WrapAPI reporting "Object Moved" after login endpoint

[scombest]

Starting sometime on 8/9/2016 the login WrapAPI now gives the below error. I checked and there are no nag screens. Anyone else running into this in the last 24 hours?

{ "success": false, "outputScenario": null, "data": null, "messages": [ "None of the output scenarios matched. See the raw data received in rawData" ], "errTypes": [ "noMatchedOutputScenario" ], "rawData": { "responses": [ { "statusCode": 302, "body": "<html><head><title>Object moved</title></head><body>\r\n<h2>Object moved to <a href=\"%2fpda%2f404.aspx%3faspxerrorpath%3d%2fpda%2f%7b%7bsessionUrl%7d%7d%2fDefault.aspx\">here</a>.</h2>\r\n</body></html>\r\n", "headers": { "content-type": "text/html; charset=utf-8", "location": "/pda/404.aspx?aspxerrorpath=/pda/{{sessionUrl}}/Default.aspx", "server": "Microsoft-IIS/7.5", "x-powered-by": "ASP.NET", "p3p": "policyref=\"/w3c/p3p.xml\",CP=\"OUR SAMa ADM UNI BUS ALL CUR DSP TAI COR IND STA\"", "access-control-allow-origin": "*", "date": "Wed, 10 Aug 2016 19:06:23 GMT", "connection": "close", "content-length": "199" }, "request": { "uri": { "protocol": "https:", "slashes": true, "auth": null, "host": "www.alarm.com", "port": 443, "hostname": "www.alarm.com", "hash": null, "search": null, "query": null, "pathname": "/pda/%7B%7BsessionUrl%7D%7D/Default.aspx", "path": "/pda/%7B%7BsessionUrl%7D%7D/Default.aspx", "href": "https://www.alarm.com/pda/%7B%7BsessionUrl%7D%7D/Default.aspx" }, "method": "post", "headers": { "origin": "https://www.alarm.com", "accept-language": "en-US,en;q=0.8", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36", "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "referer": "https://www.alarm.com/pda/(S(wuxx1xq5vbiyl145vcz3fs55))/Default.aspx", "Content-Type": "application/x-www-form-urlencoded", "content-length": 4208 } } }, { "statusCode": 404, "body": "<html>\r\n <head>\r\n <title>The resource cannot be found.</title>\r\n <style>\r\n body {font-family:\"Verdana\";font-weight:normal;font-size: .7em;color:black;} \r\n p {font-family:\"Verdana\";font-weight:normal;color:black;margin-top: -5px}\r\n b {font-family:\"Verdana\";font-weight:bold;color:black;margin-top: -5px}\r\n H1 { font-family:\"Verdana\";font-weight:normal;font-size:18pt;color:red }\r\n H2 { font-family:\"Verdana\";font-weight:normal;font-size:14pt;color:maroon }\r\n pre {font-family:\"Lucida Console\";font-size: .9em}\r\n .marker {font-weight: bold; color: black;text-decoration: none;}\r\n .version {color: gray;}\r\n .error {margin-bottom: 10px;}\r\n .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }\r\n </style>\r\n </head>\r\n\r\n <body bgcolor=\"white\">\r\n\r\n <span><H1>Server Error in '/pda' Application.<hr width=100% size=1 color=silver></H1>\r\n\r\n <h2> <i>The resource cannot be found.</i> </h2></span>\r\n\r\n <font face=\"Arial, Helvetica, Geneva, SunSans-Regular, sans-serif \">\r\n\r\n <b> Description: </b>HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. &nbsp;Please review the following URL and make sure that it is spelled correctly.\r\n <br><br>\r\n\r\n <b> Requested URL: </b>/pda/404.aspx<br><br>\r\n\r\n </body>\r\n</html>\r\n", "headers": { "cache-control": "private", "content-type": "text/html; charset=utf-8", "server": "Microsoft-IIS/7.5", "x-aspnet-version": "2.0.50727", "x-powered-by": "ASP.NET", "p3p": "policyref=\"/w3c/p3p.xml\",CP=\"OUR SAMa ADM UNI BUS ALL CUR DSP TAI COR IND STA\"", "access-control-allow-origin": "*", "date": "Wed, 10 Aug 2016 19:06:23 GMT", "connection": "close", "content-length": "1510" }, "request": { "uri": { "protocol": "https:", "slashes": true, "auth": null, "host": "www.alarm.com", "port": 443, "hostname": "www.alarm.com", "hash": null, "search": "?aspxerrorpath=/pda/%7B%7BsessionUrl%7D%7D/Default.aspx", "query": "aspxerrorpath=/pda/%7B%7BsessionUrl%7D%7D/Default.aspx", "pathname": "/pda/404.aspx", "path": "/pda/404.aspx?aspxerrorpath=/pda/%7B%7BsessionUrl%7D%7D/Default.aspx", "href": "https://www.alarm.com/pda/404.aspx?aspxerrorpath=/pda/%7B%7BsessionUrl%7D%7D/Default.aspx" }, "method": "GET", "headers": { "origin": "https://www.alarm.com", "accept-language": "en-US,en;q=0.8", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36", "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "referer": "https://www.alarm.com/pda/(S(wuxx1xq5vbiyl145vcz3fs55))/Default.aspx", "Content-Type": "application/x-www-form-urlencoded" } } } ], "stateToken": REDACTED" } }

[rmervine]

I tested this myself and it appears that the alarm.com integration is broken for myself. If I activate my "I'm leaving" scene, I get a response that the scene can't be ran. Plus I can tell it's not logging in to alarm.com as I have a dedicated account. I'm quite new with getting this set up, but I am not sure how to duplicate scombest's scenario. All I can tell is that it's "not working" and it's been working at least back to this Monday.

I noticed that the bookmarked API for login was changed 10 hours ago. Maybe a change occurred?

[bryanbartow]

There was a security issue discovered this morning. I have been in contact with the folks at WrapAPI. I'm not sure if this is a result of their security fix or not, but I've reached out to them and I'll update as soon as I hear back. For now, it does seem to be broken. It's not substituting variable inputs in the URLs its trying to load. The calls are supposed to load www.alarm.com/pda/{{sessionUrl}}/Default.aspx where a value is substituted for {{sessionUrl}}. Instead, it's literally passing in {{sessionUrl}}.

[bryanbartow]

Just heard back and it appears to be working again. @scombest @rmervine can you confirm or deny on your end?

[scombest]

@bryanbartow confirmed it is working again! Thanks for the quick turnaround!