URL for socketIO connection

[ncpe20012003]

Abodepy is working great for me. However, I'm looking for the socketIO URL. I want to ensure that SSL is being used and my username and password are not being passed unencrypted. Thanks.

[MisterWil]

URL's and other things that don't change are stored in the CONSTS file and used throughout the code.

• Main URL here: constants.py#L48
• Main URL combined with the login path here: constants.py#L50
• SocketIO URL here: constants.py#L86

The SocketIO url is a Secure Web Socket URL (WSS).

Here is where the POST request is made using the login URL with your username and password: init.py#L132

You can see that the SOCKETIO_URL is passed to the event controller here: init.py#L64

Which is passed in to the SocketIO client here: event_controller.py#L30

After we login to Abode we are handed back a cookie that is stored within the session object that we can use to make follow up requests with. We utilize the same session in the login request to connect to the Abode websocket server here: event_controller.py#L126-L130

TL;DR: We login with your username and password as a POST request to the LOGIN_URL above, which is using HTTPS and thus your username and password are sent encrypted to Abode. Abode hands us back a cookie after a successful login. We then connect using a secure web socket connection (WSS) to the SOCKETIO_URL and pass that same cookie along. Your username and password are never sent to the websocket server, but all communication is encrypted.

[ncpe20012003]

Perfect. Thanks for the references.

On Fri, Feb 15, 2019, 10:35 AM Mister Wil <notifications@github.com wrote:

URL's and other things that don't change are stored in the CONSTS file and used throughout the source

• Main URL here: constants.py#L48 https://github.com/MisterWil/abodepy/blob/master/abodepy/helpers/constants.py#L48
• Main URL combined with the login path here: constants.py#L50 https://github.com/MisterWil/abodepy/blob/master/abodepy/helpers/constants.py#L50
• SocketIO URL here: constants.py#L86 https://github.com/MisterWil/abodepy/blob/master/abodepy/helpers/constants.py#L86

The SocketIO url is a Secure Web Socket URL (WSS) https://devcenter.heroku.com/articles/websocket-security#wss.

Here is where the POST request is made using the login URL with your username and password: init.py#L132 https://github.com/MisterWil/abodepy/blob/master/abodepy/__init__.py#L132

You can see that the SOCKETIO_URL is passed to the event controller here: init.py#L64 https://github.com/MisterWil/abodepy/blob/master/abodepy/__init__.py#L64

Which is passed in to the SocketIO client here: event_controller.py#L30 https://github.com/MisterWil/abodepy/blob/master/abodepy/event_controller.py#L30

After we login to Abode we are handed back a cookie that is stored within the session object that we can use to make follow up requests with. We utilize the same session in the login request to connect to the Abode websocket server here: event_controller.py#L126-L130 https://github.com/MisterWil/abodepy/blob/6f84bb428fd1da98855f55083cd427bebbcc57ae/abodepy/event_controller.py#L126-L130

TL;DR: We login with your username and password as a POST request to the LOGIN_URL above, which is using HTTPS and thus your username and password are sent encrypted to Abode. Abode hands us back a cookie after a successful login. We then connect using a secure web socket connection (WSS) to the SOCKETIO_URL and pass that same cookie along. Your username and password are never sent to the websocket server, but all communication is encrypted.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/MisterWil/abodepy/issues/42#issuecomment-464093019, or mute the thread https://github.com/notifications/unsubscribe-auth/Ag6q4WrgDPJGx8qHVFNIqqf-GQfYebAMks5vNtPOgaJpZM4a9Wyz .