Add reauthentication flow and tests to senz (home-assistant#156534)

Author: astrandb

homeassistant/components/senz/__init__.py

@@ -3,16 +3,17 @@
 from __future__ import annotations
 
 from datetime import timedelta
+from http import HTTPStatus
 import logging
 
 from aiosenz import SENZAPI, Thermostat
-from httpx import RequestError
+from httpx import HTTPStatusError, RequestError
 import jwt
 
 from homeassistant.config_entries import ConfigEntry
 from homeassistant.const import Platform
 from homeassistant.core import HomeAssistant
-from homeassistant.exceptions import ConfigEntryNotReady
+from homeassistant.exceptions import ConfigEntryAuthFailed, ConfigEntryNotReady
 from homeassistant.helpers import config_validation as cv, httpx_client
 from homeassistant.helpers.config_entry_oauth2_flow import (
     ImplementationUnavailableError,
@@ -59,8 +60,21 @@ async def update_thermostats() -> dict[str, Thermostat]:
 
     try:
         account = await senz_api.get_account()
+    except HTTPStatusError as err:
+        if err.response.status_code == HTTPStatus.UNAUTHORIZED:
+            raise ConfigEntryAuthFailed(
+                translation_domain=DOMAIN,
+                translation_key="config_entry_auth_failed",
+            ) from err
+        raise ConfigEntryNotReady(
+            translation_domain=DOMAIN,
+            translation_key="config_entry_not_ready",
+        ) from err
     except RequestError as err:
-        raise ConfigEntryNotReady from err
+        raise ConfigEntryNotReady(
+            translation_domain=DOMAIN,
+            translation_key="config_entry_not_ready",
+        ) from err
 
     coordinator: SENZDataUpdateCoordinator = DataUpdateCoordinator(
         hass,

homeassistant/components/senz/config_flow.py

@@ -1,10 +1,12 @@
 """Config flow for nVent RAYCHEM SENZ."""
 
+from collections.abc import Mapping
 import logging
+from typing import Any
 
 import jwt
 
-from homeassistant.config_entries import ConfigFlowResult
+from homeassistant.config_entries import SOURCE_REAUTH, ConfigFlowResult
 from homeassistant.helpers import config_entry_oauth2_flow
 
 from .const import DOMAIN
@@ -29,6 +31,22 @@ def extra_authorize_data(self) -> dict:
         """Extra data that needs to be appended to the authorize url."""
         return {"scope": "restapi offline_access"}
 
+    async def async_step_reauth(
+        self, entry_data: Mapping[str, Any]
+    ) -> ConfigFlowResult:
+        """Perform reauth upon an API authentication error."""
+
+        return await self.async_step_reauth_confirm()
+
+    async def async_step_reauth_confirm(
+        self, user_input: dict[str, Any] | None = None
+    ) -> ConfigFlowResult:
+        """Dialog that informs the user that reauth is required."""
+        if user_input is None:
+            return self.async_show_form(step_id="reauth_confirm")
+
+        return await self.async_step_user()
+
     async def async_oauth_create_entry(self, data: dict) -> ConfigFlowResult:
         """Create or update the config entry."""
 
@@ -38,5 +56,11 @@ async def async_oauth_create_entry(self, data: dict) -> ConfigFlowResult:
         uid = token["sub"]
         await self.async_set_unique_id(uid)
 
+        if self.source == SOURCE_REAUTH:
+            self._abort_if_unique_id_mismatch(reason="account_mismatch")
+            return self.async_update_reload_and_abort(
+                self._get_reauth_entry(), data=data
+            )
+
         self._abort_if_unique_id_configured()
         return await super().async_oauth_create_entry(data)

homeassistant/components/senz/strings.json

@@ -1,6 +1,7 @@
 {
   "config": {
     "abort": {
+      "account_mismatch": "The used account does not match the original account",
       "already_configured": "[%key:common::config_flow::abort::already_configured_account%]",
       "already_in_progress": "[%key:common::config_flow::abort::already_in_progress%]",
       "authorize_url_timeout": "[%key:common::config_flow::abort::oauth2_authorize_url_timeout%]",
@@ -9,7 +10,8 @@
       "oauth_error": "[%key:common::config_flow::abort::oauth2_error%]",
       "oauth_failed": "[%key:common::config_flow::abort::oauth2_failed%]",
       "oauth_timeout": "[%key:common::config_flow::abort::oauth2_timeout%]",
-      "oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]"
+      "oauth_unauthorized": "[%key:common::config_flow::abort::oauth2_unauthorized%]",
+      "reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]"
     },
     "create_entry": {
       "default": "[%key:common::config_flow::create_entry::authenticated%]"
@@ -23,10 +25,20 @@
           "implementation": "[%key:common::config_flow::description::implementation%]"
         },
         "title": "[%key:common::config_flow::title::oauth2_pick_implementation%]"
+      },
+      "reauth_confirm": {
+        "description": "The SENZ integration needs to re-authenticate your account",
+        "title": "[%key:common::config_flow::title::reauth%]"
       }
     }
   },
   "exceptions": {
+    "config_entry_auth_failed": {
+      "message": "Authentication failed. Please log in again."
+    },
+    "config_entry_not_ready": {
+      "message": "Error while loading the integration."
+    },
     "oauth2_implementation_unavailable": {
       "message": "[%key:common::exceptions::oauth2_implementation_unavailable::message%]"
     }

tests/components/senz/test_config_flow.py

@@ -22,6 +22,9 @@
 from tests.test_util.aiohttp import AiohttpClientMocker
 from tests.typing import ClientSessionGenerator
 
+REDIRECT_PATH = "/auth/external/callback"
+REDIRECT_URL = "https://example.com" + REDIRECT_PATH
+
 
 @pytest.mark.usefixtures("current_request_with_host")
 async def test_full_flow(
@@ -45,18 +48,18 @@ async def test_full_flow(
         hass,
         {
             "flow_id": result["flow_id"],
-            "redirect_uri": "https://example.com/auth/external/callback",
+            "redirect_uri": REDIRECT_URL,
         },
     )
 
     assert result["url"] == (
         f"{AUTHORIZATION_ENDPOINT}?response_type=code&client_id={CLIENT_ID}"
-        "&redirect_uri=https://example.com/auth/external/callback"
+        f"&redirect_uri={REDIRECT_URL}"
         f"&state={state}&scope=restapi+offline_access"
     )
 
     client = await hass_client_no_auth()
-    resp = await client.get(f"/auth/external/callback?code=abcd&state={state}")
+    resp = await client.get(f"{REDIRECT_PATH}?code=abcd&state={state}")
     assert resp.status == 200
     assert resp.headers["content-type"] == "text/html; charset=utf-8"
 
@@ -96,18 +99,18 @@ async def test_duplicate_flow(
         hass,
         {
             "flow_id": result["flow_id"],
-            "redirect_uri": "https://example.com/auth/external/callback",
+            "redirect_uri": REDIRECT_URL,
         },
     )
 
     assert result["url"] == (
         f"{AUTHORIZATION_ENDPOINT}?response_type=code&client_id={CLIENT_ID}"
-        "&redirect_uri=https://example.com/auth/external/callback"
+        f"&redirect_uri={REDIRECT_URL}"
         f"&state={state}&scope=restapi+offline_access"
     )
 
     client = await hass_client_no_auth()
-    resp = await client.get(f"/auth/external/callback?code=abcd&state={state}")
+    resp = await client.get(f"{REDIRECT_PATH}?code=abcd&state={state}")
     assert resp.status == 200
     assert resp.headers["content-type"] == "text/html; charset=utf-8"
 
@@ -126,3 +129,76 @@ async def test_duplicate_flow(
 
     assert result2["type"] is FlowResultType.ABORT
     assert result2["reason"] == "already_configured"
+
+
+@pytest.mark.usefixtures("current_request_with_host")
+async def test_reauth_flow(
+    hass: HomeAssistant,
+    hass_client_no_auth: ClientSessionGenerator,
+    aioclient_mock: AiohttpClientMocker,
+    mock_config_entry: MockConfigEntry,
+    access_token: str,
+    expires_at: float,
+) -> None:
+    """Test reauth step with correct params."""
+
+    CURRENT_TOKEN = {
+        "auth_implementation": DOMAIN,
+        "token": {
+            "access_token": access_token,
+            "expires_in": 86399,
+            "refresh_token": "3012bc9f-7a65-4240-b817-9154ffdcc30f",
+            "token_type": "Bearer",
+            "expires_at": expires_at,
+        },
+    }
+    assert hass.config_entries.async_update_entry(
+        mock_config_entry,
+        data=CURRENT_TOKEN,
+    )
+    assert len(hass.config_entries.async_entries(DOMAIN)) == 1
+
+    result = await mock_config_entry.start_reauth_flow(hass)
+
+    assert result["step_id"] == "reauth_confirm"
+
+    result = await hass.config_entries.flow.async_configure(
+        result["flow_id"], user_input={}
+    )
+    assert result["step_id"] == "auth"
+
+    state = config_entry_oauth2_flow._encode_jwt(
+        hass,
+        {
+            "flow_id": result["flow_id"],
+            "redirect_uri": REDIRECT_URL,
+        },
+    )
+    assert result["url"] == (
+        f"{AUTHORIZATION_ENDPOINT}?response_type=code&client_id={CLIENT_ID}"
+        f"&redirect_uri={REDIRECT_URL}"
+        f"&state={state}&scope=restapi+offline_access"
+    )
+
+    client = await hass_client_no_auth()
+    resp = await client.get(f"{REDIRECT_PATH}?code=abcd&state={state}")
+    assert resp.status == 200
+    assert resp.headers["content-type"] == "text/html; charset=utf-8"
+
+    aioclient_mock.post(
+        TOKEN_ENDPOINT,
+        json={
+            "refresh_token": "updated-refresh-token",
+            "access_token": access_token,
+            "type": "Bearer",
+            "expires_in": "60",
+        },
+    )
+
+    result = await hass.config_entries.flow.async_configure(result["flow_id"])
+    await hass.async_block_till_done()
+
+    assert result.get("type") is FlowResultType.ABORT
+    assert result.get("reason") == "reauth_successful"
+
+    assert len(hass.config_entries.async_entries(DOMAIN)) == 1

tests/components/senz/test_init.py

@@ -1,7 +1,13 @@
 """Test init of senz integration."""
 
+from http import HTTPStatus
+import time
 from unittest.mock import MagicMock, patch
 
+from aiosenz import TOKEN_ENDPOINT
+from httpx import HTTPStatusError, RequestError
+import pytest
+
 from homeassistant.components.senz.const import DOMAIN
 from homeassistant.config_entries import ConfigEntryState
 from homeassistant.core import HomeAssistant
@@ -13,6 +19,7 @@
 from .const import ENTRY_UNIQUE_ID
 
 from tests.common import MockConfigEntry
+from tests.test_util.aiohttp import AiohttpClientMocker
 
 
 async def test_load_unload_entry(
@@ -78,3 +85,77 @@ async def test_migrate_config_entry(
     assert mock_entry_v1_1.version == 1
     assert mock_entry_v1_1.minor_version == 2
     assert mock_entry_v1_1.unique_id == ENTRY_UNIQUE_ID
+
+
+@pytest.mark.parametrize(
+    ("expires_at", "status", "expected_state"),
+    [
+        (
+            time.time() - 3600,
+            HTTPStatus.UNAUTHORIZED,
+            ConfigEntryState.SETUP_ERROR,
+        ),
+        (
+            time.time() - 3600,
+            HTTPStatus.INTERNAL_SERVER_ERROR,
+            ConfigEntryState.SETUP_ERROR,
+        ),
+    ],
+    ids=["unauthorized", "internal_server_error"],
+)
+async def test_expired_token_refresh_failure(
+    hass: HomeAssistant,
+    mock_config_entry: MockConfigEntry,
+    aioclient_mock: AiohttpClientMocker,
+    status: HTTPStatus,
+    expected_state: ConfigEntryState,
+) -> None:
+    """Test failure while refreshing token with a transient error."""
+
+    aioclient_mock.clear_requests()
+    aioclient_mock.post(
+        TOKEN_ENDPOINT,
+        status=status,
+    )
+
+    await setup_integration(hass, mock_config_entry)
+
+    assert mock_config_entry.state is expected_state
+
+
+@pytest.mark.parametrize(
+    ("error", "expected_state"),
+    [
+        (
+            HTTPStatusError(
+                message="Exception",
+                request=None,
+                response=MagicMock(status_code=HTTPStatus.UNAUTHORIZED),
+            ),
+            ConfigEntryState.SETUP_ERROR,
+        ),
+        (
+            HTTPStatusError(
+                message="Exception",
+                request=None,
+                response=MagicMock(status_code=HTTPStatus.FORBIDDEN),
+            ),
+            ConfigEntryState.SETUP_RETRY,
+        ),
+        (RequestError("Exception"), ConfigEntryState.SETUP_RETRY),
+    ],
+    ids=["unauthorized", "forbidden", "request_error"],
+)
+async def test_setup_errors(
+    hass: HomeAssistant,
+    mock_config_entry: MockConfigEntry,
+    mock_senz_client: MagicMock,
+    error: Exception,
+    expected_state: ConfigEntryState,
+) -> None:
+    """Test setup failure due to unauthorized error."""
+    mock_senz_client.get_account.side_effect = error
+
+    await setup_integration(hass, mock_config_entry)
+
+    assert mock_config_entry.state is expected_state