From b2996844beed077c56e23ffb5870476a1b08d726 Mon Sep 17 00:00:00 2001 From: Thomas55555 <59625598+Thomas55555@users.noreply.github.com> Date: Mon, 13 May 2024 23:00:51 +0200 Subject: [PATCH] Add reauth for missing token scope in Husqvarna Automower (#117098) * Add repair for wrong token scope to Husqvarna Automower * avoid new installations with missing scope * tweaks * just reauth * texts * Add link to correct account * Update homeassistant/components/husqvarna_automower/strings.json Co-authored-by: Martin Hjelmare * Update homeassistant/components/husqvarna_automower/strings.json Co-authored-by: Martin Hjelmare * Update homeassistant/components/husqvarna_automower/strings.json Co-authored-by: Martin Hjelmare * Add comment * directly assert mock_missing_scope_config_entry.state is loaded * assert that a flow is started * pass complete url to strings and simplify texts * shorten long line * address review * simplify tests * grammar * remove obsolete fixture * fix test * Update tests/components/husqvarna_automower/test_init.py Co-authored-by: Martin Hjelmare * test if reauth flow has started --------- Co-authored-by: Martin Hjelmare --- .../husqvarna_automower/__init__.py | 5 ++ .../husqvarna_automower/config_flow.py | 27 ++++++++++ .../husqvarna_automower/strings.json | 7 ++- .../husqvarna_automower/conftest.py | 12 +++-- .../husqvarna_automower/test_config_flow.py | 51 +++++++++++++++---- .../husqvarna_automower/test_init.py | 20 ++++++++ 6 files changed, 108 insertions(+), 14 deletions(-) diff --git a/homeassistant/components/husqvarna_automower/__init__.py b/homeassistant/components/husqvarna_automower/__init__.py index fe6f6978014..e4211e1078e 100644 --- a/homeassistant/components/husqvarna_automower/__init__.py +++ b/homeassistant/components/husqvarna_automower/__init__.py @@ -57,6 +57,11 @@ async def async_setup_entry(hass: HomeAssistant, entry: ConfigEntry) -> bool: hass.data.setdefault(DOMAIN, {})[entry.entry_id] = coordinator + if "amc:api" not in entry.data["token"]["scope"]: + # We raise ConfigEntryAuthFailed here because the websocket can't be used + # without the scope. So only polling would be possible. + raise ConfigEntryAuthFailed + await hass.config_entries.async_forward_entry_setups(entry, PLATFORMS) return True diff --git a/homeassistant/components/husqvarna_automower/config_flow.py b/homeassistant/components/husqvarna_automower/config_flow.py index b25a185c75f..c848f823b13 100644 --- a/homeassistant/components/husqvarna_automower/config_flow.py +++ b/homeassistant/components/husqvarna_automower/config_flow.py @@ -13,7 +13,9 @@ from homeassistant.helpers import config_entry_oauth2_flow from .const import DOMAIN, NAME _LOGGER = logging.getLogger(__name__) + CONF_USER_ID = "user_id" +HUSQVARNA_DEV_PORTAL_URL = "https://developer.husqvarnagroup.cloud/applications" class HusqvarnaConfigFlowHandler( @@ -29,8 +31,14 @@ class HusqvarnaConfigFlowHandler( async def async_oauth_create_entry(self, data: dict[str, Any]) -> ConfigFlowResult: """Create an entry for the flow.""" token = data[CONF_TOKEN] + if "amc:api" not in token["scope"] and not self.reauth_entry: + return self.async_abort(reason="missing_amc_scope") user_id = token[CONF_USER_ID] if self.reauth_entry: + if "amc:api" not in token["scope"]: + return self.async_update_reload_and_abort( + self.reauth_entry, data=data, reason="missing_amc_scope" + ) if self.reauth_entry.unique_id != user_id: return self.async_abort(reason="wrong_account") return self.async_update_reload_and_abort(self.reauth_entry, data=data) @@ -56,6 +64,9 @@ class HusqvarnaConfigFlowHandler( self.reauth_entry = self.hass.config_entries.async_get_entry( self.context["entry_id"] ) + if self.reauth_entry is not None: + if "amc:api" not in self.reauth_entry.data["token"]["scope"]: + return await self.async_step_missing_scope() return await self.async_step_reauth_confirm() async def async_step_reauth_confirm( @@ -65,3 +76,19 @@ class HusqvarnaConfigFlowHandler( if user_input is None: return self.async_show_form(step_id="reauth_confirm") return await self.async_step_user() + + async def async_step_missing_scope( + self, user_input: dict[str, Any] | None = None + ) -> ConfigFlowResult: + """Confirm reauth for missing scope.""" + if user_input is None and self.reauth_entry is not None: + token_structured = structure_token( + self.reauth_entry.data["token"]["access_token"] + ) + return self.async_show_form( + step_id="missing_scope", + description_placeholders={ + "application_url": f"{HUSQVARNA_DEV_PORTAL_URL}/{token_structured.client_id}" + }, + ) + return await self.async_step_user() diff --git a/homeassistant/components/husqvarna_automower/strings.json b/homeassistant/components/husqvarna_automower/strings.json index d8d0c296745..6f94ce993e4 100644 --- a/homeassistant/components/husqvarna_automower/strings.json +++ b/homeassistant/components/husqvarna_automower/strings.json @@ -5,6 +5,10 @@ "title": "[%key:common::config_flow::title::reauth%]", "description": "The Husqvarna Automower integration needs to re-authenticate your account" }, + "missing_scope": { + "title": "Your account is missing some API connections", + "description": "For the best experience with this integration both the `Authentication API` and the `Automower Connect API` should be connected. Please make sure that both of them are connected to your account in the [Husqvarna Developer Portal]({application_url})." + }, "pick_implementation": { "title": "[%key:common::config_flow::title::oauth2_pick_implementation%]" } @@ -22,7 +26,8 @@ "oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]", "oauth_failed": "[%key:common::config_flow::abort::oauth2_failed%]", "reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]", - "wrong_account": "You can only reauthenticate this entry with the same Husqvarna account." + "wrong_account": "You can only reauthenticate this entry with the same Husqvarna account.", + "missing_amc_scope": "The `Authentication API` and the `Automower Connect API` are not connected to your application in the Husqvarna Developer Portal." }, "create_entry": { "default": "[%key:common::config_flow::create_entry::authenticated%]" diff --git a/tests/components/husqvarna_automower/conftest.py b/tests/components/husqvarna_automower/conftest.py index fc258f89abc..a2359c64905 100644 --- a/tests/components/husqvarna_automower/conftest.py +++ b/tests/components/husqvarna_automower/conftest.py @@ -22,7 +22,7 @@ from tests.common import MockConfigEntry, load_fixture, load_json_value_fixture @pytest.fixture(name="jwt") -def load_jwt_fixture(): +def load_jwt_fixture() -> str: """Load Fixture data.""" return load_fixture("jwt", DOMAIN) @@ -33,8 +33,14 @@ def mock_expires_at() -> float: return time.time() + 3600 +@pytest.fixture(name="scope") +def mock_scope() -> str: + """Fixture to set correct scope for the token.""" + return "iam:read amc:api" + + @pytest.fixture -def mock_config_entry(jwt, expires_at: int) -> MockConfigEntry: +def mock_config_entry(jwt: str, expires_at: int, scope: str) -> MockConfigEntry: """Return the default mocked config entry.""" return MockConfigEntry( version=1, @@ -44,7 +50,7 @@ def mock_config_entry(jwt, expires_at: int) -> MockConfigEntry: "auth_implementation": DOMAIN, "token": { "access_token": jwt, - "scope": "iam:read amc:api", + "scope": scope, "expires_in": 86399, "refresh_token": "3012bc9f-7a65-4240-b817-9154ffdcc30f", "provider": "husqvarna", diff --git a/tests/components/husqvarna_automower/test_config_flow.py b/tests/components/husqvarna_automower/test_config_flow.py index 0a345eed627..bb97a88d44f 100644 --- a/tests/components/husqvarna_automower/test_config_flow.py +++ b/tests/components/husqvarna_automower/test_config_flow.py @@ -2,6 +2,8 @@ from unittest.mock import AsyncMock, patch +import pytest + from homeassistant import config_entries from homeassistant.components.husqvarna_automower.const import ( DOMAIN, @@ -21,12 +23,21 @@ from tests.test_util.aiohttp import AiohttpClientMocker from tests.typing import ClientSessionGenerator +@pytest.mark.parametrize( + ("new_scope", "amount"), + [ + ("iam:read amc:api", 1), + ("iam:read", 0), + ], +) async def test_full_flow( hass: HomeAssistant, hass_client_no_auth, aioclient_mock: AiohttpClientMocker, current_request_with_host, - jwt, + jwt: str, + new_scope: str, + amount: int, ) -> None: """Check full flow.""" result = await hass.config_entries.flow.async_init( @@ -56,7 +67,7 @@ async def test_full_flow( OAUTH2_TOKEN, json={ "access_token": jwt, - "scope": "iam:read amc:api", + "scope": new_scope, "expires_in": 86399, "refresh_token": "mock-refresh-token", "provider": "husqvarna", @@ -72,8 +83,8 @@ async def test_full_flow( ) as mock_setup: await hass.config_entries.flow.async_configure(result["flow_id"]) - assert len(hass.config_entries.async_entries(DOMAIN)) == 1 - assert len(mock_setup.mock_calls) == 1 + assert len(hass.config_entries.async_entries(DOMAIN)) == amount + assert len(mock_setup.mock_calls) == amount async def test_config_non_unique_profile( @@ -129,6 +140,14 @@ async def test_config_non_unique_profile( assert result["reason"] == "already_configured" +@pytest.mark.parametrize( + ("scope", "step_id", "reason", "new_scope"), + [ + ("iam:read amc:api", "reauth_confirm", "reauth_successful", "iam:read amc:api"), + ("iam:read", "missing_scope", "reauth_successful", "iam:read amc:api"), + ("iam:read", "missing_scope", "missing_amc_scope", "iam:read"), + ], +) async def test_reauth( hass: HomeAssistant, hass_client_no_auth: ClientSessionGenerator, @@ -136,7 +155,10 @@ async def test_reauth( mock_config_entry: MockConfigEntry, current_request_with_host: None, mock_automower_client: AsyncMock, - jwt, + jwt: str, + step_id: str, + new_scope: str, + reason: str, ) -> None: """Test the reauthentication case updates the existing config entry.""" @@ -148,7 +170,7 @@ async def test_reauth( flows = hass.config_entries.flow.async_progress() assert len(flows) == 1 result = flows[0] - assert result["step_id"] == "reauth_confirm" + assert result["step_id"] == step_id result = await hass.config_entries.flow.async_configure(result["flow_id"], {}) state = config_entry_oauth2_flow._encode_jwt( @@ -172,7 +194,7 @@ async def test_reauth( OAUTH2_TOKEN, json={ "access_token": "mock-updated-token", - "scope": "iam:read amc:api", + "scope": new_scope, "expires_in": 86399, "refresh_token": "mock-refresh-token", "provider": "husqvarna", @@ -191,7 +213,7 @@ async def test_reauth( assert len(hass.config_entries.async_entries(DOMAIN)) == 1 assert result.get("type") is FlowResultType.ABORT - assert result.get("reason") == "reauth_successful" + assert result.get("reason") == reason assert mock_config_entry.unique_id == USER_ID assert "token" in mock_config_entry.data @@ -200,6 +222,12 @@ async def test_reauth( assert mock_config_entry.data["token"].get("refresh_token") == "mock-refresh-token" +@pytest.mark.parametrize( + ("user_id", "reason"), + [ + ("wrong_user_id", "wrong_account"), + ], +) async def test_reauth_wrong_account( hass: HomeAssistant, hass_client_no_auth: ClientSessionGenerator, @@ -208,6 +236,9 @@ async def test_reauth_wrong_account( current_request_with_host: None, mock_automower_client: AsyncMock, jwt, + user_id: str, + reason: str, + scope: str, ) -> None: """Test the reauthentication aborts, if user tries to reauthenticate with another account.""" @@ -247,7 +278,7 @@ async def test_reauth_wrong_account( "expires_in": 86399, "refresh_token": "mock-refresh-token", "provider": "husqvarna", - "user_id": "wrong-user-id", + "user_id": user_id, "token_type": "Bearer", "expires_at": 1697753347, }, @@ -262,7 +293,7 @@ async def test_reauth_wrong_account( assert len(hass.config_entries.async_entries(DOMAIN)) == 1 assert result.get("type") is FlowResultType.ABORT - assert result.get("reason") == "wrong_account" + assert result.get("reason") == reason assert mock_config_entry.unique_id == USER_ID assert "token" in mock_config_entry.data diff --git a/tests/components/husqvarna_automower/test_init.py b/tests/components/husqvarna_automower/test_init.py index 387c90cec38..84fe1b9e891 100644 --- a/tests/components/husqvarna_automower/test_init.py +++ b/tests/components/husqvarna_automower/test_init.py @@ -43,6 +43,26 @@ async def test_load_unload_entry( assert entry.state is ConfigEntryState.NOT_LOADED +@pytest.mark.parametrize( + ("scope"), + [ + ("iam:read"), + ], +) +async def test_load_missing_scope( + hass: HomeAssistant, + mock_automower_client: AsyncMock, + mock_config_entry: MockConfigEntry, +) -> None: + """Test if the entry starts a reauth with the missing token scope.""" + await setup_integration(hass, mock_config_entry) + assert mock_config_entry.state is ConfigEntryState.SETUP_ERROR + flows = hass.config_entries.flow.async_progress() + assert len(flows) == 1 + result = flows[0] + assert result["step_id"] == "missing_scope" + + @pytest.mark.parametrize( ("expires_at", "status", "expected_state"), [