Closed tomw1964 closed 2 months ago
Ange11991
commented
8 months ago I've had the same too. Logged on the website twice (via same external address (NAT)) but still not working. Very agressive from Porsche, but understandable since it can open the car up!
tonycoupland
commented
8 months ago It seems that its specific IP addresses that need Capcha responses... from my home IP (where my Home Assistant runs) I need to solve the request everytime, but I just tried to login to my.Porsche.com from my work machine and no request came up, just username and password.
I wonder if what we need to do to get around this issue is to proxy the requests from the integration through a VPN proxy... I'm not sure how we'd need to do it, maybe some extra config in the setup of the integration to take proxy server details would suffice?
tomw1964
commented
8 months ago HA was locked again for me on Monday. I logged in and out about 5 times with different browsers and it did the trick. Does your external IP address change often? Maybe ask your ISP for a static assignment rather than dynamic.
BlackTurtle123
commented
8 months ago I always maintan the same IP, sadly it logs constantly out for my location
tonycoupland
commented
8 months ago I always maintan the same IP, sadly it logs constantly out for my location
Mine is pretty static too, but after being away for a couple of weeks I tried again to log into https://my.porsche.com/ and it didn't ask for capcha so I logged in then was able to recreate the integration in HA... its probably going to fail again, but maybe repeated good logins through the Porsche website clear the suspiciousness flag and then lets you get in without the check?
BlackTurtle123
commented
8 months ago I tried like 20 times login and logout sadly to prevent captcha, but it kept being asked. I might just give up on the integration.
On Sun, 7 Jan 2024, 22:36 Tony Coupland, @.***> wrote:
I always maintan the same IP, sadly it logs constantly out for my location
Mine is pretty static too, but after being away for a couple of weeks I tried again to log into https://my.porsche.com/ and it didn't ask for capcha so I logged in then was able to recreate the integration in HA... its probably going to fail again, but maybe repeated good logins through the Porsche website clear the suspiciousness flag and then lets you get in without the check?
— Reply to this email directly, view it on GitHub https://github.com/CJNE/ha-porscheconnect/issues/222#issuecomment-1880183047, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD2LO2ETKOL72E5MYQ6PHRTYNMINJAVCNFSM6AAAAABARFLDW6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBQGE4DGMBUG4 . You are receiving this because you commented.Message ID: @.***>
tomw1964
commented
8 months ago @BlackTurtle123 - what browser are you using? I am using Vivaldi which is a chrome derivative. I noticed that I get repeat captcha if I try via my phone but not from a desktop machine.
It is working for me at the moment.
BlackTurtle123
commented
8 months ago Tried multiple browsers; chromium, brave, edge,.. but probably it's related with that my account was under heavy bruto force attack a few weeks ago.
On Mon, 8 Jan 2024, 10:07 tomw1964, @.***> wrote:
@BlackTurtle123 https://github.com/BlackTurtle123 - what browser are you using? I am using Vivaldi which is a chrome derivative. I noticed that I get repeat captcha if I try via my phone but not from a desktop machine. It is working for me at the moment. image.png (view on web) https://github.com/CJNE/ha-porscheconnect/assets/148999626/5e1ca0ef-39bb-411b-8c2e-ed4353130a5c
— Reply to this email directly, view it on GitHub https://github.com/CJNE/ha-porscheconnect/issues/222#issuecomment-1880612933, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD2LO2FLMFQTC5UJKMCE6H3YNOZOBAVCNFSM6AAAAABARFLDW6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBQGYYTEOJTGM . You are receiving this because you were mentioned.Message ID: @.***>
tonycoupland
commented
8 months ago My IP started asking for Capcha again yesterday and I logged in 3x completing the request each time... after that when it still asked I assumed it was hopeless and started thinging about other work arounds, however this morning I tried again and it didn't ask for the code (admittedly I am on my desktop now rather than my phone, but same IP).
I'm wondering if there is some daily process at Porsche side that detects suspicious activity (i.e. our HA API connections) and flags an IP, and then only clears it after a successful Capcha request. It would mean a process something like:
Will try this out next time I am kicked out.
barto64
commented
8 months ago Hey,
I would maybe add an additional step. In the browser I closed the session after the login. It could make Porsche systems and ordered login/logout. I did this a couple of months ago and my integration has been running flawlessly since then.
tonycoupland
commented
7 months ago Yesterday I updated my HA instance and found the Porsche integration was in failed state, went to the website and had a Capcha request alongside email. I logged in and out 5 times (probably overkill) entering Capcha each time.
Left it until this morning, went back to the website and now no Capcha required!
In HA, reload the integration and its back working again... not ideal but it seems to be a repeatable pattern (twice)
fredriklj
commented
2 months ago We're back to square one, cf. #242 and reopen any new issues.
This morning HA wasn't showing any information from my Taycan.
On checking the log I could see
__File "/usr/local/lib/python3.11/site-packages/pyporscheconnectapi/connection.py", line 175, in _login raise CaptchaRequired("Captcha required") pyporscheconnectapi.exceptions.CaptchaRequired__
I manage to solved this by login into the website on my browser three times. On the third time the capture wasn't required. ha-porcheconnect then started working.
I suspect Porsche's servers are trusting requests when they see the come from an IP address that has already been through the capture process.
I use IPv4 which is NAT'ed, so my laptop and HA have the same external address. I also use IPv6 which might defeat this. Does anyone have any contacts at Porsche we could ask if we could registered our HA external addresses as being trusted?
Tom