Closed gravok closed 4 months ago
As an addendum I updated to 2.4.5 just to be sure that it was not fixed in the meantime. However, the issue is the same as on 2.4.2.
Hmm, the 2.4.2 has been released on December 2023. Did it work since then?
There is an easier way to debug the plugin than wireshark:
First, enable Stream-Deck debug port:
In the Registry, navigate to HKEY_CURRENT_USER\Software\Elgato Systems GmbH\StreamDeck
and set the key html_remote_debugging_enabled
to the value 1
(DWORD). Then restart the stream-deck application.
After you have enabled debugging, you can connect to the plugin or the property inspector at http://localhost:23654/. In your case, the plugin is the relevant option:
On the following screen, you can already see some debug output (the requests you found with wireshark), maybe some home-assistant errors, too.
To see the complete communication between Home-Assistant and the plugin, navigate to the Network tab and hit refresh to see all open connections (without refresh, some may be missing):
HA = Home-Assistant Websocket, SD = StreamDeck Websocket (not interesting in your case)
To see the Messages, select the "websocket" item and open the Messages tab:
a = A request to home-assistant, b = The answer from Home-Assistant
You may want to create an empty profile with only one button to reduce message spam :)
I hope you can find a hint, what is going wrong.
Thank you for your input.
I conducted all the steps outlined.
However, following this path I got the following request and responses:
Request:
{
"id": 4,
"type": "execute_script",
"sequence": [
{
"target": {
"entity_id": [
"light.buro_decken_licht"
]
},
"service": "light.toggle",
"data": {}
}
]
}
Response:
{
"id": 4,
"type": "result",
"success": false,
"error": {
"code": "unauthorized",
"message": "Unauthorized"
}
}
I was thinking about it for a while and found something special that I did, that maybe other people would not do.
The user in my case is not my standard user which I use for administration, but a user I use only for the purpose of connecting the StreamDeck. Therefore, he is not an administrator. For a test I gave the user the administrator flag. As soon as I do this, everything works fine.
It seems like there is some kind of weird change in HA API only allowing administrators access to certain parts of it?
Yes, that could well be. At some point in the past, I changed the way services are called. Since then, they have been wrapped in an "execute_script" call. This has the advantage that template expressions can be used in the service data object, which are then resolved on the Home Assistant side. Since execute_script essentially allows everything, it might be restricted to admin users.
I know that using admin users is not generally accepted as good practice :D - maybe (but with low prio) I will make the service-call-wrapping optional somehow.
Yes, that could well be. At some point in the past, I changed the way services are called. Since then, they have been wrapped in an "execute_script" call. This has the advantage that template expressions can be used in the service data object, which are then resolved on the Home Assistant side. Since execute_script essentially allows everything, it might be restricted to admin users.
Ah that explains it I think. I was looking through the git blames from HA side and was seeing no changes in the structure of the API concerning the execute_script command. This command has been admin_only for 3 years now.
I know that using admin users is not generally accepted as good practice :D - maybe (but with low prio) I will make the service-call-wrapping optional somehow.
Using admin accounts is most certainly non-optimal. However, at least in my case, it is risk-wise not really relevant. Having both the stream deck running as well as my long term valid admin session cookie on the same machine - a smart attacker would always opt for the long-term admin token ;).
The issue has been resolved for me. Thank you very much.
I am unable to trigger actions from the Streamdeck anymore. It had worked for 2 years flawlessly with the same configuration. I had a brief look at the release notes of HA but saw nothing which seemed related to this issue.
I am seeing access denied log entries inside HA logs every time I press a button:
The config of an example button is: (redacted for readability):
Interestingly, sensors and so on are working just fine. However, no action bound to any button is working (lights, shutters, scenes, etc.)
I already tried generating another API token - however this did not change the situation at all.
Out of deperation - and in the lack of other options - I had a look at the traffic inside the websocket. I can clearly see the request from the Plugin to HA
However - I can not see the answer from HA because Wireshark fails to decompress it...
Can you guide me to a way debugging this issue?
Versions: