"""Test config entries API.""" import pytest from homeassistant.auth import models as auth_models from homeassistant.components.config import auth as auth_config from tests.common import MockGroup, MockUser, CLIENT_ID @pytest.fixture(autouse=True) def setup_config(hass, aiohttp_client): """Fixture that sets up the auth provider homeassistant module.""" hass.loop.run_until_complete(auth_config.async_setup(hass)) async def test_list_requires_admin(hass, hass_ws_client, hass_read_only_access_token): """Test get users requires auth.""" client = await hass_ws_client(hass, hass_read_only_access_token) await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_LIST, }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'unauthorized' async def test_list(hass, hass_ws_client, hass_admin_user): """Test get users.""" group = MockGroup().add_to_hass(hass) owner = MockUser( id='abc', name='Test Owner', is_owner=True, groups=[group], ).add_to_hass(hass) owner.credentials.append(auth_models.Credentials( auth_provider_type='homeassistant', auth_provider_id=None, data={}, )) system = MockUser( id='efg', name='Test Hass.io', system_generated=True ).add_to_hass(hass) inactive = MockUser( id='hij', name='Inactive User', is_active=False, groups=[group], ).add_to_hass(hass) refresh_token = await hass.auth.async_create_refresh_token( owner, CLIENT_ID) access_token = hass.auth.async_create_access_token(refresh_token) client = await hass_ws_client(hass, access_token) await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_LIST, }) result = await client.receive_json() assert result['success'], result data = result['result'] assert len(data) == 4 assert data[0] == { 'id': hass_admin_user.id, 'name': 'Mock User', 'is_owner': False, 'is_active': True, 'system_generated': False, 'group_ids': [group.id for group in hass_admin_user.groups], 'credentials': [] } assert data[1] == { 'id': owner.id, 'name': 'Test Owner', 'is_owner': True, 'is_active': True, 'system_generated': False, 'group_ids': [group.id for group in owner.groups], 'credentials': [{'type': 'homeassistant'}] } assert data[2] == { 'id': system.id, 'name': 'Test Hass.io', 'is_owner': False, 'is_active': True, 'system_generated': True, 'group_ids': [], 'credentials': [], } assert data[3] == { 'id': inactive.id, 'name': 'Inactive User', 'is_owner': False, 'is_active': False, 'system_generated': False, 'group_ids': [group.id for group in inactive.groups], 'credentials': [], } async def test_delete_requires_admin(hass, hass_ws_client, hass_read_only_access_token): """Test delete command requires an admin.""" client = await hass_ws_client(hass, hass_read_only_access_token) await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_DELETE, 'user_id': 'abcd', }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'unauthorized' async def test_delete_unable_self_account(hass, hass_ws_client, hass_access_token): """Test we cannot delete our own account.""" client = await hass_ws_client(hass, hass_access_token) refresh_token = await hass.auth.async_validate_access_token( hass_access_token) await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_DELETE, 'user_id': refresh_token.user.id, }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'no_delete_self' async def test_delete_unknown_user(hass, hass_ws_client, hass_access_token): """Test we cannot delete an unknown user.""" client = await hass_ws_client(hass, hass_access_token) await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_DELETE, 'user_id': 'abcd', }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'not_found' async def test_delete(hass, hass_ws_client, hass_access_token): """Test delete command works.""" client = await hass_ws_client(hass, hass_access_token) test_user = MockUser( id='efg', ).add_to_hass(hass) assert len(await hass.auth.async_get_users()) == 2 await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_DELETE, 'user_id': test_user.id, }) result = await client.receive_json() assert result['success'], result assert len(await hass.auth.async_get_users()) == 1 async def test_create(hass, hass_ws_client, hass_access_token): """Test create command works.""" client = await hass_ws_client(hass, hass_access_token) assert len(await hass.auth.async_get_users()) == 1 await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_CREATE, 'name': 'Paulus', }) result = await client.receive_json() assert result['success'], result assert len(await hass.auth.async_get_users()) == 2 data_user = result['result']['user'] user = await hass.auth.async_get_user(data_user['id']) assert user is not None assert user.name == data_user['name'] assert user.is_active assert not user.is_owner assert not user.system_generated async def test_create_requires_admin(hass, hass_ws_client, hass_read_only_access_token): """Test create command requires an admin.""" client = await hass_ws_client(hass, hass_read_only_access_token) await client.send_json({ 'id': 5, 'type': auth_config.WS_TYPE_CREATE, 'name': 'YO', }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'unauthorized' async def test_update(hass, hass_ws_client): """Test update command works.""" client = await hass_ws_client(hass) user = await hass.auth.async_create_user("Test user") await client.send_json({ 'id': 5, 'type': 'config/auth/update', 'user_id': user.id, 'name': 'Updated name', 'group_ids': ['system-read-only'], }) result = await client.receive_json() assert result['success'], result data_user = result['result']['user'] assert user.name == "Updated name" assert data_user['name'] == "Updated name" assert len(user.groups) == 1 assert user.groups[0].id == "system-read-only" assert data_user['group_ids'] == ["system-read-only"] async def test_update_requires_admin(hass, hass_ws_client, hass_read_only_access_token): """Test update command requires an admin.""" client = await hass_ws_client(hass, hass_read_only_access_token) user = await hass.auth.async_create_user("Test user") await client.send_json({ 'id': 5, 'type': 'config/auth/update', 'user_id': user.id, 'name': 'Updated name', }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'unauthorized' assert user.name == "Test user" async def test_update_system_generated(hass, hass_ws_client): """Test update command cannot update a system generated.""" client = await hass_ws_client(hass) user = await hass.auth.async_create_system_user("Test user") await client.send_json({ 'id': 5, 'type': 'config/auth/update', 'user_id': user.id, 'name': 'Updated name', }) result = await client.receive_json() assert not result['success'], result assert result['error']['code'] == 'cannot_modify_system_generated' assert user.name == "Test user"