search

Pyhass / Pyhiveapi

A python library to interface with the hive home api
MIT License
24 stars 18 forks source link

Unable to login via (new bug only started 24/6/23) #66

Closed pdev77 closed 1 year ago

pdev77 commented 1 year ago

Describe the bug Using pyhiveapi with 2FA(SMS) and device registration - all was working fine for a couple of weeks. Then unable to retrieve information via the tokens. Having retried the login script which is as simple as this:

#!/usr/bin/env python3
import os

from pyhiveapi import Hive, SMS_REQUIRED

session = Hive(
    username=(os.environ['hiveuser']),
    password=(os.environ['hivepass']),
)

login = session.login()

if login.get("ChallengeName") == SMS_REQUIRED:
    code = input("Enter 2FA code: ")
    session.sms2fa(code, login)

session.auth.device_registration('pyhiveapi')
deviceData = session.auth.get_device_data()

print(deviceData) # save this info for next time you login

it throws:

2023-06-27 17:46:18.269 | ERROR    | pyhiveapi.hive:exception_handler:44 - -> 
Error in /usr/lib/python3.8/json/decoder.py
when running raw_decode function
on line 353 - obj, end = self.scan_once(s, idx) 
with vars None
Error in sys.excepthook:
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/pyhiveapi/hive.py", line 52, in exception_handler
    traceback.print_exc(tb)
  File "/usr/lib/python3.8/traceback.py", line 163, in print_exc
    print_exception(*sys.exc_info(), limit=limit, file=file, chain=chain)
  File "/usr/lib/python3.8/traceback.py", line 103, in print_exception
    for line in TracebackException(
  File "/usr/lib/python3.8/traceback.py", line 508, in __init__
    self.stack = StackSummary.extract(
  File "/usr/lib/python3.8/traceback.py", line 340, in extract
    if limit >= 0:
TypeError: '>=' not supported between instances of 'traceback' and 'int'

Original exception was:
Traceback (most recent call last):
  File "./1_deviceregistration.py", line 16, in <module>
    session = Hive(
  File "/usr/local/lib/python3.8/dist-packages/pyhiveapi/hive.py", line 111, in __init__
    super().__init__(username, password, websession)
  File "/usr/local/lib/python3.8/dist-packages/pyhiveapi/session.py", line 60, in __init__
    self.auth = Auth(
  File "/usr/local/lib/python3.8/dist-packages/pyhiveapi/api/hive_auth.py", line 116, in __init__
    self.data = self.api.getLoginInfo()
  File "/usr/local/lib/python3.8/dist-packages/pyhiveapi/api/hive_api.py", line 115, in getLoginInfo
    json_data = json.loads(
  File "/usr/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.8/json/decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Unterminated string starting at: line 1 column 2 (char 1)

Expected behavior The registration step provides: devicegroupkey & authdevicekey & authdevicepasswd

This is using the latest pyhiveapi - with the session.py modifications as per https://github.com/Pyhass/Pyhiveapi/issues/57

I cant figure out how to enable more verbose debugging - pyhiveapi_error.log contains only the above info

andyb2000 commented 1 year ago

Just had the same issue, but not sure if it's hive having problems.

Trying to login to their web portal:

URL redirects to: https://sso.hivehome.com/?client=v3-web-prod&redirect=https://my.hivehome.com And page simply displays: {"message":"Forbidden"}

So it may be hive having problems. (Tested 28/june 13:04 BST)

pdev77 commented 1 year ago

It seems that hive are blocking based on ip/subnet!

Access is blocked (as I might expect) via surfshark vpn ({"message":"Forbidden"}) However my code was running from OracleCloud - where it has run for months & months. However I cannot even curl to https://sso.hivehome.com/ (returns {"message":"Forbidden"}) from there now. Works fine when running from home PC - so problem solved. Hope this info might help others.

andyb2000 commented 1 year ago

testing this further, it's not just my home broadband IP block (I work for an ISP so have the ability to test from large subnets) - Testing from other subnets in our ISP range, most seem to give this Forbidden, so it doesn't appear to be something I specifically have done, it seems they're blocking huge UK ranges.

andyb2000 commented 1 year ago

Further, I have found that if you are logged in/authenticated, you should be fine. If you logout or need to re-auth that is the issue as it's only the sso.hivehome.com address that is carrying out the IP ban/filter. The actual https://my.hivehome.com/dashboard lets you in (I tested this by proxying my connection, authenticated then switched off the proxy. My auth cookies remained working/logged in)

andyb2000 commented 1 year ago

I've finally found somebody at Hive who can understand the issue and comment, unfortunately it's not a fix.

"The platform team have looked into this. It looks like its has been blocked by AWS WAF HostingProviderIPList rule. This rule inspects for a list of IP addresses from hosting and cloud providers, which are less likely to source end-user traffic. For security reasons, we reject traffic originating from IP addresses classified as cloud hosting provider IPs."

So the answer is if you are coming from an IP listed by Amazon AWS WAF HostingProviderIPList then you will get the forbidden. Only way round it is to try and get your IP/block removed from HostingProviderIPList by Amazon AWS. I'm attempting this but don't see much future.

We may need to look at using a web proxy somehow in the integration to work around this?