2018-07-13 13:31:20 +00:00
|
|
|
"""Test config entries API."""
|
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
|
from homeassistant.auth import models as auth_models
|
|
|
|
|
from homeassistant.components.config import auth as auth_config
|
|
|
|
|
|
2018-10-08 14:35:38 +00:00
|
|
|
from tests.common import MockGroup, MockUser, CLIENT_ID
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
|
|
|
def setup_config(hass, aiohttp_client):
|
|
|
|
|
"""Fixture that sets up the auth provider homeassistant module."""
|
|
|
|
|
hass.loop.run_until_complete(auth_config.async_setup(hass))
|
|
|
|
|
|
|
|
|
|
|
2018-12-14 09:19:27 +00:00
|
|
|
async def test_list_requires_admin(hass, hass_ws_client,
|
|
|
|
|
hass_read_only_access_token):
|
2018-07-13 13:31:20 +00:00
|
|
|
"""Test get users requires auth."""
|
2018-12-14 09:19:27 +00:00
|
|
|
client = await hass_ws_client(hass, hass_read_only_access_token)
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_LIST,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
|
|
|
|
assert result['error']['code'] == 'unauthorized'
|
|
|
|
|
|
|
|
|
|
|
2018-12-02 15:32:53 +00:00
|
|
|
async def test_list(hass, hass_ws_client, hass_admin_user):
|
2018-07-13 13:31:20 +00:00
|
|
|
"""Test get users."""
|
2018-10-08 14:35:38 +00:00
|
|
|
group = MockGroup().add_to_hass(hass)
|
|
|
|
|
|
2018-07-13 13:31:20 +00:00
|
|
|
owner = MockUser(
|
|
|
|
|
id='abc',
|
|
|
|
|
name='Test Owner',
|
|
|
|
|
is_owner=True,
|
2018-10-08 14:35:38 +00:00
|
|
|
groups=[group],
|
2018-07-13 13:31:20 +00:00
|
|
|
).add_to_hass(hass)
|
|
|
|
|
|
|
|
|
|
owner.credentials.append(auth_models.Credentials(
|
|
|
|
|
auth_provider_type='homeassistant',
|
|
|
|
|
auth_provider_id=None,
|
|
|
|
|
data={},
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
system = MockUser(
|
|
|
|
|
id='efg',
|
|
|
|
|
name='Test Hass.io',
|
|
|
|
|
system_generated=True
|
|
|
|
|
).add_to_hass(hass)
|
|
|
|
|
|
|
|
|
|
inactive = MockUser(
|
|
|
|
|
id='hij',
|
|
|
|
|
name='Inactive User',
|
|
|
|
|
is_active=False,
|
2018-10-08 14:35:38 +00:00
|
|
|
groups=[group],
|
2018-07-13 13:31:20 +00:00
|
|
|
).add_to_hass(hass)
|
|
|
|
|
|
|
|
|
|
refresh_token = await hass.auth.async_create_refresh_token(
|
|
|
|
|
owner, CLIENT_ID)
|
|
|
|
|
access_token = hass.auth.async_create_access_token(refresh_token)
|
|
|
|
|
|
|
|
|
|
client = await hass_ws_client(hass, access_token)
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_LIST,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert result['success'], result
|
|
|
|
|
data = result['result']
|
2018-12-02 15:32:53 +00:00
|
|
|
assert len(data) == 4
|
2018-07-13 13:31:20 +00:00
|
|
|
assert data[0] == {
|
2018-12-02 15:32:53 +00:00
|
|
|
'id': hass_admin_user.id,
|
|
|
|
|
'name': 'Mock User',
|
|
|
|
|
'is_owner': False,
|
|
|
|
|
'is_active': True,
|
|
|
|
|
'system_generated': False,
|
|
|
|
|
'group_ids': [group.id for group in hass_admin_user.groups],
|
|
|
|
|
'credentials': []
|
|
|
|
|
}
|
|
|
|
|
assert data[1] == {
|
2018-07-13 13:31:20 +00:00
|
|
|
'id': owner.id,
|
|
|
|
|
'name': 'Test Owner',
|
|
|
|
|
'is_owner': True,
|
|
|
|
|
'is_active': True,
|
|
|
|
|
'system_generated': False,
|
2018-10-08 14:35:38 +00:00
|
|
|
'group_ids': [group.id for group in owner.groups],
|
2018-07-13 13:31:20 +00:00
|
|
|
'credentials': [{'type': 'homeassistant'}]
|
|
|
|
|
}
|
2018-12-02 15:32:53 +00:00
|
|
|
assert data[2] == {
|
2018-07-13 13:31:20 +00:00
|
|
|
'id': system.id,
|
|
|
|
|
'name': 'Test Hass.io',
|
|
|
|
|
'is_owner': False,
|
|
|
|
|
'is_active': True,
|
|
|
|
|
'system_generated': True,
|
2018-10-08 14:35:38 +00:00
|
|
|
'group_ids': [],
|
2018-07-13 13:31:20 +00:00
|
|
|
'credentials': [],
|
|
|
|
|
}
|
2018-12-02 15:32:53 +00:00
|
|
|
assert data[3] == {
|
2018-07-13 13:31:20 +00:00
|
|
|
'id': inactive.id,
|
|
|
|
|
'name': 'Inactive User',
|
|
|
|
|
'is_owner': False,
|
|
|
|
|
'is_active': False,
|
|
|
|
|
'system_generated': False,
|
2018-10-08 14:35:38 +00:00
|
|
|
'group_ids': [group.id for group in inactive.groups],
|
2018-07-13 13:31:20 +00:00
|
|
|
'credentials': [],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-12-14 09:19:27 +00:00
|
|
|
async def test_delete_requires_admin(hass, hass_ws_client,
|
|
|
|
|
hass_read_only_access_token):
|
2019-03-11 19:08:02 +00:00
|
|
|
"""Test delete command requires an admin."""
|
2018-12-14 09:19:27 +00:00
|
|
|
client = await hass_ws_client(hass, hass_read_only_access_token)
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_DELETE,
|
|
|
|
|
'user_id': 'abcd',
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
|
|
|
|
assert result['error']['code'] == 'unauthorized'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_delete_unable_self_account(hass, hass_ws_client,
|
|
|
|
|
hass_access_token):
|
|
|
|
|
"""Test we cannot delete our own account."""
|
|
|
|
|
client = await hass_ws_client(hass, hass_access_token)
|
2018-08-14 19:14:12 +00:00
|
|
|
refresh_token = await hass.auth.async_validate_access_token(
|
|
|
|
|
hass_access_token)
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_DELETE,
|
2018-08-14 19:14:12 +00:00
|
|
|
'user_id': refresh_token.user.id,
|
2018-07-13 13:31:20 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
2018-12-14 09:19:27 +00:00
|
|
|
assert result['error']['code'] == 'no_delete_self'
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_delete_unknown_user(hass, hass_ws_client, hass_access_token):
|
|
|
|
|
"""Test we cannot delete an unknown user."""
|
|
|
|
|
client = await hass_ws_client(hass, hass_access_token)
|
|
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_DELETE,
|
|
|
|
|
'user_id': 'abcd',
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
|
|
|
|
assert result['error']['code'] == 'not_found'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_delete(hass, hass_ws_client, hass_access_token):
|
|
|
|
|
"""Test delete command works."""
|
|
|
|
|
client = await hass_ws_client(hass, hass_access_token)
|
|
|
|
|
test_user = MockUser(
|
|
|
|
|
id='efg',
|
|
|
|
|
).add_to_hass(hass)
|
|
|
|
|
|
|
|
|
|
assert len(await hass.auth.async_get_users()) == 2
|
|
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_DELETE,
|
|
|
|
|
'user_id': test_user.id,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert result['success'], result
|
|
|
|
|
assert len(await hass.auth.async_get_users()) == 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_create(hass, hass_ws_client, hass_access_token):
|
|
|
|
|
"""Test create command works."""
|
|
|
|
|
client = await hass_ws_client(hass, hass_access_token)
|
|
|
|
|
|
|
|
|
|
assert len(await hass.auth.async_get_users()) == 1
|
|
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_CREATE,
|
|
|
|
|
'name': 'Paulus',
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert result['success'], result
|
|
|
|
|
assert len(await hass.auth.async_get_users()) == 2
|
|
|
|
|
data_user = result['result']['user']
|
|
|
|
|
user = await hass.auth.async_get_user(data_user['id'])
|
|
|
|
|
assert user is not None
|
|
|
|
|
assert user.name == data_user['name']
|
|
|
|
|
assert user.is_active
|
|
|
|
|
assert not user.is_owner
|
|
|
|
|
assert not user.system_generated
|
|
|
|
|
|
|
|
|
|
|
2018-12-14 09:19:27 +00:00
|
|
|
async def test_create_requires_admin(hass, hass_ws_client,
|
|
|
|
|
hass_read_only_access_token):
|
2019-03-11 19:08:02 +00:00
|
|
|
"""Test create command requires an admin."""
|
2018-12-14 09:19:27 +00:00
|
|
|
client = await hass_ws_client(hass, hass_read_only_access_token)
|
2018-07-13 13:31:20 +00:00
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': auth_config.WS_TYPE_CREATE,
|
|
|
|
|
'name': 'YO',
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
|
|
|
|
assert result['error']['code'] == 'unauthorized'
|
2019-03-11 19:08:02 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_update(hass, hass_ws_client):
|
|
|
|
|
"""Test update command works."""
|
|
|
|
|
client = await hass_ws_client(hass)
|
|
|
|
|
|
|
|
|
|
user = await hass.auth.async_create_user("Test user")
|
|
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': 'config/auth/update',
|
|
|
|
|
'user_id': user.id,
|
|
|
|
|
'name': 'Updated name',
|
|
|
|
|
'group_ids': ['system-read-only'],
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert result['success'], result
|
|
|
|
|
data_user = result['result']['user']
|
|
|
|
|
|
|
|
|
|
assert user.name == "Updated name"
|
|
|
|
|
assert data_user['name'] == "Updated name"
|
|
|
|
|
assert len(user.groups) == 1
|
|
|
|
|
assert user.groups[0].id == "system-read-only"
|
|
|
|
|
assert data_user['group_ids'] == ["system-read-only"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_update_requires_admin(hass, hass_ws_client,
|
|
|
|
|
hass_read_only_access_token):
|
|
|
|
|
"""Test update command requires an admin."""
|
|
|
|
|
client = await hass_ws_client(hass, hass_read_only_access_token)
|
|
|
|
|
|
|
|
|
|
user = await hass.auth.async_create_user("Test user")
|
|
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': 'config/auth/update',
|
|
|
|
|
'user_id': user.id,
|
|
|
|
|
'name': 'Updated name',
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
|
|
|
|
assert result['error']['code'] == 'unauthorized'
|
|
|
|
|
assert user.name == "Test user"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
async def test_update_system_generated(hass, hass_ws_client):
|
|
|
|
|
"""Test update command cannot update a system generated."""
|
|
|
|
|
client = await hass_ws_client(hass)
|
|
|
|
|
|
|
|
|
|
user = await hass.auth.async_create_system_user("Test user")
|
|
|
|
|
|
|
|
|
|
await client.send_json({
|
|
|
|
|
'id': 5,
|
|
|
|
|
'type': 'config/auth/update',
|
|
|
|
|
'user_id': user.id,
|
|
|
|
|
'name': 'Updated name',
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
result = await client.receive_json()
|
|
|
|
|
assert not result['success'], result
|
|
|
|
|
assert result['error']['code'] == 'cannot_modify_system_generated'
|
|
|
|
|
assert user.name == "Test user"
|
