Small cleanups to process_success_login (#103282)

homeassistant/components/auth/login_flow.py

@@ -235,7 +235,7 @@ async def _async_flow_result_to_response(
                 f"Login blocked: {user_access_error}", HTTPStatus.FORBIDDEN
             )
 
-        await process_success_login(request)
+        process_success_login(request)
         result["result"] = self._store_result(client_id, result_obj)
 
         return self.json(result)

homeassistant/components/http/ban.py

@@ -162,27 +162,28 @@ async def process_wrong_login(request: Request) -> None:
         )
 
 
-async def process_success_login(request: Request) -> None:
+@callback
+def process_success_login(request: Request) -> None:
     """Process a success login attempt.
 
     Reset failed login attempts counter for remote IP address.
     No release IP address from banned list function, it can only be done by
     manual modify ip bans config file.
     """
-    remote_addr = ip_address(request.remote)  # type: ignore[arg-type]
-
+    app = request.app
     # Check if ban middleware is loaded
-    if KEY_BAN_MANAGER not in request.app or request.app[KEY_LOGIN_THRESHOLD] < 1:
+    if KEY_BAN_MANAGER not in app or app[KEY_LOGIN_THRESHOLD] < 1:
         return
 
-    if (
-        remote_addr in request.app[KEY_FAILED_LOGIN_ATTEMPTS]
-        and request.app[KEY_FAILED_LOGIN_ATTEMPTS][remote_addr] > 0
-    ):
+    remote_addr = ip_address(request.remote)  # type: ignore[arg-type]
+    login_attempt_history: defaultdict[IPv4Address | IPv6Address, int] = app[
+        KEY_FAILED_LOGIN_ATTEMPTS
+    ]
+    if remote_addr in login_attempt_history and login_attempt_history[remote_addr] > 0:
         _LOGGER.debug(
             "Login success, reset failed login attempts counter from %s", remote_addr
         )
-        request.app[KEY_FAILED_LOGIN_ATTEMPTS].pop(remote_addr)
+        login_attempt_history.pop(remote_addr)
 
 
 class IpBan:

homeassistant/components/websocket_api/auth.py

@@ -103,7 +103,7 @@ async def _async_finish_auth(
     ) -> ActiveConnection:
         """Create an active connection."""
         self._logger.debug("Auth OK")
-        await process_success_login(self._request)
+        process_success_login(self._request)
         self._send_message(auth_ok_message())
         return ActiveConnection(
             self._logger, self._hass, self._send_message, user, refresh_token

tests/components/http/test_ban.py

@@ -16,6 +16,7 @@
     KEY_BAN_MANAGER,
     KEY_FAILED_LOGIN_ATTEMPTS,
     IpBanManager,
+    process_success_login,
     setup_bans,
 )
 from homeassistant.components.http.view import request_handler_factory
@@ -332,9 +333,14 @@ async def auth_handler(request):
         """Return 200 status code."""
         return None, 200
 
+    async def auth_true_handler(request):
+        """Return 200 status code."""
+        process_success_login(request)
+        return None, 200
+
     app.router.add_get(
         "/auth_true",
-        request_handler_factory(hass, Mock(requires_auth=True), auth_handler),
+        request_handler_factory(hass, Mock(requires_auth=True), auth_true_handler),
     )
     app.router.add_get(
         "/auth_false",
@@ -377,4 +383,12 @@ async def mock_auth(request, handler):
     # We no longer support trusted networks.
     resp = await client.get("/auth_true")
     assert resp.status == HTTPStatus.OK
+    assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 0
+
+    resp = await client.get("/auth_false")
+    assert resp.status == HTTPStatus.UNAUTHORIZED
+    assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1
+
+    resp = await client.get("/auth_false")
+    assert resp.status == HTTPStatus.UNAUTHORIZED
     assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2