Page 2 of 2

Re: HTTP API for Scene access / error logging

Posted: 16 Apr 2019 23:06
by ridewithstyle
Hi there,

since I haven't heard from any developer I had the impression that I was on my own. Not nice but as developer myself I had to find a workaround, daily business.

Forcing the entrycom to plain-text send a user:password wasn't possible and getting ZWay to reply in a RFC compliant way, proved a tad more difficult that my spare time would allow.
Bildschirmfoto vom 2019-04-16 21-46-16.png
Bildschirmfoto vom 2019-04-16 21-46-16.png (26.03 KiB) Viewed 2939 times
ZWay doesn't reply with a www-authenticate header hence we need to work around this.

So I went for the dirty hack. I set up a python webserver on my razberry (meaning, I started the "researched and destilled from the internet"-script below) that receives proper http-get requests from the entrycom and then relays them in a inproper way to ZWay.

Code: Select all

#!/usr/bin/python
import os, SocketServer
from BaseHTTPServer import BaseHTTPRequestHandler

class MyHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        if   self.path == '/motiondetected':
            os.system('curl -u user:passwd -v http://127.0.0.1:8083/ZAutomation/api/v1/devices/LightScene_165/command/on')
        elif self.path == '/noisedetected':
            os.system('curl -u user:passwd -v http://127.0.0.1:8083/ZAutomation/api/v1/devices/LightScene_166/command/on') 
        elif self.path == '/doorbellrung':
            os.system('curl -u user:passwd -v http://127.0.0.1:8083/ZAutomation/api/v1/devices/LightScene_167/command/on') 
        elif self.path == '/carddetected':
            os.system('curl -u user:passwd -v http://127.0.0.1:8083/ZAutomation/api/v1/devices/LightScene_168/command/on') 
        else:
             print self.path
        self.send_response(200)

httpd = SocketServer.TCPServer(("", 8080), MyHandler)
httpd.serve_forever()
The Python script receives the properly authenticated GET Request with a encrypted password and then relays the call in an unsecure fashion via localhost/127.0.0.1 to ZWay. Due to the relay being done via 127.0.0.1 no unencrypted password can be sampled on the physical network and yet I can use the entrycom events in my automation solution.

All this shouldn't be necessary, but not having the events in Zway was no alternative. And I wanted to help out those that ran/run into the same problems.

Now I can start preparing for the next Halloween Event. Triggering MQTT Actors is the final piece that is still missing, then I am good to roll/scare.

Best Regards,
rws

Re: HTTP API for Scene access / error logging

Posted: 19 Apr 2019 22:37
by PoltoS
Indeed, there is a missing header.

Please try this fix: https://github.com/Z-Wave-Me/home-autom ... 86a5801f2f

Thank you for this report

Re: HTTP API for Scene access / error logging

Posted: 19 Apr 2019 22:48
by ridewithstyle
Hi PoltoS,

thanks for the replay and the fix. Will try it as soon as I am back at home, left for vacation today.

Btw, I accidently posted the authentication free python script I set up for my first try. Will add the one with proper authentication once I return.

Best regards,
rws

Re: HTTP API for Scene access / error logging

Posted: 05 May 2019 19:00
by ridewithstyle
Hi PoltoS,

I added the fix and now the access works as expected. A Little side effect is though that if you navigate to ZWay:8083/smarthome you are presented with a user/Password window by your browser. Looks like the Webhandler doesn't differentiate between accesses for the administration page and api accesses. Works for me, but I presume that will be irritating for other users.

Thanks for putting in effort for my seemingly very little used feature.

Best Regards,
rws

Re: HTTP API for Scene access / error logging

Posted: 09 May 2019 16:20
by PoltoS
We have fixed it a bit more.

https://github.com/Z-Wave-Me/home-autom ... 8f2929ae99

May be there are some more API calls were we need to supress the Authorization header