Merge pull request #15806 from home-assistant/rc

0.75.0
Merge remote-tracking branch 'origin/master' into rc
2025-09-20 10:29:26 +00:00 · 2018-08-03 16:45:24 +02:00 · 2018-08-03 14:25:36 +02:00 · 2018-08-03 14:23:12 +02:00 · 2018-08-03 14:22:40 +02:00 · 2018-08-03 14:22:40 +02:00
836 changed files with 13237 additions and 4491 deletions
--- a/.coveragerc
+++ b/.coveragerc
@@ -64,6 +64,8 @@ omit =
    homeassistant/components/cast/*
    homeassistant/components/*/cast.py

+    homeassistant/components/cloudflare.py
+
    homeassistant/components/comfoconnect.py
    homeassistant/components/*/comfoconnect.py

@@ -249,6 +251,9 @@ omit =
    homeassistant/components/scsgate.py
    homeassistant/components/*/scsgate.py

+    homeassistant/components/sisyphus.py
+    homeassistant/components/*/sisyphus.py
+
    homeassistant/components/skybell.py
    homeassistant/components/*/skybell.py

@@ -341,6 +346,12 @@ omit =
    homeassistant/components/zoneminder.py
    homeassistant/components/*/zoneminder.py

+    homeassistant/components/tuya.py
+    homeassistant/components/*/tuya.py
+
+    homeassistant/components/spider.py
+    homeassistant/components/*/spider.py
+
    homeassistant/components/alarm_control_panel/alarmdotcom.py
    homeassistant/components/alarm_control_panel/canary.py
    homeassistant/components/alarm_control_panel/concord232.py
@@ -393,6 +404,8 @@ omit =
    homeassistant/components/climate/touchline.py
    homeassistant/components/climate/venstar.py
    homeassistant/components/climate/zhong_hong.py
+    homeassistant/components/cover/aladdin_connect.py
+    homeassistant/components/cover/brunt.py
    homeassistant/components/cover/garadget.py
    homeassistant/components/cover/gogogate2.py
    homeassistant/components/cover/homematic.py
@@ -456,6 +469,7 @@ omit =
    homeassistant/components/light/decora_wifi.py
    homeassistant/components/light/decora.py
    homeassistant/components/light/flux_led.py
+    homeassistant/components/light/futurenow.py
    homeassistant/components/light/greenwave.py
    homeassistant/components/light/hue.py
    homeassistant/components/light/hyperion.py
@@ -612,6 +626,7 @@ omit =
    homeassistant/components/sensor/domain_expiry.py
    homeassistant/components/sensor/dte_energy_bridge.py
    homeassistant/components/sensor/dublin_bus_transport.py
+    homeassistant/components/sensor/duke_energy.py
    homeassistant/components/sensor/dwd_weather_warnings.py
    homeassistant/components/sensor/ebox.py
    homeassistant/components/sensor/eddystone_temperature.py
@@ -651,6 +666,7 @@ omit =
    homeassistant/components/sensor/loopenergy.py
    homeassistant/components/sensor/luftdaten.py
    homeassistant/components/sensor/lyft.py
+    homeassistant/components/sensor/magicseaweed.py
    homeassistant/components/sensor/metoffice.py
    homeassistant/components/sensor/miflora.py
    homeassistant/components/sensor/mitemp_bt.py
--- a/.isort.cfg
+++ b/.isort.cfg
@@ -0,0 +1,2 @@
+[settings]
+multi_line_output=4
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,11 +16,17 @@ matrix:
      env: TOXENV=py35
    - python: "3.6"
      env: TOXENV=py36
-    # - python: "3.6-dev"
-    #   env: TOXENV=py36
-  # allow_failures:
-  #   - python: "3.5"
-  #     env: TOXENV=typing
+    - python: "3.7"
+      env: TOXENV=py37
+      dist: xenial
+    - python: "3.8-dev"
+      env: TOXENV=py38
+      dist: xenial
+      if: branch = dev AND type = push
+  allow_failures:
+    - python: "3.8-dev"
+      env: TOXENV=py38
+      dist: xenial

 cache:
  directories:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
 # Contributing to Home Assistant

-Everybody is invited and welcome to contribute to Home Assistant. There is a lot to do...if you are not a developer perhaps you would like to help with the documentation on [home-assistant.io](https://home-assistant.io/)? If you are a developer and have devices in your home which aren't working with Home Assistant yet, why not spent a couple of hours and help to integrate them?
+Everybody is invited and welcome to contribute to Home Assistant. There is a lot to do...if you are not a developer perhaps you would like to help with the documentation on [home-assistant.io](https://home-assistant.io/)? If you are a developer and have devices in your home which aren't working with Home Assistant yet, why not spend a couple of hours and help to integrate them?

 The process is straight-forward.

--- a/homeassistant/main.py
+++ b/homeassistant/main.py
@@ -8,7 +8,7 @@ import subprocess
 import sys
 import threading

-from typing import Optional, List, Dict, Any  # noqa #pylint: disable=unused-import
+from typing import List, Dict, Any  # noqa pylint: disable=unused-import


 from homeassistant import monkey_patch
@@ -20,7 +20,7 @@ from homeassistant.const import (
 )


-def attempt_use_uvloop():
+def attempt_use_uvloop() -> None:
    """Attempt to use uvloop."""
    import asyncio

@@ -241,7 +241,7 @@ def cmdline() -> List[str]:


 def setup_and_run_hass(config_dir: str,
-                       args: argparse.Namespace) -> Optional[int]:
+                       args: argparse.Namespace) -> int:
    """Set up HASS and run."""
    from homeassistant import bootstrap

@@ -274,17 +274,17 @@ def setup_and_run_hass(config_dir: str,
            log_no_color=args.log_no_color)

    if hass is None:
-        return None
+        return -1

    if args.open_ui:
        # Imported here to avoid importing asyncio before monkey patch
        from homeassistant.util.async_ import run_callback_threadsafe

-        def open_browser(event):
-            """Open the webinterface in a browser."""
-            if hass.config.api is not None:
+        def open_browser(_: Any) -> None:
+            """Open the web interface in a browser."""
+            if hass.config.api is not None:  # type: ignore
                import webbrowser
-                webbrowser.open(hass.config.api.base_url)
+                webbrowser.open(hass.config.api.base_url)  # type: ignore

        run_callback_threadsafe(
            hass.loop,
--- a/homeassistant/auth.py
+++ b/homeassistant/auth.py
@@ -1,670 +0,0 @@
-"""Provide an authentication layer for Home Assistant."""
-import asyncio
-import binascii
-import importlib
-import logging
-import os
-import uuid
-from collections import OrderedDict
-from datetime import datetime, timedelta
-
-import attr
-import voluptuous as vol
-from voluptuous.humanize import humanize_error
-
-from homeassistant import data_entry_flow, requirements
-from homeassistant.const import CONF_TYPE, CONF_NAME, CONF_ID
-from homeassistant.core import callback
-from homeassistant.util import dt as dt_util
-from homeassistant.util.decorator import Registry
-
-_LOGGER = logging.getLogger(__name__)
-
-STORAGE_VERSION = 1
-STORAGE_KEY = 'auth'
-
-AUTH_PROVIDERS = Registry()
-
-AUTH_PROVIDER_SCHEMA = vol.Schema({
-    vol.Required(CONF_TYPE): str,
-    vol.Optional(CONF_NAME): str,
-    # Specify ID if you have two auth providers for same type.
-    vol.Optional(CONF_ID): str,
-}, extra=vol.ALLOW_EXTRA)
-
-ACCESS_TOKEN_EXPIRATION = timedelta(minutes=30)
-DATA_REQS = 'auth_reqs_processed'
-
-
-def generate_secret(entropy: int = 32) -> str:
-    """Generate a secret.
-
-    Backport of secrets.token_hex from Python 3.6
-
-    Event loop friendly.
-    """
-    return binascii.hexlify(os.urandom(entropy)).decode('ascii')
-
-
-class AuthProvider:
-    """Provider of user authentication."""
-
-    DEFAULT_TITLE = 'Unnamed auth provider'
-
-    initialized = False
-
-    def __init__(self, hass, store, config):
-        """Initialize an auth provider."""
-        self.hass = hass
-        self.store = store
-        self.config = config
-
-    @property
-    def id(self):  # pylint: disable=invalid-name
-        """Return id of the auth provider.
-
-        Optional, can be None.
-        """
-        return self.config.get(CONF_ID)
-
-    @property
-    def type(self):
-        """Return type of the provider."""
-        return self.config[CONF_TYPE]
-
-    @property
-    def name(self):
-        """Return the name of the auth provider."""
-        return self.config.get(CONF_NAME, self.DEFAULT_TITLE)
-
-    async def async_credentials(self):
-        """Return all credentials of this provider."""
-        return await self.store.credentials_for_provider(self.type, self.id)
-
-    @callback
-    def async_create_credentials(self, data):
-        """Create credentials."""
-        return Credentials(
-            auth_provider_type=self.type,
-            auth_provider_id=self.id,
-            data=data,
-        )
-
-    # Implement by extending class
-
-    async def async_initialize(self):
-        """Initialize the auth provider.
-
-        Optional.
-        """
-
-    async def async_credential_flow(self):
-        """Return the data flow for logging in with auth provider."""
-        raise NotImplementedError
-
-    async def async_get_or_create_credentials(self, flow_result):
-        """Get credentials based on the flow result."""
-        raise NotImplementedError
-
-    async def async_user_meta_for_credentials(self, credentials):
-        """Return extra user metadata for credentials.
-
-        Will be used to populate info when creating a new user.
-        """
-        return {}
-
-
-@attr.s(slots=True)
-class User:
-    """A user."""
-
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    is_owner = attr.ib(type=bool, default=False)
-    is_active = attr.ib(type=bool, default=False)
-    name = attr.ib(type=str, default=None)
-
-    # List of credentials of a user.
-    credentials = attr.ib(type=list, default=attr.Factory(list), cmp=False)
-
-    # Tokens associated with a user.
-    refresh_tokens = attr.ib(type=dict, default=attr.Factory(dict), cmp=False)
-
-
-@attr.s(slots=True)
-class RefreshToken:
-    """RefreshToken for a user to grant new access tokens."""
-
-    user = attr.ib(type=User)
-    client_id = attr.ib(type=str)
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
-    access_token_expiration = attr.ib(type=timedelta,
-                                      default=ACCESS_TOKEN_EXPIRATION)
-    token = attr.ib(type=str,
-                    default=attr.Factory(lambda: generate_secret(64)))
-    access_tokens = attr.ib(type=list, default=attr.Factory(list), cmp=False)
-
-
-@attr.s(slots=True)
-class AccessToken:
-    """Access token to access the API.
-
-    These will only ever be stored in memory and not be persisted.
-    """
-
-    refresh_token = attr.ib(type=RefreshToken)
-    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
-    token = attr.ib(type=str,
-                    default=attr.Factory(generate_secret))
-
-    @property
-    def expired(self):
-        """Return if this token has expired."""
-        expires = self.created_at + self.refresh_token.access_token_expiration
-        return dt_util.utcnow() > expires
-
-
-@attr.s(slots=True)
-class Credentials:
-    """Credentials for a user on an auth provider."""
-
-    auth_provider_type = attr.ib(type=str)
-    auth_provider_id = attr.ib(type=str)
-
-    # Allow the auth provider to store data to represent their auth.
-    data = attr.ib(type=dict)
-
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    is_new = attr.ib(type=bool, default=True)
-
-
-@attr.s(slots=True)
-class Client:
-    """Client that interacts with Home Assistant on behalf of a user."""
-
-    name = attr.ib(type=str)
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    secret = attr.ib(type=str, default=attr.Factory(generate_secret))
-    redirect_uris = attr.ib(type=list, default=attr.Factory(list))
-
-
-async def load_auth_provider_module(hass, provider):
-    """Load an auth provider."""
-    try:
-        module = importlib.import_module(
-            'homeassistant.auth_providers.{}'.format(provider))
-    except ImportError:
-        _LOGGER.warning('Unable to find auth provider %s', provider)
-        return None
-
-    if hass.config.skip_pip or not hasattr(module, 'REQUIREMENTS'):
-        return module
-
-    processed = hass.data.get(DATA_REQS)
-
-    if processed is None:
-        processed = hass.data[DATA_REQS] = set()
-    elif provider in processed:
-        return module
-
-    req_success = await requirements.async_process_requirements(
-        hass, 'auth provider {}'.format(provider), module.REQUIREMENTS)
-
-    if not req_success:
-        return None
-
-    return module
-
-
-async def auth_manager_from_config(hass, provider_configs):
-    """Initialize an auth manager from config."""
-    store = AuthStore(hass)
-    if provider_configs:
-        providers = await asyncio.gather(
-            *[_auth_provider_from_config(hass, store, config)
-              for config in provider_configs])
-    else:
-        providers = []
-    # So returned auth providers are in same order as config
-    provider_hash = OrderedDict()
-    for provider in providers:
-        if provider is None:
-            continue
-
-        key = (provider.type, provider.id)
-
-        if key in provider_hash:
-            _LOGGER.error(
-                'Found duplicate provider: %s. Please add unique IDs if you '
-                'want to have the same provider twice.', key)
-            continue
-
-        provider_hash[key] = provider
-    manager = AuthManager(hass, store, provider_hash)
-    return manager
-
-
-async def _auth_provider_from_config(hass, store, config):
-    """Initialize an auth provider from a config."""
-    provider_name = config[CONF_TYPE]
-    module = await load_auth_provider_module(hass, provider_name)
-
-    if module is None:
-        return None
-
-    try:
-        config = module.CONFIG_SCHEMA(config)
-    except vol.Invalid as err:
-        _LOGGER.error('Invalid configuration for auth provider %s: %s',
-                      provider_name, humanize_error(config, err))
-        return None
-
-    return AUTH_PROVIDERS[provider_name](hass, store, config)
-
-
-class AuthManager:
-    """Manage the authentication for Home Assistant."""
-
-    def __init__(self, hass, store, providers):
-        """Initialize the auth manager."""
-        self._store = store
-        self._providers = providers
-        self.login_flow = data_entry_flow.FlowManager(
-            hass, self._async_create_login_flow,
-            self._async_finish_login_flow)
-        self._access_tokens = {}
-
-    @property
-    def active(self):
-        """Return if any auth providers are registered."""
-        return bool(self._providers)
-
-    @property
-    def support_legacy(self):
-        """
-        Return if legacy_api_password auth providers are registered.
-
-        Should be removed when we removed legacy_api_password auth providers.
-        """
-        for provider_type, _ in self._providers:
-            if provider_type == 'legacy_api_password':
-                return True
-        return False
-
-    @property
-    def async_auth_providers(self):
-        """Return a list of available auth providers."""
-        return self._providers.values()
-
-    async def async_get_user(self, user_id):
-        """Retrieve a user."""
-        return await self._store.async_get_user(user_id)
-
-    async def async_get_or_create_user(self, credentials):
-        """Get or create a user."""
-        return await self._store.async_get_or_create_user(
-            credentials, self._async_get_auth_provider(credentials))
-
-    async def async_link_user(self, user, credentials):
-        """Link credentials to an existing user."""
-        await self._store.async_link_user(user, credentials)
-
-    async def async_remove_user(self, user):
-        """Remove a user."""
-        await self._store.async_remove_user(user)
-
-    async def async_create_refresh_token(self, user, client_id):
-        """Create a new refresh token for a user."""
-        return await self._store.async_create_refresh_token(user, client_id)
-
-    async def async_get_refresh_token(self, token):
-        """Get refresh token by token."""
-        return await self._store.async_get_refresh_token(token)
-
-    @callback
-    def async_create_access_token(self, refresh_token):
-        """Create a new access token."""
-        access_token = AccessToken(refresh_token)
-        self._access_tokens[access_token.token] = access_token
-        return access_token
-
-    @callback
-    def async_get_access_token(self, token):
-        """Get an access token."""
-        tkn = self._access_tokens.get(token)
-
-        if tkn is None:
-            return None
-
-        if tkn.expired:
-            self._access_tokens.pop(token)
-            return None
-
-        return tkn
-
-    async def async_create_client(self, name, *, redirect_uris=None,
-                                  no_secret=False):
-        """Create a new client."""
-        return await self._store.async_create_client(
-            name, redirect_uris, no_secret)
-
-    async def async_get_or_create_client(self, name, *, redirect_uris=None,
-                                         no_secret=False):
-        """Find a client, if not exists, create a new one."""
-        for client in await self._store.async_get_clients():
-            if client.name == name:
-                return client
-
-        return await self._store.async_create_client(
-            name, redirect_uris, no_secret)
-
-    async def async_get_client(self, client_id):
-        """Get a client."""
-        return await self._store.async_get_client(client_id)
-
-    async def _async_create_login_flow(self, handler, *, source, data):
-        """Create a login flow."""
-        auth_provider = self._providers[handler]
-
-        if not auth_provider.initialized:
-            auth_provider.initialized = True
-            await auth_provider.async_initialize()
-
-        return await auth_provider.async_credential_flow()
-
-    async def _async_finish_login_flow(self, result):
-        """Result of a credential login flow."""
-        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
-            return None
-
-        auth_provider = self._providers[result['handler']]
-        return await auth_provider.async_get_or_create_credentials(
-            result['data'])
-
-    @callback
-    def _async_get_auth_provider(self, credentials):
-        """Helper to get auth provider from a set of credentials."""
-        auth_provider_key = (credentials.auth_provider_type,
-                             credentials.auth_provider_id)
-        return self._providers[auth_provider_key]
-
-
-class AuthStore:
-    """Stores authentication info.
-
-    Any mutation to an object should happen inside the auth store.
-
-    The auth store is lazy. It won't load the data from disk until a method is
-    called that needs it.
-    """
-
-    def __init__(self, hass):
-        """Initialize the auth store."""
-        self.hass = hass
-        self._users = None
-        self._clients = None
-        self._store = hass.helpers.storage.Store(STORAGE_VERSION, STORAGE_KEY)
-
-    async def credentials_for_provider(self, provider_type, provider_id):
-        """Return credentials for specific auth provider type and id."""
-        if self._users is None:
-            await self.async_load()
-
-        return [
-            credentials
-            for user in self._users.values()
-            for credentials in user.credentials
-            if (credentials.auth_provider_type == provider_type and
-                credentials.auth_provider_id == provider_id)
-        ]
-
-    async def async_get_users(self):
-        """Retrieve all users."""
-        if self._users is None:
-            await self.async_load()
-
-        return list(self._users.values())
-
-    async def async_get_user(self, user_id):
-        """Retrieve a user."""
-        if self._users is None:
-            await self.async_load()
-
-        return self._users.get(user_id)
-
-    async def async_get_or_create_user(self, credentials, auth_provider):
-        """Get or create a new user for given credentials.
-
-        If link_user is passed in, the credentials will be linked to the passed
-        in user if the credentials are new.
-        """
-        if self._users is None:
-            await self.async_load()
-
-        # New credentials, store in user
-        if credentials.is_new:
-            info = await auth_provider.async_user_meta_for_credentials(
-                credentials)
-            # Make owner and activate user if it's the first user.
-            if self._users:
-                is_owner = False
-                is_active = False
-            else:
-                is_owner = True
-                is_active = True
-
-            new_user = User(
-                is_owner=is_owner,
-                is_active=is_active,
-                name=info.get('name'),
-            )
-            self._users[new_user.id] = new_user
-            await self.async_link_user(new_user, credentials)
-            return new_user
-
-        for user in self._users.values():
-            for creds in user.credentials:
-                if (creds.auth_provider_type == credentials.auth_provider_type
-                        and creds.auth_provider_id ==
-                        credentials.auth_provider_id):
-                    return user
-
-        raise ValueError('We got credentials with ID but found no user')
-
-    async def async_link_user(self, user, credentials):
-        """Add credentials to an existing user."""
-        user.credentials.append(credentials)
-        await self.async_save()
-        credentials.is_new = False
-
-    async def async_remove_user(self, user):
-        """Remove a user."""
-        self._users.pop(user.id)
-        await self.async_save()
-
-    async def async_create_refresh_token(self, user, client_id):
-        """Create a new token for a user."""
-        local_user = await self.async_get_user(user.id)
-        if local_user is None:
-            raise ValueError('Invalid user')
-
-        local_client = await self.async_get_client(client_id)
-        if local_client is None:
-            raise ValueError('Invalid client_id')
-
-        refresh_token = RefreshToken(user, client_id)
-        user.refresh_tokens[refresh_token.token] = refresh_token
-        await self.async_save()
-        return refresh_token
-
-    async def async_get_refresh_token(self, token):
-        """Get refresh token by token."""
-        if self._users is None:
-            await self.async_load()
-
-        for user in self._users.values():
-            refresh_token = user.refresh_tokens.get(token)
-            if refresh_token is not None:
-                return refresh_token
-
-        return None
-
-    async def async_create_client(self, name, redirect_uris, no_secret):
-        """Create a new client."""
-        if self._clients is None:
-            await self.async_load()
-
-        kwargs = {
-            'name': name,
-            'redirect_uris': redirect_uris
-        }
-
-        if no_secret:
-            kwargs['secret'] = None
-
-        client = Client(**kwargs)
-        self._clients[client.id] = client
-        await self.async_save()
-        return client
-
-    async def async_get_clients(self):
-        """Return all clients."""
-        if self._clients is None:
-            await self.async_load()
-
-        return list(self._clients.values())
-
-    async def async_get_client(self, client_id):
-        """Get a client."""
-        if self._clients is None:
-            await self.async_load()
-
-        return self._clients.get(client_id)
-
-    async def async_load(self):
-        """Load the users."""
-        data = await self._store.async_load()
-
-        # Make sure that we're not overriding data if 2 loads happened at the
-        # same time
-        if self._users is not None:
-            return
-
-        if data is None:
-            self._users = {}
-            self._clients = {}
-            return
-
-        users = {
-            user_dict['id']: User(**user_dict) for user_dict in data['users']
-        }
-
-        for cred_dict in data['credentials']:
-            users[cred_dict['user_id']].credentials.append(Credentials(
-                id=cred_dict['id'],
-                is_new=False,
-                auth_provider_type=cred_dict['auth_provider_type'],
-                auth_provider_id=cred_dict['auth_provider_id'],
-                data=cred_dict['data'],
-            ))
-
-        refresh_tokens = {}
-
-        for rt_dict in data['refresh_tokens']:
-            token = RefreshToken(
-                id=rt_dict['id'],
-                user=users[rt_dict['user_id']],
-                client_id=rt_dict['client_id'],
-                created_at=dt_util.parse_datetime(rt_dict['created_at']),
-                access_token_expiration=timedelta(
-                    seconds=rt_dict['access_token_expiration']),
-                token=rt_dict['token'],
-            )
-            refresh_tokens[token.id] = token
-            users[rt_dict['user_id']].refresh_tokens[token.token] = token
-
-        for ac_dict in data['access_tokens']:
-            refresh_token = refresh_tokens[ac_dict['refresh_token_id']]
-            token = AccessToken(
-                refresh_token=refresh_token,
-                created_at=dt_util.parse_datetime(ac_dict['created_at']),
-                token=ac_dict['token'],
-            )
-            refresh_token.access_tokens.append(token)
-
-        clients = {
-            cl_dict['id']: Client(**cl_dict) for cl_dict in data['clients']
-        }
-
-        self._users = users
-        self._clients = clients
-
-    async def async_save(self):
-        """Save users."""
-        users = [
-            {
-                'id': user.id,
-                'is_owner': user.is_owner,
-                'is_active': user.is_active,
-                'name': user.name,
-            }
-            for user in self._users.values()
-        ]
-
-        credentials = [
-            {
-                'id': credential.id,
-                'user_id': user.id,
-                'auth_provider_type': credential.auth_provider_type,
-                'auth_provider_id': credential.auth_provider_id,
-                'data': credential.data,
-            }
-            for user in self._users.values()
-            for credential in user.credentials
-        ]
-
-        refresh_tokens = [
-            {
-                'id': refresh_token.id,
-                'user_id': user.id,
-                'client_id': refresh_token.client_id,
-                'created_at': refresh_token.created_at.isoformat(),
-                'access_token_expiration':
-                    refresh_token.access_token_expiration.total_seconds(),
-                'token': refresh_token.token,
-            }
-            for user in self._users.values()
-            for refresh_token in user.refresh_tokens.values()
-        ]
-
-        access_tokens = [
-            {
-                'id': user.id,
-                'refresh_token_id': refresh_token.id,
-                'created_at': access_token.created_at.isoformat(),
-                'token': access_token.token,
-            }
-            for user in self._users.values()
-            for refresh_token in user.refresh_tokens.values()
-            for access_token in refresh_token.access_tokens
-        ]
-
-        clients = [
-            {
-                'id': client.id,
-                'name': client.name,
-                'secret': client.secret,
-                'redirect_uris': client.redirect_uris,
-            }
-            for client in self._clients.values()
-        ]
-
-        data = {
-            'users': users,
-            'clients': clients,
-            'credentials': credentials,
-            'access_tokens': access_tokens,
-            'refresh_tokens': refresh_tokens,
-        }
-
-        await self._store.async_save(data, delay=1)
--- a/homeassistant/auth/init.py
+++ b/homeassistant/auth/init.py
@@ -0,0 +1,243 @@
+"""Provide an authentication layer for Home Assistant."""
+import asyncio
+import logging
+from collections import OrderedDict
+
+from homeassistant import data_entry_flow
+from homeassistant.core import callback
+
+from . import models
+from . import auth_store
+from .providers import auth_provider_from_config
+
+_LOGGER = logging.getLogger(__name__)
+
+
+async def auth_manager_from_config(hass, provider_configs):
+    """Initialize an auth manager from config."""
+    store = auth_store.AuthStore(hass)
+    if provider_configs:
+        providers = await asyncio.gather(
+            *[auth_provider_from_config(hass, store, config)
+              for config in provider_configs])
+    else:
+        providers = []
+    # So returned auth providers are in same order as config
+    provider_hash = OrderedDict()
+    for provider in providers:
+        if provider is None:
+            continue
+
+        key = (provider.type, provider.id)
+
+        if key in provider_hash:
+            _LOGGER.error(
+                'Found duplicate provider: %s. Please add unique IDs if you '
+                'want to have the same provider twice.', key)
+            continue
+
+        provider_hash[key] = provider
+    manager = AuthManager(hass, store, provider_hash)
+    return manager
+
+
+class AuthManager:
+    """Manage the authentication for Home Assistant."""
+
+    def __init__(self, hass, store, providers):
+        """Initialize the auth manager."""
+        self._store = store
+        self._providers = providers
+        self.login_flow = data_entry_flow.FlowManager(
+            hass, self._async_create_login_flow,
+            self._async_finish_login_flow)
+        self._access_tokens = OrderedDict()
+
+    @property
+    def active(self):
+        """Return if any auth providers are registered."""
+        return bool(self._providers)
+
+    @property
+    def support_legacy(self):
+        """
+        Return if legacy_api_password auth providers are registered.
+
+        Should be removed when we removed legacy_api_password auth providers.
+        """
+        for provider_type, _ in self._providers:
+            if provider_type == 'legacy_api_password':
+                return True
+        return False
+
+    @property
+    def auth_providers(self):
+        """Return a list of available auth providers."""
+        return list(self._providers.values())
+
+    async def async_get_users(self):
+        """Retrieve all users."""
+        return await self._store.async_get_users()
+
+    async def async_get_user(self, user_id):
+        """Retrieve a user."""
+        return await self._store.async_get_user(user_id)
+
+    async def async_create_system_user(self, name):
+        """Create a system user."""
+        return await self._store.async_create_user(
+            name=name,
+            system_generated=True,
+            is_active=True,
+        )
+
+    async def async_create_user(self, name):
+        """Create a user."""
+        kwargs = {
+            'name': name,
+            'is_active': True,
+        }
+
+        if await self._user_should_be_owner():
+            kwargs['is_owner'] = True
+
+        return await self._store.async_create_user(**kwargs)
+
+    async def async_get_or_create_user(self, credentials):
+        """Get or create a user."""
+        if not credentials.is_new:
+            for user in await self._store.async_get_users():
+                for creds in user.credentials:
+                    if creds.id == credentials.id:
+                        return user
+
+            raise ValueError('Unable to find the user.')
+
+        auth_provider = self._async_get_auth_provider(credentials)
+
+        if auth_provider is None:
+            raise RuntimeError('Credential with unknown provider encountered')
+
+        info = await auth_provider.async_user_meta_for_credentials(
+            credentials)
+
+        return await self._store.async_create_user(
+            credentials=credentials,
+            name=info.get('name'),
+            is_active=info.get('is_active', False)
+        )
+
+    async def async_link_user(self, user, credentials):
+        """Link credentials to an existing user."""
+        await self._store.async_link_user(user, credentials)
+
+    async def async_remove_user(self, user):
+        """Remove a user."""
+        tasks = [
+            self.async_remove_credentials(credentials)
+            for credentials in user.credentials
+        ]
+
+        if tasks:
+            await asyncio.wait(tasks)
+
+        await self._store.async_remove_user(user)
+
+    async def async_activate_user(self, user):
+        """Activate a user."""
+        await self._store.async_activate_user(user)
+
+    async def async_deactivate_user(self, user):
+        """Deactivate a user."""
+        if user.is_owner:
+            raise ValueError('Unable to deactive the owner')
+        await self._store.async_deactivate_user(user)
+
+    async def async_remove_credentials(self, credentials):
+        """Remove credentials."""
+        provider = self._async_get_auth_provider(credentials)
+
+        if (provider is not None and
+                hasattr(provider, 'async_will_remove_credentials')):
+            await provider.async_will_remove_credentials(credentials)
+
+        await self._store.async_remove_credentials(credentials)
+
+    async def async_create_refresh_token(self, user, client_id=None):
+        """Create a new refresh token for a user."""
+        if not user.is_active:
+            raise ValueError('User is not active')
+
+        if user.system_generated and client_id is not None:
+            raise ValueError(
+                'System generated users cannot have refresh tokens connected '
+                'to a client.')
+
+        if not user.system_generated and client_id is None:
+            raise ValueError('Client is required to generate a refresh token.')
+
+        return await self._store.async_create_refresh_token(user, client_id)
+
+    async def async_get_refresh_token(self, token):
+        """Get refresh token by token."""
+        return await self._store.async_get_refresh_token(token)
+
+    @callback
+    def async_create_access_token(self, refresh_token):
+        """Create a new access token."""
+        access_token = models.AccessToken(refresh_token=refresh_token)
+        self._access_tokens[access_token.token] = access_token
+        return access_token
+
+    @callback
+    def async_get_access_token(self, token):
+        """Get an access token."""
+        tkn = self._access_tokens.get(token)
+
+        if tkn is None:
+            _LOGGER.debug('Attempt to get non-existing access token')
+            return None
+
+        if tkn.expired or not tkn.refresh_token.user.is_active:
+            if tkn.expired:
+                _LOGGER.debug('Attempt to get expired access token')
+            else:
+                _LOGGER.debug('Attempt to get access token for inactive user')
+            self._access_tokens.pop(token)
+            return None
+
+        return tkn
+
+    async def _async_create_login_flow(self, handler, *, source, data):
+        """Create a login flow."""
+        auth_provider = self._providers[handler]
+
+        return await auth_provider.async_credential_flow()
+
+    async def _async_finish_login_flow(self, result):
+        """Result of a credential login flow."""
+        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
+            return None
+
+        auth_provider = self._providers[result['handler']]
+        return await auth_provider.async_get_or_create_credentials(
+            result['data'])
+
+    @callback
+    def _async_get_auth_provider(self, credentials):
+        """Helper to get auth provider from a set of credentials."""
+        auth_provider_key = (credentials.auth_provider_type,
+                             credentials.auth_provider_id)
+        return self._providers.get(auth_provider_key)
+
+    async def _user_should_be_owner(self):
+        """Determine if user should be owner.
+
+        A user should be an owner if it is the first non-system user that is
+        being created.
+        """
+        for user in await self._store.async_get_users():
+            if not user.system_generated:
+                return False
+
+        return True
--- a/homeassistant/auth/auth_store.py
+++ b/homeassistant/auth/auth_store.py
@@ -0,0 +1,240 @@
+"""Storage for auth models."""
+from collections import OrderedDict
+from datetime import timedelta
+
+from homeassistant.util import dt as dt_util
+
+from . import models
+
+STORAGE_VERSION = 1
+STORAGE_KEY = 'auth'
+
+
+class AuthStore:
+    """Stores authentication info.
+
+    Any mutation to an object should happen inside the auth store.
+
+    The auth store is lazy. It won't load the data from disk until a method is
+    called that needs it.
+    """
+
+    def __init__(self, hass):
+        """Initialize the auth store."""
+        self.hass = hass
+        self._users = None
+        self._store = hass.helpers.storage.Store(STORAGE_VERSION, STORAGE_KEY)
+
+    async def async_get_users(self):
+        """Retrieve all users."""
+        if self._users is None:
+            await self.async_load()
+
+        return list(self._users.values())
+
+    async def async_get_user(self, user_id):
+        """Retrieve a user by id."""
+        if self._users is None:
+            await self.async_load()
+
+        return self._users.get(user_id)
+
+    async def async_create_user(self, name, is_owner=None, is_active=None,
+                                system_generated=None, credentials=None):
+        """Create a new user."""
+        if self._users is None:
+            await self.async_load()
+
+        kwargs = {
+            'name': name
+        }
+
+        if is_owner is not None:
+            kwargs['is_owner'] = is_owner
+
+        if is_active is not None:
+            kwargs['is_active'] = is_active
+
+        if system_generated is not None:
+            kwargs['system_generated'] = system_generated
+
+        new_user = models.User(**kwargs)
+
+        self._users[new_user.id] = new_user
+
+        if credentials is None:
+            await self.async_save()
+            return new_user
+
+        # Saving is done inside the link.
+        await self.async_link_user(new_user, credentials)
+        return new_user
+
+    async def async_link_user(self, user, credentials):
+        """Add credentials to an existing user."""
+        user.credentials.append(credentials)
+        await self.async_save()
+        credentials.is_new = False
+
+    async def async_remove_user(self, user):
+        """Remove a user."""
+        self._users.pop(user.id)
+        await self.async_save()
+
+    async def async_activate_user(self, user):
+        """Activate a user."""
+        user.is_active = True
+        await self.async_save()
+
+    async def async_deactivate_user(self, user):
+        """Activate a user."""
+        user.is_active = False
+        await self.async_save()
+
+    async def async_remove_credentials(self, credentials):
+        """Remove credentials."""
+        for user in self._users.values():
+            found = None
+
+            for index, cred in enumerate(user.credentials):
+                if cred is credentials:
+                    found = index
+                    break
+
+            if found is not None:
+                user.credentials.pop(found)
+                break
+
+        await self.async_save()
+
+    async def async_create_refresh_token(self, user, client_id=None):
+        """Create a new token for a user."""
+        refresh_token = models.RefreshToken(user=user, client_id=client_id)
+        user.refresh_tokens[refresh_token.token] = refresh_token
+        await self.async_save()
+        return refresh_token
+
+    async def async_get_refresh_token(self, token):
+        """Get refresh token by token."""
+        if self._users is None:
+            await self.async_load()
+
+        for user in self._users.values():
+            refresh_token = user.refresh_tokens.get(token)
+            if refresh_token is not None:
+                return refresh_token
+
+        return None
+
+    async def async_load(self):
+        """Load the users."""
+        data = await self._store.async_load()
+
+        # Make sure that we're not overriding data if 2 loads happened at the
+        # same time
+        if self._users is not None:
+            return
+
+        users = OrderedDict()
+
+        if data is None:
+            self._users = users
+            return
+
+        for user_dict in data['users']:
+            users[user_dict['id']] = models.User(**user_dict)
+
+        for cred_dict in data['credentials']:
+            users[cred_dict['user_id']].credentials.append(models.Credentials(
+                id=cred_dict['id'],
+                is_new=False,
+                auth_provider_type=cred_dict['auth_provider_type'],
+                auth_provider_id=cred_dict['auth_provider_id'],
+                data=cred_dict['data'],
+            ))
+
+        refresh_tokens = OrderedDict()
+
+        for rt_dict in data['refresh_tokens']:
+            token = models.RefreshToken(
+                id=rt_dict['id'],
+                user=users[rt_dict['user_id']],
+                client_id=rt_dict['client_id'],
+                created_at=dt_util.parse_datetime(rt_dict['created_at']),
+                access_token_expiration=timedelta(
+                    seconds=rt_dict['access_token_expiration']),
+                token=rt_dict['token'],
+            )
+            refresh_tokens[token.id] = token
+            users[rt_dict['user_id']].refresh_tokens[token.token] = token
+
+        for ac_dict in data['access_tokens']:
+            refresh_token = refresh_tokens[ac_dict['refresh_token_id']]
+            token = models.AccessToken(
+                refresh_token=refresh_token,
+                created_at=dt_util.parse_datetime(ac_dict['created_at']),
+                token=ac_dict['token'],
+            )
+            refresh_token.access_tokens.append(token)
+
+        self._users = users
+
+    async def async_save(self):
+        """Save users."""
+        users = [
+            {
+                'id': user.id,
+                'is_owner': user.is_owner,
+                'is_active': user.is_active,
+                'name': user.name,
+                'system_generated': user.system_generated,
+            }
+            for user in self._users.values()
+        ]
+
+        credentials = [
+            {
+                'id': credential.id,
+                'user_id': user.id,
+                'auth_provider_type': credential.auth_provider_type,
+                'auth_provider_id': credential.auth_provider_id,
+                'data': credential.data,
+            }
+            for user in self._users.values()
+            for credential in user.credentials
+        ]
+
+        refresh_tokens = [
+            {
+                'id': refresh_token.id,
+                'user_id': user.id,
+                'client_id': refresh_token.client_id,
+                'created_at': refresh_token.created_at.isoformat(),
+                'access_token_expiration':
+                    refresh_token.access_token_expiration.total_seconds(),
+                'token': refresh_token.token,
+            }
+            for user in self._users.values()
+            for refresh_token in user.refresh_tokens.values()
+        ]
+
+        access_tokens = [
+            {
+                'id': user.id,
+                'refresh_token_id': refresh_token.id,
+                'created_at': access_token.created_at.isoformat(),
+                'token': access_token.token,
+            }
+            for user in self._users.values()
+            for refresh_token in user.refresh_tokens.values()
+            for access_token in refresh_token.access_tokens
+        ]
+
+        data = {
+            'users': users,
+            'credentials': credentials,
+            'access_tokens': access_tokens,
+            'refresh_tokens': refresh_tokens,
+        }
+
+        await self._store.async_save(data, delay=1)
--- a/homeassistant/auth/const.py
+++ b/homeassistant/auth/const.py
@@ -0,0 +1,4 @@
+"""Constants for the auth module."""
+from datetime import timedelta
+
+ACCESS_TOKEN_EXPIRATION = timedelta(minutes=30)
--- a/homeassistant/auth/models.py
+++ b/homeassistant/auth/models.py
@@ -0,0 +1,75 @@
+"""Auth models."""
+from datetime import datetime, timedelta
+import uuid
+
+import attr
+
+from homeassistant.util import dt as dt_util
+
+from .const import ACCESS_TOKEN_EXPIRATION
+from .util import generate_secret
+
+
+@attr.s(slots=True)
+class User:
+    """A user."""
+
+    name = attr.ib(type=str)
+    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
+    is_owner = attr.ib(type=bool, default=False)
+    is_active = attr.ib(type=bool, default=False)
+    system_generated = attr.ib(type=bool, default=False)
+
+    # List of credentials of a user.
+    credentials = attr.ib(type=list, default=attr.Factory(list), cmp=False)
+
+    # Tokens associated with a user.
+    refresh_tokens = attr.ib(type=dict, default=attr.Factory(dict), cmp=False)
+
+
+@attr.s(slots=True)
+class RefreshToken:
+    """RefreshToken for a user to grant new access tokens."""
+
+    user = attr.ib(type=User)
+    client_id = attr.ib(type=str)
+    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
+    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
+    access_token_expiration = attr.ib(type=timedelta,
+                                      default=ACCESS_TOKEN_EXPIRATION)
+    token = attr.ib(type=str,
+                    default=attr.Factory(lambda: generate_secret(64)))
+    access_tokens = attr.ib(type=list, default=attr.Factory(list), cmp=False)
+
+
+@attr.s(slots=True)
+class AccessToken:
+    """Access token to access the API.
+
+    These will only ever be stored in memory and not be persisted.
+    """
+
+    refresh_token = attr.ib(type=RefreshToken)
+    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
+    token = attr.ib(type=str,
+                    default=attr.Factory(generate_secret))
+
+    @property
+    def expired(self):
+        """Return if this token has expired."""
+        expires = self.created_at + self.refresh_token.access_token_expiration
+        return dt_util.utcnow() > expires
+
+
+@attr.s(slots=True)
+class Credentials:
+    """Credentials for a user on an auth provider."""
+
+    auth_provider_type = attr.ib(type=str)
+    auth_provider_id = attr.ib(type=str)
+
+    # Allow the auth provider to store data to represent their auth.
+    data = attr.ib(type=dict)
+
+    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
+    is_new = attr.ib(type=bool, default=True)
--- a/homeassistant/auth/providers/init.py
+++ b/homeassistant/auth/providers/init.py
@@ -0,0 +1,143 @@
+"""Auth providers for Home Assistant."""
+import importlib
+import logging
+
+import voluptuous as vol
+from voluptuous.humanize import humanize_error
+
+from homeassistant import requirements
+from homeassistant.core import callback
+from homeassistant.const import CONF_TYPE, CONF_NAME, CONF_ID
+from homeassistant.util.decorator import Registry
+
+from homeassistant.auth.models import Credentials
+
+_LOGGER = logging.getLogger(__name__)
+DATA_REQS = 'auth_prov_reqs_processed'
+
+AUTH_PROVIDERS = Registry()
+
+AUTH_PROVIDER_SCHEMA = vol.Schema({
+    vol.Required(CONF_TYPE): str,
+    vol.Optional(CONF_NAME): str,
+    # Specify ID if you have two auth providers for same type.
+    vol.Optional(CONF_ID): str,
+}, extra=vol.ALLOW_EXTRA)
+
+
+async def auth_provider_from_config(hass, store, config):
+    """Initialize an auth provider from a config."""
+    provider_name = config[CONF_TYPE]
+    module = await load_auth_provider_module(hass, provider_name)
+
+    if module is None:
+        return None
+
+    try:
+        config = module.CONFIG_SCHEMA(config)
+    except vol.Invalid as err:
+        _LOGGER.error('Invalid configuration for auth provider %s: %s',
+                      provider_name, humanize_error(config, err))
+        return None
+
+    return AUTH_PROVIDERS[provider_name](hass, store, config)
+
+
+async def load_auth_provider_module(hass, provider):
+    """Load an auth provider."""
+    try:
+        module = importlib.import_module(
+            'homeassistant.auth.providers.{}'.format(provider))
+    except ImportError:
+        _LOGGER.warning('Unable to find auth provider %s', provider)
+        return None
+
+    if hass.config.skip_pip or not hasattr(module, 'REQUIREMENTS'):
+        return module
+
+    processed = hass.data.get(DATA_REQS)
+
+    if processed is None:
+        processed = hass.data[DATA_REQS] = set()
+    elif provider in processed:
+        return module
+
+    req_success = await requirements.async_process_requirements(
+        hass, 'auth provider {}'.format(provider), module.REQUIREMENTS)
+
+    if not req_success:
+        return None
+
+    processed.add(provider)
+    return module
+
+
+class AuthProvider:
+    """Provider of user authentication."""
+
+    DEFAULT_TITLE = 'Unnamed auth provider'
+
+    def __init__(self, hass, store, config):
+        """Initialize an auth provider."""
+        self.hass = hass
+        self.store = store
+        self.config = config
+
+    @property
+    def id(self):  # pylint: disable=invalid-name
+        """Return id of the auth provider.
+
+        Optional, can be None.
+        """
+        return self.config.get(CONF_ID)
+
+    @property
+    def type(self):
+        """Return type of the provider."""
+        return self.config[CONF_TYPE]
+
+    @property
+    def name(self):
+        """Return the name of the auth provider."""
+        return self.config.get(CONF_NAME, self.DEFAULT_TITLE)
+
+    async def async_credentials(self):
+        """Return all credentials of this provider."""
+        users = await self.store.async_get_users()
+        return [
+            credentials
+            for user in users
+            for credentials in user.credentials
+            if (credentials.auth_provider_type == self.type and
+                credentials.auth_provider_id == self.id)
+        ]
+
+    @callback
+    def async_create_credentials(self, data):
+        """Create credentials."""
+        return Credentials(
+            auth_provider_type=self.type,
+            auth_provider_id=self.id,
+            data=data,
+        )
+
+    # Implement by extending class
+
+    async def async_credential_flow(self):
+        """Return the data flow for logging in with auth provider."""
+        raise NotImplementedError
+
+    async def async_get_or_create_credentials(self, flow_result):
+        """Get credentials based on the flow result."""
+        raise NotImplementedError
+
+    async def async_user_meta_for_credentials(self, credentials):
+        """Return extra user metadata for credentials.
+
+        Will be used to populate info when creating a new user.
+
+        Values to populate:
+         - name: string
+         - is_active: boolean
+        """
+        return {}
--- a/homeassistant/auth/providers/homeassistant.py
+++ b/homeassistant/auth/providers/homeassistant.py
@@ -3,18 +3,33 @@ import base64
 from collections import OrderedDict
 import hashlib
 import hmac
+from typing import Dict  # noqa: F401 pylint: disable=unused-import

 import voluptuous as vol

-from homeassistant import auth, data_entry_flow
+from homeassistant import data_entry_flow
+from homeassistant.const import CONF_ID
+from homeassistant.core import callback
 from homeassistant.exceptions import HomeAssistantError

+from homeassistant.auth.util import generate_secret
+
+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS

 STORAGE_VERSION = 1
 STORAGE_KEY = 'auth_provider.homeassistant'

-CONFIG_SCHEMA = auth.AUTH_PROVIDER_SCHEMA.extend({
-}, extra=vol.PREVENT_EXTRA)
+
+def _disallow_id(conf):
+    """Disallow ID in config."""
+    if CONF_ID in conf:
+        raise vol.Invalid(
+            'ID is not allowed for the homeassistant auth provider.')
+
+    return conf
+
+
+CONFIG_SCHEMA = vol.All(AUTH_PROVIDER_SCHEMA, _disallow_id)


 class InvalidAuth(HomeAssistantError):
@@ -43,7 +58,7 @@ class Data:

        if data is None:
            data = {
-                'salt': auth.generate_secret(),
+                'salt': generate_secret(),
                'users': []
            }

@@ -54,12 +69,12 @@ class Data:
        """Return users."""
        return self._data['users']

-    def validate_login(self, username, password):
+    def validate_login(self, username: str, password: str) -> None:
        """Validate a username and password.

        Raises InvalidAuth if auth invalid.
        """
-        password = self.hash_password(password)
+        hashed = self.hash_password(password)

        found = None

@@ -70,39 +85,54 @@ class Data:

        if found is None:
            # Do one more compare to make timing the same as if user was found.
-            hmac.compare_digest(password, password)
+            hmac.compare_digest(hashed, hashed)
            raise InvalidAuth

-        if not hmac.compare_digest(password,
+        if not hmac.compare_digest(hashed,
                                   base64.b64decode(found['password'])):
            raise InvalidAuth

-    def hash_password(self, password, for_storage=False):
+    def hash_password(self, password: str, for_storage: bool = False) -> bytes:
        """Encode a password."""
        hashed = hashlib.pbkdf2_hmac(
            'sha512', password.encode(), self._data['salt'].encode(), 100000)
        if for_storage:
-            hashed = base64.b64encode(hashed).decode()
+            hashed = base64.b64encode(hashed)
        return hashed

-    def add_user(self, username, password):
-        """Add a user."""
+    def add_auth(self, username: str, password: str) -> None:
+        """Add a new authenticated user/pass."""
        if any(user['username'] == username for user in self.users):
            raise InvalidUser

        self.users.append({
            'username': username,
-            'password': self.hash_password(password, True),
+            'password': self.hash_password(password, True).decode(),
        })

-    def change_password(self, username, new_password):
-        """Update the password of a user.
+    @callback
+    def async_remove_auth(self, username: str) -> None:
+        """Remove authentication."""
+        index = None
+        for i, user in enumerate(self.users):
+            if user['username'] == username:
+                index = i
+                break
+
+        if index is None:
+            raise InvalidUser
+
+        self.users.pop(index)
+
+    def change_password(self, username: str, new_password: str) -> None:
+        """Update the password.

        Raises InvalidUser if user cannot be found.
        """
        for user in self.users:
            if user['username'] == username:
-                user['password'] = self.hash_password(new_password, True)
+                user['password'] = self.hash_password(
+                    new_password, True).decode()
                break
        else:
            raise InvalidUser
@@ -112,22 +142,33 @@ class Data:
        await self._store.async_save(self._data)


-@auth.AUTH_PROVIDERS.register('homeassistant')
-class HassAuthProvider(auth.AuthProvider):
+@AUTH_PROVIDERS.register('homeassistant')
+class HassAuthProvider(AuthProvider):
    """Auth provider based on a local storage of users in HASS config dir."""

    DEFAULT_TITLE = 'Home Assistant Local'

+    data = None
+
+    async def async_initialize(self):
+        """Initialize the auth provider."""
+        if self.data is not None:
+            return
+
+        self.data = Data(self.hass)
+        await self.data.async_load()
+
    async def async_credential_flow(self):
        """Return a flow to login."""
        return LoginFlow(self)

-    async def async_validate_login(self, username, password):
+    async def async_validate_login(self, username: str, password: str):
        """Helper to validate a username and password."""
-        data = Data(self.hass)
-        await data.async_load()
+        if self.data is None:
+            await self.async_initialize()
+
        await self.hass.async_add_executor_job(
-            data.validate_login, username, password)
+            self.data.validate_login, username, password)

    async def async_get_or_create_credentials(self, flow_result):
        """Get credentials based on the flow result."""
@@ -142,6 +183,25 @@ class HassAuthProvider(auth.AuthProvider):
            'username': username
        })

+    async def async_user_meta_for_credentials(self, credentials):
+        """Get extra info for this credential."""
+        return {
+            'name': credentials.data['username'],
+            'is_active': True,
+        }
+
+    async def async_will_remove_credentials(self, credentials):
+        """When credentials get removed, also remove the auth."""
+        if self.data is None:
+            await self.async_initialize()
+
+        try:
+            self.data.async_remove_auth(credentials.data['username'])
+            await self.data.async_save()
+        except InvalidUser:
+            # Can happen if somehow we didn't clean up a credential
+            pass
+

 class LoginFlow(data_entry_flow.FlowHandler):
    """Handler for the login flow."""
@@ -167,7 +227,7 @@ class LoginFlow(data_entry_flow.FlowHandler):
                    data=user_input
                )

-        schema = OrderedDict()
+        schema = OrderedDict()  # type: Dict[str, type]
        schema['username'] = str
        schema['password'] = str

--- a/homeassistant/auth/providers/insecure_example.py
+++ b/homeassistant/auth/providers/insecure_example.py
@@ -5,9 +5,11 @@ import hmac
 import voluptuous as vol

 from homeassistant.exceptions import HomeAssistantError
-from homeassistant import auth, data_entry_flow
+from homeassistant import data_entry_flow
 from homeassistant.core import callback

+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS
+

 USER_SCHEMA = vol.Schema({
    vol.Required('username'): str,
@@ -16,7 +18,7 @@ USER_SCHEMA = vol.Schema({
 })


-CONFIG_SCHEMA = auth.AUTH_PROVIDER_SCHEMA.extend({
+CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend({
    vol.Required('users'): [USER_SCHEMA]
 }, extra=vol.PREVENT_EXTRA)

@@ -25,8 +27,8 @@ class InvalidAuthError(HomeAssistantError):
    """Raised when submitting invalid authentication."""


-@auth.AUTH_PROVIDERS.register('insecure_example')
-class ExampleAuthProvider(auth.AuthProvider):
+@AUTH_PROVIDERS.register('insecure_example')
+class ExampleAuthProvider(AuthProvider):
    """Example auth provider based on hardcoded usernames and passwords."""

    async def async_credential_flow(self):
@@ -73,14 +75,16 @@ class ExampleAuthProvider(auth.AuthProvider):
        Will be used to populate info when creating a new user.
        """
        username = credentials.data['username']
+        info = {
+            'is_active': True,
+        }

        for user in self.config['users']:
            if user['username'] == username:
-                return {
-                    'name': user.get('name')
-                }
+                info['name'] = user.get('name')
+                break

-        return {}
+        return info


 class LoginFlow(data_entry_flow.FlowHandler):
--- a/homeassistant/auth/providers/legacy_api_password.py
+++ b/homeassistant/auth/providers/legacy_api_password.py
@@ -9,15 +9,18 @@ import hmac
 import voluptuous as vol

 from homeassistant.exceptions import HomeAssistantError
-from homeassistant import auth, data_entry_flow
+from homeassistant import data_entry_flow
 from homeassistant.core import callback

+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS
+
+
 USER_SCHEMA = vol.Schema({
    vol.Required('username'): str,
 })


-CONFIG_SCHEMA = auth.AUTH_PROVIDER_SCHEMA.extend({
+CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend({
 }, extra=vol.PREVENT_EXTRA)

 LEGACY_USER = 'homeassistant'
@@ -27,8 +30,8 @@ class InvalidAuthError(HomeAssistantError):
    """Raised when submitting invalid authentication."""


-@auth.AUTH_PROVIDERS.register('legacy_api_password')
-class LegacyApiPasswordAuthProvider(auth.AuthProvider):
+@AUTH_PROVIDERS.register('legacy_api_password')
+class LegacyApiPasswordAuthProvider(AuthProvider):
    """Example auth provider based on hardcoded usernames and passwords."""

    DEFAULT_TITLE = 'Legacy API Password'
@@ -67,7 +70,10 @@ class LegacyApiPasswordAuthProvider(auth.AuthProvider):

        Will be used to populate info when creating a new user.
        """
-        return {'name': LEGACY_USER}
+        return {
+            'name': LEGACY_USER,
+            'is_active': True,
+        }


 class LoginFlow(data_entry_flow.FlowHandler):
--- a/homeassistant/auth/util.py
+++ b/homeassistant/auth/util.py
@@ -0,0 +1,13 @@
+"""Auth utils."""
+import binascii
+import os
+
+
+def generate_secret(entropy: int = 32) -> str:
+    """Generate a secret.
+
+    Backport of secrets.token_hex from Python 3.6
+
+    Event loop friendly.
+    """
+    return binascii.hexlify(os.urandom(entropy)).decode('ascii')
--- a/homeassistant/auth_providers/init.py
+++ b/homeassistant/auth_providers/init.py
@@ -1 +0,0 @@
-"""Auth providers for Home Assistant."""
--- a/homeassistant/bootstrap.py
+++ b/homeassistant/bootstrap.py
@@ -28,9 +28,8 @@ ERROR_LOG_FILENAME = 'home-assistant.log'
 # hass.data key for logging information.
 DATA_LOGGING = 'logging'

-FIRST_INIT_COMPONENT = set((
-    'system_log', 'recorder', 'mqtt', 'mqtt_eventstream', 'logger',
-    'introduction', 'frontend', 'history'))
+FIRST_INIT_COMPONENT = {'system_log', 'recorder', 'mqtt', 'mqtt_eventstream',
+                        'logger', 'introduction', 'frontend', 'history'}


 def from_config_dict(config: Dict[str, Any],
@@ -95,7 +94,8 @@ async def async_from_config_dict(config: Dict[str, Any],
        conf_util.async_log_exception(ex, 'homeassistant', core_config, hass)
        return None

-    await hass.async_add_job(conf_util.process_ha_config_upgrade, hass)
+    await hass.async_add_executor_job(
+        conf_util.process_ha_config_upgrade, hass)

    hass.config.skip_pip = skip_pip
    if skip_pip:
@@ -137,7 +137,7 @@ async def async_from_config_dict(config: Dict[str, Any],
    for component in components:
        if component not in FIRST_INIT_COMPONENT:
            continue
-        hass.async_add_job(async_setup_component(hass, component, config))
+        hass.async_create_task(async_setup_component(hass, component, config))

    await hass.async_block_till_done()

@@ -145,7 +145,7 @@ async def async_from_config_dict(config: Dict[str, Any],
    for component in components:
        if component in FIRST_INIT_COMPONENT:
            continue
-        hass.async_add_job(async_setup_component(hass, component, config))
+        hass.async_create_task(async_setup_component(hass, component, config))

    await hass.async_block_till_done()

@@ -162,7 +162,8 @@ def from_config_file(config_path: str,
                     skip_pip: bool = True,
                     log_rotate_days: Any = None,
                     log_file: Any = None,
-                     log_no_color: bool = False):
+                     log_no_color: bool = False)\
+        -> Optional[core.HomeAssistant]:
    """Read the configuration file and try to start all the functionality.

    Will add functionality to 'hass' parameter if given,
@@ -187,7 +188,8 @@ async def async_from_config_file(config_path: str,
                                 skip_pip: bool = True,
                                 log_rotate_days: Any = None,
                                 log_file: Any = None,
-                                 log_no_color: bool = False):
+                                 log_no_color: bool = False)\
+        -> Optional[core.HomeAssistant]:
    """Read the configuration file and try to start all the functionality.

    Will add functionality to 'hass' parameter.
@@ -204,7 +206,7 @@ async def async_from_config_file(config_path: str,
                         log_no_color)

    try:
-        config_dict = await hass.async_add_job(
+        config_dict = await hass.async_add_executor_job(
            conf_util.load_yaml_config_file, config_path)
    except HomeAssistantError as err:
        _LOGGER.error("Error loading %s: %s", config_path, err)
@@ -219,8 +221,8 @@ async def async_from_config_file(config_path: str,
@core.callback
 def async_enable_logging(hass: core.HomeAssistant,
                         verbose: bool = False,
-                         log_rotate_days=None,
-                         log_file=None,
+                         log_rotate_days: Optional[int] = None,
+                         log_file: Optional[str] = None,
                         log_no_color: bool = False) -> None:
    """Set up the logging.

@@ -289,9 +291,9 @@ def async_enable_logging(hass: core.HomeAssistant,

        async_handler = AsyncHandler(hass.loop, err_handler)

-        async def async_stop_async_handler(event):
+        async def async_stop_async_handler(_: Any) -> None:
            """Cleanup async handler."""
-            logging.getLogger('').removeHandler(async_handler)
+            logging.getLogger('').removeHandler(async_handler)  # type: ignore
            await async_handler.async_close(blocking=True)

        hass.bus.async_listen_once(
--- a/homeassistant/components/init.py
+++ b/homeassistant/components/init.py
@@ -167,7 +167,7 @@ def async_setup(hass, config):
    def async_handle_core_service(call):
        """Service handler for handling core services."""
        if call.service == SERVICE_HOMEASSISTANT_STOP:
-            hass.async_add_job(hass.async_stop())
+            hass.async_create_task(hass.async_stop())
            return

        try:
@@ -183,7 +183,7 @@ def async_setup(hass, config):
            return

        if call.service == SERVICE_HOMEASSISTANT_RESTART:
-            hass.async_add_job(hass.async_stop(RESTART_EXIT_CODE))
+            hass.async_create_task(hass.async_stop(RESTART_EXIT_CODE))

    hass.services.async_register(
        ha.DOMAIN, SERVICE_HOMEASSISTANT_STOP, async_handle_core_service)
--- a/homeassistant/components/abode.py
+++ b/homeassistant/components/abode.py
@@ -85,7 +85,7 @@ ABODE_PLATFORMS = [
 ]


-class AbodeSystem(object):
+class AbodeSystem:
    """Abode System class."""

    def __init__(self, username, password, cache,
--- a/homeassistant/components/ads/init.py
+++ b/homeassistant/components/ads/init.py
@@ -110,7 +110,7 @@ NotificationItem = namedtuple(
 )


-class AdsHub(object):
+class AdsHub:
    """Representation of an ADS connection."""

    def __init__(self, ads_client):
--- a/homeassistant/components/alarm_control_panel/init.py
+++ b/homeassistant/components/alarm_control_panel/init.py
@@ -121,7 +121,7 @@ def alarm_arm_custom_bypass(hass, code=None, entity_id=None):
@asyncio.coroutine
 def async_setup(hass, config):
    """Track states and offer events for sensors."""
-    component = EntityComponent(
+    component = hass.data[DOMAIN] = EntityComponent(
        logging.getLogger(__name__), DOMAIN, hass, SCAN_INTERVAL)

    yield from component.async_setup(config)
@@ -154,6 +154,17 @@ def async_setup(hass, config):
    return True


+async def async_setup_entry(hass, entry):
+    """Setup a config entry."""
+    return await hass.data[DOMAIN].async_setup_entry(entry)
+
+
+async def async_unload_entry(hass, entry):
+    """Unload a config entry."""
+    return await hass.data[DOMAIN].async_unload_entry(entry)
+
+
+# pylint: disable=no-self-use
 class AlarmControlPanel(Entity):
    """An abstract class for alarm control devices."""

@@ -176,7 +187,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_disarm, code)
+        return self.hass.async_add_executor_job(self.alarm_disarm, code)

    def alarm_arm_home(self, code=None):
        """Send arm home command."""
@@ -187,7 +198,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_home, code)
+        return self.hass.async_add_executor_job(self.alarm_arm_home, code)

    def alarm_arm_away(self, code=None):
        """Send arm away command."""
@@ -198,7 +209,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_away, code)
+        return self.hass.async_add_executor_job(self.alarm_arm_away, code)

    def alarm_arm_night(self, code=None):
        """Send arm night command."""
@@ -209,7 +220,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_night, code)
+        return self.hass.async_add_executor_job(self.alarm_arm_night, code)

    def alarm_trigger(self, code=None):
        """Send alarm trigger command."""
@@ -220,7 +231,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_trigger, code)
+        return self.hass.async_add_executor_job(self.alarm_trigger, code)

    def alarm_arm_custom_bypass(self, code=None):
        """Send arm custom bypass command."""
@@ -231,7 +242,8 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_custom_bypass, code)
+        return self.hass.async_add_executor_job(
+            self.alarm_arm_custom_bypass, code)

    @property
    def state_attributes(self):
--- a/homeassistant/components/alarm_control_panel/alarmdotcom.py
+++ b/homeassistant/components/alarm_control_panel/alarmdotcom.py
@@ -83,7 +83,7 @@ class AlarmDotCom(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

@@ -92,9 +92,9 @@ class AlarmDotCom(alarm.AlarmControlPanel):
        """Return the state of the device."""
        if self._alarm.state.lower() == 'disarmed':
            return STATE_ALARM_DISARMED
-        elif self._alarm.state.lower() == 'armed stay':
+        if self._alarm.state.lower() == 'armed stay':
            return STATE_ALARM_ARMED_HOME
-        elif self._alarm.state.lower() == 'armed away':
+        if self._alarm.state.lower() == 'armed away':
            return STATE_ALARM_ARMED_AWAY
        return STATE_UNKNOWN

--- a/homeassistant/components/alarm_control_panel/arlo.py
+++ b/homeassistant/components/alarm_control_panel/arlo.py
@@ -122,10 +122,10 @@ class ArloBaseStation(AlarmControlPanel):
        """Convert Arlo mode to Home Assistant state."""
        if mode == ARMED:
            return STATE_ALARM_ARMED_AWAY
-        elif mode == DISARMED:
+        if mode == DISARMED:
            return STATE_ALARM_DISARMED
-        elif mode == self._home_mode_name:
+        if mode == self._home_mode_name:
            return STATE_ALARM_ARMED_HOME
-        elif mode == self._away_mode_name:
+        if mode == self._away_mode_name:
            return STATE_ALARM_ARMED_AWAY
        return mode
--- a/homeassistant/components/alarm_control_panel/canary.py
+++ b/homeassistant/components/alarm_control_panel/canary.py
@@ -55,9 +55,9 @@ class CanaryAlarm(AlarmControlPanel):
        mode = location.mode
        if mode.name == LOCATION_MODE_AWAY:
            return STATE_ALARM_ARMED_AWAY
-        elif mode.name == LOCATION_MODE_HOME:
+        if mode.name == LOCATION_MODE_HOME:
            return STATE_ALARM_ARMED_HOME
-        elif mode.name == LOCATION_MODE_NIGHT:
+        if mode.name == LOCATION_MODE_NIGHT:
            return STATE_ALARM_ARMED_NIGHT
        return None

--- a/homeassistant/components/alarm_control_panel/demo.py
+++ b/homeassistant/components/alarm_control_panel/demo.py
@@ -5,7 +5,7 @@ For more details about this platform, please refer to the documentation
 https://home-assistant.io/components/demo/
 """
 import datetime
-import homeassistant.components.alarm_control_panel.manual as manual
+from homeassistant.components.alarm_control_panel import manual
 from homeassistant.const import (
    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_CUSTOM_BYPASS,
    STATE_ALARM_ARMED_HOME, STATE_ALARM_ARMED_NIGHT,
--- a/homeassistant/components/alarm_control_panel/homematicip_cloud.py
+++ b/homeassistant/components/alarm_control_panel/homematicip_cloud.py
@@ -0,0 +1,84 @@
+"""
+Support for HomematicIP alarm control panel.
+
+For more details about this component, please refer to the documentation at
+https://home-assistant.io/components/alarm_control_panel.homematicip_cloud/
+"""
+
+import logging
+
+from homeassistant.const import (
+    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME, STATE_ALARM_DISARMED,
+    STATE_ALARM_TRIGGERED)
+from homeassistant.components.alarm_control_panel import AlarmControlPanel
+from homeassistant.components.homematicip_cloud import (
+    HomematicipGenericDevice, DOMAIN as HMIPC_DOMAIN,
+    HMIPC_HAPID)
+
+
+DEPENDENCIES = ['homematicip_cloud']
+
+_LOGGER = logging.getLogger(__name__)
+
+HMIP_ZONE_AWAY = 'EXTERNAL'
+HMIP_ZONE_HOME = 'INTERNAL'
+
+
+async def async_setup_platform(hass, config, async_add_devices,
+                               discovery_info=None):
+    """Set up the HomematicIP alarm control devices."""
+    pass
+
+
+async def async_setup_entry(hass, config_entry, async_add_devices):
+    """Set up the HomematicIP alarm control panel from a config entry."""
+    from homematicip.aio.group import AsyncSecurityZoneGroup
+
+    home = hass.data[HMIPC_DOMAIN][config_entry.data[HMIPC_HAPID]].home
+    devices = []
+    for group in home.groups:
+        if isinstance(group, AsyncSecurityZoneGroup):
+            devices.append(HomematicipSecurityZone(home, group))
+
+    if devices:
+        async_add_devices(devices)
+
+
+class HomematicipSecurityZone(HomematicipGenericDevice, AlarmControlPanel):
+    """Representation of an HomematicIP security zone group."""
+
+    def __init__(self, home, device):
+        """Initialize the security zone group."""
+        device.modelType = 'Group-SecurityZone'
+        device.windowState = ''
+        super().__init__(home, device)
+
+    @property
+    def state(self):
+        """Return the state of the device."""
+        from homematicip.base.enums import WindowState
+
+        if self._device.active:
+            if (self._device.sabotage or self._device.motionDetected or
+                    self._device.windowState == WindowState.OPEN):
+                return STATE_ALARM_TRIGGERED
+
+            active = self._home.get_security_zones_activation()
+            if active == (True, True):
+                return STATE_ALARM_ARMED_AWAY
+            if active == (False, True):
+                return STATE_ALARM_ARMED_HOME
+
+        return STATE_ALARM_DISARMED
+
+    async def async_alarm_disarm(self, code=None):
+        """Send disarm command."""
+        await self._home.set_security_zones_activation(False, False)
+
+    async def async_alarm_arm_home(self, code=None):
+        """Send arm home command."""
+        await self._home.set_security_zones_activation(True, False)
+
+    async def async_alarm_arm_away(self, code=None):
+        """Send arm away command."""
+        await self._home.set_security_zones_activation(True, True)
--- a/homeassistant/components/alarm_control_panel/ifttt.py
+++ b/homeassistant/components/alarm_control_panel/ifttt.py
@@ -128,7 +128,7 @@ class IFTTTAlarmPanel(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/manual.py
+++ b/homeassistant/components/alarm_control_panel/manual.py
@@ -205,7 +205,7 @@ class ManualAlarm(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/manual_mqtt.py
+++ b/homeassistant/components/alarm_control_panel/manual_mqtt.py
@@ -19,7 +19,7 @@ from homeassistant.const import (
    STATE_ALARM_DISARMED, STATE_ALARM_PENDING, STATE_ALARM_TRIGGERED,
    CONF_PLATFORM, CONF_NAME, CONF_CODE, CONF_DELAY_TIME, CONF_PENDING_TIME,
    CONF_TRIGGER_TIME, CONF_DISARM_AFTER_TRIGGER)
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt

 from homeassistant.helpers.event import async_track_state_change
 from homeassistant.core import callback
@@ -241,7 +241,7 @@ class ManualMQTTAlarm(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/mqtt.py
+++ b/homeassistant/components/alarm_control_panel/mqtt.py
@@ -12,7 +12,7 @@ import voluptuous as vol

 from homeassistant.core import callback
 import homeassistant.components.alarm_control_panel as alarm
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt
 from homeassistant.const import (
    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME, STATE_ALARM_DISARMED,
    STATE_ALARM_PENDING, STATE_ALARM_TRIGGERED, STATE_UNKNOWN,
@@ -49,6 +49,9 @@ PLATFORM_SCHEMA = mqtt.MQTT_BASE_PLATFORM_SCHEMA.extend({
@asyncio.coroutine
 def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
    """Set up the MQTT Alarm Control Panel platform."""
+    if discovery_info is not None:
+        config = PLATFORM_SCHEMA(discovery_info)
+
    async_add_devices([MqttAlarm(
        config.get(CONF_NAME),
        config.get(CONF_STATE_TOPIC),
@@ -123,7 +126,7 @@ class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/simplisafe.py
+++ b/homeassistant/components/alarm_control_panel/simplisafe.py
@@ -9,23 +9,22 @@ import re

 import voluptuous as vol

-import homeassistant.components.alarm_control_panel as alarm
-from homeassistant.components.alarm_control_panel import PLATFORM_SCHEMA
+from homeassistant.components.alarm_control_panel import (
+    PLATFORM_SCHEMA, AlarmControlPanel)
 from homeassistant.const import (
    CONF_CODE, CONF_NAME, CONF_PASSWORD, CONF_USERNAME,
-    EVENT_HOMEASSISTANT_STOP, STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME,
+    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME,
    STATE_ALARM_DISARMED, STATE_UNKNOWN)
 import homeassistant.helpers.config_validation as cv

-REQUIREMENTS = ['simplisafe-python==1.0.5']
+REQUIREMENTS = ['simplisafe-python==2.0.2']

 _LOGGER = logging.getLogger(__name__)

 DEFAULT_NAME = 'SimpliSafe'
-DOMAIN = 'simplisafe'

-NOTIFICATION_ID = 'simplisafe_notification'
-NOTIFICATION_TITLE = 'SimpliSafe Setup'
+ATTR_ALARM_ACTIVE = "alarm_active"
+ATTR_TEMPERATURE = "temperature"

 PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
    vol.Required(CONF_PASSWORD): cv.string,
@@ -37,36 +36,27 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({

 def setup_platform(hass, config, add_devices, discovery_info=None):
    """Set up the SimpliSafe platform."""
-    from simplipy.api import SimpliSafeApiInterface, get_systems
+    from simplipy.api import SimpliSafeApiInterface, SimpliSafeAPIException
    name = config.get(CONF_NAME)
    code = config.get(CONF_CODE)
    username = config.get(CONF_USERNAME)
    password = config.get(CONF_PASSWORD)

-    simplisafe = SimpliSafeApiInterface()
-    status = simplisafe.set_credentials(username, password)
-    if status:
-        hass.data[DOMAIN] = simplisafe
-        locations = get_systems(simplisafe)
-        for location in locations:
-            add_devices([SimpliSafeAlarm(location, name, code)])
-    else:
-        message = 'Failed to log into SimpliSafe. Check credentials.'
-        _LOGGER.error(message)
-        hass.components.persistent_notification.create(
-            message,
-            title=NOTIFICATION_TITLE,
-            notification_id=NOTIFICATION_ID)
-        return False
+    try:
+        simplisafe = SimpliSafeApiInterface(username, password)
+    except SimpliSafeAPIException:
+        _LOGGER.error("Failed to setup SimpliSafe")
+        return

-    def logout(event):
-        """Logout of the SimpliSafe API."""
-        hass.data[DOMAIN].logout()
+    systems = []

-    hass.bus.listen(EVENT_HOMEASSISTANT_STOP, logout)
+    for system in simplisafe.get_systems():
+        systems.append(SimpliSafeAlarm(system, name, code))
+
+    add_devices(systems)


-class SimpliSafeAlarm(alarm.AlarmControlPanel):
+class SimpliSafeAlarm(AlarmControlPanel):
    """Representation of a SimpliSafe alarm."""

    def __init__(self, simplisafe, name, code):
@@ -75,31 +65,37 @@ class SimpliSafeAlarm(alarm.AlarmControlPanel):
        self._name = name
        self._code = str(code) if code else None

+    @property
+    def unique_id(self):
+        """Return the unique ID."""
+        return self.simplisafe.location_id
+
    @property
    def name(self):
        """Return the name of the device."""
        if self._name is not None:
            return self._name
-        return 'Alarm {}'.format(self.simplisafe.location_id())
+        return 'Alarm {}'.format(self.simplisafe.location_id)

    @property
    def code_format(self):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

    @property
    def state(self):
        """Return the state of the device."""
-        status = self.simplisafe.state()
-        if status == 'off':
+        status = self.simplisafe.state
+        if status.lower() == 'off':
            state = STATE_ALARM_DISARMED
-        elif status == 'home':
+        elif status.lower() == 'home' or status.lower() == 'home_count':
            state = STATE_ALARM_ARMED_HOME
-        elif status == 'away':
+        elif (status.lower() == 'away' or status.lower() == 'exitDelay' or
+              status.lower() == 'away_count'):
            state = STATE_ALARM_ARMED_AWAY
        else:
            state = STATE_UNKNOWN
@@ -108,14 +104,13 @@ class SimpliSafeAlarm(alarm.AlarmControlPanel):
    @property
    def device_state_attributes(self):
        """Return the state attributes."""
-        return {
-            'alarm': self.simplisafe.alarm(),
-            'co': self.simplisafe.carbon_monoxide(),
-            'fire': self.simplisafe.fire(),
-            'flood': self.simplisafe.flood(),
-            'last_event': self.simplisafe.last_event(),
-            'temperature': self.simplisafe.temperature(),
-        }
+        attributes = {}
+
+        attributes[ATTR_ALARM_ACTIVE] = self.simplisafe.alarm_active
+        if self.simplisafe.temperature is not None:
+            attributes[ATTR_TEMPERATURE] = self.simplisafe.temperature
+
+        return attributes

    def update(self):
        """Update alarm status."""
--- a/homeassistant/components/alarmdecoder.py
+++ b/homeassistant/components/alarmdecoder.py
@@ -34,6 +34,8 @@ CONF_ZONE_NAME = 'name'
 CONF_ZONE_TYPE = 'type'
 CONF_ZONE_RFID = 'rfid'
 CONF_ZONES = 'zones'
+CONF_RELAY_ADDR = 'relayaddr'
+CONF_RELAY_CHAN = 'relaychan'

 DEFAULT_DEVICE_TYPE = 'socket'
 DEFAULT_DEVICE_HOST = 'localhost'
@@ -53,6 +55,7 @@ SIGNAL_PANEL_DISARM = 'alarmdecoder.panel_disarm'
 SIGNAL_ZONE_FAULT = 'alarmdecoder.zone_fault'
 SIGNAL_ZONE_RESTORE = 'alarmdecoder.zone_restore'
 SIGNAL_RFX_MESSAGE = 'alarmdecoder.rfx_message'
+SIGNAL_REL_MESSAGE = 'alarmdecoder.rel_message'

 DEVICE_SOCKET_SCHEMA = vol.Schema({
    vol.Required(CONF_DEVICE_TYPE): 'socket',
@@ -71,7 +74,11 @@ ZONE_SCHEMA = vol.Schema({
    vol.Required(CONF_ZONE_NAME): cv.string,
    vol.Optional(CONF_ZONE_TYPE,
                 default=DEFAULT_ZONE_TYPE): vol.Any(DEVICE_CLASSES_SCHEMA),
-    vol.Optional(CONF_ZONE_RFID): cv.string})
+    vol.Optional(CONF_ZONE_RFID): cv.string,
+    vol.Inclusive(CONF_RELAY_ADDR, 'relaylocation',
+                  'Relay address and channel must exist together'): cv.byte,
+    vol.Inclusive(CONF_RELAY_CHAN, 'relaylocation',
+                  'Relay address and channel must exist together'): cv.byte})

 CONFIG_SCHEMA = vol.Schema({
    DOMAIN: vol.Schema({
@@ -153,6 +160,11 @@ def setup(hass, config):
        hass.helpers.dispatcher.dispatcher_send(
            SIGNAL_ZONE_RESTORE, zone)

+    def handle_rel_message(sender, message):
+        """Handle relay message from AlarmDecoder."""
+        hass.helpers.dispatcher.dispatcher_send(
+            SIGNAL_REL_MESSAGE, message)
+
    controller = False
    if device_type == 'socket':
        host = device.get(CONF_DEVICE_HOST)
@@ -171,6 +183,7 @@ def setup(hass, config):
    controller.on_zone_fault += zone_fault_callback
    controller.on_zone_restore += zone_restore_callback
    controller.on_close += handle_closed_connection
+    controller.on_relay_changed += handle_rel_message

    hass.data[DATA_AD] = controller

--- a/homeassistant/components/alert.py
+++ b/homeassistant/components/alert.py
@@ -68,7 +68,7 @@ def turn_on(hass, entity_id):
 def async_turn_on(hass, entity_id):
    """Async reset the alert."""
    data = {ATTR_ENTITY_ID: entity_id}
-    hass.async_add_job(
+    hass.async_create_task(
        hass.services.async_call(DOMAIN, SERVICE_TURN_ON, data))


@@ -81,7 +81,7 @@ def turn_off(hass, entity_id):
 def async_turn_off(hass, entity_id):
    """Async acknowledge the alert."""
    data = {ATTR_ENTITY_ID: entity_id}
-    hass.async_add_job(
+    hass.async_create_task(
        hass.services.async_call(DOMAIN, SERVICE_TURN_OFF, data))


@@ -94,7 +94,7 @@ def toggle(hass, entity_id):
 def async_toggle(hass, entity_id):
    """Async toggle acknowledgement of alert."""
    data = {ATTR_ENTITY_ID: entity_id}
-    hass.async_add_job(
+    hass.async_create_task(
        hass.services.async_call(DOMAIN, SERVICE_TOGGLE, data))


@@ -217,7 +217,7 @@ class Alert(ToggleEntity):
        else:
            yield from self._schedule_notify()

-        self.hass.async_add_job(self.async_update_ha_state)
+        self.async_schedule_update_ha_state()

    @asyncio.coroutine
    def end_alerting(self):
@@ -228,7 +228,7 @@ class Alert(ToggleEntity):
        self._firing = False
        if self._done_message and self._send_done_message:
            yield from self._notify_done_message()
-        self.hass.async_add_job(self.async_update_ha_state)
+        self.async_schedule_update_ha_state()

    @asyncio.coroutine
    def _schedule_notify(self):
--- a/homeassistant/components/alexa/intent.py
+++ b/homeassistant/components/alexa/intent.py
@@ -210,7 +210,7 @@ def resolve_slot_synonyms(key, request):
    return resolved_value


-class AlexaResponse(object):
+class AlexaResponse:
    """Help generating the response for Alexa."""

    def __init__(self, hass, intent_info):
--- a/homeassistant/components/alexa/smart_home.py
+++ b/homeassistant/components/alexa/smart_home.py
@@ -55,7 +55,7 @@ HANDLERS = Registry()
 ENTITY_ADAPTERS = Registry()


-class _DisplayCategory(object):
+class _DisplayCategory:
    """Possible display categories for Discovery response.

    https://developer.amazon.com/docs/device-apis/alexa-discovery.html#display-categories
@@ -153,7 +153,7 @@ class _UnsupportedProperty(Exception):
    """This entity does not support the requested Smart Home API property."""


-class _AlexaEntity(object):
+class _AlexaEntity:
    """An adaptation of an entity, expressed in Alexa's terms.

    The API handlers should manipulate entities only through this interface.
@@ -208,7 +208,7 @@ class _AlexaEntity(object):
        raise NotImplementedError


-class _AlexaInterface(object):
+class _AlexaInterface:
    def __init__(self, entity):
        self.entity = entity

@@ -270,11 +270,14 @@ class _AlexaInterface(object):
        """Return properties serialized for an API response."""
        for prop in self.properties_supported():
            prop_name = prop['name']
-            yield {
-                'name': prop_name,
-                'namespace': self.name(),
-                'value': self.get_property(prop_name),
-            }
+            # pylint: disable=assignment-from-no-return
+            prop_value = self.get_property(prop_name)
+            if prop_value is not None:
+                yield {
+                    'name': prop_name,
+                    'namespace': self.name(),
+                    'value': prop_value,
+                }


 class _AlexaPowerController(_AlexaInterface):
@@ -312,7 +315,7 @@ class _AlexaLockController(_AlexaInterface):

        if self.entity.state == STATE_LOCKED:
            return 'LOCKED'
-        elif self.entity.state == STATE_UNLOCKED:
+        if self.entity.state == STATE_UNLOCKED:
            return 'UNLOCKED'
        return 'JAMMED'

@@ -438,14 +441,17 @@ class _AlexaThermostatController(_AlexaInterface):
        unit = self.entity.attributes[CONF_UNIT_OF_MEASUREMENT]
        temp = None
        if name == 'targetSetpoint':
-            temp = self.entity.attributes.get(ATTR_TEMPERATURE)
+            temp = self.entity.attributes.get(climate.ATTR_TEMPERATURE)
        elif name == 'lowerSetpoint':
            temp = self.entity.attributes.get(climate.ATTR_TARGET_TEMP_LOW)
        elif name == 'upperSetpoint':
            temp = self.entity.attributes.get(climate.ATTR_TARGET_TEMP_HIGH)
-        if temp is None:
+        else:
            raise _UnsupportedProperty(name)

+        if temp is None:
+            return None
+
        return {
            'value': float(temp),
            'scale': API_TEMP_UNITS[unit],
@@ -609,7 +615,7 @@ class _SensorCapabilities(_AlexaEntity):
            yield _AlexaTemperatureSensor(self.entity)


-class _Cause(object):
+class _Cause:
    """Possible causes for property changes.

    https://developer.amazon.com/docs/smarthome/state-reporting-for-a-smart-home-skill.html#cause-object
--- a/homeassistant/components/amcrest.py
+++ b/homeassistant/components/amcrest.py
@@ -164,7 +164,7 @@ def setup(hass, config):
    return True


-class AmcrestDevice(object):
+class AmcrestDevice:
    """Representation of a base Amcrest discovery device."""

    def __init__(self, camera, name, authentication, ffmpeg_arguments,
--- a/homeassistant/components/android_ip_webcam.py
+++ b/homeassistant/components/android_ip_webcam.py
@@ -214,11 +214,11 @@ def async_setup(hass, config):
                CONF_PASSWORD: password
            })

-        hass.async_add_job(discovery.async_load_platform(
+        hass.async_create_task(discovery.async_load_platform(
            hass, 'camera', 'mjpeg', mjpeg_camera, config))

        if sensors:
-            hass.async_add_job(discovery.async_load_platform(
+            hass.async_create_task(discovery.async_load_platform(
                hass, 'sensor', DOMAIN, {
                    CONF_NAME: name,
                    CONF_HOST: host,
@@ -226,7 +226,7 @@ def async_setup(hass, config):
                }, config))

        if switches:
-            hass.async_add_job(discovery.async_load_platform(
+            hass.async_create_task(discovery.async_load_platform(
                hass, 'switch', DOMAIN, {
                    CONF_NAME: name,
                    CONF_HOST: host,
@@ -234,7 +234,7 @@ def async_setup(hass, config):
                }, config))

        if motion:
-            hass.async_add_job(discovery.async_load_platform(
+            hass.async_create_task(discovery.async_load_platform(
                hass, 'binary_sensor', DOMAIN, {
                    CONF_HOST: host,
                    CONF_NAME: name,
--- a/homeassistant/components/apcupsd.py
+++ b/homeassistant/components/apcupsd.py
@@ -58,7 +58,7 @@ def setup(hass, config):
    return True


-class APCUPSdData(object):
+class APCUPSdData:
    """Stores the data retrieved from APCUPSd.

    For each entity to use, acts as the single point responsible for fetching
--- a/homeassistant/components/api.py
+++ b/homeassistant/components/api.py
@@ -220,7 +220,8 @@ class APIEntityStateView(HomeAssistantView):
        is_new_state = hass.states.get(entity_id) is None

        # Write state
-        hass.states.async_set(entity_id, new_state, attributes, force_update)
+        hass.states.async_set(entity_id, new_state, attributes, force_update,
+                              self.context(request))

        # Read the state back for our response
        status_code = HTTP_CREATED if is_new_state else 200
@@ -279,7 +280,8 @@ class APIEventView(HomeAssistantView):
                    event_data[key] = state

        request.app['hass'].bus.async_fire(
-            event_type, event_data, ha.EventOrigin.remote)
+            event_type, event_data, ha.EventOrigin.remote,
+            self.context(request))

        return self.json_message("Event {} fired.".format(event_type))

@@ -316,7 +318,8 @@ class APIDomainServicesView(HomeAssistantView):
                "Data should be valid JSON.", HTTP_BAD_REQUEST)

        with AsyncTrackStates(hass) as changed_states:
-            await hass.services.async_call(domain, service, data, True)
+            await hass.services.async_call(
+                domain, service, data, True, self.context(request))

        return self.json(changed_states)

--- a/homeassistant/components/apple_tv.py
+++ b/homeassistant/components/apple_tv.py
@@ -45,7 +45,7 @@ NOTIFICATION_AUTH_TITLE = 'Apple TV Authentication'
 NOTIFICATION_SCAN_ID = 'apple_tv_scan_notification'
 NOTIFICATION_SCAN_TITLE = 'Apple TV Scan'

-T = TypeVar('T')
+T = TypeVar('T')  # pylint: disable=invalid-name


 # This version of ensure_list interprets an empty dict as no value
@@ -218,10 +218,10 @@ def _setup_atv(hass, atv_config):
        ATTR_POWER: power
    }

-    hass.async_add_job(discovery.async_load_platform(
+    hass.async_create_task(discovery.async_load_platform(
        hass, 'media_player', DOMAIN, atv_config))

-    hass.async_add_job(discovery.async_load_platform(
+    hass.async_create_task(discovery.async_load_platform(
        hass, 'remote', DOMAIN, atv_config))


--- a/homeassistant/components/arduino.py
+++ b/homeassistant/components/arduino.py
@@ -62,7 +62,7 @@ def setup(hass, config):
    return True


-class ArduinoBoard(object):
+class ArduinoBoard:
    """Representation of an Arduino board."""

    def __init__(self, port):
--- a/homeassistant/components/arlo.py
+++ b/homeassistant/components/arlo.py
@@ -16,7 +16,7 @@ from homeassistant.const import (
 from homeassistant.helpers.event import track_time_interval
 from homeassistant.helpers.dispatcher import dispatcher_send

-REQUIREMENTS = ['pyarlo==0.1.8']
+REQUIREMENTS = ['pyarlo==0.2.0']

 _LOGGER = logging.getLogger(__name__)

--- a/homeassistant/components/asterisk_mbox.py
+++ b/homeassistant/components/asterisk_mbox.py
@@ -48,7 +48,7 @@ def setup(hass, config):
    return True


-class AsteriskData(object):
+class AsteriskData:
    """Store Asterisk mailbox data."""

    def __init__(self, hass, host, port, password):
--- a/homeassistant/components/august.py
+++ b/homeassistant/components/august.py
@@ -123,9 +123,9 @@ def setup_august(hass, config, api, authenticator):
            discovery.load_platform(hass, component, DOMAIN, {}, config)

        return True
-    elif state == AuthenticationState.BAD_PASSWORD:
+    if state == AuthenticationState.BAD_PASSWORD:
        return False
-    elif state == AuthenticationState.REQUIRES_VALIDATION:
+    if state == AuthenticationState.REQUIRES_VALIDATION:
        request_configuration(hass, config, api, authenticator)
        return True

--- a/homeassistant/components/auth/init.py
+++ b/homeassistant/components/auth/init.py
@@ -1,62 +1,5 @@
 """Component to allow users to login and get tokens.

-All requests will require passing in a valid client ID and secret via HTTP
-Basic Auth.
-
-# GET /auth/providers
-
-Return a list of auth providers. Example:
-
-[
-    {
-        "name": "Local",
-        "id": null,
-        "type": "local_provider",
-    }
-]
-
-# POST /auth/login_flow
-
-Create a login flow. Will return the first step of the flow.
-
-Pass in parameter 'handler' to specify the auth provider to use. Auth providers
-are identified by type and id.
-
-{
-    "handler": ["local_provider", null]
-}
-
-Return value will be a step in a data entry flow. See the docs for data entry
-flow for details.
-
-{
-    "data_schema": [
-        {"name": "username", "type": "string"},
-        {"name": "password", "type": "string"}
-    ],
-    "errors": {},
-    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
-    "handler": ["insecure_example", null],
-    "step_id": "init",
-    "type": "form"
-}
-
-# POST /auth/login_flow/{flow_id}
-
-Progress the flow. Most flows will be 1 page, but could optionally add extra
-login challenges, like TFA. Once the flow has finished, the returned step will
-have type "create_entry" and "result" key will contain an authorization code.
-
-{
-    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
-    "handler": ["insecure_example", null],
-    "result": "411ee2f916e648d691e937ae9344681e",
-    "source": "user",
-    "title": "Example",
-    "type": "create_entry",
-    "version": 1
-}
-
 # POST /auth/token

 This is an OAuth2 endpoint for granting tokens. We currently support the grant
@@ -104,21 +47,27 @@ a limited expiration.
 """
 import logging
 import uuid
+from datetime import timedelta

-import aiohttp.web
 import voluptuous as vol

-from homeassistant import data_entry_flow
-from homeassistant.core import callback
-from homeassistant.helpers.data_entry_flow import (
-    FlowManagerIndexView, FlowManagerResourceView)
-from homeassistant.components.http.view import HomeAssistantView
+from homeassistant.components import websocket_api
+from homeassistant.components.http.ban import log_invalid_auth
 from homeassistant.components.http.data_validator import RequestDataValidator
-
-from .client import verify_client
+from homeassistant.components.http.view import HomeAssistantView
+from homeassistant.core import callback
+from homeassistant.util import dt as dt_util
+from . import indieauth
+from . import login_flow

 DOMAIN = 'auth'
 DEPENDENCIES = ['http']
+
+WS_TYPE_CURRENT_USER = 'auth/current_user'
+SCHEMA_WS_CURRENT_USER = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend({
+    vol.Required('type'): WS_TYPE_CURRENT_USER,
+})
+
 _LOGGER = logging.getLogger(__name__)


@@ -126,129 +75,58 @@ async def async_setup(hass, config):
    """Component to allow users to login."""
    store_credentials, retrieve_credentials = _create_cred_store()

-    hass.http.register_view(AuthProvidersView)
-    hass.http.register_view(LoginFlowIndexView(hass.auth.login_flow))
-    hass.http.register_view(
-        LoginFlowResourceView(hass.auth.login_flow, store_credentials))
    hass.http.register_view(GrantTokenView(retrieve_credentials))
    hass.http.register_view(LinkUserView(retrieve_credentials))

+    hass.components.websocket_api.async_register_command(
+        WS_TYPE_CURRENT_USER, websocket_current_user,
+        SCHEMA_WS_CURRENT_USER
+    )
+
+    await login_flow.async_setup(hass, store_credentials)
+
    return True


-class AuthProvidersView(HomeAssistantView):
-    """View to get available auth providers."""
-
-    url = '/auth/providers'
-    name = 'api:auth:providers'
-    requires_auth = False
-
-    @verify_client
-    async def get(self, request, client):
-        """Get available auth providers."""
-        return self.json([{
-            'name': provider.name,
-            'id': provider.id,
-            'type': provider.type,
-        } for provider in request.app['hass'].auth.async_auth_providers])
-
-
-class LoginFlowIndexView(FlowManagerIndexView):
-    """View to create a config flow."""
-
-    url = '/auth/login_flow'
-    name = 'api:auth:login_flow'
-    requires_auth = False
-
-    async def get(self, request):
-        """Do not allow index of flows in progress."""
-        return aiohttp.web.Response(status=405)
-
-    # pylint: disable=arguments-differ
-    @verify_client
-    @RequestDataValidator(vol.Schema({
-        vol.Required('handler'): vol.Any(str, list),
-        vol.Required('redirect_uri'): str,
-    }))
-    async def post(self, request, client, data):
-        """Create a new login flow."""
-        if data['redirect_uri'] not in client.redirect_uris:
-            return self.json_message('invalid redirect uri', )
-
-        # pylint: disable=no-value-for-parameter
-        return await super().post(request)
-
-
-class LoginFlowResourceView(FlowManagerResourceView):
-    """View to interact with the flow manager."""
-
-    url = '/auth/login_flow/{flow_id}'
-    name = 'api:auth:login_flow:resource'
-    requires_auth = False
-
-    def __init__(self, flow_mgr, store_credentials):
-        """Initialize the login flow resource view."""
-        super().__init__(flow_mgr)
-        self._store_credentials = store_credentials
-
-    # pylint: disable=arguments-differ
-    async def get(self, request):
-        """Do not allow getting status of a flow in progress."""
-        return self.json_message('Invalid flow specified', 404)
-
-    # pylint: disable=arguments-differ
-    @verify_client
-    @RequestDataValidator(vol.Schema(dict), allow_empty=True)
-    async def post(self, request, client, flow_id, data):
-        """Handle progressing a login flow request."""
-        try:
-            result = await self._flow_mgr.async_configure(flow_id, data)
-        except data_entry_flow.UnknownFlow:
-            return self.json_message('Invalid flow specified', 404)
-        except vol.Invalid:
-            return self.json_message('User input malformed', 400)
-
-        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
-            return self.json(self._prepare_result_json(result))
-
-        result.pop('data')
-        result['result'] = self._store_credentials(client.id, result['result'])
-
-        return self.json(result)
-
-
 class GrantTokenView(HomeAssistantView):
    """View to grant tokens."""

    url = '/auth/token'
    name = 'api:auth:token'
    requires_auth = False
+    cors_allowed = True

    def __init__(self, retrieve_credentials):
        """Initialize the grant token view."""
        self._retrieve_credentials = retrieve_credentials

-    @verify_client
-    async def post(self, request, client):
+    @log_invalid_auth
+    async def post(self, request):
        """Grant a token."""
        hass = request.app['hass']
        data = await request.post()
+
        grant_type = data.get('grant_type')

        if grant_type == 'authorization_code':
-            return await self._async_handle_auth_code(
-                hass, client.id, data)
+            return await self._async_handle_auth_code(hass, data)

-        elif grant_type == 'refresh_token':
-            return await self._async_handle_refresh_token(
-                hass, client.id, data)
+        if grant_type == 'refresh_token':
+            return await self._async_handle_refresh_token(hass, data)

        return self.json({
            'error': 'unsupported_grant_type',
        }, status_code=400)

-    async def _async_handle_auth_code(self, hass, client_id, data):
+    async def _async_handle_auth_code(self, hass, data):
        """Handle authorization code request."""
+        client_id = data.get('client_id')
+        if client_id is None or not indieauth.verify_client_id(client_id):
+            return self.json({
+                'error': 'invalid_request',
+                'error_description': 'Invalid client id',
+            }, status_code=400)
+
        code = data.get('code')

        if code is None:
@@ -261,9 +139,17 @@ class GrantTokenView(HomeAssistantView):
        if credentials is None:
            return self.json({
                'error': 'invalid_request',
+                'error_description': 'Invalid code',
            }, status_code=400)

        user = await hass.auth.async_get_or_create_user(credentials)
+
+        if not user.is_active:
+            return self.json({
+                'error': 'access_denied',
+                'error_description': 'User is not active',
+            }, status_code=403)
+
        refresh_token = await hass.auth.async_create_refresh_token(user,
                                                                   client_id)
        access_token = hass.auth.async_create_access_token(refresh_token)
@@ -276,8 +162,15 @@ class GrantTokenView(HomeAssistantView):
                int(refresh_token.access_token_expiration.total_seconds()),
        })

-    async def _async_handle_refresh_token(self, hass, client_id, data):
+    async def _async_handle_refresh_token(self, hass, data):
        """Handle authorization code request."""
+        client_id = data.get('client_id')
+        if client_id is not None and not indieauth.verify_client_id(client_id):
+            return self.json({
+                'error': 'invalid_request',
+                'error_description': 'Invalid client id',
+            }, status_code=400)
+
        token = data.get('refresh_token')

        if token is None:
@@ -287,11 +180,16 @@ class GrantTokenView(HomeAssistantView):

        refresh_token = await hass.auth.async_get_refresh_token(token)

-        if refresh_token is None or refresh_token.client_id != client_id:
+        if refresh_token is None:
            return self.json({
                'error': 'invalid_grant',
            }, status_code=400)

+        if refresh_token.client_id != client_id:
+            return self.json({
+                'error': 'invalid_request',
+            }, status_code=400)
+
        access_token = hass.auth.async_create_access_token(refresh_token)

        return self.json({
@@ -340,12 +238,46 @@ def _create_cred_store():
    def store_credentials(client_id, credentials):
        """Store credentials and return a code to retrieve it."""
        code = uuid.uuid4().hex
-        temp_credentials[(client_id, code)] = credentials
+        temp_credentials[(client_id, code)] = (dt_util.utcnow(), credentials)
        return code

    @callback
    def retrieve_credentials(client_id, code):
        """Retrieve credentials."""
-        return temp_credentials.pop((client_id, code), None)
+        key = (client_id, code)
+
+        if key not in temp_credentials:
+            return None
+
+        created, credentials = temp_credentials.pop(key)
+
+        # OAuth 4.2.1
+        # The authorization code MUST expire shortly after it is issued to
+        # mitigate the risk of leaks.  A maximum authorization code lifetime of
+        # 10 minutes is RECOMMENDED.
+        if dt_util.utcnow() - created < timedelta(minutes=10):
+            return credentials
+
+        return None

    return store_credentials, retrieve_credentials
+
+
+@callback
+def websocket_current_user(hass, connection, msg):
+    """Return the current user."""
+    user = connection.request.get('hass_user')
+
+    if user is None:
+        connection.to_write.put_nowait(websocket_api.error_message(
+            msg['id'], 'no_user', 'Not authenticated as a user'))
+        return
+
+    connection.to_write.put_nowait(websocket_api.result_message(msg['id'], {
+        'id': user.id,
+        'name': user.name,
+        'is_owner': user.is_owner,
+        'credentials': [{'auth_provider_type': c.auth_provider_type,
+                         'auth_provider_id': c.auth_provider_id}
+                        for c in user.credentials]
+    }))
--- a/homeassistant/components/auth/client.py
+++ b/homeassistant/components/auth/client.py
@@ -1,79 +0,0 @@
-"""Helpers to resolve client ID/secret."""
-import base64
-from functools import wraps
-import hmac
-
-import aiohttp.hdrs
-
-
-def verify_client(method):
-    """Decorator to verify client id/secret on requests."""
-    @wraps(method)
-    async def wrapper(view, request, *args, **kwargs):
-        """Verify client id/secret before doing request."""
-        client = await _verify_client(request)
-
-        if client is None:
-            return view.json({
-                'error': 'invalid_client',
-            }, status_code=401)
-
-        return await method(
-            view, request, *args, **kwargs, client=client)
-
-    return wrapper
-
-
-async def _verify_client(request):
-    """Method to verify the client id/secret in consistent time.
-
-    By using a consistent time for looking up client id and comparing the
-    secret, we prevent attacks by malicious actors trying different client ids
-    and are able to derive from the time it takes to process the request if
-    they guessed the client id correctly.
-    """
-    if aiohttp.hdrs.AUTHORIZATION not in request.headers:
-        return None
-
-    auth_type, auth_value = \
-        request.headers.get(aiohttp.hdrs.AUTHORIZATION).split(' ', 1)
-
-    if auth_type != 'Basic':
-        return None
-
-    decoded = base64.b64decode(auth_value).decode('utf-8')
-    try:
-        client_id, client_secret = decoded.split(':', 1)
-    except ValueError:
-        # If no ':' in decoded
-        client_id, client_secret = decoded, None
-
-    return await async_secure_get_client(
-        request.app['hass'], client_id, client_secret)
-
-
-async def async_secure_get_client(hass, client_id, client_secret):
-    """Get a client id/secret in consistent time."""
-    client = await hass.auth.async_get_client(client_id)
-
-    if client is None:
-        if client_secret is not None:
-            # Still do a compare so we run same time as if a client was found.
-            hmac.compare_digest(client_secret.encode('utf-8'),
-                                client_secret.encode('utf-8'))
-        return None
-
-    if client.secret is None:
-        return client
-
-    elif client_secret is None:
-        # Still do a compare so we run same time as if a secret was passed.
-        hmac.compare_digest(client.secret.encode('utf-8'),
-                            client.secret.encode('utf-8'))
-        return None
-
-    elif hmac.compare_digest(client_secret.encode('utf-8'),
-                             client.secret.encode('utf-8')):
-        return client
-
-    return None
--- a/homeassistant/components/auth/indieauth.py
+++ b/homeassistant/components/auth/indieauth.py
@@ -0,0 +1,130 @@
+"""Helpers to resolve client ID/secret."""
+from ipaddress import ip_address, ip_network
+from urllib.parse import urlparse
+
+# IP addresses of loopback interfaces
+ALLOWED_IPS = (
+    ip_address('127.0.0.1'),
+    ip_address('::1'),
+)
+
+# RFC1918 - Address allocation for Private Internets
+ALLOWED_NETWORKS = (
+    ip_network('10.0.0.0/8'),
+    ip_network('172.16.0.0/12'),
+    ip_network('192.168.0.0/16'),
+)
+
+
+def verify_redirect_uri(client_id, redirect_uri):
+    """Verify that the client and redirect uri match."""
+    try:
+        client_id_parts = _parse_client_id(client_id)
+    except ValueError:
+        return False
+
+    redirect_parts = _parse_url(redirect_uri)
+
+    # IndieAuth 4.2.2 allows for redirect_uri to be on different domain
+    # but needs to be specified in link tag when fetching `client_id`.
+    # This is not implemented.
+
+    # Verify redirect url and client url have same scheme and domain.
+    return (
+        client_id_parts.scheme == redirect_parts.scheme and
+        client_id_parts.netloc == redirect_parts.netloc
+    )
+
+
+def verify_client_id(client_id):
+    """Verify that the client id is valid."""
+    try:
+        _parse_client_id(client_id)
+        return True
+    except ValueError:
+        return False
+
+
+def _parse_url(url):
+    """Parse a url in parts and canonicalize according to IndieAuth."""
+    parts = urlparse(url)
+
+    # Canonicalize a url according to IndieAuth 3.2.
+
+    # SHOULD convert the hostname to lowercase
+    parts = parts._replace(netloc=parts.netloc.lower())
+
+    # If a URL with no path component is ever encountered,
+    # it MUST be treated as if it had the path /.
+    if parts.path == '':
+        parts = parts._replace(path='/')
+
+    return parts
+
+
+def _parse_client_id(client_id):
+    """Test if client id is a valid URL according to IndieAuth section 3.2.
+
+    https://indieauth.spec.indieweb.org/#client-identifier
+    """
+    parts = _parse_url(client_id)
+
+    # Client identifier URLs
+    # MUST have either an https or http scheme
+    if parts.scheme not in ('http', 'https'):
+        raise ValueError()
+
+    # MUST contain a path component
+    # Handled by url canonicalization.
+
+    # MUST NOT contain single-dot or double-dot path segments
+    if any(segment in ('.', '..') for segment in parts.path.split('/')):
+        raise ValueError(
+            'Client ID cannot contain single-dot or double-dot path segments')
+
+    # MUST NOT contain a fragment component
+    if parts.fragment != '':
+        raise ValueError('Client ID cannot contain a fragment')
+
+    # MUST NOT contain a username or password component
+    if parts.username is not None:
+        raise ValueError('Client ID cannot contain username')
+
+    if parts.password is not None:
+        raise ValueError('Client ID cannot contain password')
+
+    # MAY contain a port
+    try:
+        # parts raises ValueError when port cannot be parsed as int
+        parts.port
+    except ValueError:
+        raise ValueError('Client ID contains invalid port')
+
+    # Additionally, hostnames
+    # MUST be domain names or a loopback interface and
+    # MUST NOT be IPv4 or IPv6 addresses except for IPv4 127.0.0.1
+    # or IPv6 [::1]
+
+    # We are not goint to follow the spec here. We are going to allow
+    # any internal network IP to be used inside a client id.
+
+    address = None
+
+    try:
+        netloc = parts.netloc
+
+        # Strip the [, ] from ipv6 addresses before parsing
+        if netloc[0] == '[' and netloc[-1] == ']':
+            netloc = netloc[1:-1]
+
+        address = ip_address(netloc)
+    except ValueError:
+        # Not an ip address
+        pass
+
+    if (address is None or
+            address in ALLOWED_IPS or
+            any(address in network for network in ALLOWED_NETWORKS)):
+        return parts
+
+    raise ValueError('Hostname should be a domain name or local IP address')
--- a/homeassistant/components/auth/login_flow.py
+++ b/homeassistant/components/auth/login_flow.py
@@ -0,0 +1,172 @@
+"""HTTP views handle login flow.
+
+# GET /auth/providers
+
+Return a list of auth providers. Example:
+
+[
+    {
+        "name": "Local",
+        "id": null,
+        "type": "local_provider",
+    }
+]
+
+
+# POST /auth/login_flow
+
+Create a login flow. Will return the first step of the flow.
+
+Pass in parameter 'client_id' and 'redirect_url' validate by indieauth.
+
+Pass in parameter 'handler' to specify the auth provider to use. Auth providers
+are identified by type and id.
+
+{
+    "client_id": "https://hassbian.local:8123/",
+    "handler": ["local_provider", null],
+    "redirect_url": "https://hassbian.local:8123/"
+}
+
+Return value will be a step in a data entry flow. See the docs for data entry
+flow for details.
+
+{
+    "data_schema": [
+        {"name": "username", "type": "string"},
+        {"name": "password", "type": "string"}
+    ],
+    "errors": {},
+    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
+    "handler": ["insecure_example", null],
+    "step_id": "init",
+    "type": "form"
+}
+
+
+# POST /auth/login_flow/{flow_id}
+
+Progress the flow. Most flows will be 1 page, but could optionally add extra
+login challenges, like TFA. Once the flow has finished, the returned step will
+have type "create_entry" and "result" key will contain an authorization code.
+
+{
+    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
+    "handler": ["insecure_example", null],
+    "result": "411ee2f916e648d691e937ae9344681e",
+    "source": "user",
+    "title": "Example",
+    "type": "create_entry",
+    "version": 1
+}
+"""
+import aiohttp.web
+import voluptuous as vol
+
+from homeassistant import data_entry_flow
+from homeassistant.components.http.ban import process_wrong_login, \
+    log_invalid_auth
+from homeassistant.components.http.data_validator import RequestDataValidator
+from homeassistant.components.http.view import HomeAssistantView
+from homeassistant.helpers.data_entry_flow import (
+    FlowManagerIndexView, FlowManagerResourceView)
+from . import indieauth
+
+
+async def async_setup(hass, store_credentials):
+    """Component to allow users to login."""
+    hass.http.register_view(AuthProvidersView)
+    hass.http.register_view(LoginFlowIndexView(hass.auth.login_flow))
+    hass.http.register_view(
+        LoginFlowResourceView(hass.auth.login_flow, store_credentials))
+
+
+class AuthProvidersView(HomeAssistantView):
+    """View to get available auth providers."""
+
+    url = '/auth/providers'
+    name = 'api:auth:providers'
+    requires_auth = False
+
+    async def get(self, request):
+        """Get available auth providers."""
+        return self.json([{
+            'name': provider.name,
+            'id': provider.id,
+            'type': provider.type,
+        } for provider in request.app['hass'].auth.auth_providers])
+
+
+class LoginFlowIndexView(FlowManagerIndexView):
+    """View to create a config flow."""
+
+    url = '/auth/login_flow'
+    name = 'api:auth:login_flow'
+    requires_auth = False
+
+    async def get(self, request):
+        """Do not allow index of flows in progress."""
+        return aiohttp.web.Response(status=405)
+
+    @RequestDataValidator(vol.Schema({
+        vol.Required('client_id'): str,
+        vol.Required('handler'): vol.Any(str, list),
+        vol.Required('redirect_uri'): str,
+    }))
+    @log_invalid_auth
+    async def post(self, request, data):
+        """Create a new login flow."""
+        if not indieauth.verify_redirect_uri(data['client_id'],
+                                             data['redirect_uri']):
+            return self.json_message('invalid client id or redirect uri', 400)
+
+        # pylint: disable=no-value-for-parameter
+        return await super().post(request)
+
+
+class LoginFlowResourceView(FlowManagerResourceView):
+    """View to interact with the flow manager."""
+
+    url = '/auth/login_flow/{flow_id}'
+    name = 'api:auth:login_flow:resource'
+    requires_auth = False
+
+    def __init__(self, flow_mgr, store_credentials):
+        """Initialize the login flow resource view."""
+        super().__init__(flow_mgr)
+        self._store_credentials = store_credentials
+
+    async def get(self, request, flow_id):
+        """Do not allow getting status of a flow in progress."""
+        return self.json_message('Invalid flow specified', 404)
+
+    @RequestDataValidator(vol.Schema({
+        'client_id': str
+    }, extra=vol.ALLOW_EXTRA))
+    @log_invalid_auth
+    async def post(self, request, flow_id, data):
+        """Handle progressing a login flow request."""
+        client_id = data.pop('client_id')
+
+        if not indieauth.verify_client_id(client_id):
+            return self.json_message('Invalid client id', 400)
+
+        try:
+            result = await self._flow_mgr.async_configure(flow_id, data)
+        except data_entry_flow.UnknownFlow:
+            return self.json_message('Invalid flow specified', 404)
+        except vol.Invalid:
+            return self.json_message('User input malformed', 400)
+
+        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
+            # @log_invalid_auth does not work here since it returns HTTP 200
+            # need manually log failed login attempts
+            if result['errors'] is not None and \
+                    result['errors'].get('base') == 'invalid_auth':
+                await process_wrong_login(request)
+            return self.json(self._prepare_result_json(result))
+
+        result.pop('data')
+        result['result'] = self._store_credentials(client_id, result['result'])
+
+        return self.json(result)
--- a/homeassistant/components/automation/init.py
+++ b/homeassistant/components/automation/init.py
@@ -297,7 +297,7 @@ class AutomationEntity(ToggleEntity):
            return

        # HomeAssistant is starting up
-        elif self.hass.state == CoreState.not_running:
+        if self.hass.state == CoreState.not_running:
            @asyncio.coroutine
            def async_enable_automation(event):
                """Start automation on startup."""
--- a/homeassistant/components/automation/homeassistant.py
+++ b/homeassistant/components/automation/homeassistant.py
@@ -44,7 +44,7 @@ def async_trigger(hass, config, action):

    # Automation are enabled while hass is starting up, fire right away
    # Check state because a config reload shouldn't trigger it.
-    elif hass.state == CoreState.starting:
+    if hass.state == CoreState.starting:
        hass.async_run_job(action, {
            'trigger': {
                'platform': 'homeassistant',
--- a/homeassistant/components/automation/mqtt.py
+++ b/homeassistant/components/automation/mqtt.py
@@ -10,7 +10,7 @@ import json
 import voluptuous as vol

 from homeassistant.core import callback
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt
 from homeassistant.const import (CONF_PLATFORM, CONF_PAYLOAD)
 import homeassistant.helpers.config_validation as cv

--- a/homeassistant/components/bbb_gpio.py
+++ b/homeassistant/components/bbb_gpio.py
@@ -19,7 +19,7 @@ DOMAIN = 'bbb_gpio'
 def setup(hass, config):
    """Set up the BeagleBone Black GPIO component."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO

    def cleanup_gpio(event):
        """Stuff to do before stopping."""
@@ -36,14 +36,14 @@ def setup(hass, config):
 def setup_output(pin):
    """Set up a GPIO as output."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO
    GPIO.setup(pin, GPIO.OUT)


 def setup_input(pin, pull_mode):
    """Set up a GPIO as input."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO
    GPIO.setup(pin, GPIO.IN,
               GPIO.PUD_DOWN if pull_mode == 'DOWN'
               else GPIO.PUD_UP)
@@ -52,20 +52,20 @@ def setup_input(pin, pull_mode):
 def write_output(pin, value):
    """Write a value to a GPIO."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO
    GPIO.output(pin, value)


 def read_input(pin):
    """Read a value from a GPIO."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO
    return GPIO.input(pin) is GPIO.HIGH


 def edge_detect(pin, event_callback, bounce):
    """Add detection for RISING and FALLING events."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO
    GPIO.add_event_detect(
        pin, GPIO.BOTH, callback=event_callback, bouncetime=bounce)
--- a/homeassistant/components/binary_sensor/alarmdecoder.py
+++ b/homeassistant/components/binary_sensor/alarmdecoder.py
@@ -11,7 +11,8 @@ from homeassistant.components.binary_sensor import BinarySensorDevice
 from homeassistant.components.alarmdecoder import (
    ZONE_SCHEMA, CONF_ZONES, CONF_ZONE_NAME, CONF_ZONE_TYPE,
    CONF_ZONE_RFID, SIGNAL_ZONE_FAULT, SIGNAL_ZONE_RESTORE,
-    SIGNAL_RFX_MESSAGE)
+    SIGNAL_RFX_MESSAGE, SIGNAL_REL_MESSAGE, CONF_RELAY_ADDR,
+    CONF_RELAY_CHAN)

 DEPENDENCIES = ['alarmdecoder']

@@ -37,8 +38,10 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
        zone_type = device_config_data[CONF_ZONE_TYPE]
        zone_name = device_config_data[CONF_ZONE_NAME]
        zone_rfid = device_config_data.get(CONF_ZONE_RFID)
+        relay_addr = device_config_data.get(CONF_RELAY_ADDR)
+        relay_chan = device_config_data.get(CONF_RELAY_CHAN)
        device = AlarmDecoderBinarySensor(
-            zone_num, zone_name, zone_type, zone_rfid)
+            zone_num, zone_name, zone_type, zone_rfid, relay_addr, relay_chan)
        devices.append(device)

    add_devices(devices)
@@ -49,7 +52,8 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
 class AlarmDecoderBinarySensor(BinarySensorDevice):
    """Representation of an AlarmDecoder binary sensor."""

-    def __init__(self, zone_number, zone_name, zone_type, zone_rfid):
+    def __init__(self, zone_number, zone_name, zone_type, zone_rfid,
+                 relay_addr, relay_chan):
        """Initialize the binary_sensor."""
        self._zone_number = zone_number
        self._zone_type = zone_type
@@ -57,6 +61,8 @@ class AlarmDecoderBinarySensor(BinarySensorDevice):
        self._name = zone_name
        self._rfid = zone_rfid
        self._rfstate = None
+        self._relay_addr = relay_addr
+        self._relay_chan = relay_chan

    @asyncio.coroutine
    def async_added_to_hass(self):
@@ -70,6 +76,9 @@ class AlarmDecoderBinarySensor(BinarySensorDevice):
        self.hass.helpers.dispatcher.async_dispatcher_connect(
            SIGNAL_RFX_MESSAGE, self._rfx_message_callback)

+        self.hass.helpers.dispatcher.async_dispatcher_connect(
+            SIGNAL_REL_MESSAGE, self._rel_message_callback)
+
    @property
    def name(self):
        """Return the name of the entity."""
@@ -122,3 +131,12 @@ class AlarmDecoderBinarySensor(BinarySensorDevice):
        if self._rfid and message and message.serial_number == self._rfid:
            self._rfstate = message.value
            self.schedule_update_ha_state()
+
+    def _rel_message_callback(self, message):
+        """Update relay state."""
+        if (self._relay_addr == message.address and
+                self._relay_chan == message.channel):
+            _LOGGER.debug("Relay %d:%d value:%d", message.address,
+                          message.channel, message.value)
+            self._state = message.value
+            self.schedule_update_ha_state()
--- a/homeassistant/components/binary_sensor/arest.py
+++ b/homeassistant/components/binary_sensor/arest.py
@@ -89,7 +89,7 @@ class ArestBinarySensor(BinarySensorDevice):
        self.arest.update()


-class ArestData(object):
+class ArestData:
    """Class for handling the data retrieval for pins."""

    def __init__(self, resource, pin):
--- a/homeassistant/components/binary_sensor/aurora.py
+++ b/homeassistant/components/binary_sensor/aurora.py
@@ -99,7 +99,7 @@ class AuroraSensor(BinarySensorDevice):
        self.aurora_data.update()


-class AuroraData(object):
+class AuroraData:
    """Get aurora forecast."""

    def __init__(self, latitude, longitude, threshold):
--- a/homeassistant/components/binary_sensor/bbb_gpio.py
+++ b/homeassistant/components/binary_sensor/bbb_gpio.py
@@ -8,7 +8,7 @@ import logging

 import voluptuous as vol

-import homeassistant.components.bbb_gpio as bbb_gpio
+from homeassistant.components import bbb_gpio
 from homeassistant.components.binary_sensor import (
    BinarySensorDevice, PLATFORM_SCHEMA)
 from homeassistant.const import (DEVICE_DEFAULT_NAME, CONF_NAME)
--- a/homeassistant/components/binary_sensor/command_line.py
+++ b/homeassistant/components/binary_sensor/command_line.py
@@ -25,6 +25,9 @@ DEFAULT_PAYLOAD_OFF = 'OFF'

 SCAN_INTERVAL = timedelta(seconds=60)

+CONF_COMMAND_TIMEOUT = 'command_timeout'
+DEFAULT_TIMEOUT = 15
+
 PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
    vol.Required(CONF_COMMAND): cv.string,
    vol.Optional(CONF_NAME, default=DEFAULT_NAME): cv.string,
@@ -32,6 +35,8 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
    vol.Optional(CONF_PAYLOAD_ON, default=DEFAULT_PAYLOAD_ON): cv.string,
    vol.Optional(CONF_DEVICE_CLASS): DEVICE_CLASSES_SCHEMA,
    vol.Optional(CONF_VALUE_TEMPLATE): cv.template,
+    vol.Optional(
+        CONF_COMMAND_TIMEOUT, default=DEFAULT_TIMEOUT): cv.positive_int,
 })


@@ -43,9 +48,10 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    payload_on = config.get(CONF_PAYLOAD_ON)
    device_class = config.get(CONF_DEVICE_CLASS)
    value_template = config.get(CONF_VALUE_TEMPLATE)
+    command_timeout = config.get(CONF_COMMAND_TIMEOUT)
    if value_template is not None:
        value_template.hass = hass
-    data = CommandSensorData(hass, command)
+    data = CommandSensorData(hass, command, command_timeout)

    add_devices([CommandBinarySensor(
        hass, data, name, device_class, payload_on, payload_off,
--- a/homeassistant/components/binary_sensor/deconz.py
+++ b/homeassistant/components/binary_sensor/deconz.py
@@ -5,9 +5,9 @@ For more details about this component, please refer to the documentation at
 https://home-assistant.io/components/binary_sensor.deconz/
 """
 from homeassistant.components.binary_sensor import BinarySensorDevice
-from homeassistant.components.deconz import (
-    CONF_ALLOW_CLIP_SENSOR, DOMAIN as DATA_DECONZ, DATA_DECONZ_ID,
-    DATA_DECONZ_UNSUB)
+from homeassistant.components.deconz.const import (
+    ATTR_DARK, ATTR_ON, CONF_ALLOW_CLIP_SENSOR, DOMAIN as DATA_DECONZ,
+    DATA_DECONZ_ID, DATA_DECONZ_UNSUB)
 from homeassistant.const import ATTR_BATTERY_LEVEL
 from homeassistant.core import callback
 from homeassistant.helpers.dispatcher import async_dispatcher_connect
@@ -62,7 +62,8 @@ class DeconzBinarySensor(BinarySensorDevice):
        """
        if reason['state'] or \
           'reachable' in reason['attr'] or \
-           'battery' in reason['attr']:
+           'battery' in reason['attr'] or \
+           'on' in reason['attr']:
            self.async_schedule_update_ha_state()

    @property
@@ -107,6 +108,8 @@ class DeconzBinarySensor(BinarySensorDevice):
        attr = {}
        if self._sensor.battery:
            attr[ATTR_BATTERY_LEVEL] = self._sensor.battery
+        if self._sensor.on is not None:
+            attr[ATTR_ON] = self._sensor.on
        if self._sensor.type in PRESENCE and self._sensor.dark is not None:
-            attr['dark'] = self._sensor.dark
+            attr[ATTR_DARK] = self._sensor.dark
        return attr
--- a/homeassistant/components/binary_sensor/hikvision.py
+++ b/homeassistant/components/binary_sensor/hikvision.py
@@ -117,7 +117,7 @@ def setup_platform(hass, config, add_entities, discovery_info=None):
    add_entities(entities)


-class HikvisionData(object):
+class HikvisionData:
    """Hikvision device event stream object."""

    def __init__(self, hass, url, port, name, username, password):
--- a/homeassistant/components/binary_sensor/homematicip_cloud.py
+++ b/homeassistant/components/binary_sensor/homematicip_cloud.py
@@ -9,8 +9,8 @@ import logging

 from homeassistant.components.binary_sensor import BinarySensorDevice
 from homeassistant.components.homematicip_cloud import (
-    HomematicipGenericDevice, DOMAIN as HOMEMATICIP_CLOUD_DOMAIN,
-    ATTR_HOME_ID)
+    HomematicipGenericDevice, DOMAIN as HMIPC_DOMAIN,
+    HMIPC_HAPID)

 DEPENDENCIES = ['homematicip_cloud']

@@ -21,17 +21,18 @@ ATTR_EVENT_DELAY = 'event_delay'
 ATTR_MOTION_DETECTED = 'motion_detected'
 ATTR_ILLUMINATION = 'illumination'

-HMIP_OPEN = 'open'
-

 async def async_setup_platform(hass, config, async_add_devices,
                               discovery_info=None):
-    """Set up the HomematicIP binary sensor devices."""
+    """Set up the binary sensor devices."""
+    pass
+
+
+async def async_setup_entry(hass, config_entry, async_add_devices):
+    """Set up the HomematicIP binary sensor from a config entry."""
    from homematicip.device import (ShutterContact, MotionDetectorIndoor)

-    if discovery_info is None:
-        return
-    home = hass.data[HOMEMATICIP_CLOUD_DOMAIN][discovery_info[ATTR_HOME_ID]]
+    home = hass.data[HMIPC_DOMAIN][config_entry.data[HMIPC_HAPID]].home
    devices = []
    for device in home.devices:
        if isinstance(device, ShutterContact):
@@ -58,11 +59,13 @@ class HomematicipShutterContact(HomematicipGenericDevice, BinarySensorDevice):
    @property
    def is_on(self):
        """Return true if the shutter contact is on/open."""
+        from homematicip.base.enums import WindowState
+
        if self._device.sabotage:
            return True
        if self._device.windowState is None:
            return None
-        return self._device.windowState.lower() == HMIP_OPEN
+        return self._device.windowState == WindowState.OPEN


 class HomematicipMotionDetector(HomematicipGenericDevice, BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/ihc.py
+++ b/homeassistant/components/binary_sensor/ihc.py
@@ -3,8 +3,6 @@
 For more details about this platform, please refer to the documentation at
 https://home-assistant.io/components/binary_sensor.ihc/
 """
-from xml.etree.ElementTree import Element
-
 import voluptuous as vol

 from homeassistant.components.binary_sensor import (
@@ -70,7 +68,7 @@ class IHCBinarySensor(IHCDevice, BinarySensorDevice):

    def __init__(self, ihc_controller, name, ihc_id: int, info: bool,
                 sensor_type: str, inverting: bool,
-                 product: Element = None) -> None:
+                 product=None) -> None:
        """Initialize the IHC binary sensor."""
        super().__init__(ihc_controller, name, ihc_id, info, product)
        self._state = None
--- a/homeassistant/components/binary_sensor/insteon_plm.py
+++ b/homeassistant/components/binary_sensor/insteon_plm.py
@@ -17,7 +17,9 @@ _LOGGER = logging.getLogger(__name__)
 SENSOR_TYPES = {'openClosedSensor': 'opening',
                'motionSensor': 'motion',
                'doorSensor': 'door',
-                'wetLeakSensor': 'moisture'}
+                'wetLeakSensor': 'moisture',
+                'lightSensor': 'light',
+                'batterySensor': 'battery'}


@asyncio.coroutine
@@ -54,4 +56,9 @@ class InsteonPLMBinarySensor(InsteonPLMEntity, BinarySensorDevice):
    @property
    def is_on(self):
        """Return the boolean response if the node is on."""
-        return bool(self._insteon_device_state.value)
+        on_val = bool(self._insteon_device_state.value)
+
+        if self._insteon_device_state.name == 'lightSensor':
+            return not on_val
+
+        return on_val
--- a/homeassistant/components/binary_sensor/iss.py
+++ b/homeassistant/components/binary_sensor/iss.py
@@ -101,7 +101,7 @@ class IssBinarySensor(BinarySensorDevice):
        self.iss_data.update()


-class IssData(object):
+class IssData:
    """Get data from the ISS API."""

    def __init__(self, latitude, longitude):
--- a/homeassistant/components/binary_sensor/isy994.py
+++ b/homeassistant/components/binary_sensor/isy994.py
@@ -55,7 +55,7 @@ def setup_platform(hass, config: ConfigType,
        else:
            device_type = _detect_device_type(node)
            subnode_id = int(node.nid[-1])
-            if (device_type == 'opening' or device_type == 'moisture'):
+            if device_type in ('opening', 'moisture'):
                # These sensors use an optional "negative" subnode 2 to snag
                # all state changes
                if subnode_id == 2:
--- a/homeassistant/components/binary_sensor/modbus.py
+++ b/homeassistant/components/binary_sensor/modbus.py
@@ -7,7 +7,7 @@ https://home-assistant.io/components/binary_sensor.modbus/
 import logging
 import voluptuous as vol

-import homeassistant.components.modbus as modbus
+from homeassistant.components import modbus
 from homeassistant.const import CONF_NAME, CONF_SLAVE
 from homeassistant.components.binary_sensor import BinarySensorDevice
 from homeassistant.helpers import config_validation as cv
--- a/homeassistant/components/binary_sensor/mqtt.py
+++ b/homeassistant/components/binary_sensor/mqtt.py
@@ -11,7 +11,7 @@ from typing import Optional
 import voluptuous as vol

 from homeassistant.core import callback
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt
 from homeassistant.components.binary_sensor import (
    BinarySensorDevice, DEVICE_CLASSES_SCHEMA)
 from homeassistant.const import (
--- a/homeassistant/components/binary_sensor/netatmo.py
+++ b/homeassistant/components/binary_sensor/netatmo.py
@@ -142,7 +142,7 @@ class NetatmoBinarySensor(BinarySensorDevice):
        """Return the class of this sensor, from DEVICE_CLASSES."""
        if self._cameratype == 'NACamera':
            return WELCOME_SENSOR_TYPES.get(self._sensor_name)
-        elif self._cameratype == 'NOC':
+        if self._cameratype == 'NOC':
            return PRESENCE_SENSOR_TYPES.get(self._sensor_name)
        return TAG_SENSOR_TYPES.get(self._sensor_name)

--- a/homeassistant/components/binary_sensor/ping.py
+++ b/homeassistant/components/binary_sensor/ping.py
@@ -96,7 +96,7 @@ class PingBinarySensor(BinarySensorDevice):
        self.ping.update()


-class PingData(object):
+class PingData:
    """The Class for handling the data retrieval."""

    def __init__(self, host, count):
--- a/homeassistant/components/binary_sensor/rachio.py
+++ b/homeassistant/components/binary_sensor/rachio.py
@@ -111,11 +111,10 @@ class RachioControllerOnlineBinarySensor(RachioControllerBinarySensor):

        if data[KEY_STATUS] == STATUS_ONLINE:
            return True
-        elif data[KEY_STATUS] == STATUS_OFFLINE:
+        if data[KEY_STATUS] == STATUS_OFFLINE:
            return False
-        else:
-            _LOGGER.warning('"%s" reported in unknown state "%s"', self.name,
-                            data[KEY_STATUS])
+        _LOGGER.warning('"%s" reported in unknown state "%s"', self.name,
+                        data[KEY_STATUS])

    def _handle_update(self, *args, **kwargs) -> None:
        """Handle an update to the state of this sensor."""
--- a/homeassistant/components/binary_sensor/raincloud.py
+++ b/homeassistant/components/binary_sensor/raincloud.py
@@ -67,6 +67,6 @@ class RainCloudBinarySensor(RainCloudEntity, BinarySensorDevice):
        """Return the icon of this device."""
        if self._sensor_type == 'is_watering':
            return 'mdi:water' if self.is_on else 'mdi:water-off'
-        elif self._sensor_type == 'status':
+        if self._sensor_type == 'status':
            return 'mdi:pipe' if self.is_on else 'mdi:pipe-disconnected'
        return ICON_MAP.get(self._sensor_type)
--- a/homeassistant/components/binary_sensor/ring.py
+++ b/homeassistant/components/binary_sensor/ring.py
@@ -23,7 +23,7 @@ DEPENDENCIES = ['ring']

 _LOGGER = logging.getLogger(__name__)

-SCAN_INTERVAL = timedelta(seconds=5)
+SCAN_INTERVAL = timedelta(seconds=10)

 # Sensor types: Name, category, device_class
 SENSOR_TYPES = {
--- a/homeassistant/components/binary_sensor/rpi_gpio.py
+++ b/homeassistant/components/binary_sensor/rpi_gpio.py
@@ -8,7 +8,7 @@ import logging

 import voluptuous as vol

-import homeassistant.components.rpi_gpio as rpi_gpio
+from homeassistant.components import rpi_gpio
 from homeassistant.components.binary_sensor import (
    BinarySensorDevice, PLATFORM_SCHEMA)
 from homeassistant.const import DEVICE_DEFAULT_NAME
--- a/homeassistant/components/binary_sensor/rpi_pfio.py
+++ b/homeassistant/components/binary_sensor/rpi_pfio.py
@@ -10,7 +10,7 @@ import voluptuous as vol

 from homeassistant.components.binary_sensor import (
    PLATFORM_SCHEMA, BinarySensorDevice)
-import homeassistant.components.rpi_pfio as rpi_pfio
+from homeassistant.components import rpi_pfio
 from homeassistant.const import CONF_NAME, DEVICE_DEFAULT_NAME
 import homeassistant.helpers.config_validation as cv

--- a/homeassistant/components/binary_sensor/tahoma.py
+++ b/homeassistant/components/binary_sensor/tahoma.py
@@ -0,0 +1,98 @@
+"""
+Support for Tahoma binary sensors.
+
+For more details about this platform, please refer to the documentation at
+https://home-assistant.io/components/binary_sensor.tahoma/
+"""
+
+import logging
+from datetime import timedelta
+
+from homeassistant.components.binary_sensor import (
+    BinarySensorDevice)
+from homeassistant.components.tahoma import (
+    DOMAIN as TAHOMA_DOMAIN, TahomaDevice)
+from homeassistant.const import (STATE_OFF, STATE_ON, ATTR_BATTERY_LEVEL)
+
+DEPENDENCIES = ['tahoma']
+
+_LOGGER = logging.getLogger(__name__)
+
+SCAN_INTERVAL = timedelta(seconds=120)
+
+
+def setup_platform(hass, config, add_devices, discovery_info=None):
+    """Set up Tahoma controller devices."""
+    _LOGGER.debug("Setup Tahoma Binary sensor platform")
+    controller = hass.data[TAHOMA_DOMAIN]['controller']
+    devices = []
+    for device in hass.data[TAHOMA_DOMAIN]['devices']['smoke']:
+        devices.append(TahomaBinarySensor(device, controller))
+    add_devices(devices, True)
+
+
+class TahomaBinarySensor(TahomaDevice, BinarySensorDevice):
+    """Representation of a Tahoma Binary Sensor."""
+
+    def __init__(self, tahoma_device, controller):
+        """Initialize the sensor."""
+        super().__init__(tahoma_device, controller)
+
+        self._state = None
+        self._icon = None
+        self._battery = None
+
+    @property
+    def is_on(self):
+        """Return the state of the sensor."""
+        return bool(self._state == STATE_ON)
+
+    @property
+    def device_class(self):
+        """Return the class of the device."""
+        if self.tahoma_device.type == 'rtds:RTDSSmokeSensor':
+            return 'smoke'
+        return None
+
+    @property
+    def icon(self):
+        """Icon for device by its type."""
+        return self._icon
+
+    @property
+    def device_state_attributes(self):
+        """Return the device state attributes."""
+        attr = {}
+        super_attr = super().device_state_attributes
+        if super_attr is not None:
+            attr.update(super_attr)
+
+        if self._battery is not None:
+            attr[ATTR_BATTERY_LEVEL] = self._battery
+        return attr
+
+    def update(self):
+        """Update the state."""
+        self.controller.get_states([self.tahoma_device])
+        if self.tahoma_device.type == 'rtds:RTDSSmokeSensor':
+            if self.tahoma_device.active_states['core:SmokeState']\
+                    == 'notDetected':
+                self._state = STATE_OFF
+            else:
+                self._state = STATE_ON
+
+        if 'core:SensorDefectState' in self.tahoma_device.active_states:
+            # Set to 'lowBattery' for low battery warning.
+            self._battery = self.tahoma_device.active_states[
+                'core:SensorDefectState']
+        else:
+            self._battery = None
+
+        if self._state == STATE_ON:
+            self._icon = "mdi:fire"
+        elif self._battery == 'lowBattery':
+            self._icon = "mdi:battery-alert"
+        else:
+            self._icon = None
+
+        _LOGGER.debug("Update %s, state: %s", self._name, self._state)
--- a/homeassistant/components/binary_sensor/tapsaff.py
+++ b/homeassistant/components/binary_sensor/tapsaff.py
@@ -63,7 +63,7 @@ class TapsAffSensor(BinarySensorDevice):
        self.data.update()


-class TapsAffData(object):
+class TapsAffData:
    """Class for handling the data retrieval for pins."""

    def __init__(self, location):
--- a/homeassistant/components/binary_sensor/threshold.py
+++ b/homeassistant/components/binary_sensor/threshold.py
@@ -129,9 +129,9 @@ class ThresholdSensor(BinarySensorDevice):
        if self._threshold_lower is not None and \
                self._threshold_upper is not None:
            return TYPE_RANGE
-        elif self._threshold_lower is not None:
+        if self._threshold_lower is not None:
            return TYPE_LOWER
-        elif self._threshold_upper is not None:
+        if self._threshold_upper is not None:
            return TYPE_UPPER

    @property
--- a/homeassistant/components/binary_sensor/trend.py
+++ b/homeassistant/components/binary_sensor/trend.py
@@ -23,7 +23,7 @@ from homeassistant.helpers.entity import generate_entity_id
 from homeassistant.helpers.event import async_track_state_change
 from homeassistant.util import utcnow

-REQUIREMENTS = ['numpy==1.14.5']
+REQUIREMENTS = ['numpy==1.15.0']

 _LOGGER = logging.getLogger(__name__)

--- a/homeassistant/components/binary_sensor/volvooncall.py
+++ b/homeassistant/components/binary_sensor/volvooncall.py
@@ -28,7 +28,7 @@ class VolvoSensor(VolvoEntity, BinarySensorDevice):
        val = getattr(self.vehicle, self._attribute)
        if self._attribute == 'bulb_failures':
            return bool(val)
-        elif self._attribute in ['doors', 'windows']:
+        if self._attribute in ['doors', 'windows']:
            return any([val[key] for key in val if 'Open' in key])
        return val != 'Normal'

--- a/homeassistant/components/binary_sensor/wemo.py
+++ b/homeassistant/components/binary_sensor/wemo.py
@@ -15,7 +15,7 @@ _LOGGER = logging.getLogger(__name__)

 def setup_platform(hass, config, add_devices_callback, discovery_info=None):
    """Register discovered WeMo binary sensors."""
-    import pywemo.discovery as discovery
+    from pywemo import discovery

    if discovery_info is not None:
        location = discovery_info['ssdp_description']
--- a/homeassistant/components/binary_sensor/workday.py
+++ b/homeassistant/components/binary_sensor/workday.py
@@ -135,7 +135,7 @@ class IsWorkdaySensor(BinarySensorDevice):
        """Check if given day is in the includes list."""
        if day in self._workdays:
            return True
-        elif 'holiday' in self._workdays and now in self._obj_holidays:
+        if 'holiday' in self._workdays and now in self._obj_holidays:
            return True

        return False
@@ -144,7 +144,7 @@ class IsWorkdaySensor(BinarySensorDevice):
        """Check if given day is in the excludes list."""
        if day in self._excludes:
            return True
-        elif 'holiday' in self._excludes and now in self._obj_holidays:
+        if 'holiday' in self._excludes and now in self._obj_holidays:
            return True

        return False
--- a/homeassistant/components/binary_sensor/xiaomi_aqara.py
+++ b/homeassistant/components/binary_sensor/xiaomi_aqara.py
@@ -124,7 +124,7 @@ class XiaomiNatgasSensor(XiaomiBinarySensor):
                return False
            self._state = True
            return True
-        elif value == '0':
+        if value == '0':
            if self._state:
                self._state = False
                return True
@@ -184,7 +184,7 @@ class XiaomiMotionSensor(XiaomiBinarySensor):
                return False
            self._state = True
            return True
-        elif value == NO_MOTION:
+        if value == NO_MOTION:
            if not self._state:
                return False
            self._state = False
@@ -224,7 +224,7 @@ class XiaomiDoorSensor(XiaomiBinarySensor):
                return False
            self._state = True
            return True
-        elif value == 'close':
+        if value == 'close':
            self._open_since = 0
            if self._state:
                self._state = False
@@ -254,7 +254,7 @@ class XiaomiWaterLeakSensor(XiaomiBinarySensor):
                return False
            self._state = True
            return True
-        elif value == 'no_leak':
+        if value == 'no_leak':
            if self._state:
                self._state = False
                return True
@@ -290,7 +290,7 @@ class XiaomiSmokeSensor(XiaomiBinarySensor):
                return False
            self._state = True
            return True
-        elif value == '0':
+        if value == '0':
            if self._state:
                self._state = False
                return True
--- a/homeassistant/components/binary_sensor/zwave.py
+++ b/homeassistant/components/binary_sensor/zwave.py
@@ -10,7 +10,7 @@ import homeassistant.util.dt as dt_util
 from homeassistant.helpers.event import track_point_in_time
 from homeassistant.components import zwave
 from homeassistant.components.zwave import workaround
-from homeassistant.components.zwave import async_setup_platform  # noqa # pylint: disable=unused-import
+from homeassistant.components.zwave import async_setup_platform  # noqa pylint: disable=unused-import
 from homeassistant.components.binary_sensor import (
    DOMAIN,
    BinarySensorDevice)
--- a/homeassistant/components/blink.py
+++ b/homeassistant/components/blink.py
@@ -40,7 +40,7 @@ SNAP_PICTURE_SCHEMA = vol.Schema({
 })


-class BlinkSystem(object):
+class BlinkSystem:
    """Blink System class."""

    def __init__(self, config_info):
--- a/homeassistant/components/bloomsky.py
+++ b/homeassistant/components/bloomsky.py
@@ -50,7 +50,7 @@ def setup(hass, config):
    return True


-class BloomSky(object):
+class BloomSky:
    """Handle all communication with the BloomSky API."""

    # API documentation at http://weatherlution.com/bloomsky-api/
--- a/homeassistant/components/bmw_connected_drive/init.py
+++ b/homeassistant/components/bmw_connected_drive/init.py
@@ -118,7 +118,7 @@ def setup_account(account_config: dict, hass, name: str) \
    return cd_account


-class BMWConnectedDriveAccount(object):
+class BMWConnectedDriveAccount:
    """Representation of a BMW vehicle."""

    def __init__(self, username: str, password: str, region_str: str,
--- a/homeassistant/components/calendar/init.py
+++ b/homeassistant/components/calendar/init.py
@@ -41,8 +41,9 @@ async def async_setup(hass, config):
    hass.http.register_view(CalendarListView(component))
    hass.http.register_view(CalendarEventView(component))

-    await hass.components.frontend.async_register_built_in_panel(
-        'calendar', 'calendar', 'hass:calendar')
+    # Doesn't work in prod builds of the frontend: home-assistant-polymer#1289
+    # await hass.components.frontend.async_register_built_in_panel(
+    #     'calendar', 'calendar', 'hass:calendar')

    await component.async_setup(config)
    return True
@@ -129,7 +130,7 @@ class CalendarEventDevice(Entity):

        now = dt.now()

-        if start <= now and end > now:
+        if start <= now < end:
            return STATE_ON

        if now >= end:
--- a/homeassistant/components/calendar/caldav.py
+++ b/homeassistant/components/calendar/caldav.py
@@ -125,7 +125,7 @@ class WebDavCalendarEventDevice(CalendarEventDevice):
        return await self.data.async_get_events(hass, start_date, end_date)


-class WebDavCalendarData(object):
+class WebDavCalendarData:
    """Class to utilize the calendar dav client object to get next event."""

    def __init__(self, calendar, include_all_day, search):
--- a/homeassistant/components/calendar/demo.py
+++ b/homeassistant/components/calendar/demo.py
@@ -28,7 +28,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    ])


-class DemoGoogleCalendarData(object):
+class DemoGoogleCalendarData:
    """Representation of a Demo Calendar element."""

    event = {}
--- a/homeassistant/components/calendar/google.py
+++ b/homeassistant/components/calendar/google.py
@@ -4,7 +4,6 @@ Support for Google Calendar Search binary sensors.
 For more details about this platform, please refer to the documentation at
 https://home-assistant.io/components/binary_sensor.google_calendar/
 """
-# pylint: disable=import-error
 import logging
 from datetime import timedelta

@@ -56,7 +55,7 @@ class GoogleCalendarEventDevice(CalendarEventDevice):
        return await self.data.async_get_events(hass, start_date, end_date)


-class GoogleCalendarData(object):
+class GoogleCalendarData:
    """Class to utilize calendar service object to get next event."""

    def __init__(self, calendar_service, calendar_id, search,
--- a/homeassistant/components/calendar/todoist.py
+++ b/homeassistant/components/calendar/todoist.py
@@ -26,6 +26,9 @@ CONF_PROJECT_DUE_DATE = 'due_date_days'
 CONF_PROJECT_LABEL_WHITELIST = 'labels'
 CONF_PROJECT_WHITELIST = 'include_projects'

+# https://github.com/PyCQA/pylint/pull/2320
+# pylint: disable=fixme
+
 # Calendar Platform: Does this calendar event last all day?
 ALL_DAY = 'all_day'
 # Attribute: All tasks in this project
@@ -280,7 +283,7 @@ class TodoistProjectDevice(CalendarEventDevice):
        return attributes


-class TodoistProjectData(object):
+class TodoistProjectData:
    """
    Class used by the Task Device service object to hold all Todoist Tasks.

@@ -503,7 +506,7 @@ class TodoistProjectData(object):
        time_format = '%a %d %b %Y %H:%M:%S %z'
        for task in project_task_data:
            due_date = datetime.strptime(task['due_date_utc'], time_format)
-            if due_date > start_date and due_date < end_date:
+            if start_date < due_date < end_date:
                event = {
                    'uid': task['id'],
                    'title': task['content'],
--- a/homeassistant/components/camera/init.py
+++ b/homeassistant/components/camera/init.py
@@ -19,7 +19,8 @@ import async_timeout
 import voluptuous as vol

 from homeassistant.core import callback
-from homeassistant.const import ATTR_ENTITY_ID
+from homeassistant.const import ATTR_ENTITY_ID, SERVICE_TURN_OFF, \
+    SERVICE_TURN_ON
 from homeassistant.exceptions import HomeAssistantError
 from homeassistant.loader import bind_hass
 from homeassistant.helpers.entity import Entity
@@ -47,6 +48,9 @@ STATE_RECORDING = 'recording'
 STATE_STREAMING = 'streaming'
 STATE_IDLE = 'idle'

+# Bitfield of features supported by the camera entity
+SUPPORT_ON_OFF = 1
+
 DEFAULT_CONTENT_TYPE = 'image/jpeg'
 ENTITY_IMAGE_URL = '/api/camera_proxy/{0}?token={1}'

@@ -66,8 +70,8 @@ CAMERA_SERVICE_SNAPSHOT = CAMERA_SERVICE_SCHEMA.extend({

 WS_TYPE_CAMERA_THUMBNAIL = 'camera_thumbnail'
 SCHEMA_WS_CAMERA_THUMBNAIL = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend({
-    'type': WS_TYPE_CAMERA_THUMBNAIL,
-    'entity_id': cv.entity_id
+    vol.Required('type'): WS_TYPE_CAMERA_THUMBNAIL,
+    vol.Required('entity_id'): cv.entity_id
 })


@@ -79,6 +83,35 @@ class Image:
    content = attr.ib(type=bytes)


+@bind_hass
+def turn_off(hass, entity_id=None):
+    """Turn off camera."""
+    hass.add_job(async_turn_off, hass, entity_id)
+
+
+@bind_hass
+async def async_turn_off(hass, entity_id=None):
+    """Turn off camera."""
+    data = {ATTR_ENTITY_ID: entity_id} if entity_id else {}
+    await hass.services.async_call(DOMAIN, SERVICE_TURN_OFF, data)
+
+
+@bind_hass
+def turn_on(hass, entity_id=None):
+    """Turn on camera."""
+    hass.add_job(async_turn_on, hass, entity_id)
+
+
+@bind_hass
+async def async_turn_on(hass, entity_id=None):
+    """Turn on camera, and set operation mode."""
+    data = {}
+    if entity_id is not None:
+        data[ATTR_ENTITY_ID] = entity_id
+
+    await hass.services.async_call(DOMAIN, SERVICE_TURN_ON, data)
+
+
@bind_hass
 def enable_motion_detection(hass, entity_id=None):
    """Enable Motion Detection."""
@@ -119,6 +152,9 @@ async def async_get_image(hass, entity_id, timeout=10):
    if camera is None:
        raise HomeAssistantError('Camera not found')

+    if not camera.is_on:
+        raise HomeAssistantError('Camera is off')
+
    with suppress(asyncio.CancelledError, asyncio.TimeoutError):
        with async_timeout.timeout(timeout, loop=hass.loop):
            image = await camera.async_camera_image()
@@ -163,6 +199,12 @@ async def async_setup(hass, config):
                await camera.async_enable_motion_detection()
            elif service.service == SERVICE_DISABLE_MOTION:
                await camera.async_disable_motion_detection()
+            elif service.service == SERVICE_TURN_OFF and \
+                    camera.supported_features & SUPPORT_ON_OFF:
+                await camera.async_turn_off()
+            elif service.service == SERVICE_TURN_ON and \
+                    camera.supported_features & SUPPORT_ON_OFF:
+                await camera.async_turn_on()

            if not camera.should_poll:
                continue
@@ -200,6 +242,12 @@ async def async_setup(hass, config):
            except OSError as err:
                _LOGGER.error("Can't write image to file: %s", err)

+    hass.services.async_register(
+        DOMAIN, SERVICE_TURN_OFF, async_handle_camera_service,
+        schema=CAMERA_SERVICE_SCHEMA)
+    hass.services.async_register(
+        DOMAIN, SERVICE_TURN_ON, async_handle_camera_service,
+        schema=CAMERA_SERVICE_SCHEMA)
    hass.services.async_register(
        DOMAIN, SERVICE_ENABLE_MOTION, async_handle_camera_service,
        schema=CAMERA_SERVICE_SCHEMA)
@@ -243,6 +291,11 @@ class Camera(Entity):
        """Return a link to the camera feed as entity picture."""
        return ENTITY_IMAGE_URL.format(self.entity_id, self.access_tokens[-1])

+    @property
+    def supported_features(self):
+        """Flag supported features."""
+        return 0
+
    @property
    def is_recording(self):
        """Return true if the device is recording."""
@@ -301,32 +354,23 @@ class Camera(Entity):

        last_image = None

-        try:
-            while True:
-                img_bytes = await self.async_camera_image()
-                if not img_bytes:
-                    break
+        while True:
+            img_bytes = await self.async_camera_image()
+            if not img_bytes:
+                break

-                if img_bytes and img_bytes != last_image:
+            if img_bytes and img_bytes != last_image:
+                await write_to_mjpeg_stream(img_bytes)
+
+                # Chrome seems to always ignore first picture,
+                # print it twice.
+                if last_image is None:
                    await write_to_mjpeg_stream(img_bytes)
+                last_image = img_bytes

-                    # Chrome seems to always ignore first picture,
-                    # print it twice.
-                    if last_image is None:
-                        await write_to_mjpeg_stream(img_bytes)
+            await asyncio.sleep(interval)

-                    last_image = img_bytes
-
-                await asyncio.sleep(interval)
-
-        except asyncio.CancelledError:
-            _LOGGER.debug("Stream closed by frontend.")
-            response = None
-            raise
-
-        finally:
-            if response is not None:
-                await response.write_eof()
+        return response

    async def handle_async_mjpeg_stream(self, request):
        """Serve an HTTP MJPEG stream from the camera.
@@ -342,14 +386,38 @@ class Camera(Entity):
        """Return the camera state."""
        if self.is_recording:
            return STATE_RECORDING
-        elif self.is_streaming:
+        if self.is_streaming:
            return STATE_STREAMING
        return STATE_IDLE

+    @property
+    def is_on(self):
+        """Return true if on."""
+        return True
+
+    def turn_off(self):
+        """Turn off camera."""
+        raise NotImplementedError()
+
+    @callback
+    def async_turn_off(self):
+        """Turn off camera."""
+        return self.hass.async_add_job(self.turn_off)
+
+    def turn_on(self):
+        """Turn off camera."""
+        raise NotImplementedError()
+
+    @callback
+    def async_turn_on(self):
+        """Turn off camera."""
+        return self.hass.async_add_job(self.turn_on)
+
    def enable_motion_detection(self):
        """Enable motion detection in the camera."""
        raise NotImplementedError()

+    @callback
    def async_enable_motion_detection(self):
        """Call the job and enable motion detection."""
        return self.hass.async_add_job(self.enable_motion_detection)
@@ -358,6 +426,7 @@ class Camera(Entity):
        """Disable motion detection in camera."""
        raise NotImplementedError()

+    @callback
    def async_disable_motion_detection(self):
        """Call the job and disable motion detection."""
        return self.hass.async_add_job(self.disable_motion_detection)
@@ -402,17 +471,19 @@ class CameraView(HomeAssistantView):
        camera = self.component.get_entity(entity_id)

        if camera is None:
-            status = 404 if request[KEY_AUTHENTICATED] else 401
-            return web.Response(status=status)
+            raise web.HTTPNotFound()

        authenticated = (request[KEY_AUTHENTICATED] or
                         request.query.get('token') in camera.access_tokens)

        if not authenticated:
-            return web.Response(status=401)
+            raise web.HTTPUnauthorized()

-        response = await self.handle(request, camera)
-        return response
+        if not camera.is_on:
+            _LOGGER.debug('Camera is off.')
+            raise web.HTTPServiceUnavailable()
+
+        return await self.handle(request, camera)

    async def handle(self, request, camera):
        """Handle the camera request."""
@@ -435,7 +506,7 @@ class CameraImageView(CameraView):
                return web.Response(body=image,
                                    content_type=camera.content_type)

-        return web.Response(status=500)
+        raise web.HTTPInternalServerError()


 class CameraMjpegStream(CameraView):
@@ -448,8 +519,7 @@ class CameraMjpegStream(CameraView):
        """Serve camera stream, possibly with interval."""
        interval = request.query.get('interval')
        if interval is None:
-            await camera.handle_async_mjpeg_stream(request)
-            return
+            return await camera.handle_async_mjpeg_stream(request)

        try:
            # Compose camera stream from stills
@@ -457,10 +527,9 @@ class CameraMjpegStream(CameraView):
            if interval < MIN_STREAM_INTERVAL:
                raise ValueError("Stream interval must be be > {}"
                                 .format(MIN_STREAM_INTERVAL))
-            await camera.handle_async_still_stream(request, interval)
-            return
+            return await camera.handle_async_still_stream(request, interval)
        except ValueError:
-            return web.Response(status=400)
+            raise web.HTTPBadRequest()


@callback
--- a/homeassistant/components/camera/amcrest.py
+++ b/homeassistant/components/camera/amcrest.py
@@ -64,7 +64,7 @@ class AmcrestCam(Camera):
            yield from super().handle_async_mjpeg_stream(request)
            return

-        elif self._stream_source == STREAM_SOURCE_LIST['mjpeg']:
+        if self._stream_source == STREAM_SOURCE_LIST['mjpeg']:
            # stream an MJPEG image stream directly from the camera
            websession = async_get_clientsession(self.hass)
            streaming_url = self._camera.mjpeg_url(typeno=self._resolution)
--- a/homeassistant/components/camera/axis.py
+++ b/homeassistant/components/camera/axis.py
@@ -23,7 +23,7 @@ def _get_image_url(host, port, mode):
    """Set the URL to get the image."""
    if mode == 'mjpeg':
        return 'http://{}:{}/axis-cgi/mjpg/video.cgi'.format(host, port)
-    elif mode == 'single':
+    if mode == 'single':
        return 'http://{}:{}/axis-cgi/jpg/image.cgi'.format(host, port)


--- a/homeassistant/components/camera/demo.py
+++ b/homeassistant/components/camera/demo.py
@@ -4,10 +4,10 @@ Demo camera platform that has a fake camera.
 For more details about this platform, please refer to the documentation
 https://home-assistant.io/components/demo/
 """
-import os
 import logging
-import homeassistant.util.dt as dt_util
-from homeassistant.components.camera import Camera
+import os
+
+from homeassistant.components.camera import Camera, SUPPORT_ON_OFF

 _LOGGER = logging.getLogger(__name__)

@@ -16,26 +16,29 @@ async def async_setup_platform(hass, config, async_add_devices,
                               discovery_info=None):
    """Set up the Demo camera platform."""
    async_add_devices([
-        DemoCamera(hass, config, 'Demo camera')
+        DemoCamera('Demo camera')
    ])


 class DemoCamera(Camera):
    """The representation of a Demo camera."""

-    def __init__(self, hass, config, name):
+    def __init__(self, name):
        """Initialize demo camera component."""
        super().__init__()
-        self._parent = hass
        self._name = name
        self._motion_status = False
+        self.is_streaming = True
+        self._images_index = 0

    def camera_image(self):
        """Return a faked still image response."""
-        now = dt_util.utcnow()
+        self._images_index = (self._images_index + 1) % 4

        image_path = os.path.join(
-            os.path.dirname(__file__), 'demo_{}.jpg'.format(now.second % 4))
+            os.path.dirname(__file__),
+            'demo_{}.jpg'.format(self._images_index))
+        _LOGGER.debug('Loading camera_image: %s', image_path)
        with open(image_path, 'rb') as file:
            return file.read()

@@ -46,8 +49,21 @@ class DemoCamera(Camera):

    @property
    def should_poll(self):
-        """Camera should poll periodically."""
-        return True
+        """Demo camera doesn't need poll.
+
+        Need explicitly call schedule_update_ha_state() after state changed.
+        """
+        return False
+
+    @property
+    def supported_features(self):
+        """Camera support turn on/off features."""
+        return SUPPORT_ON_OFF
+
+    @property
+    def is_on(self):
+        """Whether camera is on (streaming)."""
+        return self.is_streaming

    @property
    def motion_detection_enabled(self):
@@ -57,7 +73,19 @@ class DemoCamera(Camera):
    def enable_motion_detection(self):
        """Enable the Motion detection in base station (Arm)."""
        self._motion_status = True
+        self.schedule_update_ha_state()

    def disable_motion_detection(self):
        """Disable the motion detection in base station (Disarm)."""
        self._motion_status = False
+        self.schedule_update_ha_state()
+
+    def turn_off(self):
+        """Turn off camera."""
+        self.is_streaming = False
+        self.schedule_update_ha_state()
+
+    def turn_on(self):
+        """Turn on camera."""
+        self.is_streaming = True
+        self.schedule_update_ha_state()
--- a/homeassistant/components/camera/ffmpeg.py
+++ b/homeassistant/components/camera/ffmpeg.py
@@ -29,8 +29,8 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+async def async_setup_platform(hass, config, async_add_devices,
+                               discovery_info=None):
    """Set up a FFmpeg camera."""
    if not hass.data[DATA_FFMPEG].async_run_test(config.get(CONF_INPUT)):
        return
@@ -49,30 +49,30 @@ class FFmpegCamera(Camera):
        self._input = config.get(CONF_INPUT)
        self._extra_arguments = config.get(CONF_EXTRA_ARGUMENTS)

-    @asyncio.coroutine
-    def async_camera_image(self):
+    async def async_camera_image(self):
        """Return a still image response from the camera."""
        from haffmpeg import ImageFrame, IMAGE_JPEG
        ffmpeg = ImageFrame(self._manager.binary, loop=self.hass.loop)

-        image = yield from asyncio.shield(ffmpeg.get_image(
+        image = await asyncio.shield(ffmpeg.get_image(
            self._input, output_format=IMAGE_JPEG,
            extra_cmd=self._extra_arguments), loop=self.hass.loop)
        return image

-    @asyncio.coroutine
-    def handle_async_mjpeg_stream(self, request):
+    async def handle_async_mjpeg_stream(self, request):
        """Generate an HTTP MJPEG stream from the camera."""
        from haffmpeg import CameraMjpeg

        stream = CameraMjpeg(self._manager.binary, loop=self.hass.loop)
-        yield from stream.open_camera(
+        await stream.open_camera(
            self._input, extra_cmd=self._extra_arguments)

-        yield from async_aiohttp_proxy_stream(
-            self.hass, request, stream,
-            'multipart/x-mixed-replace;boundary=ffserver')
-        yield from stream.close()
+        try:
+            return await async_aiohttp_proxy_stream(
+                self.hass, request, stream,
+                'multipart/x-mixed-replace;boundary=ffserver')
+        finally:
+            await stream.close()

    @property
    def name(self):
--- a/homeassistant/components/camera/mjpeg.py
+++ b/homeassistant/components/camera/mjpeg.py
@@ -123,19 +123,18 @@ class MjpegCamera(Camera):
        with closing(req) as response:
            return extract_image_from_mjpeg(response.iter_content(102400))

-    @asyncio.coroutine
-    def handle_async_mjpeg_stream(self, request):
+    async def handle_async_mjpeg_stream(self, request):
        """Generate an HTTP MJPEG stream from the camera."""
        # aiohttp don't support DigestAuth -> Fallback
        if self._authentication == HTTP_DIGEST_AUTHENTICATION:
-            yield from super().handle_async_mjpeg_stream(request)
+            await super().handle_async_mjpeg_stream(request)
            return

        # connect to stream
        websession = async_get_clientsession(self.hass)
        stream_coro = websession.get(self._mjpeg_url, auth=self._auth)

-        yield from async_aiohttp_proxy_web(self.hass, request, stream_coro)
+        return await async_aiohttp_proxy_web(self.hass, request, stream_coro)

    @property
    def name(self):
--- a/homeassistant/components/camera/mqtt.py
+++ b/homeassistant/components/camera/mqtt.py
@@ -11,7 +11,7 @@ import logging
 import voluptuous as vol

 from homeassistant.core import callback
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt
 from homeassistant.const import CONF_NAME
 from homeassistant.components.camera import Camera, PLATFORM_SCHEMA
 from homeassistant.helpers import config_validation as cv
--- a/homeassistant/components/camera/nest.py
+++ b/homeassistant/components/camera/nest.py
@@ -9,8 +9,9 @@ from datetime import timedelta

 import requests

-import homeassistant.components.nest as nest
-from homeassistant.components.camera import (PLATFORM_SCHEMA, Camera)
+from homeassistant.components import nest
+from homeassistant.components.camera import (PLATFORM_SCHEMA, Camera,
+                                             SUPPORT_ON_OFF)
 from homeassistant.util.dt import utcnow

 _LOGGER = logging.getLogger(__name__)
@@ -76,7 +77,36 @@ class NestCamera(Camera):
        """Return the brand of the camera."""
        return NEST_BRAND

-    # This doesn't seem to be getting called regularly, for some reason
+    @property
+    def supported_features(self):
+        """Nest Cam support turn on and off."""
+        return SUPPORT_ON_OFF
+
+    @property
+    def is_on(self):
+        """Return true if on."""
+        return self._online and self._is_streaming
+
+    def turn_off(self):
+        """Turn off camera."""
+        _LOGGER.debug('Turn off camera %s', self._name)
+        # Calling Nest API in is_streaming setter.
+        # device.is_streaming would not immediately change until the process
+        # finished in Nest Cam.
+        self.device.is_streaming = False
+
+    def turn_on(self):
+        """Turn on camera."""
+        if not self._online:
+            _LOGGER.error('Camera %s is offline.', self._name)
+            return
+
+        _LOGGER.debug('Turn on camera %s', self._name)
+        # Calling Nest API in is_streaming setter.
+        # device.is_streaming would not immediately change until the process
+        # finished in Nest Cam.
+        self.device.is_streaming = True
+
    def update(self):
        """Cache value from Python-nest."""
        self._location = self.device.where
--- a/homeassistant/components/camera/netatmo.py
+++ b/homeassistant/components/camera/netatmo.py
@@ -105,6 +105,6 @@ class NetatmoCamera(Camera):
        """Return the camera model."""
        if self._cameratype == "NOC":
            return "Presence"
-        elif self._cameratype == "NACamera":
+        if self._cameratype == "NACamera":
            return "Welcome"
        return None
--- a/homeassistant/components/camera/onvif.py
+++ b/homeassistant/components/camera/onvif.py
@@ -25,9 +25,7 @@ _LOGGER = logging.getLogger(__name__)

 REQUIREMENTS = ['onvif-py3==0.1.3',
                'suds-py3==1.3.3.0',
-                'http://github.com/tgaugry/suds-passworddigest-py3'
-                '/archive/86fc50e39b4d2b8997481967d6a7fe1c57118999.zip'
-                '#suds-passworddigest-py3==0.1.2a']
+                'suds-passworddigest-homeassistant==0.1.2a0.dev0']
 DEPENDENCIES = ['ffmpeg']
 DEFAULT_NAME = 'ONVIF Camera'
 DEFAULT_PORT = 5000
--- a/Show More
+++ b/Show More