional(CONF_TRUSTED_USERS, default={}): vol.Schema(
            # we only validate the format of user_id or group_id
            {
                ip_network: vol.All(
                    cv.ensure_list,
                    [
                        vol.Or(
                            cv.uuid4_hex,
                            vol.Schema({vol.Required(CONF_GROUP): cv.uuid4_hex}),
                        )
                    ],
                )
            }
        ),
        vol.Optional(CONF_ALLOW_BYPASS_LOGIN, default=False): cv.boolean,
    },
    extra=vol.PREVENT_EXTRA,
)


class InvalidUserError(HomeAssistantError):
    """Raised when try to login as invalid user."""


@AUTH_PROVIDERS.register("trusted_networks")
class TrustedNetworksAuthProvider(AuthProvider):
    """Trusted Networks auth provider.

    Allow passwordless access from trusted network.
    """

    DEFAULT_TITLE = "Trusted Networks"

    @property
    def trusted_networks(self) -> list[IPNetwork]:
        """Return trusted networks."""
        return cast(List[IPNetwork], self.config[CONF_TRUSTED_NETWORKS])

    @property
    def trusted_users(self) -> dict[IPNetwork, Any]:
        """Return trusted users per network."""
        return cast(Dict[IPNetwork, Any], self.config[CONF_TRUSTED_USERS])

    @property
    def trusted_proxies(self) -> list[IPNetwork]:
        """Return trusted proxies in the system."""
        if not self.hass.http:
            return []

        return [
            ip_network(trusted_proxy)
            for trusted_proxy in self.hass.http.trusted_proxies
        ]

    @property
    def support_mfa(self) -> bool:
        """Trusted Networks auth provider does not support MFA."""
        return False

    async def async_login_flow(self, context: dict[str, Any] | None) -> LoginFlow:
        """Return a flow to login."""
        assert context is not None
        ip_addr = cast(IPAddress, context.get("ip_address"))
        users = await self.store.async_get_users()
        available_users = [
            user for user in users if not user.system_generated and user.is_active
        ]
        for ip_net, user_or_group_list in self.trusted_users.items():
            if ip_addr not in ip_net:
                continue

            user_list = [
                user_id for user_id in user_or_group_list if isinstance(user_id, str)
            ]
            group_list = [
                group[CONF_GROUP]
                for group in user_or_group_list
                if isinstance(group, dict)
            ]
            flattened_group_list = [
                group for sublist in group_list for group in sublist
            ]
            available_users = [
                user
                for user in available_users
                if (
                    user.id in user_list
                    or any(group.id in flattened_group_list for group in user.groups)
                )
            ]
            break

        return TrustedNetworksLoginFlow(
            self,
            ip_addr,
            {user.id: user.name for user in available_users},
            self.config[CONF_ALLOW_BYPASS_LOGIN],
        )

    async def async_get_or_create_credentials(
        self, flow_result: Mapping[str, str]
    ) -> Credentials:
        """Get credentials based on the flow result."""
        user_id = flow_result["user"]

        users = await self.store.async_get_users()
        for user in users:
            if user.id != user_id:
                continue

            if user.system_generated:
                continue

            if not user.is_active:
                continue

            for credential in await self.async_credentials():
                if credential.data["user_id"] == user_id:
                    return credential

            cred = self.async_create_credentials({"user_id": user_id})
            await self.store.async_link_user(user, cred)
            return cred

        # We only allow login as exist user
        raise InvalidUserError

    async def async_user_meta_for_credentials(
        self, credentials: Credentials
    ) -> UserMeta:
        """Return extra user metadata for credentials.

        Trusted network auth provider should never create new user.
        """
        raise NotImplementedError

    @callback
    def async_validate_access(self, ip_addr: IPAddress) -> None:
        """Make sure the access from trusted networks.

        Raise InvalidAuthError if not.
        Raise InvalidAuthError if trusted_networks is not configured.
        """
        if not self.trusted_networks:
            raise InvalidAuthError("trusted_networks is not configured")

        if not any(
            ip_addr in trusted_network for trusted_network in self.trusted_networks
        ):
            raise InvalidAuthError("Not in trusted_networks")

        if any(ip_addr in trusted_proxy for trusted_proxy in self.trusted_proxies):
            raise InvalidAuthError("Can't allow access from a proxy server")

    @callback
    def async_validate_refresh_token(
        self, refresh_token: RefreshToken, remote_ip: str | None = None
    ) -> None:
        """Verify a refresh token is still valid."""
        if remote_ip is None:
            raise InvalidAuthError(
                "Unknown remote ip can't be used for trusted network provider."
            )
        self.async_validate_access(ip_address(remote_ip))


class TrustedNetworksLoginFlow(LoginFlow):
    """Handler for the login flow."""

    def __init__(
        self,
        auth_provider: TrustedNetworksAuthProvider,
        ip_addr: IPAddress,
        available_users: dict[str, str | None],
        allow_bypass_login: bool,
    ) -> None:
        """Initialize the login flow."""
        super().__init__(auth_provider)
        self._available_users = available_users
        self._ip_address = ip_addr
        self._allow_bypass_login = allow_bypass_login

    async def async_step_init(
        self, user_input: dict[str, str] | None = None
    ) -> FlowResult:
        """Handle the step of the form."""
        try:
            cast(
                TrustedNetworksAuthProvider, self._auth_provider
            ).async_validate_access(self._ip_address)

        except InvalidAuthError:
            return self.async_abort(reason="not_allowed")

        if user_input is not None:
            return await self.async_finish(user_input)

        if self._allow_bypass_login and len(self._available_users) == 1:
            return await self.async_finish(
                {"user": next(iter(self._available_users.keys()))}
            )

        return self.async_show_form(
            step_id="init",
            data_schema=vol.Schema({"user": vol.In(self._available_users)}),
        )
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Trusted Networks auth provider.`

			`It shows list of users if access from trusted network.`
			`Abort login flow if not access from trusted network.`
			`"""`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`from __future__ import annotations`

Define data flow result type (#49260) * Define data flow result type * Revert explicit definitions * Fix tests * Specific mypy ignore 2021-04-15 17:17:07 +00:00			`from collections.abc import Mapping`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 11:06:20 +00:00			`from ipaddress import (`
			`IPv4Address,`
			`IPv4Network,`
			`IPv6Address,`
			`IPv6Network,`
			`ip_address,`
			`ip_network,`
			`)`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`from typing import Any, Dict, List, Union, cast`
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`import voluptuous as vol`

			`from homeassistant.core import callback`
Rename FlowResultDict to FlowResult (#49847) 2021-04-29 11:40:51 +00:00			`from homeassistant.data_entry_flow import FlowResult`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`from homeassistant.exceptions import HomeAssistantError`
Sort imports according to PEP8 for 'homeassistant' folder (#29789) Components are already done 2019-12-09 15:42:10 +00:00			`import homeassistant.helpers.config_validation as cv`

			`from . import AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, AuthProvider, LoginFlow`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 11:06:20 +00:00			`from .. import InvalidAuthError`
			`from ..models import Credentials, RefreshToken, UserMeta`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Avoid some implicit generic Anys (#54577) 2021-08-16 21:12:06 +00:00			`# mypy: disallow-any-generics`

Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00			`IPAddress = Union[IPv4Address, IPv6Address]`
			`IPNetwork = Union[IPv4Network, IPv6Network]`

Black 2019-07-31 19:25:30 +00:00			`CONF_TRUSTED_NETWORKS = "trusted_networks"`
			`CONF_TRUSTED_USERS = "trusted_users"`
			`CONF_GROUP = "group"`
			`CONF_ALLOW_BYPASS_LOGIN = "allow_bypass_login"`

			`CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend(`
			`{`
			`vol.Required(CONF_TRUSTED_NETWORKS): vol.All(cv.ensure_list, [ip_network]),`
			`vol.Optional(CONF_TRUSTED_USERS, default={}): vol.Schema(`
			`# we only validate the format of user_id or group_id`
			`{`
			`ip_network: vol.All(`
			`cv.ensure_list,`
			`[`
			`vol.Or(`
			`cv.uuid4_hex,`
			`vol.Schema({vol.Required(CONF_GROUP): cv.uuid4_hex}),`
			`)`
			`],`
			`)`
			`}`
			`),`
			`vol.Optional(CONF_ALLOW_BYPASS_LOGIN, default=False): cv.boolean,`
			`},`
			`extra=vol.PREVENT_EXTRA,`
			`)`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00

			`class InvalidUserError(HomeAssistantError):`
			`"""Raised when try to login as invalid user."""`


Black 2019-07-31 19:25:30 +00:00			`@AUTH_PROVIDERS.register("trusted_networks")`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`class TrustedNetworksAuthProvider(AuthProvider):`
			`"""Trusted Networks auth provider.`

			`Allow passwordless access from trusted network.`
			`"""`

Black 2019-07-31 19:25:30 +00:00			`DEFAULT_TITLE = "Trusted Networks"`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00			`@property`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`def trusted_networks(self) -> list[IPNetwork]:`
Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00			`"""Return trusted networks."""`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`return cast(List[IPNetwork], self.config[CONF_TRUSTED_NETWORKS])`

			`@property`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`def trusted_users(self) -> dict[IPNetwork, Any]:`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`"""Return trusted users per network."""`
			`return cast(Dict[IPNetwork, Any], self.config[CONF_TRUSTED_USERS])`
Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00
Reject trusted network access from proxies (#52388) 2021-07-02 09:49:42 +00:00			`@property`
			`def trusted_proxies(self) -> list[IPNetwork]:`
			`"""Return trusted proxies in the system."""`
			`if not self.hass.http:`
			`return []`

			`return [`
			`ip_network(trusted_proxy)`
			`for trusted_proxy in self.hass.http.trusted_proxies`
			`]`

Add multi-factor authentication modules (#15489) * Get user after login flow finished * Add multi factor authentication support * Typings 2018-08-22 07:52:34 +00:00			`@property`
			`def support_mfa(self) -> bool:`
			`"""Trusted Networks auth provider does not support MFA."""`
			`return False`

Avoid some implicit generic Anys (#54577) 2021-08-16 21:12:06 +00:00			`async def async_login_flow(self, context: dict[str, Any] \| None) -> LoginFlow:`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Return a flow to login."""`
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`assert context is not None`
Black 2019-07-31 19:25:30 +00:00			`ip_addr = cast(IPAddress, context.get("ip_address"))`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`users = await self.store.async_get_users()`
Black 2019-07-31 19:25:30 +00:00			`available_users = [`
			`user for user in users if not user.system_generated and user.is_active`
			`]`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`for ip_net, user_or_group_list in self.trusted_users.items():`
Trusted networks auth provider warns if detects a requests with x-forwarded-for header while the http integration is not configured for reverse proxies (#51319) * Trusted networks auth provider to require http integration configured for proxies to allow logging in with requests with x-forwarded-for header * Make it a warning 2021-06-01 10:51:44 +00:00			`if ip_addr not in ip_net:`
			`continue`

			`user_list = [`
			`user_id for user_id in user_or_group_list if isinstance(user_id, str)`
			`]`
			`group_list = [`
			`group[CONF_GROUP]`
			`for group in user_or_group_list`
			`if isinstance(group, dict)`
			`]`
			`flattened_group_list = [`
			`group for sublist in group_list for group in sublist`
			`]`
			`available_users = [`
			`user`
			`for user in available_users`
			`if (`
			`user.id in user_list`
			`or any(group.id in flattened_group_list for group in user.groups)`
			`)`
			`]`
			`break`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Refactoring login flow (#16104) * Abstract LoginFlow * Lint and typings 2018-08-21 18:03:38 +00:00			`return TrustedNetworksLoginFlow(`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`self,`
			`ip_addr,`
Black 2019-07-31 19:25:30 +00:00			`{user.id: user.name for user in available_users},`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`self.config[CONF_ALLOW_BYPASS_LOGIN],`
			`)`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`async def async_get_or_create_credentials(`
Define data flow result type (#49260) * Define data flow result type * Revert explicit definitions * Fix tests * Specific mypy ignore 2021-04-15 17:17:07 +00:00			`self, flow_result: Mapping[str, str]`
Black 2019-07-31 19:25:30 +00:00			`) -> Credentials:`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Get credentials based on the flow result."""`
Black 2019-07-31 19:25:30 +00:00			`user_id = flow_result["user"]`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
			`users = await self.store.async_get_users()`
			`for user in users:`
Trusted networks auth provider warns if detects a requests with x-forwarded-for header while the http integration is not configured for reverse proxies (#51319) * Trusted networks auth provider to require http integration configured for proxies to allow logging in with requests with x-forwarded-for header * Make it a warning 2021-06-01 10:51:44 +00:00			`if user.id != user_id:`
			`continue`

			`if user.system_generated:`
			`continue`

			`if not user.is_active:`
			`continue`

			`for credential in await self.async_credentials():`
			`if credential.data["user_id"] == user_id:`
			`return credential`

			`cred = self.async_create_credentials({"user_id": user_id})`
			`await self.store.async_link_user(user, cred)`
			`return cred`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
			`# We only allow login as exist user`
			`raise InvalidUserError`

Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`async def async_user_meta_for_credentials(`
Black 2019-07-31 19:25:30 +00:00			`self, credentials: Credentials`
			`) -> UserMeta:`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Return extra user metadata for credentials.`

			`Trusted network auth provider should never create new user.`
			`"""`
			`raise NotImplementedError`

			`@callback`
Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00			`def async_validate_access(self, ip_addr: IPAddress) -> None:`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Make sure the access from trusted networks.`

			`Raise InvalidAuthError if not.`
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`Raise InvalidAuthError if trusted_networks is not configured.`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""`
Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00			`if not self.trusted_networks:`
Black 2019-07-31 19:25:30 +00:00			`raise InvalidAuthError("trusted_networks is not configured")`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Black 2019-07-31 19:25:30 +00:00			`if not any(`
			`ip_addr in trusted_network for trusted_network in self.trusted_networks`
			`):`
			`raise InvalidAuthError("Not in trusted_networks")`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Reject trusted network access from proxies (#52388) 2021-07-02 09:49:42 +00:00			`if any(ip_addr in trusted_proxy for trusted_proxy in self.trusted_proxies):`
			`raise InvalidAuthError("Can't allow access from a proxy server")`

Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 11:06:20 +00:00			`@callback`
			`def async_validate_refresh_token(`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`self, refresh_token: RefreshToken, remote_ip: str \| None = None`
Support blocking trusted network from new ip (#44630) Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io> 2021-01-28 11:06:20 +00:00			`) -> None:`
			`"""Verify a refresh token is still valid."""`
			`if remote_ip is None:`
			`raise InvalidAuthError(`
			`"Unknown remote ip can't be used for trusted network provider."`
			`)`
			`self.async_validate_access(ip_address(remote_ip))`

Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Refactoring login flow (#16104) * Abstract LoginFlow * Lint and typings 2018-08-21 18:03:38 +00:00			`class TrustedNetworksLoginFlow(LoginFlow):`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Handler for the login flow."""`

Black 2019-07-31 19:25:30 +00:00			`def __init__(`
			`self,`
			`auth_provider: TrustedNetworksAuthProvider,`
			`ip_addr: IPAddress,`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`available_users: dict[str, str \| None],`
Black 2019-07-31 19:25:30 +00:00			`allow_bypass_login: bool,`
			`) -> None:`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Initialize the login flow."""`
Refactoring login flow (#16104) * Abstract LoginFlow * Lint and typings 2018-08-21 18:03:38 +00:00			`super().__init__(auth_provider)`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`self._available_users = available_users`
Add config for trusted networks auth provider (#21111) * Add config for trusted networks auth provider * Lint * Fix typing * Fix pylint * Fix lint * Add some log information * Add http.trusted_networks deprecated warning * Remove log info * Lint 2019-02-26 22:42:48 +00:00			`self._ip_address = ip_addr`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`self._allow_bypass_login = allow_bypass_login`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Add type hints to homeassistant.auth (#15853) * Always load users in auth store before use * Use namedtuple instead of dict for user meta * Ignore auth store tokens with invalid created_at * Add type hints to homeassistant.auth 2018-08-16 20:25:41 +00:00			`async def async_step_init(`
Update typing 03 (#48015) 2021-03-17 20:46:07 +00:00			`self, user_input: dict[str, str] \| None = None`
Rename FlowResultDict to FlowResult (#49847) 2021-04-29 11:40:51 +00:00			`) -> FlowResult:`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`"""Handle the step of the form."""`
			`try:`
Black 2019-07-31 19:25:30 +00:00			`cast(`
			`TrustedNetworksAuthProvider, self._auth_provider`
			`).async_validate_access(self._ip_address)`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
			`except InvalidAuthError:`
Drop white blacklist pt1 (#37816) 2020-07-13 15:43:11 +00:00			`return self.async_abort(reason="not_allowed")`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
			`if user_input is not None:`
Update trusted networks flow (#16227) * Update the trusted networks flow * Fix tests * Remove errors 2018-08-27 22:37:15 +00:00			`return await self.async_finish(user_input)`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00			`if self._allow_bypass_login and len(self._available_users) == 1:`
Black 2019-07-31 19:25:30 +00:00			`return await self.async_finish(`
			`{"user": next(iter(self._available_users.keys()))}`
			`)`
Add trusted_users in trusted networks auth provider (#22478) 2019-03-28 04:53:11 +00:00
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`return self.async_show_form(`
Black 2019-07-31 19:25:30 +00:00			`step_id="init",`
			`data_schema=vol.Schema({"user": vol.In(self._available_users)}),`
Add trusted networks auth provider (#15812) * Add context to login flow * Add trusted networks auth provider * source -> context 2018-08-13 10:40:06 +00:00			`)`