61f7a39748
Add permissions foundation ( #16890 )
...
* Add permission foundation
* Address comments
* typing
* False > True
* Convert more lambdas
* Use constants
* Remove support for False
* Fix only allow True
2018-10-11 19:24:25 +02:00
61bf4d8a29
Add user events ( #17328 )
2018-10-11 17:06:51 +02:00
c3b1121d77
Add group foundation ( #16935 )
...
Add group foundation
2018-10-08 16:35:38 +02:00
7a77951bb4
Add Notify MFA module ( #16314 )
...
* Add Notify MFA
* Fix unit test
* Address review comment, change storage implementation
* Add retry limit to mfa module
* Fix loading
* Fix invalaid login log processing
* Typing
* Change default message template
* Change one-time password to 8 digit
* Refactoring to not save secret
* Bug fixing
* Change async_initialize method name to aysnc_initialize_login_mfa_step
* Address some simple fix code review comment
2018-09-24 11:06:50 +02:00
ff78a5b04b
Track refresh token last usage information ( #16408 )
...
* Extend refresh_token to support last_used_at and last_used_by
* Address code review comment
* Remove unused code
* Add it to websocket response
* Fix typing
2018-09-12 13:24:16 +02:00
9583947012
Long-lived access token ( #16453 )
...
* Allow create refresh_token with specific access_token_expiration
* Add token_type, client_name and client_icon
* Add unit test
* Add websocket API to create long-lived access token
* Allow URL use as client_id for long-lived access token
* Remove mutate_refresh_token method
* Use client name as id for long_lived_access_token type refresh token
* Minor change
* Do not allow duplicate client name
* Update docstring
* Remove unnecessary `list`
2018-09-11 12:05:15 +02:00
e7b8d2e6df
Update name legacy api password ( #16455 )
2018-09-08 22:10:42 +02:00
563588651c
Tweak MFA login flow ( #16254 )
...
* Tweak MFA login flow
* Fix typo
2018-08-29 10:16:54 +02:00
257b8b9b80
Blow up startup if init auth providers or modules failed ( #16240 )
...
* Blow up startup if init auth providers or modules failed
* Delete core.entity_registry
2018-08-28 20:54:01 +02:00
5397c0d73a
Update trusted networks flow ( #16227 )
...
* Update the trusted networks flow
* Fix tests
* Remove errors
2018-08-28 00:37:15 +02:00
bacecb4249
Replace pbkdf2 with bcrypt ( #16071 )
...
* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope
2018-08-26 22:50:31 +02:00
47755fb1e9
Add Time-based Onetime Password Multi-factor Authentication Module ( #16129 )
...
* Add Time-based Onetime Password Multi-factor Auth
Add TOTP setup flow, generate QR code
* Resolve rebase issue
* Use svg instead png for QR code
* Lint and typing
* Fix translation
* Load totp auth module by default
* use <svg> tag instead markdown image
* Update strings
* Cleanup
2018-08-26 22:38:52 +02:00
e8775ba2b4
Add multi-factor auth module setup flow ( #16141 )
...
* Add mfa setup flow
* Lint
* Address code review comment
* Fix unit test
* Add assertion for WS response ordering
* Missed a return
* Remove setup_schema from MFA base class
* Move auth.util.validate_current_user -> webscoket_api.ws_require_user
2018-08-24 10:17:43 -07:00
249981de96
Prevent legacy api password with empty password ( #16127 )
...
* Prevent legacy api password with empty password
* Typing
2018-08-23 12:56:01 +02:00
7e7f9bc6ac
Add multi-factor authentication modules ( #15489 )
...
* Get user after login flow finished
* Add multi factor authentication support
* Typings
2018-08-22 09:52:34 +02:00
1ce51bfbd6
Refactoring login flow ( #16104 )
...
* Abstract LoginFlow
* Lint and typings
2018-08-21 11:03:38 -07:00
cdb8361050
Add support for revoking refresh tokens ( #16095 )
...
* Add support for revoking refresh tokens
* Lint
* Split revoke logic in own method
* Simplify
* Update docs
2018-08-21 11:02:55 -07:00
f84a31871e
Get user after login flow finished ( #16047 )
...
* Get user after login flow finished
* Add optional parameter 'type' to /auth/login_flow
* Update __init__.py
2018-08-21 10:18:04 +02:00
e776f88eec
Use JWT for access tokens ( #15972 )
...
* Use JWT for access tokens
* Update requirements
* Improvements
2018-08-14 21:14:12 +02:00
da8f93dca2
Add trusted networks auth provider ( #15812 )
...
* Add context to login flow
* Add trusted networks auth provider
* source -> context
2018-08-13 12:40:06 +02:00
2fcacbff23
Allow auth providers to influence is_active ( #15557 )
...
* Allow auth providers to influence is_active
* Fix auth script test
2018-07-19 22:10:36 +02:00
864a254071
Aware comments ( #15480 )
...
* Make sure we cannot deactivate the owner
* Use different error code when trying to fetch token for inactive user
2018-07-15 23:09:05 +02:00
ed0cfc4f31
Add user via cmd line creates owner ( #15470 )
...
* Add user via cmd line creates owner
* Ensure access tokens are not verified for inactive users
* Stale print
* Lint
2018-07-15 20:46:15 +02:00
70fe463ef0
User management ( #15420 )
...
* User management
* Lint
* Fix dict
* Reuse data instance
* OrderedDict all the way
2018-07-13 15:31:20 +02:00
b6ca03ce47
Reorg auth ( #15443 )
2018-07-13 11:43:08 +02:00
Paulus Schoutsen
Jason Hu
Matt Hamilton
Paulus Schoutsen