Code: Select all
curl -v -u admin:admin http://raspberrypi:8083/OpenRemote/SwitchBinaryStatus/9/0OpenRemote does not authenticate with ZWay
Re: OpenRemote does not authenticate with ZWay
I could repeat your experiment on my RPi, and even from the other RPi with
So that seems to work OK. I'll have a closer look at the OR side.
Re: OpenRemote does not authenticate with ZWay
I'd try to run a sniffer like Wireshark and see what is really sent over the network. Maybe they're using http://user:passwd@host scheme which is not supported by z-way.
We're probably not going to bother implementing user and password in url scheme, which is not supported anymore even by MS IE after version 6
And it has nothing to do with basic authentication, it is just a format of url. The client software (browser) is responsible for translating login and password url part into correct Authorization header.
We're probably not going to bother implementing user and password in url scheme, which is not supported anymore even by MS IE after version 6
And it has nothing to do with basic authentication, it is just a format of url. The client software (browser) is responsible for translating login and password url part into correct Authorization header.Re: OpenRemote does not authenticate with ZWay
Marcus, one of their developers told they are not. They seem to do it properly with the http-headers.pofs wrote:Maybe they're using http://user:passwd@host scheme which is not supported by z-way.
I did some further testing with ZWaveAPI
Code: Select all
curl -g -v -u JohnDoe:SeCret http://raspberrypi:8083/ZWaveAPI/Run/devices[9].instances[0].SwitchBinary.data.level.valuedoes return true and false.
And similarly if I do place that url in the OpenRemote configuration I do get false and true returned to OpenRemote.
update 20150917: It appears that ZwaveAPI is not blocked if authentication is enabled in the HA UI.
Re: OpenRemote does not authenticate with ZWay
If I use ZAutomationpz1 wrote:Marcus, one of their developers told they are not. They seem to do it properly with the http-headers.pofs wrote:Maybe they're using http://user:passwd@host scheme which is not supported by z-way.
Code: Select all
http://raspberrypi:8083/ZAutomation/api/v1/devices/ZWayVDev_zway_9-0-37Code: Select all
2015-09-17 10:24:53,332 ERROR [Polling Sensor Thread ID = 248217, Name ='Duwi']: ClientProtocolException when executing HTTP method
org.apache.http.client.HttpResponseException: UnauthorizedCode: Select all
http://raspberrypi:8083/OpenRemote/SwitchBinaryStatus/9/0Code: Select all
2015-09-17 10:41:43,511 ERROR [Polling Sensor Thread ID = 248217, Name ='Duwi']: ClientProtocolException when executing HTTP method
org.apache.http.client.HttpResponseException: Forbidden(Haven't started with Wireshark yet, its complicated and seems rather unsafe to install. Isn't there a simpler method to capture the http-message sent by OpenRemote?)
update 20150917-19:37 After some experiments with TCPDUMP I have posted some questions to OpenRemote
Re: OpenRemote does not authenticate with ZWay
Yup, there's a little inconsistency in HTTP statuses between /ZAutomation route and everything else, because /ZAutomation manages per-user access to devices and stuff and enforces its own logic (next in chain after webserver's handler). But it really doesn't affect the outcome, as your client doesn't send Authorization header at all
Re: OpenRemote does not authenticate with ZWay
I did get this answer from Marcus on the OpenRemote forum:
I did some investigation and the situation is as follows:
1) If the username is not given then no authentication will be performed at all (empty username is not supported)
2) Our library first tries the connection without basic authentication. If that fails (HTTP 401 given by server) then the authentication header is added and the request is performed a second time. I confirmed this with tcpdump.
It looks like razberry is not following the HTTP specs. They send a "403 forbidden" even if no authentication information is provided.
They first need to send a "401 unauthorized" and only if the wrong user is given they are allowed to send "403 forbidden".
-
Maverick75
- Posts: 2
- Joined: 05 Oct 2015 22:27
Re: OpenRemote does not authenticate with ZWay
I think i have exactly this problem and it is driving me mad !
If i execute the Razbian Openremote helper directly from a URL it works fine.
But if i use the remote app i get :-
ERROR [HTTP-Thread-5]: ClientProtocolException when executing HTTP method
org.apache.http.client.HttpResponseException: Forbidden
This was working up until I did an update on Sunday 4th Oct Afternoon (just after designer went off line for an update) << I don't know if this is related !
Any idea how i get around the Forbidden error ?
Everything (software) is up to date !
If i execute the Razbian Openremote helper directly from a URL it works fine.
But if i use the remote app i get :-
ERROR [HTTP-Thread-5]: ClientProtocolException when executing HTTP method
org.apache.http.client.HttpResponseException: Forbidden
This was working up until I did an update on Sunday 4th Oct Afternoon (just after designer went off line for an update) << I don't know if this is related !
Any idea how i get around the Forbidden error ?
Everything (software) is up to date !
-
Maverick75
- Posts: 2
- Joined: 05 Oct 2015 22:27
Re: OpenRemote does not authenticate with ZWay
It now works 100%!
The frustrating thing is I already followed the instructions and built the anonymous user but for some odd reason it was set to an admin role i don't know why!
But thanks for the advice
The frustrating thing is I already followed the instructions and built the anonymous user but for some odd reason it was set to an admin role i don't know why!
But thanks for the advice
Re: OpenRemote does not authenticate with ZWay
Be aware that you do not have proper protection now