Javvaz
commented
2 years ago Thanks for the information. I can confim it. I appreciate your work and look forward to hearing from you soon.
Closed guerrerotook closed 2 years ago
Javvaz
commented
2 years ago Thanks for the information. I can confim it. I appreciate your work and look forward to hearing from you soon.
albertruizalonso
commented
2 years ago I was going crazy! Mistakes with the integration of "Securitas" It doesn't work right now. When I enter the "Securitas" website, I also had a password error, forcing me to change it. I guess that must be the same problem驴?馃槴馃槴
alnavasa
commented
2 years ago +1
guerrerotook
commented
2 years ago Solved on latest release. https://github.com/guerrerotook/securitas-direct-new-api/releases/tag/V1.3.0.0
Javvaz
commented
2 years ago Thanks for the new version.
I am checking and it seems it has still some issue in order to operarte with Securitas Web API. Even though it is able to loggin, it seems it has some issue when you try to operate with: disarm, armed total, ... I got always the same warning messages when I try to execute any operation: 2022-06-17 09:04:54 ERROR (MainThread) [custom_components.securitas.securitas_direct_new_api.apimanager] Tu Alarma est谩 gestionando una solicitud anterior. Por favor, espera 90 segundos antes de realizar otra petici贸n (5 min si es una petici贸n de imagen). However if I try to operate from Website they work. Let me know how I can help you if you need further information.
Thanks in advance and regards. Javier
Javvaz
commented
2 years ago I am doing another test with check_alarm_panel paramenter false. I will let you know the result.
Regards Javier.
albertruizalonso
commented
2 years ago You're right, This night, I tried it and it apparently disconnected properly in the home assistant panel, but really, it was connected. Imagine the fright when it started ring at 2 am...馃ぃ馃ぃ馃ぃ馃ぃ Still, thank you very much. Really, you're a crack! @guerrerotook
Javvaz
commented
2 years ago First, thanks again for your altruist work.
I just finished my test with check_alarm_panel false. Now the issue is each time alarm operation execution is lanched, home assitant alarm status doesn't change. So I have added a script in order to check the alarm status afterward any alamar operation waiting 5 seconds before checking (to avoid a possible saturation). On that way it seems working, however it is very unstable and takes much time each execution.
I guess there will be another way to solve this in the code.
Let me know if you need further information or if you want me to do another test.
Regards Javier.
Javvaz
commented
2 years ago Deeping more in my reshearch.
After doing several tests with the paramenter check_alarm_panel with value false, I reached a conclusion.
The issue is that each time an alarm operation is executed from Home Assistant, it doesn't updatethe status alarm afterward execution.
I had understood that paramenter check_alarm_panel was only involved when you carried out directly some operation from the Securitas alarm panel (key, remote control, and so on), but doesn't when the operation was direclty lanched from Home Assistant. Please, let me know if I am wrong.
From the other hand, in order to solve the issue when you operate directly on the Securitas panel, I have added a script that check in Securitas side and update side the actully alarm status in Home Assistant each 5 minutes.
I hope having been usefull.
Regards. Javier.
guerrerotook
commented
2 years ago Let me take a look at this today. Thanks everyone for the comments and feedback.
guerrerotook
commented
2 years ago Let me take a look at this today. Thanks everyone for the comments and feedback.
javiermartingonzalez
commented
2 years ago Same here than Javier. Sometimes, HA not updating status after alarm change.
Checking Verisure app, 95% of times it's updated there so it automatically updates in HA in about 10 minutes. The other 5%, Verisure is not getting last status (showing disconnected when is recently connected), so I need to press Check status on Verisure app and then 10 minutes later, HA is updated.
@Javvaz Can you share the script with us to trigger that forcing get status without accessing Verisure app?
s3v
commented
2 years ago I had no success in using release V1.3.0.0 for logging in to the french graphql endpoint https://customers.securitasdirect.fr/owa-api/graphql. Maybe not all countries are using the same version on the graphql end.
I noticed that the ApiManager._generate_id() is returning timestamps that are too long versus those that they use on the FR endpoint. But even after modifying those to a maximum of 14 characters (eg id ending on ___20226172028859), i keep getting a commanderror as below:
CommandError: 400, message='Invalid header value char', url=URL('https://customers.securitasdirect.fr/owa-api/graphql')
After adding an "auth" and an "installation" header value of {} in the login request, the request passes successfully again. I'm not sure if you are seeing the same behavior on your graphql endpoint?
Edit: it seems that they are also expecting those on the ApiManager.check_general_status() request.
Javvaz
commented
2 years ago Dear @javiermartingonzalez
It is very simple. You only need to create an automation like below (please, remember to update "\<Securitas alarm entity name>" by your Security alarm entity name):
That automation will be execute each 5 minutes and the home assitant alarm status will be update from the Securitas status value.
On the other hand, for sure if you would like to execute that action in other automations or scripts, you could create a script with the automation action and call it from wherever you want.
Regards Javier.
guerrerotook
commented
2 years ago Thanks for the new version.
I am checking and it seems it has still some issue in order to operarte with Securitas Web API. Even though it is able to loggin, it seems it has some issue when you try to operate with: disarm, armed total, ... I got always the same warning messages when I try to execute any operation: 2022-06-17 09:04:54 ERROR (MainThread) [custom_components.securitas.securitas_direct_new_api.apimanager] Tu Alarma est谩 gestionando una solicitud anterior. Por favor, espera 90 segundos antes de realizar otra petici贸n (5 min si es una petici贸n de imagen). However if I try to operate from Website they work. Let me know how I can help you if you need further information.
Thanks in advance and regards. Javier
About this issue, regarless if you do that on the web app, mobile app or throught the API the result is the same. When the error is in Spanish (Tu Alarma est谩 gestionando una solicitud anterior. Por favor, espera 90 segundos antes de realizar otra petici贸n (5 min si es una petici贸n de imagen), that means that your alarm still processing a previous request and it can't make any new requests. That is something that something it happens depending on the network coverage of the central panel of your alarm. the only thing that we can do is wait.
guerrerotook
commented
2 years ago About this topic, there are two separate ways of checking the status of the alarm in the code.
So I add this flag in the configuration that basically only check the status of the alarm (first method) because it's fast and you don't need to make a request every 20 minutes.
Coming back to your script, you can set the check_alarm flag in the configuration to true and it will check your alarm panel directly every 20 minutes.
guerrerotook
commented
2 years ago I had no success in using release V1.3.0.0 for logging in to the french graphql endpoint https://customers.securitasdirect.fr/owa-api/graphql. Maybe not all countries are using the same version on the graphql end.
I noticed that the
ApiManager._generate_id()is returning timestamps that are too long versus those that they use on the FR endpoint. But even after modifying those to a maximum of 14 characters (eg id ending on ___20226172028859), i keep getting a commanderror as below:CommandError: 400, message='Invalid header value char', url=URL('https://customers.securitasdirect.fr/owa-api/graphql')
After adding an "auth" and an "installation" header value of {} in the login request, the request passes successfully again. I'm not sure if you are seeing the same behavior on your graphql endpoint?
Edit: it seems that they are also expecting those on the
ApiManager.check_general_status()request.
Thanks for the comment @s3v, you raised a very important issue that maybe not all the country are using the same version of the graph api on the backend. I'm using the service from Spain and you from France. I think that I need to rethink how I can handle all of these multiple version of the server side API so I can have these operations depending on the configuration of your country.
Given said that, I can debug the API from my side because I have access to the API in Spain, but I'm going to need your help in order to do the same for the Frend and other API versions as well.
Javvaz
commented
2 years ago Thanks for the information and your work. I appreciate it.
The issue now with setting check_alarm to false is the home assistant alarm status doesn't inmediatelly change after executing any alarm operation. However that is something was working fine in the previous version.
Regards. Javier.
guerrerotook
commented
2 years ago Thanks for the information and your work. I appreciate it.
The issue now with setting check_alarm to false is the home assistant alarm status doesn't inmediatelly change after executing any alarm operation. However that is something was working fine in the previous version.
Regards. Javier.
That is really weird, because when I do a arm or disarm operation on the API, afterwards it always returns the next status for the alarm. Like in my case, when you arm or disarm, you can see Arming flashing in the UI and the whatever status you can set the alarm to.
My recomendation would be that you increase the logger detail for the component and see how it goes.
logger:
default: error
logs:
custom_components.securitas: debugTo be honest I am not sure what is happening.
WIth check_alarm_panel true I always get the same messages "Tu Alarma est谩 gestionando una solicitud anterior. Por favor, espera 90 segundos antes de realizar otra petici贸n (5 min si es una petici贸n de imagen)", however if I execute the same operation in Securitas Website works fine.
With check_alarm_panel false. Everything works fine except the home asistant alarm status is not update each time I execute any operation, I have to force the update through out the script.
I wonder if it is related to that I have the Securitas Verisure alarm previous to the last one.
Thanks for your help.
Javier.
Javvaz
commented
2 years ago Dear @guerrerotook
Thanks again for your work and collaboration.
I just checked my Securitas account in the Securitas Website and now they are applying the 2FA, so when you are authenticating in the WebSite they ask you the phone number in order to send you a code before asking you the same one.
Now your integration is failing with the below message: 2022-06-21 17:49:53 ERROR (MainThread) [custom_components.securitas.securitas_direct_new_api.apimanager] Unauthorized
I checked with true and false in the check_alarm_panel parameter with the same error (it was clear that was not involved in that, but ... I tried it just in case)
I am not sure how you are thinking to solve it.
Regards.
guerrerotook
commented
2 years ago Dear @guerrerotook Luis Guerrero Guirado FTE
Thanks again for your work and collaboration.
I just checked my Securitas account in the Securitas Website and now they are applying the 2FA, so when you are authenticating in the WebSite they ask you the phone number in order to send you a code before asking you the same one.
Now your integration is failing with the below message: 2022-06-21 17:49:53 ERROR (MainThread) [custom_components.securitas.securitas_direct_new_api.apimanager] Unauthorized
I checked with true and false in the check_alarm_panel parameter with the same error (it was clear that was not involved in that, but ... I tried it just in case)
I am not sure how you are thinking to solve it.
Regards.
That is a tought one, because I need to see how the handle the second factor of authentication to integrate that in the code. But for my account still not asking for it.
jcorreaes
commented
2 years ago Same issue here. I had 2FA activated yesterday on the web access (not in the app yet). The integration is not working anymore. I'm afraid no way to deactivate it. They ask for a 6 digit pin sent to your mobile phone. It's not going to be easy to handle.
I'm from Spain, so @guerrerotook have you tried from Securitas app or webapp?
javiermartingonzalez
commented
2 years ago Same here, in Spain and 2FA in web from today. Mobile app not asking for it.
manolodh
commented
2 years ago Desde hace 2 d铆as ha dejado de funcionarme la integraci贸n, me aparece como "no disponible". Actualic茅 a tu 煤ltima versi贸n hace 5 d铆as e iba bien, pero desde el d铆a 21 por la tarde dej贸 de funcionar. El error que me da es el siguiente: Este error se origin贸 a partir de una integraci贸n personalizada.
Logger: custom_components.securitas.securitas_direct_new_api.apimanager Source: custom_components/securitas/securitas_direct_new_api/apimanager.py:106 Integration: Securitas Direct (documentation, issues) First occurred: 22 de junio de 2022, 17:55:30 (1 occurrences) Last logged: 22 de junio de 2022, 17:55:30
Unauthorized
otistarda
commented
2 years ago Desde hace 2 d铆as ha dejado de funcionarme la integraci贸n, me aparece como "no disponible". Actualic茅 a tu 煤ltima versi贸n hace 5 d铆as e iba bien, pero desde el d铆a 21 por la tarde dej贸 de funcionar. El error que me da es el siguiente: Este error se origin贸 a partir de una integraci贸n personalizada.
Logger: custom_components.securitas.securitas_direct_new_api.apimanager Source: custom_components/securitas/securitas_direct_new_api/apimanager.py:106 Integration: Securitas Direct (documentation, issues) First occurred: 22 de junio de 2022, 17:55:30 (1 occurrences) Last logged: 22 de junio de 2022, 17:55:30
Unauthorized
A mi me paso exactamente lo mismo desde el dia que indicas, hoy he desinstalado toda la integracion e reiniciado he vuelto a instalarla desde cero y ahora esta funcionando, puedes probar.
DNKROZ
commented
2 years ago A mi me paso exactamente lo mismo desde el dia que indicas, hoy he desinstalado toda la integracion e reiniciado he vuelto a instalarla desde cero y ahora esta funcionando, puedes probar.
Hoy intent茅 esto sin mucha esperanza pero curiosamente funcion贸, la web me pide el doble factor, pero ahora la integraci贸n ha vuelto a funcionar tras borrarlo todo y volver a instalar... pero ni idea de por qu茅.
I tried this today not hoping for it to work but oddly enough, it worked!, website still asks me for 2FA, but the integration is working again after purging everything and reinstalling... don't have clue about why though.
Fireful
commented
2 years ago Desde hace 2 d铆as ha dejado de funcionarme la integraci贸n, me aparece como "no disponible". Actualic茅 a tu 煤ltima versi贸n hace 5 d铆as e iba bien, pero desde el d铆a 21 por la tarde dej贸 de funcionar. El error que me da es el siguiente: Este error se origin贸 a partir de una integraci贸n personalizada. Logger: custom_components.securitas.securitas_direct_new_api.apimanager Source: custom_components/securitas/securitas_direct_new_api/apimanager.py:106 Integration: Securitas Direct (documentation, issues) First occurred: 22 de junio de 2022, 17:55:30 (1 occurrences) Last logged: 22 de junio de 2022, 17:55:30 Unauthorized
A mi me paso exactamente lo mismo desde el dia que indicas, hoy he desinstalado toda la integracion e reiniciado he vuelto a instalarla desde cero y ahora esta funcionando, puedes probar.
A mi me pas贸 lo mismo y he intentado esto mismo de reinstalar. He desinstalado la que ten铆a, reiniciado, y cuando voy a instalar, s贸lo me aparece la integraci贸n de "Securitas Direct" (Antes tambi茅n aparec铆a una llamada "Securitas") y cuando intento instalarla, me pide usuario y contrase帽a y me da error "Unknown error occurred"
otistarda
commented
2 years ago Desde hace 2 d铆as ha dejado de funcionarme la integraci贸n, me aparece como "no disponible". Actualic茅 a tu 煤ltima versi贸n hace 5 d铆as e iba bien, pero desde el d铆a 21 por la tarde dej贸 de funcionar. El error que me da es el siguiente: Este error se origin贸 a partir de una integraci贸n personalizada. Registrador: custom_components.securitas.securitas_direct_new_api.apimanager Fuente: custom_components/securitas/securitas_direct_new_api/apimanager.py:106 Integraci贸n: Securitas Direct (documentaci贸n, problemas) Ocurri贸 por primera vez: 22 de junio de 2022, 17:55:30 (1 ocurrencias) 脷ltima logueado: 22 de junio de 2022, 17:55:30 No autorizado
A mi me paso exactamente lo mismo desde el dia que indica, hoy he desinstalado toda la integracion y reiniciado he vuelto a instalarla desde cero y ahora esta funcionando, puedes probar.
A mi me pas贸 lo mismo y 茅l intent贸 esto mismo de reinstalar. He desinstalado la que ten铆a, reiniciado, y cuando voy a instalar, s贸lo me aparece la integraci贸n de "Securitas Direct" (Antes tambi茅n aparec铆a una llamada "Securitas") y cuando intento instalarla, me pide usuario y contrase帽a y me da error "Unknown Se produjo un error"
Eso me paso a mi tambien, asegurate de que no quede nada, desinstalala de HACS y si tienes Shamba asegurate que en la carpeta custom components tampoco haya nada de securitas, reinicia antes de instalar e intentalo de nuevo y por supuesto asegurate que usuario y contrase帽a sea la de tu alarma. Suerte.
javiermartingonzalez
commented
2 years ago Yo ni he reinstalado, ayer no funcionaba... y hoy de repente est谩 funcionando.
A ver hasta cu谩ndo dura, web sigue pidiendo 2FA
guerrerotook
commented
2 years ago Madre m铆a que cantidad de casos raros que estamos teniendo co la API. En otra issue menciona que hay que refrescar el token cada 5 minutos y no cada 20 como lo tengo ahora mismo. He pedido que me digan lo que han modificado para intentar hacer que esta cosa funcione.
Muchas gracias a todos por los comentarios!
Javvaz
commented
2 years ago Ahora falla otra vez incluso con intervalo de 5 minutos a la hora de refresecar el token.
Gracias por tu trabajo y saludos.
otistarda
commented
2 years ago I don't know what they've done but I'm afraid it's a HA thing throughout the day Securitas, ZHA and Sonoff Lan have stopped working What a mess
jsole
commented
2 years ago A mi tambi茅n me est谩 fallando desde hace unas horas... 驴@guerrerotook has conseguido averiguar que est谩n cambiando?
Un saludo y gracias por todo!
javiermartingonzalez
commented
2 years ago It seems to be something with HA new release. It was working but after updating, Securitas and Switchbot stop working
otistarda
commented
2 years ago Se sabe algo nuevo de Securitas?
guerrerotook
commented
2 years ago Yo estoy mirando la integraci贸n con el c贸digo fuente de la 煤ltima versi贸n. Dadme un poco de tiempo.
rlcobos2
commented
2 years ago I don't know what they've done but I'm afraid it's a HA thing throughout the day Securitas, ZHA and Sonoff Lan have stopped working What a mess
Sorry to the group, because offtopic response.
@otistarda, i have the same problems,
ZHA ( at the end unique real solution was delete zigbee.db and reassign each device to the network ), hard job, but, at least it's solved and i can forgot it.
Sonoff ( suppouse you are using alexxit integration like me ), they have a new update fixing the problem
Securitas direct. Still waiting to @guerrerotook availability to fix this new change in securitas part.Sorry for the offtopic.
guerrerotook
commented
2 years ago Hello everyone,
An update of the second factor of authentication. I started the job of integrating this here, https://github.com/guerrerotook/securitas-direct-new-api/tree/otp_challange
I made progress and I'm able to list the customer phone, select one phone and then receive the SMS and validate that the config flow works. From there we can have a funcional system.
There are some edges that need to be fixed, like, how to handle refresh tokens from the API instead of login again. (this will make the integration to ask for the code every hour, something that is not possible).
Bear with me on this, I'm working as fast as I can.
otistarda
commented
2 years ago Como vamos @guerrerotomo es solo un mensaje de animo :)
guerrerotook
commented
2 years ago Te respondo en espa帽ol y en ingl茅s despu茅s!
Espa帽ol Pues por ahora la integraci贸n funciona con el tema de la autenticaci贸n de SMS y tengo el config flow configurado para que te vayan saliendo unas ventanas en el HA que te piden el m贸vil que tienes registrado y todo eso. Hasta ah铆 bien, pero el problema fundamental es que no se que API utilizan para refrescar el token.
Cuando te aut茅nticas te dan un token para iniciar sesi贸ny otra cosa llamada refreshToken, este segundo token se utiliza para volver a pedir un token sin tener que volver a iniciar sesi贸n. Es lo que utilizan las aplicaciones m贸viles para iniciar sesi贸n. El problema es que la version web de la aplicaci贸n no expone esa API y no se como se hace. Nuestra opci贸n ser铆a ver si podemos bajarnos el APK de la version de Android para ver que html/javascript se descarga en esa version e intentar solucionarlo. Pero siendo sinceros la cosa est谩 complicada.
La unica alternativa es que, cada 30 minutos la integraci贸n dejar铆a de funcionar y te pedir铆a iniciar sesi贸n otra vez. Cosa que es imposible.
Si alguien sabe c贸mo bajarse el APK de la app y descompilarlo ser铆a ideal.
English version. The current status of the ignoration is that we are able to login and request an SMS for the 2FA and it works. The integration with HA is also done and inside the config flow you are being presented with a UI where you can select your phone number and input the SMS code to authenticate.
Given said that, the issue right now is that as part of the login process there is two tokens, the authentication token, and the refresh token. The refresh token is being used to refresh the authentication token for mobile applications. But on the web version of the app this API and the javascript code are not being exposed. My only hope is to download the Android APK and see how the version for mobile includes this API and we can use it also to refresh the token.
The only possible alternative right now is to manually login every 30 minutes with the SMS challenge, something that is super annoying.
If someone knows how to download the APK and decompile would be fantastic.
siom7
commented
2 years ago Hello @guerrerotook ! Thanks for your time and your hard work. I think about Bluestack (Android emulator on Windows) to download Verisure Android APP but I don't know if it can help you it's just an idea and maybe you already try it.
otistarda
commented
2 years ago We'll keep an eye out, I'm sure you'll get it. Thanks for taking so much trouble.
jsole
commented
2 years ago Maybe you can use wireshark to listen to the connections the app is doing and get some information, at least the url it's calling. The info will be encrypted due to the https, but maybe you can get something interesting.
joaoestevinho
commented
2 years ago Hello @guerrerotook,
To begin with, thank you for having so much trouble with this.
I was looking into the web requests in the browser inspector and something caught my attention:
You may have already tried this, but I wonder if the "trusted device" is stored server-side, and if so, if we can make up some device by filling those fields with some randomly generated constant data it might return a valid session afterwards in the first mkValidateDevice efectively skipping the need for the OTP.
I did try to pull your branch to try it but was unable to get it running on my HA for some reason.
pmcastro10
commented
2 years ago Animo y gracias por tus esfuerzos... pedir ayuda con lo de la app a Securitas ni de broma, no?...
Saludos
guerrerotook
commented
2 years ago Hello @guerrerotook,
To begin with, thank you for having so much trouble with this.
I was looking into the web requests in the browser inspector and something caught my attention:
- There is this method call "mkValidateDevice" which first returns "Unauthorized" and only after the OTP is correctly sent will return the hash and refreshToken.
- The webapp always requires a new OTP on every login ands sends no arguments in mkValidateDevice except for the OTP in the security header of the 2nd call
This method however can receive a few arguments going by the signature in the request:
- $idDevice: String, $idDeviceIndigitall: String, $uuid: String, $deviceName: String, $deviceBrand: String, $deviceOsVersion: String, $deviceVersion: String
You may have already tried this, but I wonder if the "trusted device" is stored server-side, and if so, if we can make up some device by filling those fields with some randomly generated constant data it might return a valid session afterwards in the first mkValidateDevice efectively skipping the need for the OTP.
I did try to pull your branch to try it but was unable to get it running on my HA for some reason.
What you described is correct. The missing part was the RefreshLogin operation.
They don't send the code for the refresh operation in the javascript code for the web app.
guerrerotook
commented
2 years ago Goods news everyone, I found the refreshlogin operation and I started the integration.
For now the API throws an error 500 but I need to keep investivating if this thing works or not.
jmatiasGH
commented
2 years ago 脕nimo Guerrerotook! Gracias por tus grandes esfuerzos y esta gran integraci贸n. No tengo mucho tiempo pero si puedo de alguna forma colaborar de alg煤n modo, aunque sea haciendo pruebas me dices.
guerrerotook
commented
2 years ago Buenas noticias!! Ya he conseguido capturar el tr谩fico TLS de la app de android y ya tengo todo lo necesario. Adem谩s esta semana empiezo dos semanas de vacaciones y me voy a poner a tope con eso.
Voy a cambiar bastantes cosas y simular que es un dispositivo Android en vez de la web que es ahora.
Good news everyone, I successfully capture the TLS traffic in the Android app and now I have everything I need to continue. These next two weeks I will on vacations and I will have a lot of free time.
There are going to be a lot of changes in the code because I'm going to simulate that I'm a Android device instead of the web app.
Securitas Direct changed the login API in the web application and now the integration is broken.
Working on this.