diff --git a/homeassistant/auth/__init__.py b/homeassistant/auth/__init__.py
index cc2f244efb4fa498609ff97eab252a86cf8851b2..62c416a988300d13024af0789c77e0bbe6a80a28 100644
--- a/homeassistant/auth/__init__.py
+++ b/homeassistant/auth/__init__.py
@@ -124,6 +124,7 @@ class AuthManager:
return await self._store.async_create_user(
credentials=credentials,
name=info.get('name'),
+ is_active=info.get('is_active', False)
)
async def async_link_user(self, user, credentials):
diff --git a/homeassistant/auth/providers/__init__.py b/homeassistant/auth/providers/__init__.py
index 3769248fc053525528069cf32aaa5a038cac9396..68cc1c7edd27220feb164c3b4c2458f4c5be8aed 100644
--- a/homeassistant/auth/providers/__init__.py
+++ b/homeassistant/auth/providers/__init__.py
@@ -135,5 +135,9 @@ class AuthProvider:
"""Return extra user metadata for credentials.
Will be used to populate info when creating a new user.
+
+ Values to populate:
+ - name: string
+ - is_active: boolean
"""
return {}
diff --git a/homeassistant/auth/providers/homeassistant.py b/homeassistant/auth/providers/homeassistant.py
index b359f67d77fd1a51874714cd66d9b2448bce685e..d24110a47362e00cff940d88aa352234db3b28cb 100644
--- a/homeassistant/auth/providers/homeassistant.py
+++ b/homeassistant/auth/providers/homeassistant.py
@@ -184,7 +184,8 @@ class HassAuthProvider(AuthProvider):
async def async_user_meta_for_credentials(self, credentials):
"""Get extra info for this credential."""
return {
- 'name': credentials.data['username']
+ 'name': credentials.data['username'],
+ 'is_active': True,
}
async def async_will_remove_credentials(self, credentials):
diff --git a/homeassistant/auth/providers/insecure_example.py b/homeassistant/auth/providers/insecure_example.py
index e06b16177a1241632df1fb5d91cebc4616e59654..c86c8eb71f11243fa63bc01907268769b78cb143 100644
--- a/homeassistant/auth/providers/insecure_example.py
+++ b/homeassistant/auth/providers/insecure_example.py
@@ -75,14 +75,16 @@ class ExampleAuthProvider(AuthProvider):
Will be used to populate info when creating a new user.
"""
username = credentials.data['username']
+ info = {
+ 'is_active': True,
+ }
for user in self.config['users']:
if user['username'] == username:
- return {
- 'name': user.get('name')
- }
+ info['name'] = user.get('name')
+ break
- return {}
+ return info
class LoginFlow(data_entry_flow.FlowHandler):
diff --git a/homeassistant/auth/providers/legacy_api_password.py b/homeassistant/auth/providers/legacy_api_password.py
index 57c05e3bdc86bc7d079a6adc2d1047a535279b3f..1f92fb60f13752d34f246b994094bb4413b42b49 100644
--- a/homeassistant/auth/providers/legacy_api_password.py
+++ b/homeassistant/auth/providers/legacy_api_password.py
@@ -70,7 +70,10 @@ class LegacyApiPasswordAuthProvider(AuthProvider):
Will be used to populate info when creating a new user.
"""
- return {'name': LEGACY_USER}
+ return {
+ 'name': LEGACY_USER,
+ 'is_active': True,
+ }
class LoginFlow(data_entry_flow.FlowHandler):
diff --git a/homeassistant/scripts/auth.py b/homeassistant/scripts/auth.py
index fea523c4117a18690038068e8026f790309aa76e..d141faa4c27637bf8701f7d514ec32300b55c89c 100644
--- a/homeassistant/scripts/auth.py
+++ b/homeassistant/scripts/auth.py
@@ -81,16 +81,9 @@ async def add_user(hass, provider, args):
print("Username already exists!")
return
- credentials = await provider.async_get_or_create_credentials({
- 'username': args.username
- })
-
- user = await hass.auth.async_create_user(args.username)
- await hass.auth.async_link_user(user, credentials)
-
# Save username/password
await provider.data.async_save()
- print("User created")
+ print("Auth created")
async def validate_login(hass, provider, args):
diff --git a/tests/auth/providers/test_homeassistant.py b/tests/auth/providers/test_homeassistant.py
index 08fb63a3c7277053ce24b171a3d762ae54ccb73b..9db6293d98a14fb245cc279288dd1acb52bb7bfb 100644
--- a/tests/auth/providers/test_homeassistant.py
+++ b/tests/auth/providers/test_homeassistant.py
@@ -4,6 +4,7 @@ from unittest.mock import Mock
import pytest
from homeassistant import data_entry_flow
+from homeassistant.auth import auth_manager_from_config
from homeassistant.auth.providers import (
auth_provider_from_config, homeassistant as hass_auth)
@@ -112,3 +113,20 @@ async def test_not_allow_set_id():
'id': 'invalid',
})
assert provider is None
+
+
+async def test_new_users_populate_values(hass, data):
+ """Test that we populate data for new users."""
+ data.add_auth('hello', 'test-pass')
+ await data.async_save()
+
+ manager = await auth_manager_from_config(hass, [{
+ 'type': 'homeassistant'
+ }])
+ provider = manager.auth_providers[0]
+ credentials = await provider.async_get_or_create_credentials({
+ 'username': 'hello'
+ })
+ user = await manager.async_get_or_create_user(credentials)
+ assert user.name == 'hello'
+ assert user.is_active
diff --git a/tests/auth/providers/test_insecure_example.py b/tests/auth/providers/test_insecure_example.py
index 8e8c973875656778374d82273a8b881284e3b941..b472e4c95df3b49d012ac0fb97d72debe0f39841 100644
--- a/tests/auth/providers/test_insecure_example.py
+++ b/tests/auth/providers/test_insecure_example.py
@@ -4,7 +4,7 @@ import uuid
import pytest
-from homeassistant.auth import auth_store, models as auth_models
+from homeassistant.auth import auth_store, models as auth_models, AuthManager
from homeassistant.auth.providers import insecure_example
from tests.common import mock_coro
@@ -23,6 +23,7 @@ def provider(hass, store):
'type': 'insecure_example',
'users': [
{
+ 'name': 'Test Name',
'username': 'user-test',
'password': 'password-test',
},
@@ -34,7 +35,15 @@ def provider(hass, store):
})
-async def test_create_new_credential(provider):
+@pytest.fixture
+def manager(hass, store, provider):
+ """Mock manager."""
+ return AuthManager(hass, store, {
+ (provider.type, provider.id): provider
+ })
+
+
+async def test_create_new_credential(manager, provider):
"""Test that we create a new credential."""
credentials = await provider.async_get_or_create_credentials({
'username': 'user-test',
@@ -42,6 +51,10 @@ async def test_create_new_credential(provider):
})
assert credentials.is_new is True
+ user = await manager.async_get_or_create_user(credentials)
+ assert user.name == 'Test Name'
+ assert user.is_active
+
async def test_match_existing_credentials(store, provider):
"""See if we match existing users."""
diff --git a/tests/auth/providers/test_legacy_api_password.py b/tests/auth/providers/test_legacy_api_password.py
index 007e37b90c4e3eca95176c5f909b979912b87db5..71642bd7a32c26d59f24aeb31f05ded73fdd37f9 100644
--- a/tests/auth/providers/test_legacy_api_password.py
+++ b/tests/auth/providers/test_legacy_api_password.py
@@ -30,12 +30,16 @@ def manager(hass, store, provider):
})
-async def test_create_new_credential(provider):
+async def test_create_new_credential(manager, provider):
"""Test that we create a new credential."""
credentials = await provider.async_get_or_create_credentials({})
assert credentials.data["username"] is legacy_api_password.LEGACY_USER
assert credentials.is_new is True
+ user = await manager.async_get_or_create_user(credentials)
+ assert user.name == legacy_api_password.LEGACY_USER
+ assert user.is_active
+
async def test_only_one_credentials(manager, provider):
"""Call create twice will return same credential."""
diff --git a/tests/components/auth/test_init.py b/tests/components/auth/test_init.py
index 1d3719b8c66e1b816fc56353973951cbfa174a36..807bf15854b9777289f82cb6f95607126922e7c5 100644
--- a/tests/components/auth/test_init.py
+++ b/tests/components/auth/test_init.py
@@ -40,11 +40,31 @@ async def test_login_new_user_and_trying_refresh_token(hass, aiohttp_client):
'code': code
})
- # User is not active
- assert resp.status == 403
- data = await resp.json()
- assert data['error'] == 'access_denied'
- assert data['error_description'] == 'User is not active'
+ assert resp.status == 200
+ tokens = await resp.json()
+
+ assert hass.auth.async_get_access_token(tokens['access_token']) is not None
+
+ # Use refresh token to get more tokens.
+ resp = await client.post('/auth/token', data={
+ 'client_id': CLIENT_ID,
+ 'grant_type': 'refresh_token',
+ 'refresh_token': tokens['refresh_token']
+ })
+
+ assert resp.status == 200
+ tokens = await resp.json()
+ assert 'refresh_token' not in tokens
+ assert hass.auth.async_get_access_token(tokens['access_token']) is not None
+
+ # Test using access token to hit API.
+ resp = await client.get('/api/')
+ assert resp.status == 401
+
+ resp = await client.get('/api/', headers={
+ 'authorization': 'Bearer {}'.format(tokens['access_token'])
+ })
+ assert resp.status == 200
def test_credential_store_expiration():
diff --git a/tests/scripts/test_auth.py b/tests/scripts/test_auth.py
index 1320be299b83cb205cdef3672d370614d3b0241f..f6c027150dd8fff5d73222bfcd8ba97477750049 100644
--- a/tests/scripts/test_auth.py
+++ b/tests/scripts/test_auth.py
@@ -47,7 +47,7 @@ async def test_add_user(hass, provider, capsys, hass_storage):
assert len(hass_storage[hass_auth.STORAGE_KEY]['data']['users']) == 1
captured = capsys.readouterr()
- assert captured.out == 'User created\n'
+ assert captured.out == 'Auth created\n'
assert len(data.users) == 1
data.validate_login('paulus', 'test-pass')