Skip to content

Add trusted networks auth provider#15812

Merged
balloob merged 3 commits intohome-assistant:devfrom
awarecan:trusted-networks-aut-prov
Aug 13, 2018
Merged

Add trusted networks auth provider#15812
balloob merged 3 commits intohome-assistant:devfrom
awarecan:trusted-networks-aut-prov

Conversation

@awarecan
Copy link
Copy Markdown
Contributor

@awarecan awarecan commented Aug 3, 2018
edited
Loading

Description:

Need to wait #15914 merged first

Add Trusted Networks Authentication Provider

It shows list of users if access from trusted network. User can select which user want to login, no password need

image

Breaking change:

Given new auth is enabled, current websocket API will not request auth if access was from trusted networks, After this change, websocket API will always request auth if new auth was enabled.

Any integration leverage on websocket API and trusted_networks together should first get access_token by trusted networks authentication provider, then provide access_token to websocket API.

Related issue (if applicable): fixes #15589

Pull request in home-assistant.github.io with documentation (if applicable): home-assistant/home-assistant.github.io#<home-assistant.github.io PR number goes here>

Example entry for configuration.yaml (if applicable):

# configuration.yaml
homeassistant:
  auth_providers:
    - type: trusted_networks

Checklist:

  • The code change is tested and works locally.
  • Local tests pass with tox. Your PR cannot be merged unless tests pass

If user exposed functionality or configuration variables are added/changed:

If the code does not interact with devices:

  • Tests have been added to verify that the new code works.

@awarecan awarecan requested a review from a team as a code owner August 3, 2018 18:52
@ghost ghost assigned awarecan Aug 3, 2018
@ghost ghost added the in progress label Aug 3, 2018
@awarecan awarecan force-pushed the trusted-networks-aut-prov branch from 6b4a708 to 7f2d2e5 Compare August 3, 2018 19:13
@quthla
Copy link
Copy Markdown
Contributor

quthla commented Aug 4, 2018

Maybe a config setting for trusted networks default user so one can completely skip authentication if wanted?

@awarecan
Copy link
Copy Markdown
Contributor Author

awarecan commented Aug 4, 2018

@quthla we have discussion about it, please check history of #15589 (comment)

balloob
balloob reviewed Aug 6, 2018
View reviewed changes
homeassistant/components/auth/login_flow.py Outdated
else:
handler = data['handler']

if handler[0] == 'trusted_networks':
Copy link
Copy Markdown
Member

@balloob balloob Aug 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not good.

By doing this, we're starting to conflate concerns of the auth provider with the generic abstraction. It means the abstraction is not good and that needs to be changed.

I don't know right now how we should evolve it, maybe we need to decouple the manager from the flow, allowing the manager to pass in an extra auth context.

Copy link
Copy Markdown
Member

@balloob balloob Aug 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also comes with having to decouple the HTTP views from using the helper.

And all these things should happen in separate PRs. One thing at a time.

Copy link
Copy Markdown
Contributor Author

@awarecan awarecan Aug 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part 3 of #15700 was implement login's own flow manager.

@awarecan awarecan force-pushed the trusted-networks-aut-prov branch from 7f2d2e5 to 28db4d4 Compare August 10, 2018 00:30
@awarecan awarecan force-pushed the trusted-networks-aut-prov branch from 28db4d4 to cac3c41 Compare August 10, 2018 00:35
@awarecan
Copy link
Copy Markdown
Contributor Author

awarecan commented Aug 10, 2018

This included the changes of #15914 , should rebase/merge after #15914 got merged

Two features not included, can be implement in future

  1. /auth/providers should only return trusted networks provider option if user access from trusted networks
  2. If only one user exist, by pass the user selection step

@awarecan awarecan force-pushed the trusted-networks-aut-prov branch from cac3c41 to 1974790 Compare August 10, 2018 09:42
@balloob balloob force-pushed the trusted-networks-aut-prov branch from 1974790 to b7fc5cf Compare August 13, 2018 09:41
@ghost ghost assigned balloob Aug 13, 2018
@balloob
Copy link
Copy Markdown
Member

balloob commented Aug 13, 2018

Rebased.

@balloob
Copy link
Copy Markdown
Member

balloob commented Aug 13, 2018

Beautiful.

@balloob balloob merged commit da8f93d into home-assistant:dev Aug 13, 2018
@ghost ghost removed the in progress label Aug 13, 2018
@awarecan awarecan mentioned this pull request Aug 13, 2018
Closed
@awarecan awarecan deleted the trusted-networks-aut-prov branch August 22, 2018 12:20
@balloob balloob mentioned this pull request Aug 29, 2018
Merged
girlpunk pushed a commit to girlpunk/home-assistant that referenced this pull request Sep 4, 2018
@awarecan
Add trusted networks auth provider (home-assistant#15812)
aaba530 
* Add context to login flow

* Add trusted networks auth provider

* source -> context
vrih pushed a commit to vrih/home-assistant that referenced this pull request Sep 29, 2018
@awarecan @vrih
Add trusted networks auth provider (home-assistant#15812)
7da4631 
* Add context to login flow

* Add trusted networks auth provider

* source -> context
@home-assistant home-assistant locked and limited conversation to collaborators Dec 10, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@balloob balloob balloob approved these changes

Assignees

@balloob balloob

@awarecan awarecan

Labels

breaking-change cla-signed core integration: auth integration: http integration: websocket_api

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Honor trusted network config in new auth system

4 participants

@awarecan @quthla @balloob @homeassistant