* Trusted networks auth provider to require http integration configured for proxies to allow logging in with requests with x-forwarded-for header
* Make it a warning
* Remove unnecessary exception re-wraps
* Preserve exception chains on re-raise
We slap "from cause" to almost all possible cases here. In some cases it
could conceivably be better to do "from None" if we really want to hide
the cause. However those should be in the minority, and "from cause"
should be an improvement over the corresponding raise without a "from"
in all cases anyway.
The only case where we raise from None here is in plex, where the
exception for an original invalid SSL cert is not the root cause for
failure to validate a newly fetched one.
Follow local convention on exception variable names if there is a
consistent one, otherwise `err` to match with majority of codebase.
* Fix mistaken re-wrap in homematicip_cloud/hap.py
Missed the difference between HmipConnectionError and
HmipcConnectionError.
* Do not hide original error on plex new cert validation error
Original is not the cause for the new one, but showing old in the
traceback is useful nevertheless.
* Fix exceptions.Unauthorized.permission type
* Use auth.permission consts more
* Auth typing improvements
* Helpers typing improvements
* Calculate self.state only once
* Factor out code getting requirements for integration
* Have process requirements raise an exception
* One more lint fix
* Blackify
* Catch new exception
* Let RequirementsNotFound be a HomeAssistantError
* Correct another test
* Split catching of exceptions and avoid complete log
* Run mypy on homeassistant.scripts, disabling bunch of checks for now
* Declare async_initialize in AuthProvider
* Add some type hints
* Remove unreachable code
* Help mypy out
* Script docstring fixes
* Deprecated http.api_password
* Deprecated ApiConfig.api_password
GitHub Drafted PR would trigger CI after changed it to normal PR.
I have to commit a comment change to trigger it
* Trigger CI
* Adjust if- elif chain in auth middleware
* Added external auth provider that calls a configurable program
Closes#19975
* Raise proper InvalidAuth exception on OSError during program execution
* Changed name of external auth provider to command_line
* Renamed program config option to command in command_line auth provider
* Made meta variable parsing in command_line auth provider optional
* Added tests for command_line auth provider
* Fixed indentation
* Suppressed wrong pylint warning
* Fixed linting
* Added test for command line auth provider login flow
* Log error when user fails authentication
* Use %r formatter instead of explicit repr()
* Mix all used names of typing module into module namespace
I consider this nasty and bad coding style, but was requested by
@awarecan for consistency with the remaining codebase.
* Small code style change
* Strip usernames with command_line auth provider
* Addded support for private storage.
Include 'private' flag parameters to the Store class and save_json function.
Updated various authentication and onboarding classes to use private stores.
Fixed unit test for emulated_hue which used a mock patch on save_json().
* Fixed Hound formatting issues not detected by local linting.
* Replace pbkdf2 with bcrypt
bcrypt isn't inherently better than pbkdf2, but everything "just works"
out of the box.
* the hash verification routine now only computes one hash per call
* a per-user salt is built into the hash as opposed to the current
global salt
* bcrypt.checkpw() is immune to timing attacks regardless of input
* hash strength is a function of real time benchmarks and a
"difficulty" level, meaning we won't have to ever update the iteration
count
* WIP: add hash upgrade mechanism
* WIP: clarify decode issue
* remove stale testing code
* Fix test
* Ensure incorrect legacy passwords fail
* Add better invalid legacy password test
* Lint
* Run tests in async scope