search

MichaelMcCool / Unifi

Unifi Controller API for PowerShell
MIT License
75 stars 10 forks source link

Connect broken on UDMPro (at least when running version 3.0.16) #10

Open kriggleman42 opened 1 year ago

kriggleman42 commented 1 year ago

Great set of routines, nicely done for UniFi access. :-)

I mostly looked at these routines because UniFi API is not well documented for UDMPro. When I tested your ps module, the connect-controller didn't display any message but didn't have an error either so I assumed that command had worked. However, when I tried get-UnifiSite I received a 401 unauthorized.

Investigating a bit more I found reason for 401 was that Session variable didn't get set during connect-controller. Then I realized another change that occurred when we upgraded to UDMPro. $results.meta is no longer returned from a call to .../api/auth/login Instead, status and other variables are returned including setting $results.unique_id which could be a different way to validate. Note that because the call was successful, no error is triggered. Therefore it would be more robust of your code imho to provide some type of alert that connect didn't go as planned (and thus session variable hasn't been set).

Therefore, I'd recommend updating connect-controller lines 31 and after to something closer to this instead (which I've run on UDMPro and the following works): if ($results.meta.rc -eq "ok" -or ($UDMPro -and $results.status -eq "ACTIVE")) { if (!$refresh){ Write-Verbose "Successfully connected to Unifi controller." } else { Write-Verbose "Successfully reconnected to Unifi controller." }

Set this as a script variable as it will be used for all other commands in the module.

    $Script:Session = $MyWebSession
    }
    else {
        Write-Verbose "Unexpected results from Unifi controller. Session not established."  #I added for robustness!
    }

Finally, the primary reason I was looking at your library was to see how in powershell you do set commands in Unifi API (which I'm doing in powershell). On the UDMPro they require that csrf token is set on session. Otherwise, I get "invalid csrf token" on any update UniFi API cmds. The read comands like get-UnifiSite work fine. Bottom line, my UniFi API update commands worked fine just like you have implemented until we upgraded to UDMPro controller but now they all fail with "invalid csrf token". I'm guessing you are not familiar with that issue but alerting you if anyone asks. If you happen to know how to address that would be wonderful if your routines handled that issue which I believe requires adding x-csrf-token to session state (only needed on UDMPro)

Thanks for your consideration. Ken Riggleman

MichaelMcCool commented 5 months ago

I don't own a UDMPro controller. I only have the software controller available to me at the moment. I do know someone with a UDMPro which I will try and gain access to to see what is required to support them properly.