mirror of
https://github.com/home-assistant/core.git
synced 2025-07-22 20:57:21 +00:00
Block cloud explicitely from trusted networks (#59333)
* Block cloud explicitely from trusted networks * Lint
This commit is contained in:
parent
13067003cb
commit
e30e4d5c6d
@ -194,6 +194,12 @@ class TrustedNetworksAuthProvider(AuthProvider):
|
|||||||
if any(ip_addr in trusted_proxy for trusted_proxy in self.trusted_proxies):
|
if any(ip_addr in trusted_proxy for trusted_proxy in self.trusted_proxies):
|
||||||
raise InvalidAuthError("Can't allow access from a proxy server")
|
raise InvalidAuthError("Can't allow access from a proxy server")
|
||||||
|
|
||||||
|
if "cloud" in self.hass.config.components:
|
||||||
|
from hass_nabucasa import remote # pylint: disable=import-outside-toplevel
|
||||||
|
|
||||||
|
if remote.is_cloud_request.get():
|
||||||
|
raise InvalidAuthError("Can't allow access from Home Assistant Cloud")
|
||||||
|
|
||||||
@callback
|
@callback
|
||||||
def async_validate_refresh_token(
|
def async_validate_refresh_token(
|
||||||
self, refresh_token: RefreshToken, remote_ip: str | None = None
|
self, refresh_token: RefreshToken, remote_ip: str | None = None
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
from ipaddress import ip_address, ip_network
|
from ipaddress import ip_address, ip_network
|
||||||
from unittest.mock import Mock, patch
|
from unittest.mock import Mock, patch
|
||||||
|
|
||||||
|
from hass_nabucasa import remote
|
||||||
import pytest
|
import pytest
|
||||||
import voluptuous as vol
|
import voluptuous as vol
|
||||||
|
|
||||||
@ -169,6 +170,27 @@ async def test_validate_access_proxy(hass, provider):
|
|||||||
provider.async_validate_access(ip_address("fd00::1"))
|
provider.async_validate_access(ip_address("fd00::1"))
|
||||||
|
|
||||||
|
|
||||||
|
async def test_validate_access_cloud(hass, provider):
|
||||||
|
"""Test validate access from trusted networks are blocked from cloud."""
|
||||||
|
await async_setup_component(
|
||||||
|
hass,
|
||||||
|
"http",
|
||||||
|
{
|
||||||
|
"http": {
|
||||||
|
CONF_TRUSTED_PROXIES: ["192.168.128.0/31", "fd00::1"],
|
||||||
|
CONF_USE_X_FORWARDED_FOR: True,
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
hass.config.components.add("cloud")
|
||||||
|
|
||||||
|
provider.async_validate_access(ip_address("192.168.128.2"))
|
||||||
|
|
||||||
|
remote.is_cloud_request.set(True)
|
||||||
|
with pytest.raises(tn_auth.InvalidAuthError):
|
||||||
|
provider.async_validate_access(ip_address("192.168.128.2"))
|
||||||
|
|
||||||
|
|
||||||
async def test_validate_refresh_token(provider):
|
async def test_validate_refresh_token(provider):
|
||||||
"""Verify re-validation of refresh token."""
|
"""Verify re-validation of refresh token."""
|
||||||
with patch.object(provider, "async_validate_access") as mock:
|
with patch.object(provider, "async_validate_access") as mock:
|
||||||
|
Loading…
x
Reference in New Issue
Block a user