remove websocket stuff

Author: joelhawksley

homeassistant/auth/jwt_wrapper.py

@@ -7,31 +7,23 @@
 
 from __future__ import annotations
 
-from collections.abc import Container, Iterable, Sequence
 from datetime import timedelta
-from functools import lru_cache
-from typing import Any, override
+from functools import lru_cache, partial
+from typing import Any
 
-from jwt import DecodeError, PyJWK, PyJWS, PyJWT
-from jwt.algorithms import AllowedPublicKeys
-from jwt.types import Options
+from jwt import DecodeError, PyJWS, PyJWT
 
 from homeassistant.util.json import json_loads
 
 JWT_TOKEN_CACHE_SIZE = 16
 MAX_TOKEN_SIZE = 8192
 
-_NO_VERIFY_OPTIONS = Options(
-    verify_signature=False,
-    verify_exp=False,
-    verify_nbf=False,
-    verify_iat=False,
-    verify_aud=False,
-    verify_iss=False,
-    verify_sub=False,
-    verify_jti=False,
-    require=[],
-)
+_VERIFY_KEYS = ("signature", "exp", "nbf", "iat", "aud", "iss", "sub", "jti")
+
+_VERIFY_OPTIONS: dict[str, Any] = {f"verify_{key}": True for key in _VERIFY_KEYS} | {
+    "require": []
+}
+_NO_VERIFY_OPTIONS = {f"verify_{key}": False for key in _VERIFY_KEYS}
 
 
 class _PyJWSWithLoadCache(PyJWS):
@@ -46,6 +38,9 @@ def _load(self, jwt: str | bytes) -> tuple[bytes, bytes, dict, bytes]:
         return super()._load(jwt)
 
 
+_jws = _PyJWSWithLoadCache()
+
+
 @lru_cache(maxsize=JWT_TOKEN_CACHE_SIZE)
 def _decode_payload(json_payload: str) -> dict[str, Any]:
     """Decode the payload from a JWS dictionary."""
@@ -61,12 +56,21 @@ def _decode_payload(json_payload: str) -> dict[str, Any]:
 class _PyJWTWithVerify(PyJWT):
     """PyJWT with a fast decode implementation."""
 
-    def __init__(self) -> None:
-        """Initialize the PyJWT instance."""
-        # We require exp and iat claims to be present
-        super().__init__(Options(require=["exp", "iat"]))
-        # Override the _jws instance with our cached version
-        self._jws = _PyJWSWithLoadCache()
+    def decode_payload(
+        self, jwt: str, key: str, options: dict[str, Any], algorithms: list[str]
+    ) -> dict[str, Any]:
+        """Decode a JWT's payload."""
+        if len(jwt) > MAX_TOKEN_SIZE:
+            # Avoid caching impossible tokens
+            raise DecodeError("Token too large")
+        return _decode_payload(
+            _jws.decode_complete(
+                jwt=jwt,
+                key=key,
+                algorithms=algorithms,
+                options=options,
+            )["payload"]
+        )
 
     def verify_and_decode(
         self,
@@ -75,70 +79,37 @@ def verify_and_decode(
         algorithms: list[str],
         issuer: str | None = None,
         leeway: float | timedelta = 0,
-        options: Options | None = None,
+        options: dict[str, Any] | None = None,
     ) -> dict[str, Any]:
         """Verify a JWT's signature and claims."""
-        return self.decode(
+        merged_options = {**_VERIFY_OPTIONS, **(options or {})}
+        payload = self.decode_payload(
             jwt=jwt,
             key=key,
+            options=merged_options,
             algorithms=algorithms,
-            issuer=issuer,
-            leeway=leeway,
-            options=options,
         )
-
-    @override
-    def decode(
-        self,
-        jwt: str | bytes,
-        key: AllowedPublicKeys | PyJWK | str | bytes = "",
-        algorithms: Sequence[str] | None = None,
-        options: Options | None = None,
-        verify: bool | None = None,
-        detached_payload: bytes | None = None,
-        audience: str | Iterable[str] | None = None,
-        subject: str | None = None,
-        issuer: str | Container[str] | None = None,
-        leeway: float | timedelta = 0,
-        **kwargs: Any,
-    ) -> dict[str, Any]:
-        """Decode a JWT, verifying the signature and claims."""
-        if len(jwt) > MAX_TOKEN_SIZE:
-            # Avoid caching impossible tokens
-            raise DecodeError("Token too large")
-        return super().decode(
-            jwt=jwt,
-            key=key,
-            algorithms=algorithms,
-            options=options,
-            verify=verify,
-            detached_payload=detached_payload,
-            audience=audience,
-            subject=subject,
+        # These should never be missing since we verify them
+        # but this is an additional safeguard to make sure
+        # nothing slips through.
+        assert "exp" in payload, "exp claim is required"
+        assert "iat" in payload, "iat claim is required"
+        self._validate_claims(
+            payload=payload,
+            options=merged_options,
             issuer=issuer,
             leeway=leeway,
-            **kwargs,
         )
-
-    @override
-    def _decode_payload(self, decoded: dict[str, Any]) -> dict[str, Any]:
-        return _decode_payload(decoded["payload"])
+        return payload
 
 
 _jwt = _PyJWTWithVerify()
 verify_and_decode = _jwt.verify_and_decode
-
-
-@lru_cache(maxsize=JWT_TOKEN_CACHE_SIZE)
-def unverified_hs256_token_decode(jwt: str) -> dict[str, Any]:
-    """Decode a JWT without verifying the signature."""
-    return _jwt.decode(
-        jwt=jwt,
-        key="",
-        algorithms=["HS256"],
-        options=_NO_VERIFY_OPTIONS,
+unverified_hs256_token_decode = lru_cache(maxsize=JWT_TOKEN_CACHE_SIZE)(
+    partial(
+        _jwt.decode_payload, key="", algorithms=["HS256"], options=_NO_VERIFY_OPTIONS
     )
-
+)
 
 __all__ = [
     "unverified_hs256_token_decode",

homeassistant/components/backup/util.py

@@ -22,7 +22,6 @@
     SecureTarFile,
     SecureTarReadError,
     SecureTarRootKeyContext,
-    get_archive_max_ciphertext_size,
 )
 
 from homeassistant.core import HomeAssistant
@@ -384,12 +383,9 @@ def _encrypt_backup(
         if prefix not in expected_archives:
             LOGGER.debug("Unknown inner tar file %s will not be encrypted", obj.name)
             continue
-        if (fileobj := input_tar.extractfile(obj)) is None:
-            LOGGER.debug(
-                "Non regular inner tar file %s will not be encrypted", obj.name
-            )
-            continue
-        output_archive.import_tar(fileobj, obj, derived_key_id=inner_tar_idx)
+        output_archive.import_tar(
+            input_tar.extractfile(obj), obj, derived_key_id=inner_tar_idx
+        )
         inner_tar_idx += 1
 
 
@@ -423,7 +419,7 @@ def __init__(
         hass: HomeAssistant,
         backup: AgentBackup,
         open_stream: Callable[[], Coroutine[Any, Any, AsyncIterator[bytes]]],
-        password: str,
+        password: str | None,
     ) -> None:
         """Initialize."""
         self._workers: list[_CipherWorkerStatus] = []
@@ -435,9 +431,7 @@ def __init__(
 
     def size(self) -> int:
         """Return the maximum size of the decrypted or encrypted backup."""
-        return get_archive_max_ciphertext_size(
-            self._backup.size, SECURETAR_CREATE_VERSION, self._num_tar_files()
-        )
+        return self._backup.size + self._num_tar_files() * tarfile.RECORDSIZE
 
     def _num_tar_files(self) -> int:
         """Return the number of inner tar files."""

homeassistant/components/weather/websocket_api.py

@@ -17,7 +17,6 @@
     "daily": WeatherEntityFeature.FORECAST_DAILY,
     "hourly": WeatherEntityFeature.FORECAST_HOURLY,
     "twice_daily": WeatherEntityFeature.FORECAST_TWICE_DAILY,
-    "minutely": WeatherEntityFeature.FORECAST_MINUTELY,
 }
 
 
@@ -48,7 +47,7 @@ def ws_convertible_units(
     {
         vol.Required("type"): "weather/subscribe_forecast",
         vol.Required("entity_id"): cv.entity_domain(DOMAIN),
-        vol.Required("forecast_type"): vol.In(FORECAST_TYPE_TO_FLAG),
+        vol.Required("forecast_type"): vol.In(["daily", "hourly", "twice_daily"]),
     }
 )
 @websocket_api.async_response
@@ -57,9 +56,7 @@ async def ws_subscribe_forecast(
 ) -> None:
     """Subscribe to weather forecasts."""
     entity_id: str = msg["entity_id"]
-    forecast_type: Literal["daily", "hourly", "twice_daily", "minutely"] = msg[
-        "forecast_type"
-    ]
+    forecast_type: Literal["daily", "hourly", "twice_daily"] = msg["forecast_type"]
 
     if not (entity := hass.data[DATA_COMPONENT].get_entity(msg["entity_id"])):
         connection.send_error(

pyproject.toml

@@ -418,7 +418,7 @@ per-file-ignores = [
   # redefined-outer-name: Tests reference fixtures in the test function
   # use-implicit-booleaness-not-comparison: Tests need to validate that a list
   # or a dict is returned
-  "tests/**:redefined-outer-name,use-implicit-booleaness-not-comparison",
+  "/tests/:redefined-outer-name,use-implicit-booleaness-not-comparison",
 ]
 
 [tool.pylint.REPORTS]

tests/components/weather/test_websocket_api.py

@@ -159,103 +159,3 @@ class MockWeatherMock(MockWeatherTest):
         "code": "forecast_not_supported",
         "message": "The weather entity does not support forecast type: daily",
     }
-
-
-async def test_subscribe_forecast_minutely(
-    hass: HomeAssistant,
-    hass_ws_client: WebSocketGenerator,
-    config_flow_fixture: None,
-) -> None:
-    """Test subscribing to minutely forecast via websocket."""
-
-    class MockWeatherMockMinutelyForecast(MockWeatherTest):
-        """Mock weather class."""
-
-        async def async_forecast_minutely(self) -> list[Forecast] | None:
-            """Return the forecast_minutely."""
-            return self.forecast_list
-
-    kwargs = {
-        "native_temperature": 38,
-        "native_temperature_unit": UnitOfTemperature.CELSIUS,
-        "supported_features": WeatherEntityFeature.FORECAST_MINUTELY,
-    }
-    weather_entity = await create_entity(
-        hass, MockWeatherMockMinutelyForecast, None, **kwargs
-    )
-
-    client = await hass_ws_client(hass)
-
-    await client.send_json_auto_id(
-        {
-            "type": "weather/subscribe_forecast",
-            "forecast_type": "minutely",
-            "entity_id": weather_entity.entity_id,
-        }
-    )
-    msg = await client.receive_json()
-    assert msg["success"]
-    assert msg["result"] is None
-    subscription_id = msg["id"]
-
-    msg = await client.receive_json()
-    assert msg["id"] == subscription_id
-    assert msg["type"] == "event"
-    forecast = msg["event"]
-    assert forecast == {
-        "type": "minutely",
-        "forecast": [
-            {
-                "cloud_coverage": None,
-                "temperature": 38.0,
-                "templow": 38.0,
-                "uv_index": None,
-                "wind_bearing": None,
-            }
-        ],
-    }
-
-    await weather_entity.async_update_listeners(None)
-    msg = await client.receive_json()
-    assert msg["event"] == forecast
-
-    await weather_entity.async_update_listeners(["minutely"])
-    msg = await client.receive_json()
-    assert msg["event"] == forecast
-
-    weather_entity.forecast_list = None
-    await weather_entity.async_update_listeners(None)
-    msg = await client.receive_json()
-    assert msg["event"] == {"type": "minutely", "forecast": None}
-
-
-async def test_subscribe_forecast_minutely_unsupported(
-    hass: HomeAssistant,
-    hass_ws_client: WebSocketGenerator,
-    config_flow_fixture: None,
-) -> None:
-    """Test subscribing to minutely forecast when not supported."""
-
-    class MockWeatherMock(MockWeatherTest):
-        """Mock weather class."""
-
-    kwargs = {
-        "native_temperature": 38,
-        "native_temperature_unit": UnitOfTemperature.CELSIUS,
-    }
-    weather_entity = await create_entity(hass, MockWeatherMock, None, **kwargs)
-    client = await hass_ws_client(hass)
-
-    await client.send_json_auto_id(
-        {
-            "type": "weather/subscribe_forecast",
-            "forecast_type": "minutely",
-            "entity_id": weather_entity.entity_id,
-        }
-    )
-    msg = await client.receive_json()
-    assert not msg["success"]
-    assert msg["error"] == {
-        "code": "forecast_not_supported",
-        "message": "The weather entity does not support forecast type: minutely",
-    }