search

greghesp / ha-bambulab

A Home Assistant Integration for Bambu Lab Printers
967 stars 85 forks source link

[Bug] Cloudflare blocking retrieving slicer settings even with valid authentication token #689

Open AdrianGarside opened 3 hours ago

AdrianGarside commented 3 hours ago

Describe the bug

Neither the requests nor httpx libraries are able to get past cloudflare now.

To Reproduce

.

Expected Behaviour

.

What device are you using?

A1

Diagnostic Output

.

Log Extracts

No response

Other Information

No response

AdrianGarside commented 3 hours ago

Not just slicer settings - login is blocked again.

kanflo commented 3 hours ago

Oddly, curl in bash does just fine:

curl -X POST -H 'Content-Type: application/json' -d '{"email":"____________","type":"codeLogin"}' https://bambulab.com/api/v1/user-service/user/sendemail/code

followed by

curl -X POST -H 'Content-Type: application/json' -d '{"account":"____________","code":"____________"}' https://api.bambulab.com/v1/user-service/user/login

receives an access token that claims a validity of 360 days ("expiresIn":31104000,"refreshExpiresIn":31104000), that we need to save. Hopefully it really is valid for 360 days.

Setting this access token in self._auth_token instead of calling any of the login methods in BambuCloud makes things work:

HTTP Request: GET https://api.bambulab.com/v1/user-service/my/tasks "HTTP/2 200 OK"
Task: {'id': ______, 'designId': 0, 'designTitle': '', 'designTitleTranslated': '', 'instanceId': 0, 'modelId': '______, 'title': 'Keychain', 'cover': 'https://or-cloud-model-prod.s3.dualstack.us-west-2.amaz ...

Then again, the curl solution might just croak tomorrow. BambuLab needs to chill a bit.

AdrianGarside commented 3 hours ago

You're following a slightly different login path there - that's requesting a one time password. Which is a valid connection mechanism now and I was considering how to add that as an option to the login flow. The current failure is on the initial login with password that now gets told to request the one time login code instead.

But as I think about that more - if normal login is now always told to request a one time password, that first failing call is kind of pointless - may as well just go straight to requesting the one time code.

Slicer settings is, however, still being rejected despite having a valid authentication Token so that wouldn't fix this case.

kanflo commented 3 hours ago

The path is different, that is true. With curl, this:

curl -X POST -H 'Content-Type: application/json' -d '{"account":"____________","password":"____________"}' https://api.bambulab.com/v1/user-service/user/login

responds with

{"accessToken":"","refreshToken":"","expiresIn":0,"refreshExpiresIn":0,"tfaKey":"","accessMethod":"","loginType":"verifyCode"}

so we seem to have some kind of forced 2FA.

kanflo commented 3 hours ago

So you mean the cloud MQTT connection does not work even with a curl:ed access token?

AdrianGarside commented 3 hours ago

Your curl command is also being cloudflared for me - seems that this is region specific or maybe I've been blacklisted from too many login attempts?

AdrianGarside commented 3 hours ago

And the straight to one time code request path is also being cloudflared (for me). So even if I were to skip the first password login attempt it wouldn't help.

kanflo commented 2 hours ago

Geez. I guess we need to try and put pressure on BambuLab to relax a little. I can fully understand why they do not want people to abuse their API but this level of "cloudflareness" is a tad bit ridiculous.