Commit Graph

63 Commits (d98e580c3c4e30fe07e16b763ed2256dc0e8dc16)

Author SHA1 Message Date
Joakim Plate d339e3bd8c
Reject trusted network access from proxies (#52388) 2021-07-02 11:49:42 +02:00
Franck Nijhof cdd1f6b2f0
Always load middle to handle forwarded proxy data (#51332) 2021-06-01 09:38:55 -07:00
Paulus Schoutsen bd0373388d
Trusted networks auth provider warns if detects a requests with x-forwarded-for header while the http integration is not configured for reverse proxies (#51319)
* Trusted networks auth provider to require http integration configured for proxies to allow logging in with requests with x-forwarded-for header

* Make it a warning
2021-06-01 12:51:44 +02:00
Ruslan Sayfutdinov 183220008d
Rename FlowResultDict to FlowResult (#49847) 2021-04-29 13:40:51 +02:00
Ruslan Sayfutdinov 80f66f301b
Define data flow result type (#49260)
* Define data flow result type

* Revert explicit definitions

* Fix tests

* Specific mypy ignore
2021-04-15 07:17:07 -10:00
Marc Mueller fabd73f08b
Update typing 03 (#48015) 2021-03-17 21:46:07 +01:00
Marc Mueller 16dcbf1467
Update pylint (#47205) 2021-02-28 22:09:01 -10:00
Franck Nijhof 9b7c39d20b
Postponed evaluation of annotations in core (#46434)
* Postponed evaluation of annotations in core

* Remove unneeded future
2021-02-12 10:58:20 +01:00
tkdrob 04f39d7dd4
Use core constants for command_line auth provider (#45907) 2021-02-03 19:19:22 -05:00
Joakim Plate 38d2cacf7a
Support blocking trusted network from new ip (#44630)
Co-authored-by: Paulus Schoutsen <paulus@home-assistant.io>
2021-01-28 12:06:20 +01:00
springstan 92379ad8d2
Use list literal without using dict.keys() (#42573) 2020-10-30 09:19:13 -05:00
Ville Skyttä b4bac0f7a0
Exception chaining and wrapping improvements (#39320)
* Remove unnecessary exception re-wraps

* Preserve exception chains on re-raise

We slap "from cause" to almost all possible cases here. In some cases it
could conceivably be better to do "from None" if we really want to hide
the cause. However those should be in the minority, and "from cause"
should be an improvement over the corresponding raise without a "from"
in all cases anyway.

The only case where we raise from None here is in plex, where the
exception for an original invalid SSL cert is not the root cause for
failure to validate a newly fetched one.

Follow local convention on exception variable names if there is a
consistent one, otherwise `err` to match with majority of codebase.

* Fix mistaken re-wrap in homematicip_cloud/hap.py

Missed the difference between HmipConnectionError and
HmipcConnectionError.

* Do not hide original error on plex new cert validation error

Original is not the cause for the new one, but showing old in the
traceback is useful nevertheless.
2020-08-28 13:50:32 +02:00
Paulus Schoutsen 9979e465aa
Fix hassio auth data (#39244)
Co-authored-by: Pascal Vizeli <pvizeli@syshack.ch>
2020-08-25 14:22:50 +02:00
Paulus Schoutsen 13df3bce1b
Allow owner users to change password of any user (#39242) 2020-08-25 13:49:32 +02:00
Paulus Schoutsen 8ed1a29c82
Drop white blacklist pt1 (#37816) 2020-07-13 17:43:11 +02:00
Franck Nijhof 53545c984b
Log lines do not end with a full stop (#37527) 2020-07-05 23:04:19 +02:00
Ville Skyttä 0c5ca3084e
Add and fix type hints (#36501)
* Fix exceptions.Unauthorized.permission type

* Use auth.permission consts more

* Auth typing improvements

* Helpers typing improvements

* Calculate self.state only once
2020-06-06 20:34:56 +02:00
Ville Skyttä b4404b071f
Pylint cleanups (#35409)
* Avoid some outer name redefinitions

* Remove unneeded directives

* Narrow directive scope

* Don't disable redefined-variable-type
2020-05-09 14:08:40 +03:00
Franck Nijhof 7653dc947a
Enable pylint unnecessary-pass (#33650)
* Enable pylint unnecessary-pass

* Process review suggestions

* Fix smhi tests
2020-04-05 10:33:07 +02:00
Ville Skyttä 5216477353
Be consistent with Home Assistant and Hass.io spelling (#30500)
* Be consistent with Home Assistant spelling

* Be consistent with Hass.io spelling
2020-01-05 14:09:17 +02:00
Ville Skyttä e6388e186c
Remove unnecessary string literal concatenations (#30360) 2020-01-02 21:17:10 +02:00
Bas Nijholt 67c56c860d Sort imports according to PEP8 for 'homeassistant' folder (#29789)
Components are already done
2019-12-09 16:42:10 +01:00
Ville Skyttä 99c7608fb4 Lint config cleanups (#28864)
* Remove bunch of unneeded lint exclusions

* Use symbolic names instead of identifiers in pylint disables

* Tighten scope of some pylint disables
2019-11-25 22:40:08 -08:00
Franck Nijhof 2f0eb07624 Migrate legacy typehints in core to PEP-526 (#26403)
* Migrate legacy typehints in core to PEP-526

* Fix one type
2019-09-03 20:36:04 -07:00
Franck Nijhof decf13b948 Use literal string interpolation in core (f-strings) (#26166) 2019-08-23 09:53:33 -07:00
Joakim Plate d1b9ebc7b2 Integration requirement check refactor (#25626)
* Factor out code getting requirements for integration

* Have process requirements raise an exception

* One more lint fix

* Blackify

* Catch new exception

* Let RequirementsNotFound be a HomeAssistantError

* Correct another test

* Split catching of exceptions and avoid complete log
2019-08-07 15:35:50 -07:00
Paulus Schoutsen 0ccffc3e55 Lint 2019-07-31 12:46:17 -07:00
Paulus Schoutsen 4de97abc3a Black 2019-07-31 12:25:30 -07:00
Ville Skyttä e8e84fb764 Type check homeassistant.scripts (#25464)
* Run mypy on homeassistant.scripts, disabling bunch of checks for now

* Declare async_initialize in AuthProvider

* Add some type hints

* Remove unreachable code

* Help mypy out

* Script docstring fixes
2019-07-24 13:18:40 -07:00
Jason Hu 6ba2891604 Add trusted_users in trusted networks auth provider (#22478) 2019-03-27 21:53:11 -07:00
Jason Hu fe1840f901 Deprecate http.api_password (#21884)
* Deprecated http.api_password

* Deprecated ApiConfig.api_password

GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it

* Trigger CI

* Adjust if- elif chain in auth middleware
2019-03-10 19:55:36 -07:00
Jason Hu 4a3b4cf346 Resolve race condition when HA auth provider is loading (#21619)
* Resolve race condition when HA auth provider is loading

* Fix

* Add more tests

* Lint
2019-03-04 15:55:26 -08:00
Jason Hu 7bae76843c Add config for trusted networks auth provider (#21111)
* Add config for trusted networks auth provider

* Lint

* Fix typing

* Fix pylint

* Fix lint

* Add some log information

* Add http.trusted_networks deprecated warning

* Remove log info

* Lint
2019-02-26 14:42:48 -08:00
Robert Schindler 06f3e8137a Added command_line auth provider that validates credentials by calling a command (#19985)
* Added external auth provider that calls a configurable program

Closes #19975

* Raise proper InvalidAuth exception on OSError during program execution

* Changed name of external auth provider to command_line

* Renamed program config option to command in command_line auth provider

* Made meta variable parsing in command_line auth provider optional

* Added tests for command_line auth provider

* Fixed indentation

* Suppressed wrong pylint warning

* Fixed linting

* Added test for command line auth provider login flow

* Log error when user fails authentication

* Use %r formatter instead of explicit repr()

* Mix all used names of typing module into module namespace

I consider this nasty and bad coding style, but was requested by
@awarecan for consistency with the remaining codebase.

* Small code style change

* Strip usernames with command_line auth provider
2019-02-06 16:36:41 -08:00
Paulus Schoutsen 73a0c664b8 Allow usernames to be case-insensitive (#20558)
* Allow usernames to be case-insensitive

* Fix typing

* FLAKE*
2019-01-29 08:28:52 +01:00
Paulus Schoutsen 84a2e5d8fb Strip login username in backend (#20150)
* Add modern mode to HA auth provider that strips usernames

* Add tests for async_get_or_create_credentials

* Fix test
2019-01-16 15:03:05 -08:00
Matt Hamilton 38b09b1613 Remove stale user salts code (#19004)
user['salt'] was originally used as a part of the pbkdf2 implementation.
I failed to remove this as a part of the cleanup in #18736.
2018-12-04 14:39:43 +01:00
Paulus Schoutsen df21dd21f2 RFC: Call services directly (#18720)
* Call services directly

* Simplify

* Type

* Lint

* Update name

* Fix tests

* Catch exceptions in HTTP view

* Lint

* Handle ServiceNotFound in API endpoints that call services

* Type

* Don't crash recorder on non-JSON serializable objects
2018-11-30 21:28:35 +01:00
Matt Hamilton 4f2e7fc912 remove pbkdf2 upgrade path (#18736) 2018-11-27 10:42:56 +01:00
Paulus Schoutsen c2f8dfcb9f
Legacy api fix (#18733)
* Set user for API password requests

* Fix tests

* Fix typing
2018-11-27 10:41:44 +01:00
Paulus Schoutsen 08fe7c3ece
Pytest tests (#17750)
* Convert core tests

* Convert component tests to use pytest assert

* Lint 🤷‍♂️

* Fix test

* Fix 3 typos in docs
2018-10-24 12:10:05 +02:00
Nicko van Someren e5861241c7 Added support for private storage. (#16878)
* Addded support for private storage.

Include 'private' flag parameters to the Store class and save_json function.
Updated various authentication and onboarding classes to use private stores.
Fixed unit test for emulated_hue which used a mock patch on save_json().

* Fixed Hound formatting issues not detected by local linting.
2018-09-26 10:24:32 +02:00
Jason Hu 7a77951bb4 Add Notify MFA module (#16314)
* Add Notify MFA

* Fix unit test

* Address review comment, change storage implementation

* Add retry limit to mfa module

* Fix loading

* Fix invalaid login log processing

* Typing

* Change default message template

* Change one-time password to 8 digit

* Refactoring to not save secret

* Bug fixing

* Change async_initialize method name to aysnc_initialize_login_mfa_step

* Address some simple fix code review comment
2018-09-24 11:06:50 +02:00
Paulus Schoutsen e7b8d2e6df
Update name legacy api password (#16455) 2018-09-08 22:10:42 +02:00
Jason Hu 563588651c Tweak MFA login flow (#16254)
* Tweak MFA login flow

* Fix typo
2018-08-29 10:16:54 +02:00
Jason Hu 257b8b9b80 Blow up startup if init auth providers or modules failed (#16240)
* Blow up startup if init auth providers or modules failed

* Delete core.entity_registry
2018-08-28 20:54:01 +02:00
Jason Hu 67df162bcc Change log level to error when auth provider failed loading (#16235) 2018-08-28 11:23:58 +02:00
Paulus Schoutsen 5397c0d73a
Update trusted networks flow (#16227)
* Update the trusted networks flow

* Fix tests

* Remove errors
2018-08-28 00:37:15 +02:00
Matt Hamilton bacecb4249 Replace pbkdf2 with bcrypt (#16071)
* Replace pbkdf2 with bcrypt

bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.

  * the hash verification routine now only computes one hash per call
  * a per-user salt is built into the hash as opposed to the current
  global salt
  * bcrypt.checkpw() is immune to timing attacks regardless of input
  * hash strength is a function of real time benchmarks and a
  "difficulty" level, meaning we won't have to ever update the iteration
  count

* WIP: add hash upgrade mechanism

* WIP: clarify decode issue

* remove stale testing code

* Fix test

* Ensure incorrect legacy passwords fail

* Add better invalid legacy password test

* Lint

* Run tests in async scope
2018-08-26 22:50:31 +02:00
Jason Hu 47755fb1e9 Add Time-based Onetime Password Multi-factor Authentication Module (#16129)
* Add Time-based Onetime Password Multi-factor Auth

Add TOTP setup flow, generate QR code

* Resolve rebase issue

* Use svg instead png for QR code

* Lint and typing

* Fix translation

* Load totp auth module by default

* use <svg> tag instead markdown image

* Update strings

* Cleanup
2018-08-26 22:38:52 +02:00