* Added external auth provider that calls a configurable program
Closes#19975
* Raise proper InvalidAuth exception on OSError during program execution
* Changed name of external auth provider to command_line
* Renamed program config option to command in command_line auth provider
* Made meta variable parsing in command_line auth provider optional
* Added tests for command_line auth provider
* Fixed indentation
* Suppressed wrong pylint warning
* Fixed linting
* Added test for command line auth provider login flow
* Log error when user fails authentication
* Use %r formatter instead of explicit repr()
* Mix all used names of typing module into module namespace
I consider this nasty and bad coding style, but was requested by
@awarecan for consistency with the remaining codebase.
* Small code style change
* Strip usernames with command_line auth provider
* Add permission checks to Rest API
* Clean up unnecessary method
* Remove all the tuple stuff from entity check
* Simplify perms
* Correct param name for owner permission
* Hass.io make/update user to be admin
* Types
* Add read only and admin policies
* Migrate to 2 system groups
* Add system groups
* Add system groups admin & read only
* Dont' mutate parameters
* Fix types
* Add permission foundation
* Address comments
* typing
* False > True
* Convert more lambdas
* Use constants
* Remove support for False
* Fix only allow True
* Addded support for private storage.
Include 'private' flag parameters to the Store class and save_json function.
Updated various authentication and onboarding classes to use private stores.
Fixed unit test for emulated_hue which used a mock patch on save_json().
* Fixed Hound formatting issues not detected by local linting.
* Allow create refresh_token with specific access_token_expiration
* Add token_type, client_name and client_icon
* Add unit test
* Add websocket API to create long-lived access token
* Allow URL use as client_id for long-lived access token
* Remove mutate_refresh_token method
* Use client name as id for long_lived_access_token type refresh token
* Minor change
* Do not allow duplicate client name
* Update docstring
* Remove unnecessary `list`
* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope
* Always load users in auth store before use
* Use namedtuple instead of dict for user meta
* Ignore auth store tokens with invalid created_at
* Add type hints to homeassistant.auth
* Refactoring data_entry_flow and config_entry_flow
Move SOURCE_* to config_entries
Change data_entry_flow.FlowManager.async_init() source param default
to None
Change this first step_id as source or init if source is None
_BaseFlowManagerView pass in SOURCE_USER as default source
* First step of data entry flow decided by _async_create_flow() now
* Lint
* Change helpers.config_entry_flow.DiscoveryFlowHandler default step
* Change FlowManager.async_init source param to context dict param
* Always return bytes from auth.providers.homeassistant.hash_password
Good for interface cleanliness, typing etc.
* Add some homeassistant auth provider type annotations
Paulus Schoutsen
Jason Hu
Daniel Høyer Iversen
Robert Schindler
Paulus Schoutsen
Matt Hamilton
Ville Skyttä
Nicko van Someren
Paulus Schoutsen
Andrey