Implement cync reauth flow (home-assistant#154257)

Author: Kinachi249

homeassistant/components/cync/config_flow.py

@@ -2,14 +2,15 @@
 
 from __future__ import annotations
 
+from collections.abc import Mapping
 import logging
 from typing import Any
 
 from pycync import Auth
 from pycync.exceptions import AuthFailedError, CyncError, TwoFactorRequiredError
 import voluptuous as vol
 
-from homeassistant.config_entries import ConfigFlow, ConfigFlowResult
+from homeassistant.config_entries import SOURCE_REAUTH, ConfigFlow, ConfigFlowResult
 from homeassistant.const import CONF_ACCESS_TOKEN, CONF_EMAIL, CONF_PASSWORD
 from homeassistant.helpers.aiohttp_client import async_get_clientsession
 
@@ -39,37 +40,22 @@ class CyncConfigFlow(ConfigFlow, domain=DOMAIN):
 
     VERSION = 1
 
-    cync_auth: Auth
+    cync_auth: Auth = None
 
     async def async_step_user(
         self, user_input: dict[str, Any] | None = None
     ) -> ConfigFlowResult:
         """Attempt login with user credentials."""
         errors: dict[str, str] = {}
 
-        if user_input is None:
-            return self.async_show_form(
-                step_id="user", data_schema=STEP_USER_DATA_SCHEMA, errors=errors
-            )
+        if user_input:
+            try:
+                errors = await self._validate_credentials(user_input)
+            except TwoFactorRequiredError:
+                return await self.async_step_two_factor()
 
-        self.cync_auth = Auth(
-            async_get_clientsession(self.hass),
-            username=user_input[CONF_EMAIL],
-            password=user_input[CONF_PASSWORD],
-        )
-        try:
-            await self.cync_auth.login()
-        except AuthFailedError:
-            errors["base"] = "invalid_auth"
-        except TwoFactorRequiredError:
-            return await self.async_step_two_factor()
-        except CyncError:
-            errors["base"] = "cannot_connect"
-        except Exception:
-            _LOGGER.exception("Unexpected exception")
-            errors["base"] = "unknown"
-        else:
-            return await self._create_config_entry(self.cync_auth.username)
+            if not errors:
+                return await self._create_config_entry(self.cync_auth.username)
 
         return self.async_show_form(
             step_id="user", data_schema=STEP_USER_DATA_SCHEMA, errors=errors
@@ -81,38 +67,95 @@ async def async_step_two_factor(
         """Attempt login with the two factor auth code sent to the user."""
         errors: dict[str, str] = {}
 
-        if user_input is None:
+        if user_input:
+            errors = await self._validate_credentials(user_input)
+
+            if not errors:
+                return await self._create_config_entry(self.cync_auth.username)
+
             return self.async_show_form(
-                step_id="two_factor", data_schema=STEP_TWO_FACTOR_SCHEMA, errors=errors
+                step_id="user", data_schema=STEP_USER_DATA_SCHEMA, errors=errors
+            )
+
+        return self.async_show_form(
+            step_id="two_factor", data_schema=STEP_TWO_FACTOR_SCHEMA, errors=errors
+        )
+
+    async def async_step_reauth(
+        self, entry_data: Mapping[str, Any]
+    ) -> ConfigFlowResult:
+        """Perform reauth upon an API authentication error."""
+        return await self.async_step_reauth_confirm()
+
+    async def async_step_reauth_confirm(
+        self, user_input: dict[str, Any] | None = None
+    ) -> ConfigFlowResult:
+        """Dialog that informs the user that reauth is required and prompts for their Cync credentials."""
+        errors: dict[str, str] = {}
+
+        reauth_entry = self._get_reauth_entry()
+
+        if user_input:
+            try:
+                errors = await self._validate_credentials(user_input)
+            except TwoFactorRequiredError:
+                return await self.async_step_two_factor()
+
+            if not errors:
+                return await self._create_config_entry(self.cync_auth.username)
+
+        return self.async_show_form(
+            step_id="reauth_confirm",
+            data_schema=STEP_USER_DATA_SCHEMA,
+            errors=errors,
+            description_placeholders={CONF_EMAIL: reauth_entry.title},
+        )
+
+    async def _validate_credentials(self, user_input: dict[str, Any]) -> dict[str, str]:
+        """Attempt to log in with user email and password, and return the error dict."""
+        errors: dict[str, str] = {}
+
+        if not self.cync_auth:
+            self.cync_auth = Auth(
+                async_get_clientsession(self.hass),
+                username=user_input[CONF_EMAIL],
+                password=user_input[CONF_PASSWORD],
             )
+
         try:
-            await self.cync_auth.login(user_input[CONF_TWO_FACTOR_CODE])
+            await self.cync_auth.login(user_input.get(CONF_TWO_FACTOR_CODE))
+        except TwoFactorRequiredError:
+            raise
         except AuthFailedError:
             errors["base"] = "invalid_auth"
         except CyncError:
             errors["base"] = "cannot_connect"
         except Exception:
             _LOGGER.exception("Unexpected exception")
             errors["base"] = "unknown"
-        else:
-            return await self._create_config_entry(self.cync_auth.username)
 
-        return self.async_show_form(
-            step_id="user", data_schema=STEP_USER_DATA_SCHEMA, errors=errors
-        )
+        return errors
 
     async def _create_config_entry(self, user_email: str) -> ConfigFlowResult:
         """Create the Cync config entry using input user data."""
 
         cync_user = self.cync_auth.user
         await self.async_set_unique_id(str(cync_user.user_id))
-        self._abort_if_unique_id_configured()
 
-        config = {
+        config_data = {
             CONF_USER_ID: cync_user.user_id,
             CONF_AUTHORIZE_STRING: cync_user.authorize,
             CONF_EXPIRES_AT: cync_user.expires_at,
             CONF_ACCESS_TOKEN: cync_user.access_token,
             CONF_REFRESH_TOKEN: cync_user.refresh_token,
         }
-        return self.async_create_entry(title=user_email, data=config)
+
+        if self.source == SOURCE_REAUTH:
+            self._abort_if_unique_id_mismatch()
+            return self.async_update_reload_and_abort(
+                entry=self._get_reauth_entry(), title=user_email, data=config_data
+            )
+
+        self._abort_if_unique_id_configured()
+
+        return self.async_create_entry(title=user_email, data=config_data)

homeassistant/components/cync/quality_scale.yaml

@@ -37,7 +37,7 @@ rules:
   integration-owner: done
   log-when-unavailable: todo
   parallel-updates: todo
-  reauthentication-flow: todo
+  reauthentication-flow: done
   test-coverage: todo
 
   # Gold

homeassistant/components/cync/strings.json

@@ -18,6 +18,18 @@
         "data_description": {
           "two_factor_code": "The two-factor code sent to your Cync account's email"
         }
+      },
+      "reauth_confirm": {
+        "title": "[%key:common::config_flow::title::reauth%]",
+        "description": "The Cync integration needs to re-authenticate for {email}",
+        "data": {
+          "email": "[%key:common::config_flow::data::email%]",
+          "password": "[%key:common::config_flow::data::password%]"
+        },
+        "data_description": {
+          "email": "[%key:component::cync::config::step::user::data_description::email%]",
+          "password": "[%key:component::cync::config::step::user::data_description::password%]"
+        }
       }
     },
     "error": {
@@ -26,7 +38,9 @@
       "unknown": "[%key:common::config_flow::error::unknown%]"
     },
     "abort": {
-      "already_configured": "[%key:common::config_flow::abort::already_configured_account%]"
+      "already_configured": "[%key:common::config_flow::abort::already_configured_account%]",
+      "reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]",
+      "unique_id_mismatch": "An incorrect user was provided by Cync for your email address, please consult your Cync app"
     }
   }
 }

tests/components/cync/const.py

@@ -11,4 +11,11 @@
     123456789,
     expires_at=(time.time() * 1000) + 3600000,
 )
+SECOND_MOCKED_USER = pycync.User(
+    "test_token_2",
+    "test_refresh_token_2",
+    "test_authorize_string_2",
+    987654321,
+    expires_at=(time.time() * 1000) + 3600000,
+)
 MOCKED_EMAIL = "[email protected]"

tests/components/cync/test_config_flow.py

@@ -18,7 +18,7 @@
 from homeassistant.core import HomeAssistant
 from homeassistant.data_entry_flow import FlowResultType
 
-from .const import MOCKED_EMAIL, MOCKED_USER
+from .const import MOCKED_EMAIL, MOCKED_USER, SECOND_MOCKED_USER
 
 from tests.common import MockConfigEntry
 
@@ -98,6 +98,74 @@ async def test_form_two_factor_success(
     assert len(mock_setup_entry.mock_calls) == 1
 
 
+async def test_form_reauth_success(
+    hass: HomeAssistant,
+    mock_config_entry: MockConfigEntry,
+    mock_setup_entry: AsyncMock,
+    auth_client: MagicMock,
+) -> None:
+    """Test we handle re-authentication with two-factor."""
+    mock_config_entry.add_to_hass(hass)
+    result = await mock_config_entry.start_reauth_flow(hass)
+    assert result["step_id"] == "reauth_confirm"
+
+    auth_client.login.side_effect = TwoFactorRequiredError
+    result = await hass.config_entries.flow.async_configure(
+        result["flow_id"],
+        {
+            CONF_EMAIL: MOCKED_EMAIL,
+            CONF_PASSWORD: "test-password",
+        },
+    )
+
+    assert result["type"] is FlowResultType.FORM
+    assert result["errors"] == {}
+    assert result["step_id"] == "two_factor"
+
+    # Enter two factor code
+    auth_client.login.side_effect = None
+    result = await hass.config_entries.flow.async_configure(
+        result["flow_id"],
+        {
+            CONF_TWO_FACTOR_CODE: "123456",
+        },
+    )
+
+    assert result["type"] is FlowResultType.ABORT
+    assert result["reason"] == "reauth_successful"
+    assert mock_config_entry.data == {
+        CONF_USER_ID: MOCKED_USER.user_id,
+        CONF_AUTHORIZE_STRING: "test_authorize_string",
+        CONF_EXPIRES_AT: ANY,
+        CONF_ACCESS_TOKEN: "test_token",
+        CONF_REFRESH_TOKEN: "test_refresh_token",
+    }
+    assert len(mock_setup_entry.mock_calls) == 1
+
+
+async def test_form_reauth_unique_id_mismatch(
+    hass: HomeAssistant,
+    mock_config_entry: MockConfigEntry,
+    auth_client: MagicMock,
+) -> None:
+    """Test we handle a unique ID mismatch when re-authenticating."""
+    mock_config_entry.add_to_hass(hass)
+    result = await mock_config_entry.start_reauth_flow(hass)
+    assert result["step_id"] == "reauth_confirm"
+
+    auth_client.user = SECOND_MOCKED_USER
+    result = await hass.config_entries.flow.async_configure(
+        result["flow_id"],
+        {
+            CONF_EMAIL: MOCKED_EMAIL,
+            CONF_PASSWORD: "test-password",
+        },
+    )
+
+    assert result["type"] is FlowResultType.ABORT
+    assert result["reason"] == "unique_id_mismatch"
+
+
 async def test_form_unique_id_already_exists(
     hass: HomeAssistant, mock_config_entry: MockConfigEntry
 ) -> None:
@@ -258,3 +326,60 @@ async def test_form_errors(
     }
     assert result["result"].unique_id == str(MOCKED_USER.user_id)
     assert len(mock_setup_entry.mock_calls) == 1
+
+
+@pytest.mark.parametrize(
+    ("error_type", "error_string"),
+    [
+        (AuthFailedError, "invalid_auth"),
+        (CyncError, "cannot_connect"),
+        (Exception, "unknown"),
+    ],
+)
+async def test_form_reauth_errors(
+    hass: HomeAssistant,
+    mock_config_entry: MockConfigEntry,
+    mock_setup_entry: AsyncMock,
+    auth_client: MagicMock,
+    error_type: Exception,
+    error_string: str,
+) -> None:
+    """Test we handle errors in the reauth flow."""
+    mock_config_entry.add_to_hass(hass)
+    result = await mock_config_entry.start_reauth_flow(hass)
+    assert result["step_id"] == "reauth_confirm"
+
+    auth_client.login.side_effect = error_type
+    result = await hass.config_entries.flow.async_configure(
+        result["flow_id"],
+        {
+            CONF_EMAIL: MOCKED_EMAIL,
+            CONF_PASSWORD: "test-password",
+        },
+    )
+
+    assert result["type"] is FlowResultType.FORM
+    assert result["errors"] == {"base": error_string}
+    assert result["step_id"] == "reauth_confirm"
+
+    # Make sure the config flow tests finish with FlowResultType.ABORT so
+    # we can show the config flow is able to recover from an error.
+    auth_client.login.side_effect = None
+    result = await hass.config_entries.flow.async_configure(
+        result["flow_id"],
+        {
+            CONF_EMAIL: MOCKED_EMAIL,
+            CONF_PASSWORD: "test-password",
+        },
+    )
+
+    assert result["type"] is FlowResultType.ABORT
+    assert result["reason"] == "reauth_successful"
+    assert mock_config_entry.data == {
+        CONF_USER_ID: MOCKED_USER.user_id,
+        CONF_AUTHORIZE_STRING: "test_authorize_string",
+        CONF_EXPIRES_AT: ANY,
+        CONF_ACCESS_TOKEN: "test_token",
+        CONF_REFRESH_TOKEN: "test_refresh_token",
+    }
+    assert len(mock_setup_entry.mock_calls) == 1