jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-11 07:17:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add reauth for missing token scope in Husqvarna Automower (#117098)

Browse Source 
* Add repair for wrong token scope to Husqvarna Automower

* avoid new installations with missing scope

* tweaks

* just reauth

* texts

* Add link to correct account

* Update homeassistant/components/husqvarna_automower/strings.json

Co-authored-by: Martin Hjelmare <marhje52@gmail.com>

* Update homeassistant/components/husqvarna_automower/strings.json

Co-authored-by: Martin Hjelmare <marhje52@gmail.com>

* Update homeassistant/components/husqvarna_automower/strings.json

Co-authored-by: Martin Hjelmare <marhje52@gmail.com>

* Add comment

* directly assert mock_missing_scope_config_entry.state is loaded

* assert that a flow is started

* pass complete url to strings and simplify texts

* shorten long line

* address review

* simplify tests

* grammar

* remove obsolete fixture

* fix test

* Update tests/components/husqvarna_automower/test_init.py

Co-authored-by: Martin Hjelmare <marhje52@gmail.com>

* test if reauth flow has started

---------

Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
This commit is contained in:
Thomas55555 2024-05-13 23:00:51 +02:00 committed by GitHub
parent 9c97269fad
commit b2996844be
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 108 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
homeassistant/components/husqvarna_automower/__init__.py
View File

@ -57,6 +57,11 @@ async def async_setup_entry(hass: HomeAssistant, entry: ConfigEntry) -> bool:
hass.data.setdefault(DOMAIN, {})[entry.entry_id] = coordinator hass.data.setdefault(DOMAIN, {})[entry.entry_id] = coordinator
if "amc:api" not in entry.data["token"]["scope"]:
# We raise ConfigEntryAuthFailed here because the websocket can't be used
# without the scope. So only polling would be possible.
raise ConfigEntryAuthFailed
await hass.config_entries.async_forward_entry_setups(entry, PLATFORMS) await hass.config_entries.async_forward_entry_setups(entry, PLATFORMS)
return True return True

27
homeassistant/components/husqvarna_automower/config_flow.py
View File

@ -13,7 +13,9 @@ from homeassistant.helpers import config_entry_oauth2_flow
from .const import DOMAIN, NAME from .const import DOMAIN, NAME
_LOGGER = logging.getLogger(__name__) _LOGGER = logging.getLogger(__name__)
CONF_USER_ID = "user_id" CONF_USER_ID = "user_id"
HUSQVARNA_DEV_PORTAL_URL = "https://developer.husqvarnagroup.cloud/applications"
class HusqvarnaConfigFlowHandler( class HusqvarnaConfigFlowHandler(
@ -29,8 +31,14 @@ class HusqvarnaConfigFlowHandler(
async def async_oauth_create_entry(self, data: dict[str, Any]) -> ConfigFlowResult: async def async_oauth_create_entry(self, data: dict[str, Any]) -> ConfigFlowResult:
"""Create an entry for the flow.""" """Create an entry for the flow."""
token = data[CONF_TOKEN] token = data[CONF_TOKEN]
if "amc:api" not in token["scope"] and not self.reauth_entry:
return self.async_abort(reason="missing_amc_scope")
user_id = token[CONF_USER_ID] user_id = token[CONF_USER_ID]
if self.reauth_entry: if self.reauth_entry:
if "amc:api" not in token["scope"]:
return self.async_update_reload_and_abort(
self.reauth_entry, data=data, reason="missing_amc_scope"
)
if self.reauth_entry.unique_id != user_id: if self.reauth_entry.unique_id != user_id:
return self.async_abort(reason="wrong_account") return self.async_abort(reason="wrong_account")
return self.async_update_reload_and_abort(self.reauth_entry, data=data) return self.async_update_reload_and_abort(self.reauth_entry, data=data)
@ -56,6 +64,9 @@ class HusqvarnaConfigFlowHandler(
self.reauth_entry = self.hass.config_entries.async_get_entry( self.reauth_entry = self.hass.config_entries.async_get_entry(
self.context["entry_id"] self.context["entry_id"]
) )
if self.reauth_entry is not None:
if "amc:api" not in self.reauth_entry.data["token"]["scope"]:
return await self.async_step_missing_scope()
return await self.async_step_reauth_confirm() return await self.async_step_reauth_confirm()
async def async_step_reauth_confirm( async def async_step_reauth_confirm(
@ -65,3 +76,19 @@ class HusqvarnaConfigFlowHandler(
if user_input is None: if user_input is None:
return self.async_show_form(step_id="reauth_confirm") return self.async_show_form(step_id="reauth_confirm")
return await self.async_step_user() return await self.async_step_user()
async def async_step_missing_scope(
self, user_input: dict[str, Any] | None = None
) -> ConfigFlowResult:
"""Confirm reauth for missing scope."""
if user_input is None and self.reauth_entry is not None:
token_structured = structure_token(
self.reauth_entry.data["token"]["access_token"]
)
return self.async_show_form(
step_id="missing_scope",
description_placeholders={
"application_url": f"{HUSQVARNA_DEV_PORTAL_URL}/{token_structured.client_id}"
},
)
return await self.async_step_user()

7
homeassistant/components/husqvarna_automower/strings.json
View File

@ -5,6 +5,10 @@
"title": "[%key:common::config_flow::title::reauth%]", "title": "[%key:common::config_flow::title::reauth%]",
"description": "The Husqvarna Automower integration needs to re-authenticate your account" "description": "The Husqvarna Automower integration needs to re-authenticate your account"
}, },
"missing_scope": {
"title": "Your account is missing some API connections",
"description": "For the best experience with this integration both the `Authentication API` and the `Automower Connect API` should be connected. Please make sure that both of them are connected to your account in the [Husqvarna Developer Portal]({application_url})."
},
"pick_implementation": { "pick_implementation": {
"title": "[%key:common::config_flow::title::oauth2_pick_implementation%]" "title": "[%key:common::config_flow::title::oauth2_pick_implementation%]"
} }
@ -22,7 +26,8 @@
"oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]", "oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]",
"oauth_failed": "[%key:common::config_flow::abort::oauth2_failed%]", "oauth_failed": "[%key:common::config_flow::abort::oauth2_failed%]",
"reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]", "reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]",
"wrong_account": "You can only reauthenticate this entry with the same Husqvarna account." "wrong_account": "You can only reauthenticate this entry with the same Husqvarna account.",
"missing_amc_scope": "The `Authentication API` and the `Automower Connect API` are not connected to your application in the Husqvarna Developer Portal."
}, },
"create_entry": { "create_entry": {
"default": "[%key:common::config_flow::create_entry::authenticated%]" "default": "[%key:common::config_flow::create_entry::authenticated%]"

12
tests/components/husqvarna_automower/conftest.py
View File

@ -22,7 +22,7 @@ from tests.common import MockConfigEntry, load_fixture, load_json_value_fixture
@pytest.fixture(name="jwt") @pytest.fixture(name="jwt")
def load_jwt_fixture(): def load_jwt_fixture() -> str:
"""Load Fixture data.""" """Load Fixture data."""
return load_fixture("jwt", DOMAIN) return load_fixture("jwt", DOMAIN)
@ -33,8 +33,14 @@ def mock_expires_at() -> float:
return time.time() + 3600 return time.time() + 3600
@pytest.fixture(name="scope")
def mock_scope() -> str:
"""Fixture to set correct scope for the token."""
return "iam:read amc:api"
@pytest.fixture @pytest.fixture
def mock_config_entry(jwt, expires_at: int) -> MockConfigEntry: def mock_config_entry(jwt: str, expires_at: int, scope: str) -> MockConfigEntry:
"""Return the default mocked config entry.""" """Return the default mocked config entry."""
return MockConfigEntry( return MockConfigEntry(
version=1, version=1,
@ -44,7 +50,7 @@ def mock_config_entry(jwt, expires_at: int) -> MockConfigEntry:
"auth_implementation": DOMAIN, "auth_implementation": DOMAIN,
"token": { "token": {
"access_token": jwt, "access_token": jwt,
"scope": "iam:read amc:api", "scope": scope,
"expires_in": 86399, "expires_in": 86399,
"refresh_token": "3012bc9f-7a65-4240-b817-9154ffdcc30f", "refresh_token": "3012bc9f-7a65-4240-b817-9154ffdcc30f",
"provider": "husqvarna", "provider": "husqvarna",

51
tests/components/husqvarna_automower/test_config_flow.py
View File

@ -2,6 +2,8 @@
from unittest.mock import AsyncMock, patch from unittest.mock import AsyncMock, patch
import pytest
from homeassistant import config_entries from homeassistant import config_entries
from homeassistant.components.husqvarna_automower.const import ( from homeassistant.components.husqvarna_automower.const import (
DOMAIN, DOMAIN,
@ -21,12 +23,21 @@ from tests.test_util.aiohttp import AiohttpClientMocker
from tests.typing import ClientSessionGenerator from tests.typing import ClientSessionGenerator
@pytest.mark.parametrize(
("new_scope", "amount"),
[
("iam:read amc:api", 1),
("iam:read", 0),
],
)
async def test_full_flow( async def test_full_flow(
hass: HomeAssistant, hass: HomeAssistant,
hass_client_no_auth, hass_client_no_auth,
aioclient_mock: AiohttpClientMocker, aioclient_mock: AiohttpClientMocker,
current_request_with_host, current_request_with_host,
jwt, jwt: str,
new_scope: str,
amount: int,
) -> None: ) -> None:
"""Check full flow.""" """Check full flow."""
result = await hass.config_entries.flow.async_init( result = await hass.config_entries.flow.async_init(
@ -56,7 +67,7 @@ async def test_full_flow(
OAUTH2_TOKEN, OAUTH2_TOKEN,
json={ json={
"access_token": jwt, "access_token": jwt,
"scope": "iam:read amc:api", "scope": new_scope,
"expires_in": 86399, "expires_in": 86399,
"refresh_token": "mock-refresh-token", "refresh_token": "mock-refresh-token",
"provider": "husqvarna", "provider": "husqvarna",
@ -72,8 +83,8 @@ async def test_full_flow(
) as mock_setup: ) as mock_setup:
await hass.config_entries.flow.async_configure(result["flow_id"]) await hass.config_entries.flow.async_configure(result["flow_id"])
assert len(hass.config_entries.async_entries(DOMAIN)) == 1 assert len(hass.config_entries.async_entries(DOMAIN)) == amount
assert len(mock_setup.mock_calls) == 1 assert len(mock_setup.mock_calls) == amount
async def test_config_non_unique_profile( async def test_config_non_unique_profile(
@ -129,6 +140,14 @@ async def test_config_non_unique_profile(
assert result["reason"] == "already_configured" assert result["reason"] == "already_configured"
@pytest.mark.parametrize(
("scope", "step_id", "reason", "new_scope"),
[
("iam:read amc:api", "reauth_confirm", "reauth_successful", "iam:read amc:api"),
("iam:read", "missing_scope", "reauth_successful", "iam:read amc:api"),
("iam:read", "missing_scope", "missing_amc_scope", "iam:read"),
],
)
async def test_reauth( async def test_reauth(
hass: HomeAssistant, hass: HomeAssistant,
hass_client_no_auth: ClientSessionGenerator, hass_client_no_auth: ClientSessionGenerator,
@ -136,7 +155,10 @@ async def test_reauth(
mock_config_entry: MockConfigEntry, mock_config_entry: MockConfigEntry,
current_request_with_host: None, current_request_with_host: None,
mock_automower_client: AsyncMock, mock_automower_client: AsyncMock,
jwt, jwt: str,
step_id: str,
new_scope: str,
reason: str,
) -> None: ) -> None:
"""Test the reauthentication case updates the existing config entry.""" """Test the reauthentication case updates the existing config entry."""
@ -148,7 +170,7 @@ async def test_reauth(
flows = hass.config_entries.flow.async_progress() flows = hass.config_entries.flow.async_progress()
assert len(flows) == 1 assert len(flows) == 1
result = flows[0] result = flows[0]
assert result["step_id"] == "reauth_confirm" assert result["step_id"] == step_id
result = await hass.config_entries.flow.async_configure(result["flow_id"], {}) result = await hass.config_entries.flow.async_configure(result["flow_id"], {})
state = config_entry_oauth2_flow._encode_jwt( state = config_entry_oauth2_flow._encode_jwt(
@ -172,7 +194,7 @@ async def test_reauth(
OAUTH2_TOKEN, OAUTH2_TOKEN,
json={ json={
"access_token": "mock-updated-token", "access_token": "mock-updated-token",
"scope": "iam:read amc:api", "scope": new_scope,
"expires_in": 86399, "expires_in": 86399,
"refresh_token": "mock-refresh-token", "refresh_token": "mock-refresh-token",
"provider": "husqvarna", "provider": "husqvarna",
@ -191,7 +213,7 @@ async def test_reauth(
assert len(hass.config_entries.async_entries(DOMAIN)) == 1 assert len(hass.config_entries.async_entries(DOMAIN)) == 1
assert result.get("type") is FlowResultType.ABORT assert result.get("type") is FlowResultType.ABORT
assert result.get("reason") == "reauth_successful" assert result.get("reason") == reason
assert mock_config_entry.unique_id == USER_ID assert mock_config_entry.unique_id == USER_ID
assert "token" in mock_config_entry.data assert "token" in mock_config_entry.data
@ -200,6 +222,12 @@ async def test_reauth(
assert mock_config_entry.data["token"].get("refresh_token") == "mock-refresh-token" assert mock_config_entry.data["token"].get("refresh_token") == "mock-refresh-token"
@pytest.mark.parametrize(
("user_id", "reason"),
[
("wrong_user_id", "wrong_account"),
],
)
async def test_reauth_wrong_account( async def test_reauth_wrong_account(
hass: HomeAssistant, hass: HomeAssistant,
hass_client_no_auth: ClientSessionGenerator, hass_client_no_auth: ClientSessionGenerator,
@ -208,6 +236,9 @@ async def test_reauth_wrong_account(
current_request_with_host: None, current_request_with_host: None,
mock_automower_client: AsyncMock, mock_automower_client: AsyncMock,
jwt, jwt,
user_id: str,
reason: str,
scope: str,
) -> None: ) -> None:
"""Test the reauthentication aborts, if user tries to reauthenticate with another account.""" """Test the reauthentication aborts, if user tries to reauthenticate with another account."""
@ -247,7 +278,7 @@ async def test_reauth_wrong_account(
"expires_in": 86399, "expires_in": 86399,
"refresh_token": "mock-refresh-token", "refresh_token": "mock-refresh-token",
"provider": "husqvarna", "provider": "husqvarna",
"user_id": "wrong-user-id", "user_id": user_id,
"token_type": "Bearer", "token_type": "Bearer",
"expires_at": 1697753347, "expires_at": 1697753347,
}, },
@ -262,7 +293,7 @@ async def test_reauth_wrong_account(
assert len(hass.config_entries.async_entries(DOMAIN)) == 1 assert len(hass.config_entries.async_entries(DOMAIN)) == 1
assert result.get("type") is FlowResultType.ABORT assert result.get("type") is FlowResultType.ABORT
assert result.get("reason") == "wrong_account" assert result.get("reason") == reason
assert mock_config_entry.unique_id == USER_ID assert mock_config_entry.unique_id == USER_ID
assert "token" in mock_config_entry.data assert "token" in mock_config_entry.data

20
tests/components/husqvarna_automower/test_init.py
View File

@ -43,6 +43,26 @@ async def test_load_unload_entry(
assert entry.state is ConfigEntryState.NOT_LOADED assert entry.state is ConfigEntryState.NOT_LOADED
@pytest.mark.parametrize(
("scope"),
[
("iam:read"),
],
)
async def test_load_missing_scope(
hass: HomeAssistant,
mock_automower_client: AsyncMock,
mock_config_entry: MockConfigEntry,
) -> None:
"""Test if the entry starts a reauth with the missing token scope."""
await setup_integration(hass, mock_config_entry)
assert mock_config_entry.state is ConfigEntryState.SETUP_ERROR
flows = hass.config_entries.flow.async_progress()
assert len(flows) == 1
result = flows[0]
assert result["step_id"] == "missing_scope"
@pytest.mark.parametrize( @pytest.mark.parametrize(
("expires_at", "status", "expected_state"), ("expires_at", "status", "expected_state"),
[ [