forked from home-assistant/core
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(experimentally) support multiple api users
and add 'permissions' support to switch/commandline component (only) see * https://www.pivotaltracker.com/n/projects/1250084/stories/116678871 'User Management', * https://community.home-assistant.io/t/multiple-users-accounts/396/14 'Multiple Users/Acccounts' Feature Request * https://community.home-assistant.io/t/multiple-users-account/328/10 'Multiple Users/Accounts' Configuration Current status: * support multiple api users now, defined by http.api_users configuration dict, see example below * add api_users attribute to http component, set to username of the api_user that is logged in * auth backend uses pbkdf2.hmac now for storing only password hashes of api_users, to avoid that plain passwords of all api users can be found in the configuration. * components/switch/command_line component (and only this one!) supports 'permission' configuration which specifies the allowed permissions per api user as dictionary (api username => 'rwx' # 'r'ead 'w'rite e'x'ecute, '*' as api username means 'all other api users'); see example below Restrictions (in this experimental commit): * Implementation is only done in the python backend as of now, this means that still all items are visible in th web view, and all items can be triggered - but for those where user does not have 'w'rite access the stored state is not overwritten, i.e. the switch in the gui toggles back to the original value on GUI refresh, as the state could not be changed in the backend. * pbkdf2_hmac salt currently is fixed - this should be changed to a per-installation generated random Example configuration snippet: http: # Uncomment this to add a password (recommended!) api_password: MyPASSWORD api_users: # uses password hashes, as created by script/pwd2hash.py admin: # passphrase 'admin1234': password_hash: "22c377f92775d7145752ecafd182458bdb04bbaa3e3ac0d58832c782f5a57c2b" user1: # passphrase 'user1234': password_hash: "ab881c7fe60ae3aa12613aa44bc6199118475c52c6790f9aaf7aa9f383c70d1c" user2: # passphrase 'user4321': password_hash: "9ad239323284c47e975d85cb16c39f88eb34fe154de26baa589c79163ccea8c1" switch: - platform: command_line switches: one: command_on: logger switch.one says command_on command_off: logger switch.one says command_off # no permissions specified - all have access admin_only: command_on: logger switch.admin_only says command_on command_off: logger switch.admin_only says command_off permissions: 'admin': 'rwx' # all others do not have access admin_or_user1: command_on: logger switch.one says command_on command_off: logger switch.one says command_off permissions: admin: rwx user1: rw '*': r # all others have read only access
- Loading branch information
Showing
11 changed files
with
328 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/usr/bin/python | ||
# pwd2pash.py - create password_hash as used in http.api_users.password_hash configs | ||
|
||
import binascii | ||
import hashlib | ||
import getpass | ||
import os | ||
|
||
plain_passwd = getpass.getpass("Enter plain password: ") | ||
the_salt = b'\x02O\xc0P?\x16\xc4\xdb\xbe\x96\xba\xb4\xa9r\x87\xe0' # os.urandom(16) | ||
iterations = 100000 | ||
dk = hashlib.pbkdf2_hmac('sha256', plain_passwd.encode('utf-8'), the_salt, iterations) | ||
print(binascii.hexlify(dk)) | ||
|
Oops, something went wrong.