Closed breenstorm closed 4 years ago
Same issues as the pinned issue; #582
There is no mention of the api returning 403 in that issue, mainly things regarding basic auth (which I do not use, I use login page) and behaviour on invalid credentials.
if you look at the api calls that domoticz does after login, you'll probably see that web is doing the next login call:
GET /json.htm?type=command¶m=logincheck&username=%username%&password=%password%
But this logincheck is deprecated... so you should update your system.
More info on this also on the forum: https://www.domoticz.com/forum/viewtopic.php?f=37&t=8884&p=246711#p246711
Look at my carefully constructed capture. The app is doing a GET for the login call with the username and password in the url (the 'really old' method).
If this is deprecated but the app still seems to use the deprecated version anyway, how can it be the cause of the next call (GET /json.htm?type=command¶m=getconfig) returning 403? No matter what call, there should be some kind of token or session and the app is clearly not referencing any of them in the call after login.
Ok let me run some test
If I can make a suggestion; choose on what version to support and put minimum required version of Domoticz in your releasenotes on Google Play. Maybe even do a check before login with a notice your domoticz is outdated.
I am very satisfied with this app so far (which is why I paid for the premium, while I'm not using any of the benefits premium offers) and being a developer myself I truly understand the wonky codebase and undocumented major changes in the api of domoticz are a real pain in the ***, but if you are clear about what to expect (which version supported f.i.) then I wouldn't have bothered you knowing it is me who failed to keep my software up to date (and I could have acted on this by disabling updating for your app as long as I didn't upgrade my domoticz).
You may also know that the wonky codebase and the bugs every new version of domoticz comes with is the major reason for people not updating, at least for me ;-)
Good luck on finding the issue and let me know if there is anything I can help with.
Thats a good suggestion, but I only have 2 test systems available to test.. so most of the times I just can't know the minimal compatibility version.
But if you compare it with for example Philips Hue.. they just tell you in the app to update your base station.. they also don't have that much backwards compatibility. maybe a couple of versions... but they have proper versioning in their api;s.. which domoticz doesn't have...
so its a pain 🗡️
Could you maybe make an users for me that can toggle one dummy device on your system and send the credentials to domoticz@hnogames.nl ?
You have mail. Sorry for the delay, I was battling some of Domoticz's quircks.
New version is coming v0.2.217
Confirming it is fixed in the latest version.
Sweet
Describe the bug Since one of the last updates, both lite and premium are unable to connect. 'Oops' page appears saying credentials are invalid. No settings on both the app and the server were changed. Credentials are verified and correct and were working just fine before the update.
To Reproduce Open app, error appears.
Expected behavior App should connect.
Screenshots Screenshot
Smartphone (please complete the following information):
Additional context I ran a tcpdump on the server side and can see the auth is successful but the resulting SID cookie is not sent in the request right next after auth, so Domoticz replies http 403.
Here is the dump (with credentials removed);