search

N4S4 / synology-api

A Python wrapper around Synology API
MIT License
360 stars 137 forks source link

filestation.FileStation() - "Error 402 - Denied permission" on version 0.7.2 (the return of) #168

Closed tinwhisker closed 1 month ago

tinwhisker commented 1 month ago

Describe the bug Login returns Error 402

To Reproduce Steps to reproduce the behavior:

from synology_api import filestation

test = filestation.FileStation('filestationip', '5000', 'User', 'Password', secure=False, cert_verify=False, dsm_version=7, otp_code=None, debug=True )

test.logout()

Console will return 402

Alternate examples:

Good (API guide): https://mynas:5001/webapi/auth.cgi?api=SYNO.API.Auth&version=3&method=login&account=User&passwd=Password&session=FileStation&format=cookie

Bad (synology-api): https://mynas:5001/webapi/auth.cgi?api=SYNO.API.Auth&version=7&method=login&account=User&passwd=Password&session=Core&format=cookie&enable_syno_token=no

'version' has no impact on success - this was the raw example from the API datasheet which worked. Setting to 7 still succeeded in 'good', setting to 3 still failed on 'bad'.

Expected behavior Successful login

Desktop (please complete the following information):

Additional context Comparing the login sent with a working login, plus referencing the Official API datasheet, I see that 'session' is set to 'Core', where the datasheet states on page 20 ("Chpater 4: File Station API" [SIC]):

"All File Station APIs are required to login with SYNO.API.Auth and session=FileStation"

tinwhisker commented 1 month ago

My "fix" is to pass the session or 'application' (as you define it internally) value to base when instantiated. All other variants will default to "Core".

I can make a pull request for perusal, but I can only test against the FileStation.

N4S4 commented 1 month ago

Hi,

Version is related to the DSM version not to the api call version. It is strange because it works fine for me. Let me investigate a bit and i will revert back. In the mean while you can prepare a PR so we can compare. Thank you

tinwhisker commented 1 month ago

I mentioned DSM ver purely to rule it out.

Maybe there's a setting to allow arbitrary applications/session types, but I only have user-level access currently to our unit. The docs imply it must be 'FileStation' on those devices, maybe DSM 7.2.1-69057 is enforcing it now?

PR: #169