Force SimpliSafe to reauthenticate with a password (#51528)

This commit is contained in:
Aaron Bach 2021-06-18 16:11:35 -06:00 committed by GitHub
parent 23222589dd
commit 549f779b06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 54 additions and 62 deletions

View File

@ -6,7 +6,7 @@ from simplipy import API
from simplipy.errors import EndpointUnavailable, InvalidCredentialsError, SimplipyError from simplipy.errors import EndpointUnavailable, InvalidCredentialsError, SimplipyError
import voluptuous as vol import voluptuous as vol
from homeassistant.const import ATTR_CODE, CONF_CODE, CONF_TOKEN, CONF_USERNAME from homeassistant.const import ATTR_CODE, CONF_CODE, CONF_PASSWORD, CONF_USERNAME
from homeassistant.core import CoreState, callback from homeassistant.core import CoreState, callback
from homeassistant.exceptions import ConfigEntryAuthFailed, ConfigEntryNotReady from homeassistant.exceptions import ConfigEntryAuthFailed, ConfigEntryNotReady
from homeassistant.helpers import ( from homeassistant.helpers import (
@ -107,14 +107,6 @@ SERVICE_SET_SYSTEM_PROPERTIES_SCHEMA = SERVICE_BASE_SCHEMA.extend(
CONFIG_SCHEMA = cv.deprecated(DOMAIN) CONFIG_SCHEMA = cv.deprecated(DOMAIN)
@callback
def _async_save_refresh_token(hass, config_entry, token):
"""Save a refresh token to the config entry."""
hass.config_entries.async_update_entry(
config_entry, data={**config_entry.data, CONF_TOKEN: token}
)
async def async_get_client_id(hass): async def async_get_client_id(hass):
"""Get a client ID (based on the HASS unique ID) for the SimpliSafe API. """Get a client ID (based on the HASS unique ID) for the SimpliSafe API.
@ -136,16 +128,15 @@ async def async_register_base_station(hass, system, config_entry_id):
) )
async def async_setup(hass, config):
"""Set up the SimpliSafe component."""
hass.data[DOMAIN] = {DATA_CLIENT: {}, DATA_LISTENER: {}}
return True
async def async_setup_entry(hass, config_entry): # noqa: C901 async def async_setup_entry(hass, config_entry): # noqa: C901
"""Set up SimpliSafe as config entry.""" """Set up SimpliSafe as config entry."""
hass.data.setdefault(DOMAIN, {DATA_CLIENT: {}, DATA_LISTENER: {}})
hass.data[DOMAIN][DATA_CLIENT][config_entry.entry_id] = []
hass.data[DOMAIN][DATA_LISTENER][config_entry.entry_id] = [] hass.data[DOMAIN][DATA_LISTENER][config_entry.entry_id] = []
if CONF_PASSWORD not in config_entry.data:
raise ConfigEntryAuthFailed("Config schema change requires re-authentication")
entry_updates = {} entry_updates = {}
if not config_entry.unique_id: if not config_entry.unique_id:
# If the config entry doesn't already have a unique ID, set one: # If the config entry doesn't already have a unique ID, set one:
@ -167,20 +158,24 @@ async def async_setup_entry(hass, config_entry): # noqa: C901
client_id = await async_get_client_id(hass) client_id = await async_get_client_id(hass)
websession = aiohttp_client.async_get_clientsession(hass) websession = aiohttp_client.async_get_clientsession(hass)
try: async def async_get_api():
api = await API.login_via_token( """Define a helper to get an authenticated SimpliSafe API object."""
config_entry.data[CONF_TOKEN], client_id=client_id, session=websession return await API.login_via_credentials(
config_entry.data[CONF_USERNAME],
config_entry.data[CONF_PASSWORD],
client_id=client_id,
session=websession,
) )
except InvalidCredentialsError:
LOGGER.error("Invalid credentials provided") try:
return False api = await async_get_api()
except InvalidCredentialsError as err:
raise ConfigEntryAuthFailed from err
except SimplipyError as err: except SimplipyError as err:
LOGGER.error("Config entry failed: %s", err) LOGGER.error("Config entry failed: %s", err)
raise ConfigEntryNotReady from err raise ConfigEntryNotReady from err
_async_save_refresh_token(hass, config_entry, api.refresh_token) simplisafe = SimpliSafe(hass, config_entry, api, async_get_api)
simplisafe = SimpliSafe(hass, api, config_entry)
try: try:
await simplisafe.async_init() await simplisafe.async_init()
@ -307,10 +302,10 @@ async def async_reload_entry(hass, config_entry):
class SimpliSafe: class SimpliSafe:
"""Define a SimpliSafe data object.""" """Define a SimpliSafe data object."""
def __init__(self, hass, api, config_entry): def __init__(self, hass, config_entry, api, async_get_api):
"""Initialize.""" """Initialize."""
self._api = api self._api = api
self._emergency_refresh_token_used = False self._async_get_api = async_get_api
self._hass = hass self._hass = hass
self._system_notifications = {} self._system_notifications = {}
self.config_entry = config_entry self.config_entry = config_entry
@ -387,23 +382,17 @@ class SimpliSafe:
for result in results: for result in results:
if isinstance(result, InvalidCredentialsError): if isinstance(result, InvalidCredentialsError):
if self._emergency_refresh_token_used:
raise ConfigEntryAuthFailed(
"Update failed with stored refresh token"
)
LOGGER.warning("SimpliSafe cloud error; trying stored refresh token")
self._emergency_refresh_token_used = True
try: try:
await self._api.refresh_access_token( self._api = await self._async_get_api()
self.config_entry.data[CONF_TOKEN]
)
return return
except InvalidCredentialsError as err:
raise ConfigEntryAuthFailed(
"Unable to re-authenticate with SimpliSafe"
) from err
except SimplipyError as err: except SimplipyError as err:
raise UpdateFailed( # pylint: disable=raise-missing-from raise UpdateFailed(
f"Error while using stored refresh token: {err}" f"SimpliSafe error while updating: {err}"
) ) from err
if isinstance(result, EndpointUnavailable): if isinstance(result, EndpointUnavailable):
# In case the user attempts an action not allowed in their current plan, # In case the user attempts an action not allowed in their current plan,
@ -414,16 +403,6 @@ class SimpliSafe:
if isinstance(result, SimplipyError): if isinstance(result, SimplipyError):
raise UpdateFailed(f"SimpliSafe error while updating: {result}") raise UpdateFailed(f"SimpliSafe error while updating: {result}")
if self._api.refresh_token != self.config_entry.data[CONF_TOKEN]:
_async_save_refresh_token(
self._hass, self.config_entry, self._api.refresh_token
)
# If we've reached this point using an emergency refresh token, we're in the
# clear and we can discard it:
if self._emergency_refresh_token_used:
self._emergency_refresh_token_used = False
class SimpliSafeEntity(CoordinatorEntity): class SimpliSafeEntity(CoordinatorEntity):
"""Define a base SimpliSafe entity.""" """Define a base SimpliSafe entity."""

View File

@ -8,7 +8,7 @@ from simplipy.errors import (
import voluptuous as vol import voluptuous as vol
from homeassistant import config_entries from homeassistant import config_entries
from homeassistant.const import CONF_CODE, CONF_PASSWORD, CONF_TOKEN, CONF_USERNAME from homeassistant.const import CONF_CODE, CONF_PASSWORD, CONF_USERNAME
from homeassistant.core import callback from homeassistant.core import callback
from homeassistant.helpers import aiohttp_client from homeassistant.helpers import aiohttp_client
@ -59,7 +59,7 @@ class SimpliSafeFlowHandler(config_entries.ConfigFlow, domain=DOMAIN):
errors = {} errors = {}
try: try:
simplisafe = await self._async_get_simplisafe_api() await self._async_get_simplisafe_api()
except PendingAuthorizationError: except PendingAuthorizationError:
LOGGER.info("Awaiting confirmation of MFA email click") LOGGER.info("Awaiting confirmation of MFA email click")
return await self.async_step_mfa() return await self.async_step_mfa()
@ -79,7 +79,7 @@ class SimpliSafeFlowHandler(config_entries.ConfigFlow, domain=DOMAIN):
return await self.async_step_finish( return await self.async_step_finish(
{ {
CONF_USERNAME: self._username, CONF_USERNAME: self._username,
CONF_TOKEN: simplisafe.refresh_token, CONF_PASSWORD: self._password,
CONF_CODE: self._code, CONF_CODE: self._code,
} }
) )
@ -89,6 +89,9 @@ class SimpliSafeFlowHandler(config_entries.ConfigFlow, domain=DOMAIN):
existing_entry = await self.async_set_unique_id(self._username) existing_entry = await self.async_set_unique_id(self._username)
if existing_entry: if existing_entry:
self.hass.config_entries.async_update_entry(existing_entry, data=user_input) self.hass.config_entries.async_update_entry(existing_entry, data=user_input)
self.hass.async_create_task(
self.hass.config_entries.async_reload(existing_entry.entry_id)
)
return self.async_abort(reason="reauth_successful") return self.async_abort(reason="reauth_successful")
return self.async_create_entry(title=self._username, data=user_input) return self.async_create_entry(title=self._username, data=user_input)
@ -98,7 +101,7 @@ class SimpliSafeFlowHandler(config_entries.ConfigFlow, domain=DOMAIN):
return self.async_show_form(step_id="mfa") return self.async_show_form(step_id="mfa")
try: try:
simplisafe = await self._async_get_simplisafe_api() await self._async_get_simplisafe_api()
except PendingAuthorizationError: except PendingAuthorizationError:
LOGGER.error("Still awaiting confirmation of MFA email click") LOGGER.error("Still awaiting confirmation of MFA email click")
return self.async_show_form( return self.async_show_form(
@ -108,7 +111,7 @@ class SimpliSafeFlowHandler(config_entries.ConfigFlow, domain=DOMAIN):
return await self.async_step_finish( return await self.async_step_finish(
{ {
CONF_USERNAME: self._username, CONF_USERNAME: self._username,
CONF_TOKEN: simplisafe.refresh_token, CONF_PASSWORD: self._password,
CONF_CODE: self._code, CONF_CODE: self._code,
} }
) )

View File

@ -7,7 +7,7 @@
}, },
"reauth_confirm": { "reauth_confirm": {
"title": "[%key:common::config_flow::title::reauth%]", "title": "[%key:common::config_flow::title::reauth%]",
"description": "Your access token has expired or been revoked. Enter your password to re-link your account.", "description": "Your access has expired or been revoked. Enter your password to re-link your account.",
"data": { "data": {
"password": "[%key:common::config_flow::data::password%]" "password": "[%key:common::config_flow::data::password%]"
} }

View File

@ -19,7 +19,7 @@
"data": { "data": {
"password": "Password" "password": "Password"
}, },
"description": "Your access token has expired or been revoked. Enter your password to re-link your account.", "description": "Your access has expired or been revoked. Enter your password to re-link your account.",
"title": "Reauthenticate Integration" "title": "Reauthenticate Integration"
}, },
"user": { "user": {

View File

@ -10,7 +10,7 @@ from simplipy.errors import (
from homeassistant import data_entry_flow from homeassistant import data_entry_flow
from homeassistant.components.simplisafe import DOMAIN from homeassistant.components.simplisafe import DOMAIN
from homeassistant.config_entries import SOURCE_REAUTH, SOURCE_USER from homeassistant.config_entries import SOURCE_REAUTH, SOURCE_USER
from homeassistant.const import CONF_CODE, CONF_PASSWORD, CONF_TOKEN, CONF_USERNAME from homeassistant.const import CONF_CODE, CONF_PASSWORD, CONF_USERNAME
from tests.common import MockConfigEntry from tests.common import MockConfigEntry
@ -33,7 +33,11 @@ async def test_duplicate_error(hass):
MockConfigEntry( MockConfigEntry(
domain=DOMAIN, domain=DOMAIN,
unique_id="user@email.com", unique_id="user@email.com",
data={CONF_USERNAME: "user@email.com", CONF_TOKEN: "12345", CONF_CODE: "1234"}, data={
CONF_USERNAME: "user@email.com",
CONF_PASSWORD: "password",
CONF_CODE: "1234",
},
).add_to_hass(hass) ).add_to_hass(hass)
result = await hass.config_entries.flow.async_init( result = await hass.config_entries.flow.async_init(
@ -102,7 +106,11 @@ async def test_step_reauth(hass):
MockConfigEntry( MockConfigEntry(
domain=DOMAIN, domain=DOMAIN,
unique_id="user@email.com", unique_id="user@email.com",
data={CONF_USERNAME: "user@email.com", CONF_TOKEN: "12345", CONF_CODE: "1234"}, data={
CONF_USERNAME: "user@email.com",
CONF_PASSWORD: "password",
CONF_CODE: "1234",
},
).add_to_hass(hass) ).add_to_hass(hass)
result = await hass.config_entries.flow.async_init( result = await hass.config_entries.flow.async_init(
@ -120,6 +128,8 @@ async def test_step_reauth(hass):
"homeassistant.components.simplisafe.async_setup_entry", return_value=True "homeassistant.components.simplisafe.async_setup_entry", return_value=True
), patch( ), patch(
"simplipy.API.login_via_credentials", new=AsyncMock(return_value=mock_api()) "simplipy.API.login_via_credentials", new=AsyncMock(return_value=mock_api())
), patch(
"homeassistant.config_entries.ConfigEntries.async_reload"
): ):
result = await hass.config_entries.flow.async_configure( result = await hass.config_entries.flow.async_configure(
result["flow_id"], user_input={CONF_PASSWORD: "password"} result["flow_id"], user_input={CONF_PASSWORD: "password"}
@ -151,7 +161,7 @@ async def test_step_user(hass):
assert result["title"] == "user@email.com" assert result["title"] == "user@email.com"
assert result["data"] == { assert result["data"] == {
CONF_USERNAME: "user@email.com", CONF_USERNAME: "user@email.com",
CONF_TOKEN: "12345abc", CONF_PASSWORD: "password",
CONF_CODE: "1234", CONF_CODE: "1234",
} }
@ -197,7 +207,7 @@ async def test_step_user_mfa(hass):
assert result["title"] == "user@email.com" assert result["title"] == "user@email.com"
assert result["data"] == { assert result["data"] == {
CONF_USERNAME: "user@email.com", CONF_USERNAME: "user@email.com",
CONF_TOKEN: "12345abc", CONF_PASSWORD: "password",
CONF_CODE: "1234", CONF_CODE: "1234",
} }