From fa35a6c5e145a74f2da61151dd94c64c67e8f801 Mon Sep 17 00:00:00 2001 From: Jason Hu Date: Fri, 31 Aug 2018 21:08:32 -0700 Subject: [PATCH 1/4] Add MultiFactorAuthModule.async_generate --- docs/auth_auth_module.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/auth_auth_module.md b/docs/auth_auth_module.md index f6dc8d58217..f33aa68f3fe 100644 --- a/docs/auth_auth_module.md +++ b/docs/auth_auth_module.md @@ -21,7 +21,8 @@ Multi-factor Auth modules shall extend the following methods of `MultiFactorAuth | `async def async_setup_user(self, user_id, setup_data)` | Yes | Set up user for use this auth module. | `async def async_depose_user(self, user_id)` | Yes | Remove user information from this auth module. | `async def async_is_user_setup(self, user_id)` | Yes | Return whether user is set up. -| `async def async_validation(self, user_id, user_input)` | Yes | Given a user_id and user input, return valiidation result. +| `async def async_validate(self, user_id, user_input)` | Yes | Given a user_id and user input, return valiidation result. +| `async def async_generate(self, user_id)` | No | Generate a init code, if return result, the result will be shown as `description_placeholders['mfa_init_code']` in login flow's `mfa` step. ## Setup Flow @@ -37,7 +38,7 @@ Each MFA module need to implement a setup flow handler extends from `mfa_modules > TODO: draw a diagram -User == select auth provider ==> LoginFlow.init == input/validate username/password ==> LoginFlow.finish ==> if user enabled mfa ==> LoginFlow.select_mfa_module ==> LoginFlow.mfa == input/validate MFA code ==> LoginFlow.finish ==> Done +User == select auth provider ==> LoginFlow.init == input/validate username/password ==> LoginFlow.finish ==> if user enabled mfa ==> LoginFlow.select_mfa_module ==> generate init code (optional) ==> LoginFlow.mfa == input/validate MFA code ==> LoginFlow.finish ==> Done ## Configuration example From 21faccd34162af312a0244da544039aeb7e88324 Mon Sep 17 00:00:00 2001 From: Jason Hu Date: Wed, 5 Sep 2018 00:01:57 -0700 Subject: [PATCH 2/4] Update auth_auth_module.md --- docs/auth_auth_module.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/auth_auth_module.md b/docs/auth_auth_module.md index f33aa68f3fe..3fd908603fc 100644 --- a/docs/auth_auth_module.md +++ b/docs/auth_auth_module.md @@ -22,7 +22,7 @@ Multi-factor Auth modules shall extend the following methods of `MultiFactorAuth | `async def async_depose_user(self, user_id)` | Yes | Remove user information from this auth module. | `async def async_is_user_setup(self, user_id)` | Yes | Return whether user is set up. | `async def async_validate(self, user_id, user_input)` | Yes | Given a user_id and user input, return valiidation result. -| `async def async_generate(self, user_id)` | No | Generate a init code, if return result, the result will be shown as `description_placeholders['mfa_init_code']` in login flow's `mfa` step. +| `async def async_generate(self, user_id)` | No | Generate a init code. Be called once before display the mfa step of login flow. ## Setup Flow @@ -38,7 +38,7 @@ Each MFA module need to implement a setup flow handler extends from `mfa_modules > TODO: draw a diagram -User == select auth provider ==> LoginFlow.init == input/validate username/password ==> LoginFlow.finish ==> if user enabled mfa ==> LoginFlow.select_mfa_module ==> generate init code (optional) ==> LoginFlow.mfa == input/validate MFA code ==> LoginFlow.finish ==> Done +User == select auth provider ==> LoginFlow.init == input/validate username/password ==> LoginFlow.finish ==> if user enabled mfa ==> LoginFlow.select_mfa_module ==> generate code (optional) ==> LoginFlow.mfa == input/validate MFA code ==> LoginFlow.finish ==> Done ## Configuration example From cb383134e8d0d49497428c2c6ed9c16f4a9ad05f Mon Sep 17 00:00:00 2001 From: Jason Hu Date: Thu, 6 Sep 2018 13:47:45 -0700 Subject: [PATCH 3/4] Update auth_auth_module.md --- docs/auth_auth_module.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/auth_auth_module.md b/docs/auth_auth_module.md index 3fd908603fc..05c0667aab4 100644 --- a/docs/auth_auth_module.md +++ b/docs/auth_auth_module.md @@ -22,7 +22,7 @@ Multi-factor Auth modules shall extend the following methods of `MultiFactorAuth | `async def async_depose_user(self, user_id)` | Yes | Remove user information from this auth module. | `async def async_is_user_setup(self, user_id)` | Yes | Return whether user is set up. | `async def async_validate(self, user_id, user_input)` | Yes | Given a user_id and user input, return valiidation result. -| `async def async_generate(self, user_id)` | No | Generate a init code. Be called once before display the mfa step of login flow. +| `async def async_initialize(self, user_id)` | No | Will be called once before display the mfa step of login flow. ## Setup Flow @@ -52,7 +52,6 @@ homeassistant: - type: totp - type: insecure_example users: [{'user_id': 'a_32_bytes_length_user_id', 'pin': '123456'}] -auth: ``` In this example, user will first select from `homeassistant` or `legacy_api_password` auth provider. For `homeassistant` auth provider, user will first input username/password, if that user enabled both `totp` and `insecure_example`, then user need select one auth module, then input Google Authenticator code or input pin code base on the selection. From de0219979612b54d3a5d42bb9b0dd917f0db3f63 Mon Sep 17 00:00:00 2001 From: Jason Hu Date: Thu, 6 Sep 2018 13:50:04 -0700 Subject: [PATCH 4/4] Update auth_auth_module.md --- docs/auth_auth_module.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/auth_auth_module.md b/docs/auth_auth_module.md index 05c0667aab4..db44ce40891 100644 --- a/docs/auth_auth_module.md +++ b/docs/auth_auth_module.md @@ -22,7 +22,7 @@ Multi-factor Auth modules shall extend the following methods of `MultiFactorAuth | `async def async_depose_user(self, user_id)` | Yes | Remove user information from this auth module. | `async def async_is_user_setup(self, user_id)` | Yes | Return whether user is set up. | `async def async_validate(self, user_id, user_input)` | Yes | Given a user_id and user input, return valiidation result. -| `async def async_initialize(self, user_id)` | No | Will be called once before display the mfa step of login flow. +| `async def async_initialize_login_mfa_step(self, user_id)` | No | Will be called once before display the mfa step of login flow. This is not initialization for the MFA module but the mfa step in login flow. ## Setup Flow @@ -38,7 +38,7 @@ Each MFA module need to implement a setup flow handler extends from `mfa_modules > TODO: draw a diagram -User == select auth provider ==> LoginFlow.init == input/validate username/password ==> LoginFlow.finish ==> if user enabled mfa ==> LoginFlow.select_mfa_module ==> generate code (optional) ==> LoginFlow.mfa == input/validate MFA code ==> LoginFlow.finish ==> Done +User == select auth provider ==> LoginFlow.init == input/validate username/password ==> LoginFlow.finish ==> if user enabled mfa ==> LoginFlow.select_mfa_module ==> initialize(optional) ==> LoginFlow.mfa == input/validate MFA code ==> LoginFlow.finish ==> Done ## Configuration example