Authentication expired - Unable to log in - _csrf cookie does not exist

[mgeeky]

Hi there! :)

Thank you for the terrific integration you have put together here, outstanding piece of work!

I'm just reaching to let you know, that there might be some hiccups with the re-authentication and possibly missing _csrf cookie assumed as coming back in response from APIs.

Recently Home Assistant (core ver 2024.4.4 - OS 12.2 ) told me that my Aquarea authentication expired.

Here's what it's thrown:

2024-04-28 23:31:01.788 ERROR (MainThread) [custom_components.aquarea.config_flow] Unexpected exception
Traceback (most recent call last):
  File "/config/custom_components/aquarea/config_flow.py", line 144, in _validate_input
    await self._api.login()
  File "/usr/local/lib/python3.12/site-packages/aioaquarea/core.py", line 274, in login
    await self.__login_production()
  File "/usr/local/lib/python3.12/site-packages/aioaquarea/core.py", line 334, in __login_production
    csrf = response.cookies.get("_csrf").value
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'value'

I've seen your v0.7.1 version linked in Panasonic changed their login system issue and installed it (by overwriting custom_components directory but this didn't help in the end.

So I thought I might just open the issue in here for your tracking :)

Best!

[cjaliaga]

Thanks a lot @mgeeky. If csrf is not coming back on that response probably there was something wrong with the previous request:

https://github.com/cjaliaga/aioaquarea/blob/9348dd47b2c13163c45748ed513853646b5b27dd/aioaquarea/core.py#L328-L332

I'm not sure what's the best way of handling this from a Home Assistants point of view because I'm not sure what's the real error that you're having here (or any user). I already handle when the username/password is incorrect but where it failed... it didn't reach yet into a place where the credentials are being sent, meaning that it shouldn't be related to the account... So, perhaps a retry should help here?

Is the integration working for you right now?

[mgeeky]

Thanks for getting back to me on this one. So, I'm also clueless as to where it breaks and sadly no, it doesn't work for me at the moment.

I might workaround it in a hacky way by authenticating to the that endpoint then snatching session cookies then substituting them whenever your integration keeps them cached. But to do so, would like to know what could be the best place to to "plant" acquired session cookies (in order to manually authenticate and keep the integration happy)?

Best!

[mgeeky]

Alright, after toying with the library directly and capturing HTTP flow, I was able to pinpoint it down to "Invalid username or password" which was weird as I was using these creds for a few months now without any issues. It turned out Panasonic demanded me to sign up for a two-factor authentication on that account and they must have marked my account as "disabled" or so. After logging in manually via Web UI and adding my phone as a second factor, I was able to log into the integration as expected.

I think it's fair to close it now as the issue was never related to the codebase :)

Best regards!

[cjaliaga]

@mgeeky believe it or not, I thought about that (not having added the phone to the account) while walking my dog and was about to write that and you just found it 😂

Glad it finally works for you!