API authentication

[jhmartin]

While trying to perform API authentication using

Code: Select all

IP:8083/smarthome/#/?login=admin&password=admin

I am not getting a cookie response. It looks like curl is refusing to send data after the #:

Code: Select all

root@raspberrypi:~# /usr/bin/curl http://192.168.1.3:8083/smarthome/\#/?login=admin\&password=admin -si -v 2>&1|head -20
* About to connect() to 192.168.1.3 port 8083 (#0)
*   Trying 192.168.1.3...
* connected
* Connected to 192.168.1.3 (192.168.1.3) port 8083 (#0)
> GET /smarthome/ HTTP/1.1
> User-Agent: curl/7.26.0
> Host: 192.168.1.3:8083
> Accept: */*
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Sun, 16 Aug 2015 16:47:14 GMT
< Last-Modified: Sun, 28 Jun 2015 20:58:13 GMT
< Etag: "55905fe5.5454"
< Content-Type: text/html
< Content-Length: 5454
< Connection: keep-alive
< Accept-Ranges: bytes

I notice that Curl is refusing to send content after the #, and that structure makes me think this is supposed to be handled by javascript somehow.

How do I authenticate in a non-browser environment? 2.0.1 broke my Amazon Echo integration, where it would run on command:

Code: Select all

#!/bin/bash
curl http://192.168.1.3:8083/ZAutomation/api/v1/devices/LightScene_29/command/on
sleep 120
curl http://192.168.1.3:8083/ZAutomation/api/v1/devices/ZWayVDev_zway_45-0-98/command/close
curl http://192.168.1.3:8083/ZAutomation/api/v1/devices/ZWayVDev_zway_53-0-98/command/close

I'm trying to determine the new equivalent of that.

[jhmartin]

Some tcpdumping tells me the actual login is different:

Code: Select all

POST /ZAutomation/api/v1/login HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/json;charset=utf-8
Referer: http://127.0.0.1:8080/smarthome/
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

{"form":true,"login":"admin","password":"admin","keepme":false,"default_ui":1}

[nybble]

This is a very simple command proxy I wrote for IFTTT that runs in Node to talk to my PI. It doesn't do error checking at all, and it's very rough around the edges. Since JS is asynchronous it executes the command before getting the cookie on the first request. If the cookie expires, it doesn't know to grab a new one so I have to restart Node. But hopefully it can help you see how I process the cookie requests:

Code: Select all

var request = require('request');

var cookieString = null;

var authFormData = {
  uri: 'http://<PI Address>:8083/ZAutomation/api/v1/login',
  method: 'POST',
  json: {
    "form": true,
    "login": "admin",
    "password": "admin",
    "keepme": false,
    "default_ui": 1
  }
};

/* GET home page. */
router.get('/:zDevice/:zCommand', function(req, res, next) {
  var zDevice = req.params.zDevice.toString();
  var zCommand = req.params.zCommand.toString();
  var zWaveCommandPath = 'http://<PI Address>:8083/ZAutomation/api/v1/devices/' + zDevice + '/command/' + zCommand;

  if(cookieString == null){
    request(authFormData, function(error, response, body) {
      cookieString = response.headers["set-cookie"][0];
    });
  }

  var zWaveCommand = {
    url: zWaveCommandPath,
    headers: {
      'Cookie': cookieString
    }
  };

  request(zWaveCommand, function(error, response, body) {
      res.send(error);
  });
});