Code: Select all
curl -v -u admin:admin http://raspberrypi:8083/OpenRemote/SwitchBinaryStatus/9/0
Code: Select all
curl -v -u admin:admin http://raspberrypi:8083/OpenRemote/SwitchBinaryStatus/9/0
Marcus, one of their developers told they are not. They seem to do it properly with the http-headers.pofs wrote:Maybe they're using http://user:passwd@host scheme which is not supported by z-way.
Code: Select all
curl -g -v -u JohnDoe:SeCret http://raspberrypi:8083/ZWaveAPI/Run/devices[9].instances[0].SwitchBinary.data.level.value
If I use ZAutomationpz1 wrote:Marcus, one of their developers told they are not. They seem to do it properly with the http-headers.pofs wrote:Maybe they're using http://user:passwd@host scheme which is not supported by z-way.
Code: Select all
http://raspberrypi:8083/ZAutomation/api/v1/devices/ZWayVDev_zway_9-0-37
Code: Select all
2015-09-17 10:24:53,332 ERROR [Polling Sensor Thread ID = 248217, Name ='Duwi']: ClientProtocolException when executing HTTP method
org.apache.http.client.HttpResponseException: Unauthorized
Code: Select all
http://raspberrypi:8083/OpenRemote/SwitchBinaryStatus/9/0
Code: Select all
2015-09-17 10:41:43,511 ERROR [Polling Sensor Thread ID = 248217, Name ='Duwi']: ClientProtocolException when executing HTTP method
org.apache.http.client.HttpResponseException: Forbidden
I did some investigation and the situation is as follows:
1) If the username is not given then no authentication will be performed at all (empty username is not supported)
2) Our library first tries the connection without basic authentication. If that fails (HTTP 401 given by server) then the authentication header is added and the request is performed a second time. I confirmed this with tcpdump.
It looks like razberry is not following the HTTP specs. They send a "403 forbidden" even if no authentication information is provided.
They first need to send a "401 unauthorized" and only if the wrong user is given they are allowed to send "403 forbidden".