Disambiguate Supervisor HTTPUnauthorized on user/password validation (#44940)

* Disambiguate HTTPUnauthorized on user/password validation

The HA core API usually returns 401 when the request does not
have proper authentication tokens or they have expired.

However the user/password validation endpoint may also return
401 when the given user/password is invalid.

The supervisor is currently unable to distinguish both scenarios,
and it needs to.

See https://github.com/home-assistant/supervisor/issues/2408

* Return 404 if user& password are not found/valid

* Fix test for invalid user/password

homeassistant/components/hassio/auth.py

@@ -82,7 +82,7 @@ class HassIOAuth(HassIOBaseAuth):
                 data[ATTR_USERNAME], data[ATTR_PASSWORD]
             )
         except auth_ha.InvalidAuth:
-            raise HTTPUnauthorized() from None
+            raise HTTPNotFound() from None
 
         return web.Response(status=HTTP_OK)
 

tests/components/hassio/test_auth.py

@@ -66,7 +66,7 @@ async def test_login_error(hass, hassio_client_supervisor):
         )
 
         # Check we got right response
-        assert resp.status == 401
+        assert resp.status == 404
         mock_login.assert_called_with("test", "123456")