Authentication doesn't work on UNVR

[michaelyork]

I think the new UniFiOS setup breaks some assumptions around auth.

[danielfernau]

Yes, I can confirm that there's a problem with the authentication on the new OS. The API is slightly different compared to the CloudKey. As soon as I have some time I'll have a look. Will post relevant updates here; thanks for creating the ticket!

[michaelyork]

Thanks for taking a look! Excited to help test and use once you're ready.

[evanpalumbo]

Any news on this? Going to try to troubleshoot in the next couple days, just making sure there wasn't any progress before I do. PS: I'm getting a success message on getting the API key but the download fails with a 500 Internal Service Error. I'm assuming this is the same issue

[danielfernau]

Hi @evanpalumbo

Yes, yesterday we merged an update into the v2.0.0 branch which includes a docker-compose file for an API Proxy. This should allow the app to communicate with UDM-based installations. Documentation on how to get things up and running can be found in the README. Let us know if it works!

cc @michaelyork

[jsbenjamins]

Dear Daniel,

perhaps related, so posting it here. I ran your version one code and it worked fine in terms of downloading mulitple one hour recordings from a Unifi Protect system, but all of a sudden I am getting this errors 10060 when the version one script calls urllib3 in doing the authorization POST request (it mentions failing due to max retries exceeded, but I'm guessing it is actually the script just not being able to authorize anymore, as there are no retries on POST request by default). Do you think this is the same bug? Or have I run into something new here?

EDIT: from the Unifi Protect web interface I am still able to download short video clips.

EDIT2: copying parts of the code bit by bit to a new file allowed me to export video's via the script again together with setting a high max for downloads-before-key-refresh and downloads-before-auth-refresh. I'm just wondering: does the script release the keys and authorization properly or was that perhaps blocking my downloads?

kind regards Jeroen Benjamins

[danielfernau]

@jsbenjamins

Hi Jeroen Yes, these issues are closely related. A few days ago I've started experimenting with a different authentication method: Session-based instead of Token-based. This might solve the current problems around authentication.

However, it's still a work in progress and not yet ready for testing. Some code cleanup is required before I can really get started on implementing all the changes around authentication. Also, I have to see if both UDM and CloudKey support the Session-based approach properly.

Right now user authentication and API tokens do not always work as expected. For example, the entire idea behind limiting the number of times a token can be used for downloading files before being refreshed is actually just a workaround since the Protect side of things is basically a "black box." The way the tool works at the moment is mostly based on what we're able to see on the network-level when looking at the communication between the browser and the CloudKey/UDM.

We're still actively maintaining the project and there will definitely be some updates in the near future!

Best Daniel

[jsbenjamins]

@danielfernau

Hi Daniel,

thanks for getting back to me and looking forward to the new solution. Greatly appreciated that you took the effort to build something that should have been basic functionality of the provided software by Unifi.

For now, my bit-by-bit copied code and hardcoding some addresses seems to work for me (the second edit). I also for good measure, not sure whether this affects it or not, logout out of Protect, kill Chrome and then restart Chrome and log in again.

kind regards Jeroen

[danielfernau]

Hi @michaelyork , @evanpalumbo and @jsbenjamins

Thanks for your patience!

A new release – v2.0.1 – is now available. The tool should now be fully compatible with Protect servers on UniFi OS systems. Let me know in case you encounter any issues with the new version.

[jsbenjamins]

Dear Daniel,

thanks for the update. Quick question from my side. I am still using the 1.x version of your script in combination with Cloudkey Gen 2 and Unifi Protect 1.12. Do you know whether upgrading Unifi Protect to version1.13.7 will break your script? In other words, has anything changed in the export or authorisation methods in the newer version of Unifi Protect? Looking at the changelog I don't see anything suspicious except for something called 'Major video pipeline refactor' which worries me a bit.

kind regards Jeroen

---

Assistant Professor Experimental Psychology, Helmholtz Institute Social, Health and Organisational Psychology Utrecht University | Heidelberglaan 1 | 3584 CS Utrecht, room H1.03 | +31 30 253 1244 WWW: University - personal pagehttps://www.uu.nl/staff/JSBenjamins | LinkedINhttps://www.linkedin.com/in/jsbenjamins/ | Personal pagehttp://www.jsbenjamins.nl

Disclaimer: This e-mail message, including any attachments, is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and/or confidential. Any use, dissemination, distribution and/or reproduction of this message and/or any attachments by unintended recipients is unauthorized and may be unlawful.

---

From: Daniel Fernau @.> Sent: Sunday, May 2, 2021 13:50 To: unifi-toolbox/unifi-protect-video-downloader @.> Cc: Benjamins, J.S. (Jeroen) @.>; Mention @.> Subject: Re: [unifi-toolbox/unifi-protect-video-downloader] Authentication doesn't work on UNVR (#25)

Hi @michaelyorkhttps://github.com/michaelyork , @evanpalumbohttps://github.com/evanpalumbo and @jsbenjaminshttps://github.com/jsbenjamins

Thanks for your patience!

A new release – v2.0.1https://github.com/unifi-toolbox/unifi-protect-video-downloader/releases/tag/v2.0.1 – is now available. The tool should now be fully compatible with Protect servers on UniFi OS systems. Let me know in case you encounter any issues with the new version.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/unifi-toolbox/unifi-protect-video-downloader/issues/25#issuecomment-830797151, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AB23CRYJBFEB6EWDUGMFZCDTLU37BANCNFSM4MJDF6MQ.

[danielfernau]

Hello @jsbenjamins

You're welcome! As for your question: I think unless you update the CloudKey's firmware, you should be fine. The current FW would update the UCK2+ to UniFi OS, which, by the way, works quite well – at least with my separate, secondary test configuration over here (I'm primarily using a UDM-Pro setup). Updating it to the latest Protect app version the UCK WebUI offers you – but without updating the underlying firmware – shouldn't change much in terms of API compatibility with the old script. But proceed with caution and at your own risk as I have not tested that scenario. The "Major video pipeline refactor" probably just means that they've updated some internal code to make exporting/streaming a bit faster (just a guess, though).

FYI: you can theoretically migrate to the new v2.x release any time, as it also supports accessing devices running older firmware (as documented in the project's README). And in case you update to UniFi OS someday, just modify the parameters slightly.

Whichever option you choose in the end: with v2.x you can either use the pre-configured Docker container, or have a look at the BUILD.md file to get an idea how you can run it without setting up a Docker environment. Just let me know if you need help setting it up outside a Docker container if that's what you're looking for / need to do.

Best Daniel