8ed1a29c82
Drop white blacklist pt1 ( #37816 )
2020-07-13 17:43:11 +02:00
2af984917e
Use asynctest-mock in most places ( #35109 )
...
* Use asynctest-mock in most places
* Fix broken patch in pilight
2020-05-03 11:27:19 -07:00
ec47216388
Use built-in test helpers on 3.8 ( #34901 )
2020-04-30 13:29:50 -07:00
e7f8d6bbf7
Fix more tests on Python 3.8 ( #34703 )
2020-04-25 15:52:50 -07:00
952aa02e37
Add ability to specify group when creating user ( #33373 )
...
* Add abbility to specify group when creating user
* Fix tests
* Not default admin and tests
2020-03-30 20:33:43 +02:00
0173c61fee
Spelling: Config(uration) ( #31782 )
2020-02-13 08:27:00 -08:00
df7d2b3aeb
Fix typos found by codespell ( #31243 )
...
* Fix typos found by codespell
* Fix typos found by codespell
* codespell: Furture ==> Future
* Update test_config_flow.py
* Update __init__.py
* Spellcheck: successfull ==> successful
* Codespell: unsuccesful ==> unsuccessful
* Codespell: cant ==> can't
* Codespell: firware ==> firmware
* Codespell: mimick ==> mimic
2020-01-31 08:33:00 -08:00
5216477353
Be consistent with Home Assistant and Hass.io spelling ( #30500 )
...
* Be consistent with Home Assistant spelling
* Be consistent with Hass.io spelling
2020-01-05 14:09:17 +02:00
f60125b5c9
Sort imports according to PEP8 for 'tests' ( #29791 )
2019-12-09 16:52:24 +01:00
4de97abc3a
Black
2019-07-31 12:25:30 -07:00
5b0ee473b6
Add get_states faster ( #23315 )
2019-04-23 12:46:22 +02:00
6ba2891604
Add trusted_users in trusted networks auth provider ( #22478 )
2019-03-27 21:53:11 -07:00
4f5446ff02
Add area permission check ( #21835 )
2019-03-11 11:02:37 -07:00
fe1840f901
Deprecate http.api_password ( #21884 )
...
* Deprecated http.api_password
* Deprecated ApiConfig.api_password
GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it
* Trigger CI
* Adjust if- elif chain in auth middleware
2019-03-10 19:55:36 -07:00
5b2c6648fb
Add user group ( #21832 )
...
* Add user group
* Rename system group to plural
2019-03-09 20:07:29 -08:00
3d8673dbf8
Resolve auth_store loading race condition ( #21794 )
...
* Add lock in auth_store._async_load()
* Python 3.5 does not like assert_called_once()
2019-03-08 14:50:24 -08:00
4a3b4cf346
Resolve race condition when HA auth provider is loading ( #21619 )
...
* Resolve race condition when HA auth provider is loading
* Fix
* Add more tests
* Lint
2019-03-04 15:55:26 -08:00
7bae76843c
Add config for trusted networks auth provider ( #21111 )
...
* Add config for trusted networks auth provider
* Lint
* Fix typing
* Fix pylint
* Fix lint
* Add some log information
* Add http.trusted_networks deprecated warning
* Remove log info
* Lint
2019-02-26 14:42:48 -08:00
06f3e8137a
Added command_line auth provider that validates credentials by calling a command ( #19985 )
...
* Added external auth provider that calls a configurable program
Closes #19975
* Raise proper InvalidAuth exception on OSError during program execution
* Changed name of external auth provider to command_line
* Renamed program config option to command in command_line auth provider
* Made meta variable parsing in command_line auth provider optional
* Added tests for command_line auth provider
* Fixed indentation
* Suppressed wrong pylint warning
* Fixed linting
* Added test for command line auth provider login flow
* Log error when user fails authentication
* Use %r formatter instead of explicit repr()
* Mix all used names of typing module into module namespace
I consider this nasty and bad coding style, but was requested by
@awarecan for consistency with the remaining codebase.
* Small code style change
* Strip usernames with command_line auth provider
2019-02-06 16:36:41 -08:00
73a0c664b8
Allow usernames to be case-insensitive ( #20558 )
...
* Allow usernames to be case-insensitive
* Fix typing
* FLAKE*
2019-01-29 08:28:52 +01:00
84a2e5d8fb
Strip login username in backend ( #20150 )
...
* Add modern mode to HA auth provider that strips usernames
* Add tests for async_get_or_create_credentials
* Fix test
2019-01-16 15:03:05 -08:00
3928d034a3
Allow checking entity permissions based on devices ( #19007 )
...
* Allow checking entity permissions based on devices
* Fix tests
2018-12-05 11:41:00 +01:00
d2b62840f2
Add users added via credentials to admin group too ( #18922 )
...
* Add users added via credentials to admin group too
* Update test_init.py
2018-12-03 11:34:01 +01:00
df21dd21f2
RFC: Call services directly ( #18720 )
...
* Call services directly
* Simplify
* Type
* Lint
* Update name
* Fix tests
* Catch exceptions in HTTP view
* Lint
* Handle ServiceNotFound in API endpoints that call services
* Type
* Don't crash recorder on non-JSON serializable objects
2018-11-30 21:28:35 +01:00
28215d7edd
Make auth backwards compat again ( #18792 )
...
* Made auth not backwards compat
* Fix tests
2018-11-29 22:26:19 +01:00
4f2e7fc912
remove pbkdf2 upgrade path ( #18736 )
2018-11-27 10:42:56 +01:00
8b8629a5f4
Add permission checks to Rest API ( #18639 )
...
* Add permission checks to Rest API
* Clean up unnecessary method
* Remove all the tuple stuff from entity check
* Simplify perms
* Correct param name for owner permission
* Hass.io make/update user to be admin
* Types
2018-11-25 18:04:48 +01:00
f7f0a4e811
System groups ( #18303 )
...
* Add read only and admin policies
* Migrate to 2 system groups
* Add system groups
* Add system groups admin & read only
* Dont' mutate parameters
* Fix types
2018-11-08 12:57:00 +01:00
f4ac317d64
Permissions improv ( #17811 )
...
* Break up permissions file.
* Granular entity permissions
* Add "all" entity permission
* Lint
* Fix types
2018-10-29 11:28:04 +01:00
61f7a39748
Add permissions foundation ( #16890 )
...
* Add permission foundation
* Address comments
* typing
* False > True
* Convert more lambdas
* Use constants
* Remove support for False
* Fix only allow True
2018-10-11 19:24:25 +02:00
61bf4d8a29
Add user events ( #17328 )
2018-10-11 17:06:51 +02:00
c3b1121d77
Add group foundation ( #16935 )
...
Add group foundation
2018-10-08 16:35:38 +02:00
7a77951bb4
Add Notify MFA module ( #16314 )
...
* Add Notify MFA
* Fix unit test
* Address review comment, change storage implementation
* Add retry limit to mfa module
* Fix loading
* Fix invalaid login log processing
* Typing
* Change default message template
* Change one-time password to 8 digit
* Refactoring to not save secret
* Bug fixing
* Change async_initialize method name to aysnc_initialize_login_mfa_step
* Address some simple fix code review comment
2018-09-24 11:06:50 +02:00
ff78a5b04b
Track refresh token last usage information ( #16408 )
...
* Extend refresh_token to support last_used_at and last_used_by
* Address code review comment
* Remove unused code
* Add it to websocket response
* Fix typing
2018-09-12 13:24:16 +02:00
9583947012
Long-lived access token ( #16453 )
...
* Allow create refresh_token with specific access_token_expiration
* Add token_type, client_name and client_icon
* Add unit test
* Add websocket API to create long-lived access token
* Allow URL use as client_id for long-lived access token
* Remove mutate_refresh_token method
* Use client name as id for long_lived_access_token type refresh token
* Minor change
* Do not allow duplicate client name
* Update docstring
* Remove unnecessary `list`
2018-09-11 12:05:15 +02:00
e7b8d2e6df
Update name legacy api password ( #16455 )
2018-09-08 22:10:42 +02:00
563588651c
Tweak MFA login flow ( #16254 )
...
* Tweak MFA login flow
* Fix typo
2018-08-29 10:16:54 +02:00
257b8b9b80
Blow up startup if init auth providers or modules failed ( #16240 )
...
* Blow up startup if init auth providers or modules failed
* Delete core.entity_registry
2018-08-28 20:54:01 +02:00
5397c0d73a
Update trusted networks flow ( #16227 )
...
* Update the trusted networks flow
* Fix tests
* Remove errors
2018-08-28 00:37:15 +02:00
bacecb4249
Replace pbkdf2 with bcrypt ( #16071 )
...
* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope
2018-08-26 22:50:31 +02:00
47755fb1e9
Add Time-based Onetime Password Multi-factor Authentication Module ( #16129 )
...
* Add Time-based Onetime Password Multi-factor Auth
Add TOTP setup flow, generate QR code
* Resolve rebase issue
* Use svg instead png for QR code
* Lint and typing
* Fix translation
* Load totp auth module by default
* use <svg> tag instead markdown image
* Update strings
* Cleanup
2018-08-26 22:38:52 +02:00
e8775ba2b4
Add multi-factor auth module setup flow ( #16141 )
...
* Add mfa setup flow
* Lint
* Address code review comment
* Fix unit test
* Add assertion for WS response ordering
* Missed a return
* Remove setup_schema from MFA base class
* Move auth.util.validate_current_user -> webscoket_api.ws_require_user
2018-08-24 10:17:43 -07:00
249981de96
Prevent legacy api password with empty password ( #16127 )
...
* Prevent legacy api password with empty password
* Typing
2018-08-23 12:56:01 +02:00
7e7f9bc6ac
Add multi-factor authentication modules ( #15489 )
...
* Get user after login flow finished
* Add multi factor authentication support
* Typings
2018-08-22 09:52:34 +02:00
1ce51bfbd6
Refactoring login flow ( #16104 )
...
* Abstract LoginFlow
* Lint and typings
2018-08-21 11:03:38 -07:00
cdb8361050
Add support for revoking refresh tokens ( #16095 )
...
* Add support for revoking refresh tokens
* Lint
* Split revoke logic in own method
* Simplify
* Update docs
2018-08-21 11:02:55 -07:00
f84a31871e
Get user after login flow finished ( #16047 )
...
* Get user after login flow finished
* Add optional parameter 'type' to /auth/login_flow
* Update __init__.py
2018-08-21 10:18:04 +02:00
e776f88eec
Use JWT for access tokens ( #15972 )
...
* Use JWT for access tokens
* Update requirements
* Improvements
2018-08-14 21:14:12 +02:00
da8f93dca2
Add trusted networks auth provider ( #15812 )
...
* Add context to login flow
* Add trusted networks auth provider
* source -> context
2018-08-13 12:40:06 +02:00
2fcacbff23
Allow auth providers to influence is_active ( #15557 )
...
* Allow auth providers to influence is_active
* Fix auth script test
2018-07-19 22:10:36 +02:00
Paulus Schoutsen
Bram Kragten
Franck Nijhof
Christian Clauss
Ville Skyttä
Bas Nijholt
Jason Hu
Paulus Schoutsen
Robert Schindler
Matt Hamilton
Paulus Schoutsen