* Deprecated http.api_password
* Deprecated ApiConfig.api_password
GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it
* Trigger CI
* Adjust if- elif chain in auth middleware
* Added external auth provider that calls a configurable program
Closes#19975
* Raise proper InvalidAuth exception on OSError during program execution
* Changed name of external auth provider to command_line
* Renamed program config option to command in command_line auth provider
* Made meta variable parsing in command_line auth provider optional
* Added tests for command_line auth provider
* Fixed indentation
* Suppressed wrong pylint warning
* Fixed linting
* Added test for command line auth provider login flow
* Log error when user fails authentication
* Use %r formatter instead of explicit repr()
* Mix all used names of typing module into module namespace
I consider this nasty and bad coding style, but was requested by
@awarecan for consistency with the remaining codebase.
* Small code style change
* Strip usernames with command_line auth provider
* Add permission checks to Rest API
* Clean up unnecessary method
* Remove all the tuple stuff from entity check
* Simplify perms
* Correct param name for owner permission
* Hass.io make/update user to be admin
* Types
* Add read only and admin policies
* Migrate to 2 system groups
* Add system groups
* Add system groups admin & read only
* Dont' mutate parameters
* Fix types
* Add permission foundation
* Address comments
* typing
* False > True
* Convert more lambdas
* Use constants
* Remove support for False
* Fix only allow True
* Allow create refresh_token with specific access_token_expiration
* Add token_type, client_name and client_icon
* Add unit test
* Add websocket API to create long-lived access token
* Allow URL use as client_id for long-lived access token
* Remove mutate_refresh_token method
* Use client name as id for long_lived_access_token type refresh token
* Minor change
* Do not allow duplicate client name
* Update docstring
* Remove unnecessary `list`
* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope
Franck Nijhof
Joakim Plate
springstan
Paulus Schoutsen
Bram Kragten
Christian Clauss
Ville Skyttä
Bas Nijholt
Jason Hu
Paulus Schoutsen
Robert Schindler
Matt Hamilton
Paulus Schoutsen