mirror of
https://github.com/home-assistant/core.git
synced 2025-07-10 14:57:09 +00:00
Add reauth for missing token scope in Husqvarna Automower (#117098)
* Add repair for wrong token scope to Husqvarna Automower * avoid new installations with missing scope * tweaks * just reauth * texts * Add link to correct account * Update homeassistant/components/husqvarna_automower/strings.json Co-authored-by: Martin Hjelmare <marhje52@gmail.com> * Update homeassistant/components/husqvarna_automower/strings.json Co-authored-by: Martin Hjelmare <marhje52@gmail.com> * Update homeassistant/components/husqvarna_automower/strings.json Co-authored-by: Martin Hjelmare <marhje52@gmail.com> * Add comment * directly assert mock_missing_scope_config_entry.state is loaded * assert that a flow is started * pass complete url to strings and simplify texts * shorten long line * address review * simplify tests * grammar * remove obsolete fixture * fix test * Update tests/components/husqvarna_automower/test_init.py Co-authored-by: Martin Hjelmare <marhje52@gmail.com> * test if reauth flow has started --------- Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
This commit is contained in:
parent
9c97269fad
commit
b2996844be
@ -57,6 +57,11 @@ async def async_setup_entry(hass: HomeAssistant, entry: ConfigEntry) -> bool:
|
|||||||
|
|
||||||
hass.data.setdefault(DOMAIN, {})[entry.entry_id] = coordinator
|
hass.data.setdefault(DOMAIN, {})[entry.entry_id] = coordinator
|
||||||
|
|
||||||
|
if "amc:api" not in entry.data["token"]["scope"]:
|
||||||
|
# We raise ConfigEntryAuthFailed here because the websocket can't be used
|
||||||
|
# without the scope. So only polling would be possible.
|
||||||
|
raise ConfigEntryAuthFailed
|
||||||
|
|
||||||
await hass.config_entries.async_forward_entry_setups(entry, PLATFORMS)
|
await hass.config_entries.async_forward_entry_setups(entry, PLATFORMS)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
@ -13,7 +13,9 @@ from homeassistant.helpers import config_entry_oauth2_flow
|
|||||||
from .const import DOMAIN, NAME
|
from .const import DOMAIN, NAME
|
||||||
|
|
||||||
_LOGGER = logging.getLogger(__name__)
|
_LOGGER = logging.getLogger(__name__)
|
||||||
|
|
||||||
CONF_USER_ID = "user_id"
|
CONF_USER_ID = "user_id"
|
||||||
|
HUSQVARNA_DEV_PORTAL_URL = "https://developer.husqvarnagroup.cloud/applications"
|
||||||
|
|
||||||
|
|
||||||
class HusqvarnaConfigFlowHandler(
|
class HusqvarnaConfigFlowHandler(
|
||||||
@ -29,8 +31,14 @@ class HusqvarnaConfigFlowHandler(
|
|||||||
async def async_oauth_create_entry(self, data: dict[str, Any]) -> ConfigFlowResult:
|
async def async_oauth_create_entry(self, data: dict[str, Any]) -> ConfigFlowResult:
|
||||||
"""Create an entry for the flow."""
|
"""Create an entry for the flow."""
|
||||||
token = data[CONF_TOKEN]
|
token = data[CONF_TOKEN]
|
||||||
|
if "amc:api" not in token["scope"] and not self.reauth_entry:
|
||||||
|
return self.async_abort(reason="missing_amc_scope")
|
||||||
user_id = token[CONF_USER_ID]
|
user_id = token[CONF_USER_ID]
|
||||||
if self.reauth_entry:
|
if self.reauth_entry:
|
||||||
|
if "amc:api" not in token["scope"]:
|
||||||
|
return self.async_update_reload_and_abort(
|
||||||
|
self.reauth_entry, data=data, reason="missing_amc_scope"
|
||||||
|
)
|
||||||
if self.reauth_entry.unique_id != user_id:
|
if self.reauth_entry.unique_id != user_id:
|
||||||
return self.async_abort(reason="wrong_account")
|
return self.async_abort(reason="wrong_account")
|
||||||
return self.async_update_reload_and_abort(self.reauth_entry, data=data)
|
return self.async_update_reload_and_abort(self.reauth_entry, data=data)
|
||||||
@ -56,6 +64,9 @@ class HusqvarnaConfigFlowHandler(
|
|||||||
self.reauth_entry = self.hass.config_entries.async_get_entry(
|
self.reauth_entry = self.hass.config_entries.async_get_entry(
|
||||||
self.context["entry_id"]
|
self.context["entry_id"]
|
||||||
)
|
)
|
||||||
|
if self.reauth_entry is not None:
|
||||||
|
if "amc:api" not in self.reauth_entry.data["token"]["scope"]:
|
||||||
|
return await self.async_step_missing_scope()
|
||||||
return await self.async_step_reauth_confirm()
|
return await self.async_step_reauth_confirm()
|
||||||
|
|
||||||
async def async_step_reauth_confirm(
|
async def async_step_reauth_confirm(
|
||||||
@ -65,3 +76,19 @@ class HusqvarnaConfigFlowHandler(
|
|||||||
if user_input is None:
|
if user_input is None:
|
||||||
return self.async_show_form(step_id="reauth_confirm")
|
return self.async_show_form(step_id="reauth_confirm")
|
||||||
return await self.async_step_user()
|
return await self.async_step_user()
|
||||||
|
|
||||||
|
async def async_step_missing_scope(
|
||||||
|
self, user_input: dict[str, Any] | None = None
|
||||||
|
) -> ConfigFlowResult:
|
||||||
|
"""Confirm reauth for missing scope."""
|
||||||
|
if user_input is None and self.reauth_entry is not None:
|
||||||
|
token_structured = structure_token(
|
||||||
|
self.reauth_entry.data["token"]["access_token"]
|
||||||
|
)
|
||||||
|
return self.async_show_form(
|
||||||
|
step_id="missing_scope",
|
||||||
|
description_placeholders={
|
||||||
|
"application_url": f"{HUSQVARNA_DEV_PORTAL_URL}/{token_structured.client_id}"
|
||||||
|
},
|
||||||
|
)
|
||||||
|
return await self.async_step_user()
|
||||||
|
@ -5,6 +5,10 @@
|
|||||||
"title": "[%key:common::config_flow::title::reauth%]",
|
"title": "[%key:common::config_flow::title::reauth%]",
|
||||||
"description": "The Husqvarna Automower integration needs to re-authenticate your account"
|
"description": "The Husqvarna Automower integration needs to re-authenticate your account"
|
||||||
},
|
},
|
||||||
|
"missing_scope": {
|
||||||
|
"title": "Your account is missing some API connections",
|
||||||
|
"description": "For the best experience with this integration both the `Authentication API` and the `Automower Connect API` should be connected. Please make sure that both of them are connected to your account in the [Husqvarna Developer Portal]({application_url})."
|
||||||
|
},
|
||||||
"pick_implementation": {
|
"pick_implementation": {
|
||||||
"title": "[%key:common::config_flow::title::oauth2_pick_implementation%]"
|
"title": "[%key:common::config_flow::title::oauth2_pick_implementation%]"
|
||||||
}
|
}
|
||||||
@ -22,7 +26,8 @@
|
|||||||
"oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]",
|
"oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]",
|
||||||
"oauth_failed": "[%key:common::config_flow::abort::oauth2_failed%]",
|
"oauth_failed": "[%key:common::config_flow::abort::oauth2_failed%]",
|
||||||
"reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]",
|
"reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]",
|
||||||
"wrong_account": "You can only reauthenticate this entry with the same Husqvarna account."
|
"wrong_account": "You can only reauthenticate this entry with the same Husqvarna account.",
|
||||||
|
"missing_amc_scope": "The `Authentication API` and the `Automower Connect API` are not connected to your application in the Husqvarna Developer Portal."
|
||||||
},
|
},
|
||||||
"create_entry": {
|
"create_entry": {
|
||||||
"default": "[%key:common::config_flow::create_entry::authenticated%]"
|
"default": "[%key:common::config_flow::create_entry::authenticated%]"
|
||||||
|
@ -22,7 +22,7 @@ from tests.common import MockConfigEntry, load_fixture, load_json_value_fixture
|
|||||||
|
|
||||||
|
|
||||||
@pytest.fixture(name="jwt")
|
@pytest.fixture(name="jwt")
|
||||||
def load_jwt_fixture():
|
def load_jwt_fixture() -> str:
|
||||||
"""Load Fixture data."""
|
"""Load Fixture data."""
|
||||||
return load_fixture("jwt", DOMAIN)
|
return load_fixture("jwt", DOMAIN)
|
||||||
|
|
||||||
@ -33,8 +33,14 @@ def mock_expires_at() -> float:
|
|||||||
return time.time() + 3600
|
return time.time() + 3600
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture(name="scope")
|
||||||
|
def mock_scope() -> str:
|
||||||
|
"""Fixture to set correct scope for the token."""
|
||||||
|
return "iam:read amc:api"
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def mock_config_entry(jwt, expires_at: int) -> MockConfigEntry:
|
def mock_config_entry(jwt: str, expires_at: int, scope: str) -> MockConfigEntry:
|
||||||
"""Return the default mocked config entry."""
|
"""Return the default mocked config entry."""
|
||||||
return MockConfigEntry(
|
return MockConfigEntry(
|
||||||
version=1,
|
version=1,
|
||||||
@ -44,7 +50,7 @@ def mock_config_entry(jwt, expires_at: int) -> MockConfigEntry:
|
|||||||
"auth_implementation": DOMAIN,
|
"auth_implementation": DOMAIN,
|
||||||
"token": {
|
"token": {
|
||||||
"access_token": jwt,
|
"access_token": jwt,
|
||||||
"scope": "iam:read amc:api",
|
"scope": scope,
|
||||||
"expires_in": 86399,
|
"expires_in": 86399,
|
||||||
"refresh_token": "3012bc9f-7a65-4240-b817-9154ffdcc30f",
|
"refresh_token": "3012bc9f-7a65-4240-b817-9154ffdcc30f",
|
||||||
"provider": "husqvarna",
|
"provider": "husqvarna",
|
||||||
|
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
from unittest.mock import AsyncMock, patch
|
from unittest.mock import AsyncMock, patch
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
|
||||||
from homeassistant import config_entries
|
from homeassistant import config_entries
|
||||||
from homeassistant.components.husqvarna_automower.const import (
|
from homeassistant.components.husqvarna_automower.const import (
|
||||||
DOMAIN,
|
DOMAIN,
|
||||||
@ -21,12 +23,21 @@ from tests.test_util.aiohttp import AiohttpClientMocker
|
|||||||
from tests.typing import ClientSessionGenerator
|
from tests.typing import ClientSessionGenerator
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize(
|
||||||
|
("new_scope", "amount"),
|
||||||
|
[
|
||||||
|
("iam:read amc:api", 1),
|
||||||
|
("iam:read", 0),
|
||||||
|
],
|
||||||
|
)
|
||||||
async def test_full_flow(
|
async def test_full_flow(
|
||||||
hass: HomeAssistant,
|
hass: HomeAssistant,
|
||||||
hass_client_no_auth,
|
hass_client_no_auth,
|
||||||
aioclient_mock: AiohttpClientMocker,
|
aioclient_mock: AiohttpClientMocker,
|
||||||
current_request_with_host,
|
current_request_with_host,
|
||||||
jwt,
|
jwt: str,
|
||||||
|
new_scope: str,
|
||||||
|
amount: int,
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Check full flow."""
|
"""Check full flow."""
|
||||||
result = await hass.config_entries.flow.async_init(
|
result = await hass.config_entries.flow.async_init(
|
||||||
@ -56,7 +67,7 @@ async def test_full_flow(
|
|||||||
OAUTH2_TOKEN,
|
OAUTH2_TOKEN,
|
||||||
json={
|
json={
|
||||||
"access_token": jwt,
|
"access_token": jwt,
|
||||||
"scope": "iam:read amc:api",
|
"scope": new_scope,
|
||||||
"expires_in": 86399,
|
"expires_in": 86399,
|
||||||
"refresh_token": "mock-refresh-token",
|
"refresh_token": "mock-refresh-token",
|
||||||
"provider": "husqvarna",
|
"provider": "husqvarna",
|
||||||
@ -72,8 +83,8 @@ async def test_full_flow(
|
|||||||
) as mock_setup:
|
) as mock_setup:
|
||||||
await hass.config_entries.flow.async_configure(result["flow_id"])
|
await hass.config_entries.flow.async_configure(result["flow_id"])
|
||||||
|
|
||||||
assert len(hass.config_entries.async_entries(DOMAIN)) == 1
|
assert len(hass.config_entries.async_entries(DOMAIN)) == amount
|
||||||
assert len(mock_setup.mock_calls) == 1
|
assert len(mock_setup.mock_calls) == amount
|
||||||
|
|
||||||
|
|
||||||
async def test_config_non_unique_profile(
|
async def test_config_non_unique_profile(
|
||||||
@ -129,6 +140,14 @@ async def test_config_non_unique_profile(
|
|||||||
assert result["reason"] == "already_configured"
|
assert result["reason"] == "already_configured"
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize(
|
||||||
|
("scope", "step_id", "reason", "new_scope"),
|
||||||
|
[
|
||||||
|
("iam:read amc:api", "reauth_confirm", "reauth_successful", "iam:read amc:api"),
|
||||||
|
("iam:read", "missing_scope", "reauth_successful", "iam:read amc:api"),
|
||||||
|
("iam:read", "missing_scope", "missing_amc_scope", "iam:read"),
|
||||||
|
],
|
||||||
|
)
|
||||||
async def test_reauth(
|
async def test_reauth(
|
||||||
hass: HomeAssistant,
|
hass: HomeAssistant,
|
||||||
hass_client_no_auth: ClientSessionGenerator,
|
hass_client_no_auth: ClientSessionGenerator,
|
||||||
@ -136,7 +155,10 @@ async def test_reauth(
|
|||||||
mock_config_entry: MockConfigEntry,
|
mock_config_entry: MockConfigEntry,
|
||||||
current_request_with_host: None,
|
current_request_with_host: None,
|
||||||
mock_automower_client: AsyncMock,
|
mock_automower_client: AsyncMock,
|
||||||
jwt,
|
jwt: str,
|
||||||
|
step_id: str,
|
||||||
|
new_scope: str,
|
||||||
|
reason: str,
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Test the reauthentication case updates the existing config entry."""
|
"""Test the reauthentication case updates the existing config entry."""
|
||||||
|
|
||||||
@ -148,7 +170,7 @@ async def test_reauth(
|
|||||||
flows = hass.config_entries.flow.async_progress()
|
flows = hass.config_entries.flow.async_progress()
|
||||||
assert len(flows) == 1
|
assert len(flows) == 1
|
||||||
result = flows[0]
|
result = flows[0]
|
||||||
assert result["step_id"] == "reauth_confirm"
|
assert result["step_id"] == step_id
|
||||||
|
|
||||||
result = await hass.config_entries.flow.async_configure(result["flow_id"], {})
|
result = await hass.config_entries.flow.async_configure(result["flow_id"], {})
|
||||||
state = config_entry_oauth2_flow._encode_jwt(
|
state = config_entry_oauth2_flow._encode_jwt(
|
||||||
@ -172,7 +194,7 @@ async def test_reauth(
|
|||||||
OAUTH2_TOKEN,
|
OAUTH2_TOKEN,
|
||||||
json={
|
json={
|
||||||
"access_token": "mock-updated-token",
|
"access_token": "mock-updated-token",
|
||||||
"scope": "iam:read amc:api",
|
"scope": new_scope,
|
||||||
"expires_in": 86399,
|
"expires_in": 86399,
|
||||||
"refresh_token": "mock-refresh-token",
|
"refresh_token": "mock-refresh-token",
|
||||||
"provider": "husqvarna",
|
"provider": "husqvarna",
|
||||||
@ -191,7 +213,7 @@ async def test_reauth(
|
|||||||
assert len(hass.config_entries.async_entries(DOMAIN)) == 1
|
assert len(hass.config_entries.async_entries(DOMAIN)) == 1
|
||||||
|
|
||||||
assert result.get("type") is FlowResultType.ABORT
|
assert result.get("type") is FlowResultType.ABORT
|
||||||
assert result.get("reason") == "reauth_successful"
|
assert result.get("reason") == reason
|
||||||
|
|
||||||
assert mock_config_entry.unique_id == USER_ID
|
assert mock_config_entry.unique_id == USER_ID
|
||||||
assert "token" in mock_config_entry.data
|
assert "token" in mock_config_entry.data
|
||||||
@ -200,6 +222,12 @@ async def test_reauth(
|
|||||||
assert mock_config_entry.data["token"].get("refresh_token") == "mock-refresh-token"
|
assert mock_config_entry.data["token"].get("refresh_token") == "mock-refresh-token"
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize(
|
||||||
|
("user_id", "reason"),
|
||||||
|
[
|
||||||
|
("wrong_user_id", "wrong_account"),
|
||||||
|
],
|
||||||
|
)
|
||||||
async def test_reauth_wrong_account(
|
async def test_reauth_wrong_account(
|
||||||
hass: HomeAssistant,
|
hass: HomeAssistant,
|
||||||
hass_client_no_auth: ClientSessionGenerator,
|
hass_client_no_auth: ClientSessionGenerator,
|
||||||
@ -208,6 +236,9 @@ async def test_reauth_wrong_account(
|
|||||||
current_request_with_host: None,
|
current_request_with_host: None,
|
||||||
mock_automower_client: AsyncMock,
|
mock_automower_client: AsyncMock,
|
||||||
jwt,
|
jwt,
|
||||||
|
user_id: str,
|
||||||
|
reason: str,
|
||||||
|
scope: str,
|
||||||
) -> None:
|
) -> None:
|
||||||
"""Test the reauthentication aborts, if user tries to reauthenticate with another account."""
|
"""Test the reauthentication aborts, if user tries to reauthenticate with another account."""
|
||||||
|
|
||||||
@ -247,7 +278,7 @@ async def test_reauth_wrong_account(
|
|||||||
"expires_in": 86399,
|
"expires_in": 86399,
|
||||||
"refresh_token": "mock-refresh-token",
|
"refresh_token": "mock-refresh-token",
|
||||||
"provider": "husqvarna",
|
"provider": "husqvarna",
|
||||||
"user_id": "wrong-user-id",
|
"user_id": user_id,
|
||||||
"token_type": "Bearer",
|
"token_type": "Bearer",
|
||||||
"expires_at": 1697753347,
|
"expires_at": 1697753347,
|
||||||
},
|
},
|
||||||
@ -262,7 +293,7 @@ async def test_reauth_wrong_account(
|
|||||||
assert len(hass.config_entries.async_entries(DOMAIN)) == 1
|
assert len(hass.config_entries.async_entries(DOMAIN)) == 1
|
||||||
|
|
||||||
assert result.get("type") is FlowResultType.ABORT
|
assert result.get("type") is FlowResultType.ABORT
|
||||||
assert result.get("reason") == "wrong_account"
|
assert result.get("reason") == reason
|
||||||
|
|
||||||
assert mock_config_entry.unique_id == USER_ID
|
assert mock_config_entry.unique_id == USER_ID
|
||||||
assert "token" in mock_config_entry.data
|
assert "token" in mock_config_entry.data
|
||||||
|
@ -43,6 +43,26 @@ async def test_load_unload_entry(
|
|||||||
assert entry.state is ConfigEntryState.NOT_LOADED
|
assert entry.state is ConfigEntryState.NOT_LOADED
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize(
|
||||||
|
("scope"),
|
||||||
|
[
|
||||||
|
("iam:read"),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
async def test_load_missing_scope(
|
||||||
|
hass: HomeAssistant,
|
||||||
|
mock_automower_client: AsyncMock,
|
||||||
|
mock_config_entry: MockConfigEntry,
|
||||||
|
) -> None:
|
||||||
|
"""Test if the entry starts a reauth with the missing token scope."""
|
||||||
|
await setup_integration(hass, mock_config_entry)
|
||||||
|
assert mock_config_entry.state is ConfigEntryState.SETUP_ERROR
|
||||||
|
flows = hass.config_entries.flow.async_progress()
|
||||||
|
assert len(flows) == 1
|
||||||
|
result = flows[0]
|
||||||
|
assert result["step_id"] == "missing_scope"
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize(
|
@pytest.mark.parametrize(
|
||||||
("expires_at", "status", "expected_state"),
|
("expires_at", "status", "expected_state"),
|
||||||
[
|
[
|
||||||
|
Loading…
x
Reference in New Issue
Block a user