gravok
commented
4 months ago As an addendum I updated to 2.4.5 just to be sure that it was not fixed in the meantime. However, the issue is the same as on 2.4.2.
Closed gravok closed 4 months ago
gravok
commented
4 months ago As an addendum I updated to 2.4.5 just to be sure that it was not fixed in the meantime. However, the issue is the same as on 2.4.2.
cgiesche
commented
4 months ago Hmm, the 2.4.2 has been released on December 2023. Did it work since then?
There is an easier way to debug the plugin than wireshark:
First, enable Stream-Deck debug port:
In the Registry, navigate to HKEY_CURRENT_USER\Software\Elgato Systems GmbH\StreamDeck and set the key html_remote_debugging_enabled to the value 1 (DWORD). Then restart the stream-deck application.
After you have enabled debugging, you can connect to the plugin or the property inspector at http://localhost:23654/. In your case, the plugin is the relevant option:
On the following screen, you can already see some debug output (the requests you found with wireshark), maybe some home-assistant errors, too.
To see the complete communication between Home-Assistant and the plugin, navigate to the Network tab and hit refresh to see all open connections (without refresh, some may be missing):
HA = Home-Assistant Websocket, SD = StreamDeck Websocket (not interesting in your case)
To see the Messages, select the "websocket" item and open the Messages tab:
a = A request to home-assistant, b = The answer from Home-Assistant
You may want to create an empty profile with only one button to reduce message spam :)
I hope you can find a hint, what is going wrong.
gravok
commented
4 months ago Thank you for your input.
I conducted all the steps outlined.
However, following this path I got the following request and responses:
Request:
{
"id": 4,
"type": "execute_script",
"sequence": [
{
"target": {
"entity_id": [
"light.buro_decken_licht"
]
},
"service": "light.toggle",
"data": {}
}
]
}Response:
{
"id": 4,
"type": "result",
"success": false,
"error": {
"code": "unauthorized",
"message": "Unauthorized"
}
}I was thinking about it for a while and found something special that I did, that maybe other people would not do.
The user in my case is not my standard user which I use for administration, but a user I use only for the purpose of connecting the StreamDeck. Therefore, he is not an administrator. For a test I gave the user the administrator flag. As soon as I do this, everything works fine.
It seems like there is some kind of weird change in HA API only allowing administrators access to certain parts of it?
cgiesche
commented
4 months ago Yes, that could well be. At some point in the past, I changed the way services are called. Since then, they have been wrapped in an "execute_script" call. This has the advantage that template expressions can be used in the service data object, which are then resolved on the Home Assistant side. Since execute_script essentially allows everything, it might be restricted to admin users.
I know that using admin users is not generally accepted as good practice :D - maybe (but with low prio) I will make the service-call-wrapping optional somehow.
gravok
commented
4 months ago Yes, that could well be. At some point in the past, I changed the way services are called. Since then, they have been wrapped in an "execute_script" call. This has the advantage that template expressions can be used in the service data object, which are then resolved on the Home Assistant side. Since execute_script essentially allows everything, it might be restricted to admin users.
Ah that explains it I think. I was looking through the git blames from HA side and was seeing no changes in the structure of the API concerning the execute_script command. This command has been admin_only for 3 years now.
I know that using admin users is not generally accepted as good practice :D - maybe (but with low prio) I will make the service-call-wrapping optional somehow.
Using admin accounts is most certainly non-optimal. However, at least in my case, it is risk-wise not really relevant. Having both the stream deck running as well as my long term valid admin session cookie on the same machine - a smart attacker would always opt for the long-term admin token ;).
The issue has been resolved for me. Thank you very much.
I am unable to trigger actions from the Streamdeck anymore. It had worked for 2 years flawlessly with the same configuration. I had a brief look at the release notes of HA but saw nothing which seemed related to this issue.
I am seeing access denied log entries inside HA logs every time I press a button:
The config of an example button is: (redacted for readability):
Interestingly, sensors and so on are working just fine. However, no action bound to any button is working (lights, shutters, scenes, etc.)
I already tried generating another API token - however this did not change the situation at all.
Out of deperation - and in the lack of other options - I had a look at the traffic inside the websocket. I can clearly see the request from the Plugin to HA
However - I can not see the answer from HA because Wireshark fails to decompress it...
Can you guide me to a way debugging this issue?
Versions: