257b8b9b80
Blow up startup if init auth providers or modules failed ( #16240 )
...
* Blow up startup if init auth providers or modules failed
* Delete core.entity_registry
2018-08-28 20:54:01 +02:00
5397c0d73a
Update trusted networks flow ( #16227 )
...
* Update the trusted networks flow
* Fix tests
* Remove errors
2018-08-28 00:37:15 +02:00
bacecb4249
Replace pbkdf2 with bcrypt ( #16071 )
...
* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope
2018-08-26 22:50:31 +02:00
47755fb1e9
Add Time-based Onetime Password Multi-factor Authentication Module ( #16129 )
...
* Add Time-based Onetime Password Multi-factor Auth
Add TOTP setup flow, generate QR code
* Resolve rebase issue
* Use svg instead png for QR code
* Lint and typing
* Fix translation
* Load totp auth module by default
* use <svg> tag instead markdown image
* Update strings
* Cleanup
2018-08-26 22:38:52 +02:00
e8775ba2b4
Add multi-factor auth module setup flow ( #16141 )
...
* Add mfa setup flow
* Lint
* Address code review comment
* Fix unit test
* Add assertion for WS response ordering
* Missed a return
* Remove setup_schema from MFA base class
* Move auth.util.validate_current_user -> webscoket_api.ws_require_user
2018-08-24 10:17:43 -07:00
249981de96
Prevent legacy api password with empty password ( #16127 )
...
* Prevent legacy api password with empty password
* Typing
2018-08-23 12:56:01 +02:00
7e7f9bc6ac
Add multi-factor authentication modules ( #15489 )
...
* Get user after login flow finished
* Add multi factor authentication support
* Typings
2018-08-22 09:52:34 +02:00
1ce51bfbd6
Refactoring login flow ( #16104 )
...
* Abstract LoginFlow
* Lint and typings
2018-08-21 11:03:38 -07:00
cdb8361050
Add support for revoking refresh tokens ( #16095 )
...
* Add support for revoking refresh tokens
* Lint
* Split revoke logic in own method
* Simplify
* Update docs
2018-08-21 11:02:55 -07:00
f84a31871e
Get user after login flow finished ( #16047 )
...
* Get user after login flow finished
* Add optional parameter 'type' to /auth/login_flow
* Update __init__.py
2018-08-21 10:18:04 +02:00
e776f88eec
Use JWT for access tokens ( #15972 )
...
* Use JWT for access tokens
* Update requirements
* Improvements
2018-08-14 21:14:12 +02:00
da8f93dca2
Add trusted networks auth provider ( #15812 )
...
* Add context to login flow
* Add trusted networks auth provider
* source -> context
2018-08-13 12:40:06 +02:00
2fcacbff23
Allow auth providers to influence is_active ( #15557 )
...
* Allow auth providers to influence is_active
* Fix auth script test
2018-07-19 22:10:36 +02:00
864a254071
Aware comments ( #15480 )
...
* Make sure we cannot deactivate the owner
* Use different error code when trying to fetch token for inactive user
2018-07-15 23:09:05 +02:00
ed0cfc4f31
Add user via cmd line creates owner ( #15470 )
...
* Add user via cmd line creates owner
* Ensure access tokens are not verified for inactive users
* Stale print
* Lint
2018-07-15 20:46:15 +02:00
70fe463ef0
User management ( #15420 )
...
* User management
* Lint
* Fix dict
* Reuse data instance
* OrderedDict all the way
2018-07-13 15:31:20 +02:00
b6ca03ce47
Reorg auth ( #15443 )
2018-07-13 11:43:08 +02:00
Jason Hu
Paulus Schoutsen
Matt Hamilton
Paulus Schoutsen