balansse / homebridge-vivint

Integrates Vivint security system with Apple Home
Other
48 stars 16 forks source link

"Error occurred during login..." 401 Authorization Required #126

Closed ripple7511 closed 1 year ago

ripple7511 commented 1 year ago

Vivint is throwing errors this afternoon, and showing the below in the console.

I'm able to successfully get a cookie (though it begins with "__CF_bm=" which I don't think it used to do?), but always get a 401 Authorization Required error.

I'm using a Homebridge-specific account on Vivint that I can successfully login using on the Vivint app itself, and MFA is disabled for the account. I've even tried to use my main Vivint account as a test, but the MFA portion fails even though the code is correct. I've verified that I'm able to successfully login to the Vivint app using the code successfully.

I've tried running the "npm run mfa" from the terminal, but am getting a "Missing script: mfa" error while doing that. "npm run" returns no scripts whatsoever. I've tried installing and re-installing different versions of the same plugin with nothing working.

I'm running Homebridge as an LXC on ProxMox for more than a year now without any issues. Anyone have ideas as to what I can try next?


LOG (with cookie data and any other long strings of potentially-important characters removed...)

[@balansse/homebridge-vivint] Error occurred during login, retrying in 60 seconds... StatusCodeError: 401 - "\r\n401 Authorization Required\r\n\r\n

401 Authorization Required

\r\n
nginx
\r\n\r\n\r\n" at new StatusCodeError (/var/lib/homebridge/node_modules/@balansse/homebridge-vivint/node_modules/request-promise-core/lib/errors.js:32:15) at Request.plumbing.callback (/var/lib/homebridge/node_modules/@balansse/homebridge-vivint/node_modules/request-promise-core/lib/plumbing.js:104:33) at Request.RP$callback [as _callback] (/var/lib/homebridge/node_modules/@balansse/homebridge-vivint/node_modules/request-promise-core/lib/plumbing.js:46:31) at Request.self.callback (/var/lib/homebridge/node_modules/@balansse/homebridge-vivint/node_modules/request/request.js:185:22) at Request.emit (node:events:513:28) at Request. (/var/lib/homebridge/node_modules/@balansse/homebridge-vivint/node_modules/request/request.js:1154:10) at Request.emit (node:events:513:28) at IncomingMessage. (/var/lib/homebridge/node_modules/@balansse/homebridge-vivint/node_modules/request/request.js:1076:12) at Object.onceWrapper (node:events:627:28) at IncomingMessage.emit (node:events:525:35) { statusCode: 401, error: '\r\n' + '401 Authorization Required\r\n' + '\r\n' + '

401 Authorization Required

\r\n' + '
nginx
\r\n' + '\r\n' + '\r\n', options: { url: 'https://www.vivintsky.com/api/authuser', headers: { Cookie: '__cf_bm=' }, resolveWithFullResponse: true, callback: [Function: RP$callback], transform: undefined, simple: true, transform2xxOnly: false }, response: <ref *1> IncomingMessage { _readableState: ReadableState { objectMode: false, highWaterMark: 16384, buffer: BufferList { head: null, tail: null, length: 0 }, length: 0, pipes: [], flowing: true, ended: true, endEmitted: true, reading: false, constructed: true, sync: true, needReadable: false, emittedReadable: false, readableListening: false, resumeScheduled: false, errorEmitted: false, emitClose: true, autoDestroy: true, destroyed: true, errored: null, closed: true, closeEmitted: true, defaultEncoding: 'utf8', awaitDrainWriters: null, multiAwaitDrain: false, readingMore: true, dataEmitted: true, decoder: null, encoding: null,

},
_events: [Object: null prototype] {
  end: [Array],
  close: [Array],
  data: [Function (anonymous)],
  error: [Function (anonymous)]
},
_eventsCount: 4,
_maxListeners: undefined,
socket: TLSSocket {
  _tlsOptions: [Object],
  _secureEstablished: true,
  _securePending: false,
  _newSessionPending: false,
  _controlReleased: true,
  secureConnecting: false,
  _SNICallback: null,
  servername: 'www.vivintsky.com',
  alpnProtocol: false,
  authorized: true,
  authorizationError: null,
  encrypted: true,
  _events: [Object: null prototype],
  _eventsCount: 10,
  connecting: false,
  _hadError: false,
  _parent: null,
  _host: 'www.vivintsky.com',
  _closeAfterHandlingError: false,
  _readableState: [ReadableState],
  _maxListeners: undefined,
  _writableState: [WritableState],
  allowHalfOpen: false,
  _sockname: null,
  _pendingData: null,
  _pendingEncoding: '',
  server: undefined,
  _server: null,
  ssl: [TLSWrap],
  _requestCert: true,
  _rejectUnauthorized: true,
  parser: null,
  _httpMessage: [ClientRequest],
  [Symbol(res)]: [TLSWrap],
  [Symbol(verified)]: true,
  [Symbol(pendingSession)]: null,
  [Symbol(async_id_symbol)]: 34,
  [Symbol(kHandle)]: [TLSWrap],
  [Symbol(lastWriteQueueSize)]: 0,
  [Symbol(timeout)]: null,
  [Symbol(kBuffer)]: null,
  [Symbol(kBufferCb)]: null,
  [Symbol(kBufferGen)]: null,
  [Symbol(kCapture)]: false,
  [Symbol(kSetNoDelay)]: false,
  [Symbol(kSetKeepAlive)]: false,
  [Symbol(kSetKeepAliveInitialDelay)]: 0,
  [Symbol(kBytesRead)]: 0,
  [Symbol(kBytesWritten)]: 0,
  [Symbol(connect-options)]: [Object]
},
httpVersionMajor: 1,
httpVersionMinor: 1,
httpVersion: '1.1',
complete: true,
rawHeaders: [
  'Date',
  'Fri, 20 Oct 2023 18:50:08 GMT',
  'Content-Type',
  'text/html',
  'Content-Length',
  '172',
  'Connection',
  'close',
  'Www-Authenticate',
  'Bearer scope="openid email",redirect_uri="https://www.vivintsky.com/api/oauth-redirect/<redacted>",realm="vivintsky",response_type="code",state="<redacted>",client_id="<redacted>"',
  'CF-Cache-Status',
  'DYNAMIC',
  'Server',
  'cloudflare',
  'CF-RAY',
  '819371db6de1c374-SEA'
],
rawTrailers: [],
joinDuplicateHeaders: undefined,
aborted: false,
upgrade: false,
url: '',
method: null,
statusCode: 401,
statusMessage: 'Unauthorized',
client: TLSSocket {
  _tlsOptions: [Object],
  _secureEstablished: true,
  _securePending: false,
  _newSessionPending: false,
  _controlReleased: true,
  secureConnecting: false,
  _SNICallback: null,
  servername: 'www.vivintsky.com',
  alpnProtocol: false,
  authorized: true,
  authorizationError: null,
  encrypted: true,
  _events: [Object: null prototype],
  _eventsCount: 10,
  connecting: false,
  _hadError: false,
  _parent: null,
  _host: 'www.vivintsky.com',
  _closeAfterHandlingError: false,
  _readableState: [ReadableState],
  _maxListeners: undefined,
  _writableState: [WritableState],
  allowHalfOpen: false,
  _sockname: null,
  _pendingData: null,
  _pendingEncoding: '',
  server: undefined,
  _server: null,
  ssl: [TLSWrap],
  _requestCert: true,
  _rejectUnauthorized: true,
  parser: null,
  _httpMessage: [ClientRequest],
  [Symbol(res)]: [TLSWrap],
  [Symbol(verified)]: true,
  [Symbol(pendingSession)]: null,
  [Symbol(async_id_symbol)]: 34,
  [Symbol(kHandle)]: [TLSWrap],
  [Symbol(lastWriteQueueSize)]: 0,
  [Symbol(timeout)]: null,
  [Symbol(kBuffer)]: null,
  [Symbol(kBufferCb)]: null,
  [Symbol(kBufferGen)]: null,
  [Symbol(kCapture)]: false,
  [Symbol(kSetNoDelay)]: false,
  [Symbol(kSetKeepAlive)]: false,
  [Symbol(kSetKeepAliveInitialDelay)]: 0,
  [Symbol(kBytesRead)]: 0,
  [Symbol(kBytesWritten)]: 0,
  [Symbol(connect-options)]: [Object]
},
_consuming: false,
_dumped: false,
req: ClientRequest {
  _events: [Object: null prototype],
  _eventsCount: 5,
  _maxListeners: undefined,
  outputData: [],
  outputSize: 0,
  writable: true,
  destroyed: false,
  _last: true,
  chunkedEncoding: false,
  shouldKeepAlive: false,
  maxRequestsOnConnectionReached: false,
  _defaultKeepAlive: true,
  useChunkedEncodingByDefault: false,
  sendDate: false,
  _removedConnection: false,
  _removedContLen: false,
  _removedTE: false,
  strictContentLength: false,
  _contentLength: 0,
  _hasBody: true,
  _trailer: '',
  finished: true,
  _headerSent: true,
  _closed: false,
  socket: [TLSSocket],
  _header: 'GET /api/authuser HTTP/1.1\r\n' +
    'Cookie: __cf_bm=<redacted>\r\n' +
    'host: www.vivintsky.com\r\n' +
    'Connection: close\r\n' +
    '\r\n',
  _keepAliveTimeout: 0,
  _onPendingData: [Function: nop],
  agent: [Agent],
  socketPath: undefined,
  method: 'GET',
  maxHeaderSize: undefined,
  insecureHTTPParser: undefined,
  joinDuplicateHeaders: undefined,
  path: '/api/authuser',
  _ended: true,
  res: [Circular *1],
  aborted: false,
  timeoutCb: null,
  upgradeOrConnect: false,
  parser: null,
  maxHeadersCount: null,
  reusedSocket: false,
  host: 'www.vivintsky.com',
  protocol: 'https:',
  [Symbol(kCapture)]: false,
  [Symbol(kBytesWritten)]: 0,
  [Symbol(kNeedDrain)]: false,
  [Symbol(corked)]: 0,
  [Symbol(kOutHeaders)]: [Object: null prototype],
  [Symbol(errored)]: null,
  [Symbol(kUniqueHeaders)]: null
},
request: Request {
  _events: [Object: null prototype],
  _eventsCount: 5,
  _maxListeners: undefined,
  headers: [Object],
  resolveWithFullResponse: true,
  readable: true,
  writable: true,
  _qs: [Querystring],
  _auth: [Auth],
  _oauth: [OAuth],
  _multipart: [Multipart],
  _redirect: [Redirect],
  _tunnel: [Tunnel],
  _rp_resolve: [Function (anonymous)],
  _rp_reject: [Function (anonymous)],
  _rp_promise: [Promise],
  _rp_callbackOrig: undefined,
  callback: [Function (anonymous)],
  _rp_options: [Object],
  setHeader: [Function (anonymous)],
  hasHeader: [Function (anonymous)],
  getHeader: [Function (anonymous)],
  removeHeader: [Function (anonymous)],
  method: 'GET',
  localAddress: undefined,
  pool: {},
  dests: [],
  __isRequestRequest: true,
  _callback: [Function: RP$callback],
  uri: [Url],
  proxy: null,
  tunnel: true,
  setHost: true,
  originalCookieHeader: '__cf_bm=<redacted>',
  _disableCookies: true,
  _jar: undefined,
  port: 443,
  host: 'www.vivintsky.com',
  path: '/api/authuser',
  httpModule: [Object],
  agentClass: [Function: Agent],
  agent: [Agent],
  _started: true,
  href: 'https://www.vivintsky.com/api/authuser',
  req: [ClientRequest],
  ntick: true,
  response: [Circular *1],
  originalHost: 'www.vivintsky.com',
  originalHostHeaderName: 'host',
  responseContent: [Circular *1],
  _destdata: true,
  _ended: true,
  _callbackCalled: true,
  [Symbol(kCapture)]: false
},
toJSON: [Function: responseToJSON],
caseless: Caseless { dict: [Object] },
body: '<html>\r\n' +
  '<head><title>401 Authorization Required</title></head>\r\n' +
  '<body>\r\n' +
  '<center><h1>401 Authorization Required</h1></center>\r\n' +
  '<hr><center>nginx</center>\r\n' +
  '</body>\r\n' +
  '</html>\r\n',
[Symbol(kCapture)]: false,
[Symbol(kHeaders)]: {
  date: 'Fri, 20 Oct 2023 18:50:08 GMT',
  'content-type': 'text/html',
  'content-length': '172',
  connection: 'close',
  'www-authenticate': 'Bearer scope="openid email",redirect_uri="https://www.vivintsky.com/api/oauth-redirect/<redacted>",realm="vivintsky",response_type="code",state="<redacted>",client_id="<redacted>"',
  'cf-cache-status': 'DYNAMIC',
  server: 'cloudflare',
  'cf-ray': '819371db6de1c374-SEA'
},
[Symbol(kHeadersCount)]: 16,
[Symbol(kTrailers)]: null,
[Symbol(kTrailersCount)]: 0

} }

DevMan01 commented 1 year ago

I'm getting this exact error as well.

txhunter commented 1 year ago

I am as well.

DevMan01 commented 1 year ago

I thought maybe it was something to do with an MFA code. Tried the following:

... /usr/local/lib/node_modules/@balansse/homebridge-vivint$ npm run mfa

@balansse/homebridge-vivint@1.8.3 mfa node scripts/vivint_mfa_cli

Please enter your Vivint login email: Please enter your Vivint login password: Status code was 200. MFA is not needed. Please use refreshToken: __cf_bm=HMp ... =

I don't think its that. I wonder perhaps if something changed on their API? Or, I'm seeing references to CloudFlare, perhaps they've raised some kind of captcha system?

asander85 commented 1 year ago

I just began getting this error about 10 minutes ago. I'm completely down.

DevMan01 commented 1 year ago

I tried to use another library, just to test login functionality via Python from this repo: https://github.com/ovirs/pyvivint I got a similar login error. This could be clouding the field, but I wonder if the source of error is upstream at Vivint.

DevMan01 commented 1 year ago

Seeing similar chatter about this on Reddit: https://www.reddit.com/r/homebridge/comments/17cirri/vivint_failure/

jrschat commented 1 year ago

Watching. I am having this issue as well.

srmora commented 1 year ago

Well, I’m dead in the water. I ended up trying to uninstall and reinstall the app but I get no MFA key when I try logging in. I’ll continue to watch this thread but currently my HomeKit set up is hosed as I had a lot of dependencies on the Vivint various sensors, thermostats, doorbell, camera, you name it :(

jgrimard commented 1 year ago

It looks like Vivint stopped sending the SET-COOKIE header from https://www.vivintsky.com/api/authuser If nothing else changed, then we should be able to comment out the highlighted lines and it should work again. I don't have time to work on it right now, heading out the door. Maybe later tonight or this weekend.

image

image

ripple7511 commented 1 year ago

I commented out lines 165 and and 168-- no dice, unfortunately. I'll dig into this later tonight to see what I can find as well.

aacentric commented 1 year ago

I'm no coder, but The Home Assistant integration still works. Not sure if the authentication methods are similar but hopefully that helps some of you who are much better at this troubleshoot!

srmora commented 1 year ago

I don’t believe Home Assistant has Vivint plug-in. That’s why I’m using Homebridge.

aacentric commented 1 year ago

I don’t believe Home Assistant has Vivint plug-in. That’s why I’m using Homebridge.

https://github.com/natekspencer/hacs-vivint

It's a HACS repository, can add that way. Works perfectly with Home Assistant.

srmora commented 1 year ago

Interesting and awesome at the same time I had no idea I'll look into that because I need my Vivint. Thank you.

jgrimard commented 1 year ago

I created pull request #127 to fix this issue. This fix is working on my system.

arjunmehta commented 1 year ago

Could be worthwhile examining this file, especially the first 100 lines, to see if there’s anything obvious:

https://github.com/natekspencer/vivintpy/blob/main/vivintpy/vivintskyapi.py#L18-L100

EDIT: I love open source software. By the time I posted, someone had already fixed the issue. Hah. Awesome @jgrimard !

aacentric commented 1 year ago

Please please forgive my ignorance, buuuutttt.....the pull request mentioned above lists some changes which apparently work, how do I translate that into my plugin working? Do I just need to wait for an update or can I integrate these changes easily with a few clicks??

jgrimard commented 1 year ago

Please please forgive my ignorance, buuuutttt.....the pull request mentioned above lists some changes which apparently work, how do I translate that into my plugin working? Do I just need to wait for an update or can I integrate these changes easily with a few clicks??

It would be easiest to wait for @balansse to merge the pull request and publish to NPM. Then you can update the plugin.

srmora commented 1 year ago

OK I guess I'll wait for the update. But in the meantime, I went ahead and installed. HACS oh my existing Home Assistant, but I was not really using. And then I managed to get the Vivint integration installed and configured. I can't see everything on HomeKit but at least I have my access to my alarm and re-added them to my automations.

But I'll be glad when the Vivint plug-in for HomeKit/Homebridge is working again because I need access to everything via HomeKit 🤞🏽

mbentley commented 1 year ago

I know absolutely nothing about node and using npm but it seems that I can manually install the patch from the PR's branch for now until a fix is merged and published using npm install git+https://github.com/jgrimard/homebridge-vivint.git\#patch-2

krayzie32 commented 1 year ago

I know absolutely nothing about node and using npm but it seems that I can manually install the patch from the PR's branch for now until a fix is merged and published using npm install git+https://github.com/jgrimard/homebridge-vivint.git\#patch-2

This isn't working for me... the process just hangs at the below step, unless I need to be more patient (waited for around 7-10 minutes): $ npm install git+https://github.com/jgrimard/homebridge-vivint.git\#patch-2 [#########.........] / reify:@balansse/homebridge-vivint: timing reify:loadBundles Completed in 0ms

I'm executing the above within the homebridge container.

mbentley commented 1 year ago

Yeah, it took a while for me. And yes, I did an exec into my container and ran it and then restarted the container

zackman0010 commented 1 year ago

Unfortunately @jgrimard's solution is a very simplistic fix that only works if you already have a valid session token. If you've regenerated your token and it's now invalid, or if your session expires, his change would not fix the authentication issue. The issue is that Vivint apparently enabled Cloudflare Bot Management, which adds a new cookie into every request. The Vivint script is only set up to handle a single cookie, so when this new cookie appeared the script started grabbing the wrong cookie value. I'm currently working on my own PR to make sure it grabs the correct cookie.

balansse commented 1 year ago

Huge thanks to @jgrimard for the fix! I just published the new version to NPM - go ahead and update the plugin and it should work again!

jgrimard commented 1 year ago

Thank you @balansse. I just updated from the plugin from within Homebridge and all is working again. I also tested generating a new refresh token and it worked fine.

zackman0010 commented 1 year ago

@balansse Please see my PR #128 @jgrimard Generating the token will sometimes work, as it depends on what order the cookie headers are in, which is not deterministic. If you're lucky enough that the s session cookie is first, then it'll work. But if CloudFlare's __cf_bm cookie is first, then that's the one you'll grab, which won't work for authentication.

olivierlacan commented 1 year ago

@balansse @jgrimard Thank you both so much.

I can confirm however that what @zackman0010 describes did happen when I recently refreshed my credentials.

srmora commented 1 year ago

Beautiful, got it working again thank you. Since I had hosed it trying to get it to work I ended up uninstalling reinstalling and then generating a new token. All works beautiful. Thank you so much.

DevMan01 commented 1 year ago

Confirmed @zackman0010 's issue. Basically, I just sat at the settings page and generated a new refresh token until I got one that started with s= instead of __cf_bm and that did the trick. It works now, very grateful. But, perhaps we need to do something to make sure the token comes up correctly.

zackman0010 commented 1 year ago

It works now, very grateful. But, perhaps we need to do something to make sure the token comes up correctly.

@DevMan01 I've got an open PR to do exactly that, so this issue will be fixed as soon as it gets merged in.

krayzie32 commented 1 year ago

Thank you to everyone who helped fix this!

jgrimard commented 1 year ago

Version 1.8.5 fixes these issues and is available as an update. Please set this issue as resolved with #128

balansse commented 1 year ago

Resolved with #128