New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added command_line auth provider that validates credentials by calling a command #19985
Conversation
7b6ca8c
to
ba05606
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add unit test.
You can include a script to mock external program in your unit test to return valid or invalid result
I'll create an unit test when the API is final. |
This looks good. Will need some tests written. |
I suggest that for MVP we remove the metadata and just look at the return code. Keep it simple. |
Ah I see, MVP... Removing the metadata sounds not desirable to me. I don't want to see "You're logged in as ." in the UI because HA doesn't know my name. Could become more problematic when HA maybe logs user actions some day. Having to turn it on explicitly sounds more appropriate to me. |
4f368bf
to
5d100af
Compare
And here's a working example for authentication against LDAP: |
Could not find a matching documentation PR on our documentation repository, adding |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are two stuffs are missing besides the documentation pointed by Frenck
- unit test for login flow
- a front-end PR to include string resources, you can use leagcy_api_password auth provider as example: https://github.com/home-assistant/home-assistant-polymer/blob/f98fff9ffdd101b029f44e8ffe5a59545d388e84/src/translations/en.json#L939
I won't create any docs until we mutually agreed on the API, won't do it twice when it needs to be changed. Are you happy with I'll look into testing the login flow as well... Just took the existing tests from Strings for the frontend... alright. |
I am fine with meta being optional and False by default |
Here is the example of login flow test, https://github.com/home-assistant/home-assistant/blob/201fd4afeec56f031dab027f0b84debea5bced77/tests/auth/providers/test_homeassistant.py#L67 |
I think this PR is ready for final review and merge now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good 🎉 Just one question about the username stripping. Probably easiest to implement the username stripping in the config flow btw.
@balloob Hmm, I'm not sure I understand correctly. Usernames aren't stripped by this auth provider, as with any other existing provider I think. |
The only things that are stripped are the meta variables(currently only the user's real name). |
Balloob is referencing a recent merged PR, #20150 |
If a user enters |
No, it won't. Environment variables preserve all characters. However, it depends on the script the user configures to run to not strip them itself. I can add a note about that to the docs. |
Did it. |
On the other hand, I see nothing that stands against stripping usernames from the beginning on. So do you think it should simply be done before it get's released to prevent having a breaking change later? |
Niiiiiice 🎉 |
* Added strings for command line auth provider Regards home-assistant/core#19985 * Reuse existing translation keys for new command_line auth provider
* Added docs for command line auth provider Regards home-assistant/core#19985 * Added reference to a compatible script for LDAP authentication * Added note about stderr with command_line auth provider * Added note about stripping usernames * Note that usernames are stripped with command_line auth provider
…g a command (home-assistant#19985) * Added external auth provider that calls a configurable program Closes home-assistant#19975 * Raise proper InvalidAuth exception on OSError during program execution * Changed name of external auth provider to command_line * Renamed program config option to command in command_line auth provider * Made meta variable parsing in command_line auth provider optional * Added tests for command_line auth provider * Fixed indentation * Suppressed wrong pylint warning * Fixed linting * Added test for command line auth provider login flow * Log error when user fails authentication * Use %r formatter instead of explicit repr() * Mix all used names of typing module into module namespace I consider this nasty and bad coding style, but was requested by @awarecan for consistency with the remaining codebase. * Small code style change * Strip usernames with command_line auth provider
Description:
A new authentication provider that checks username/password by calling an external program, passing the values as environment variables. If the program exits with exit code 0, authentication succeeds.
Additionally, the program can print out lines of the form
to give HA some information about the authenticating user. Currently, only
name
is supported, but groups are thinkable as well when there will be an official API for interfacing with HA's group system in the future.As an example, I wrote a script to do authentication against LDAP, that I'll link here soon.
Related issue (if applicable): Closes #19975
Pull request in home-assistant-polymer: home-assistant/frontend#2561
Pull request in home-assistant.io with documentation (if applicable): home-assistant/home-assistant.io#8321
Example entry for
configuration.yaml
(if applicable):Checklist:
tox
. Your PR cannot be merged unless tests passIf user exposed functionality or configuration variables are added/changed:
If the code does not interact with devices: