Remove strict connection (home-assistant#117933)

brainthee · May 24, 2024 · cb62f42 · cb62f42
1 parent 6f81852
commit cb62f42
Show file tree

Hide file tree

Showing 32 changed files with 39 additions and 1,816 deletions.
diff --git a/homeassistant/auth/__init__.py b/homeassistant/auth/__init__.py
@@ -28,7 +28,6 @@
 from .mfa_modules import MultiFactorAuthModule, auth_mfa_module_from_config
 from .models import AuthFlowResult
 from .providers import AuthProvider, LoginFlow, auth_provider_from_config
-from .session import SessionManager
 
 EVENT_USER_ADDED = "user_added"
 EVENT_USER_UPDATED = "user_updated"
@@ -181,7 +180,6 @@ def __init__(
         self._remove_expired_job = HassJob(
             self._async_remove_expired_refresh_tokens, job_type=HassJobType.Callback
         )
-        self.session = SessionManager(hass, self)
 
     async def async_setup(self) -> None:
         """Set up the auth manager."""
@@ -192,7 +190,6 @@ async def async_setup(self) -> None:
             )
         )
         self._async_track_next_refresh_token_expiration()
-        await self.session.async_setup()
 
     @property
     def auth_providers(self) -> list[AuthProvider]:

diff --git a/homeassistant/auth/session.py b/homeassistant/auth/session.py
diff --git a/homeassistant/components/auth/__init__.py b/homeassistant/components/auth/__init__.py
@@ -162,7 +162,6 @@
 from . import indieauth, login_flow, mfa_setup_flow
 
 DOMAIN = "auth"
-STRICT_CONNECTION_URL = "/auth/strict_connection/temp_token"
 
 type StoreResultType = Callable[[str, Credentials], str]
 type RetrieveResultType = Callable[[str, str], Credentials | None]
@@ -188,7 +187,6 @@ async def async_setup(hass: HomeAssistant, config: ConfigType) -> bool:
     hass.http.register_view(RevokeTokenView())
     hass.http.register_view(LinkUserView(retrieve_result))
     hass.http.register_view(OAuth2AuthorizeCallbackView())
-    hass.http.register_view(StrictConnectionTempTokenView())
 
     websocket_api.async_register_command(hass, websocket_current_user)
     websocket_api.async_register_command(hass, websocket_create_long_lived_access_token)
@@ -323,7 +321,6 @@ async def _async_handle_auth_code(
                 status_code=HTTPStatus.FORBIDDEN,
             )
 
-        await hass.auth.session.async_create_session(request, refresh_token)
         return self.json(
             {
                 "access_token": access_token,
@@ -392,7 +389,6 @@ async def _async_handle_refresh_token(
                 status_code=HTTPStatus.FORBIDDEN,
             )
 
-        await hass.auth.session.async_create_session(request, refresh_token)
         return self.json(
             {
                 "access_token": access_token,
@@ -441,20 +437,6 @@ async def post(self, request: web.Request, data: dict[str, Any]) -> web.Response
         return self.json_message("User linked")
 
 
-class StrictConnectionTempTokenView(HomeAssistantView):
-    """View to get temporary strict connection token."""
-
-    url = STRICT_CONNECTION_URL
-    name = "api:auth:strict_connection:temp_token"
-    requires_auth = False
-
-    async def get(self, request: web.Request) -> web.Response:
-        """Get a temporary token and redirect to main page."""
-        hass = request.app[KEY_HASS]
-        await hass.auth.session.async_create_temp_unauthorized_session(request)
-        raise web.HTTPSeeOther(location="/")
-
-
 @callback
 def _create_auth_code_store() -> tuple[StoreResultType, RetrieveResultType]:
     """Create an in memory store."""

diff --git a/homeassistant/components/cloud/__init__.py b/homeassistant/components/cloud/__init__.py
@@ -7,14 +7,11 @@
 from datetime import datetime, timedelta
 from enum import Enum
 from typing import cast
-from urllib.parse import quote_plus, urljoin
 
 from hass_nabucasa import Cloud
 import voluptuous as vol
 
-from homeassistant.components import alexa, google_assistant, http
-from homeassistant.components.auth import STRICT_CONNECTION_URL
-from homeassistant.components.http.auth import async_sign_path
+from homeassistant.components import alexa, google_assistant
 from homeassistant.config_entries import SOURCE_SYSTEM, ConfigEntry
 from homeassistant.const import (
     CONF_DESCRIPTION,
@@ -24,21 +21,8 @@
     EVENT_HOMEASSISTANT_STOP,
     Platform,
 )
-from homeassistant.core import (
-    Event,
-    HassJob,
-    HomeAssistant,
-    ServiceCall,
-    ServiceResponse,
-    SupportsResponse,
-    callback,
-)
-from homeassistant.exceptions import (
-    HomeAssistantError,
-    ServiceValidationError,
-    Unauthorized,
-    UnknownUser,
-)
+from homeassistant.core import Event, HassJob, HomeAssistant, ServiceCall, callback
+from homeassistant.exceptions import HomeAssistantError
 from homeassistant.helpers import config_validation as cv, entityfilter
 from homeassistant.helpers.aiohttp_client import async_get_clientsession
 from homeassistant.helpers.discovery import async_load_platform
@@ -47,7 +31,6 @@
     async_dispatcher_send,
 )
 from homeassistant.helpers.event import async_call_later
-from homeassistant.helpers.network import NoURLAvailableError, get_url
 from homeassistant.helpers.service import async_register_admin_service
 from homeassistant.helpers.typing import ConfigType
 from homeassistant.loader import bind_hass
@@ -418,50 +401,3 @@ async def _service_handler(service: ServiceCall) -> None:
     async_register_admin_service(
         hass, DOMAIN, SERVICE_REMOTE_DISCONNECT, _service_handler
     )
-
-    async def create_temporary_strict_connection_url(
-        call: ServiceCall,
-    ) -> ServiceResponse:
-        """Create a strict connection url and return it."""
-        # Copied form homeassistant/helpers/service.py#_async_admin_handler
-        # as the helper supports no responses yet
-        if call.context.user_id:
-            user = await hass.auth.async_get_user(call.context.user_id)
-            if user is None:
-                raise UnknownUser(context=call.context)
-            if not user.is_admin:
-                raise Unauthorized(context=call.context)
-
-        if prefs.strict_connection is http.const.StrictConnectionMode.DISABLED:
-            raise ServiceValidationError(
-                translation_domain=DOMAIN,
-                translation_key="strict_connection_not_enabled",
-            )
-
-        try:
-            url = get_url(hass, require_cloud=True)
-        except NoURLAvailableError as ex:
-            raise ServiceValidationError(
-                translation_domain=DOMAIN,
-                translation_key="no_url_available",
-            ) from ex
-
-        path = async_sign_path(
-            hass,
-            STRICT_CONNECTION_URL,
-            timedelta(hours=1),
-            use_content_user=True,
-        )
-        url = urljoin(url, path)
-
-        return {
-            "url": f"https://login.home-assistant.io?u={quote_plus(url)}",
-            "direct_url": url,
-        }
-
-    hass.services.async_register(
-        DOMAIN,
-        "create_temporary_strict_connection_url",
-        create_temporary_strict_connection_url,
-        supports_response=SupportsResponse.ONLY,
-    )
diff --git a/homeassistant/components/cloud/client.py b/homeassistant/components/cloud/client.py
@@ -250,7 +250,6 @@ async def async_cloud_connection_info(
                 "enabled": self._prefs.remote_enabled,
                 "instance_domain": self.cloud.remote.instance_domain,
                 "alias": self.cloud.remote.alias,
-                "strict_connection": self._prefs.strict_connection,
             },
             "version": HA_VERSION,
             "instance_id": self.prefs.instance_id,

diff --git a/homeassistant/components/cloud/const.py b/homeassistant/components/cloud/const.py
@@ -33,7 +33,6 @@
 PREF_TTS_DEFAULT_VOICE = "tts_default_voice"
 PREF_GOOGLE_CONNECTED = "google_connected"
 PREF_REMOTE_ALLOW_REMOTE_ENABLE = "remote_allow_remote_enable"
-PREF_STRICT_CONNECTION = "strict_connection"
 DEFAULT_TTS_DEFAULT_VOICE = ("en-US", "JennyNeural")
 DEFAULT_DISABLE_2FA = False
 DEFAULT_ALEXA_REPORT_STATE = True