search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
71.2k stars 29.85k forks source link

Unable to configure Unifi. Authentication loop #108658

Closed titiviking closed 7 months ago

titiviking commented 7 months ago

The problem

I'm trying to configure the Unifi integration. Providing all details with local user, it times out and fails...

Looking at debug logs, login is happening properly, but any subsequent request fails with 401. Example snipped of logs added below

What version of Home Assistant Core has the issue?

2024.1.3

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

unifi

Link to integration documentation on our website

No response

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

2024-01-22 16:11:49.137 DEBUG (MainThread) [aiounifi.interfaces.connectivity] sending (to https://192.168.10.1:443) get, None, {'allow_redirects': False}
2024-01-22 16:11:49.160 DEBUG (MainThread) [aiounifi.interfaces.connectivity] received (from https://192.168.10.1:443) 200 text/html <ClientResponse(https://192.168.10.1:443) [200 OK]>
<CIMultiDictProxy('Server': 'nginx', 'Date': 'Mon, 22 Jan 2024 15:11:49 GMT', 'Content-Type': 'text/html', 'Content-Length': '826', 'Last-Modified': 'Mon, 01 Jan 2024 02:17:08 GMT', 'Connection': 'keep-alive', 'Etag': '"659220a4-33a"', 'Expires': 'Mon, 22 Jan 2024 15:11:48 GMT', 'Cache-Control': 'no-cache', 'Access-Control-Allow-Credentials': 'false', 'Access-Control-Expose-Headers': 'Content-Disposition, Content-Range, Filename, Location, Range, Upload-Length, Upload-Offset, X-Connection-Type, X-Csrf-Token, X-File-Id, X-Token-Expire-Time, X-Updated-Csrf-Token', 'Referrer-Policy': 'no-referrer', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'X-Content-Type-Options': 'nosniff', 'X-DNS-Prefetch-Control': 'off', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'Accept-Ranges': 'bytes')>
2024-01-22 16:11:49.161 DEBUG (MainThread) [aiounifi.interfaces.connectivity] data (from https://192.168.10.1:443) b'<!doctype html><html lang="en"><head><meta charset="utf-8"><link rel="icon" href="/favicon.ico?v3" sizes="any"><link rel="icon" href="/favicon.svg?v3" type="image/svg+xml"><link rel="apple-touch-icon" href="/apple-touch-icon.png?v3"><title>UniFi OS</title><meta name="viewport" content="width=device-width,initial-scale=1"><script>window.UNIFI_OS_MANIFEST = {"model":{"id":"UDMPROSE","shortName":"UDM SE","longName":"UniFi Dream Machine SE"},"images":{"small":"/assets/images/small.png?udmprose-2.0.0","medium":"/assets/images/medium.png?udmprose-2.0.0","large":"/assets/images/large.png?udmprose-2.0.0","huge":"/assets/images/huge.png?udmprose-2.0.0"}}</script><script defer="defer" src="/main.8aa98e7b9c40b76fd5bf.js"></script><link href="/main.0e9197a3.css" rel="stylesheet"></head><body><div id="root"></div></body></html>'
2024-01-22 16:11:49.161 DEBUG (MainThread) [aiounifi.interfaces.connectivity] Talking to UniFi OS device: True
2024-01-22 16:11:49.161 DEBUG (MainThread) [aiounifi.interfaces.connectivity] sending (to https://192.168.10.1:443/api/auth/login) post, {'username': 'ha-user', 'password': '>My_secure_redacted_password>', 'remember': True}, {}
2024-01-22 16:11:49.487 DEBUG (MainThread) [aiounifi.interfaces.connectivity] received (from https://192.168.10.1:443/api/auth/login) 200 application/json <ClientResponse(https://192.168.10.1:443/api/auth/login) [200 OK]>
<CIMultiDictProxy('Server': 'nginx', 'Date': 'Mon, 22 Jan 2024 15:11:49 GMT', 'Content-Type': 'application/json; charset=utf-8', 'Content-Length': '6555', 'Connection': 'keep-alive', 'Set-Cookie': 'TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI3Mjk2MTEwZS0xNzA4LTQ4M2QtODBjZC03ZDRhODBhNWU4YzIiLCJ<partially_redacted>ksImV4cCI6MTcwNTk0MzUwOSwianRpIjoiNDRkM2M2YzAtNGUzNy00NWY3LWEyMzctZTM1MWNiZTUzYjAwIn0.G<redacted>QJ69oBWWzutA; path=/; expires=Mon, 22 Jan 2024 17:11:49 GMT; samesite=none; secure; httponly', 'x-updated-csrf-token': '4c475138-fd51-43f6-ba96-e0571ee4aa34', 'x-token-expire-time': '1705943509319', 'X-Response-Time': '310ms', 'Access-Control-Allow-Credentials': 'false', 'Access-Control-Expose-Headers': 'Content-Disposition, Content-Range, Filename, Location, Range, Upload-Length, Upload-Offset, X-Connection-Type, X-Csrf-Token, X-File-Id, X-Token-Expire-Time, X-Updated-Csrf-Token', 'Referrer-Policy': 'no-referrer', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'X-Content-Type-Options': 'nosniff', 'X-DNS-Prefetch-Control': 'off', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Csrf-Token': '4c475138-fd51-43f6-ba96-e0571ee4aa34')>
2024-01-22 16:11:49.488 DEBUG (MainThread) [aiounifi.interfaces.connectivity] data (from https://192.168.10.1:443/api/auth/login) b'{"id":"7296110e-1708-483d-80cd-7d4a80a5e8c2","unique_id":"7296110e-1708-483d-80cd-7d4a80a5e8c2","first_name":"ha-user","last_name":" ","alias":"","full_name":"ha-user ","email":"","user_email":"","radius_username":"","email_status":"UNVERIFIED","email_is_null":true,"phone":"","avatar_relative_path":"","avatar_rpath2":"","avatar_encoded":"","status":"ACTIVE","employee_number":"","create_time":1705911532,"extras":{},"username":"ha-user","local_account_exist":true,"password_revision":1705935524,"only_ui_account":false,"only_local_account":true,"sso_account":"","sso_uuid":"","sso_username":"","sso_picture":"","uid_sso_id":"","uid_sso_account":"","uid_account_status":"","groups":[{"unique_id":"35f3506f-7181-4bf6-8b4b-184d215e33f0","name":"Dream-Machine-Special-Edition","up_id":"","up_ids":null,"system_name":"Dream-Machine-Special-Edition","create_time":"2023-12-31T17:11:12+01:00"}],"roles":[{"unique_id":"faad0749-024d-4d9b-bb7a-884c6fdf7083","name":"Super Admin","system_role":true,"system_key":"super_administrator","level":2,"create_time":"2023-10-12T15:35:07+02:00","update_time":"2023-10-12T15:35:07+02:00","is_private":false}],"permissions":{"access.management":["admin"],"calculus.management":["admin"],"connect.management":["admin"],"drive.management":["admin"],"innerspace.management":["admin"],"led.management":["admin"],"network.management":["admin"],"olympus.management":["admin"],"protect.management":["admin"],"system.management.location":["admin"],"system.management.user":["admin"],"talk.management":["admin"]},"scopes":["write:protect.viewer","write:protect.user:$","write:protect.user","write:protect.sensor","write:protect.schedule","write:protect.nvr","write:protect.light","write:protect.legacyUFV","write:protect.group","write:protect.doorlock","write:protect.display","write:protect.deviceGroup","write:protect.chime","write:protect.camera","write:protect.bridge","view:wifi","view:vpn","view:user_timezone","view:user","view:update","view:unifi-os:user","view:systemlog","view:settings","view:role","view:permission:viewer","view:permission:admin","view:permission","view:os-menu:user","view:os-menu:system-log","view:os-menu:storage","view:os-menu:settings","view:os-menu:notify-settings","view:os-menu:map","view:os-menu:devices","view:os-menu:about","view:organization_info","view:notification","view:location_policy","view:location_device","view:location_activity","view:location","view:holiday_timezone","view:holiday","view:group","view:door_group","view:controller:uid-agent","view:controller:talk","view:controller:protect","view:controller:olympus","view:controller:network","view:controller:led","view:controller:innerspace","view:controller:drive","view:controller:connect","view:controller:calculus","view:controller:access","view:cloud_access","view:app:users","view:app:uid-agent","view:app:settings","view:app:locations","view:access:user","view:access.visitor","view:access.systemlog","view:access.settings","view:access.schedule","view:access.policy","view:access.pin_code","view:access.open_api","view:access.nfc_card","view:access.face","view:access.device","view:access.dashboard","update:access.device","systemlog:user","systemlog:system","systemlog:network","systemlog:location","systemlog:connect","systemlog:access","readmedia:protect.camera","read:protect.viewer","read:protect.user:$","read:protect.user","read:protect.sensor","read:protect.schedule","read:protect.nvr","read:protect.light","read:protect.legacyUFV","read:protect.group","read:protect.doorlock","read:protect.display","read:protect.deviceGroup","read:protect.chime","read:protect.camera","read:protect.bridge","open:door","notify:user","notify:location","notify:access","manage:controller:talk","manage:controller:protect","manage:controller:olympus","manage:controller:network","manage:controller:led","manage:controller:innerspace","manage:controller:drive","manage:controller:connect","manage:controller:calculus","manage:controller:access","edit:wifi","edit:vpn","edit:user_timezone","edit:user","edit:update","edit:unifi-os:user_group","edit:unifi-os:user","edit:systemlog","edit:settings","edit:role","edit:preview","edit:permission:viewer","edit:permission:admin","edit:os-settings:update_install","edit:os-settings:update_channel","edit:os-settings:support_file","edit:os-settings:ssh","edit:os-settings:send_diagnostics","edit:os-settings:restart","edit:os-settings:raid","edit:os-settings:poweroff","edit:os-settings:notify","edit:os-settings:hotspare","edit:os-settings:general","edit:os-settings:client_network","edit:os-settings:auto_update","edit:organization_info","edit:notification","edit:location_policy","edit:location_device","edit:location_activity","edit:location","edit:holiday_timezone","edit:holiday","edit:group","edit:feedback","edit:export_log","edit:door_group","edit:controller:uid-agent","edit:access:user","edit:access.visitor","edit:access.settings","edit:access.schedule","edit:access.policy","edit:access.pin_code","edit:access.open_api","edit:access.nfc_card","edit:access.face","edit:access.device","deletemedia:protect.camera","delete:protect.viewer","delete:protect.user:$","delete:protect.user","delete:protect.sensor","delete:protect.schedule","delete:protect.nvr","delete:protect.light","delete:protect.legacyUFV","delete:protect.group","delete:protect.doorlock","delete:protect.display","delete:protect.deviceGroup","delete:protect.chime","delete:protect.camera","delete:protect.bridge","delete:access.device","credential:send_email","create:protect.viewer","create:protect.user","create:protect.sensor","create:protect.schedule","create:protect.liveview","create:protect.light","create:protect.group","create:protect.doorlock","create:protect.display","create:protect.deviceGroup","create:protect.chime","create:protect.camera","create:protect.bridge","assign:wifi","assign:vpn","assign:role","assign:evstation","adopt:access.device"],"cloud_access_granted":false,"update_time":1705911532,"need_popup_ids_introduce":true,"avatar":null,"nfc_token":"","nfc_display_id":"","nfc_card_type":"","nfc_card_status":"","invalid_wg_ip":false,"role":"admin","roleId":"faad0749-024d-4d9b-bb7a-884c6fdf7083","isOwner":false,"isSuperAdmin":true,"isMember":false,"maskedEmail":"","accessMask":2014,"permissionMask":8028,"deviceToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiI0ZWIwN2NmMS1mODI4LTQzMjEtYT<Redacted>3Mjk2MTEwZS0xNzA4LTQ4M2QtODBjZC03ZDRhODBhNWU4YzIifQ.IPsGDX_Ld6xGscwQZOaxx22DL1V0Kd0L-Er25PBaEGc","ssoAuth":{}}'
2024-01-22 16:11:49.489 DEBUG (MainThread) [aiounifi.interfaces.connectivity] Logged in to UniFi https://192.168.10.1:443/api/auth/login
2024-01-22 16:11:49.489 DEBUG (MainThread) [aiounifi.interfaces.connectivity] sending (to https://192.168.10.1:443/proxy/network/api/self/sites) get, None, {}
2024-01-22 16:11:49.501 DEBUG (MainThread) [aiounifi.interfaces.connectivity] received (from https://192.168.10.1:443/proxy/network/api/self/sites) 401 application/json <ClientResponse(https://192.168.10.1:443/proxy/network/api/self/sites) [401 Unauthorized]>
<CIMultiDictProxy('Server': 'nginx', 'Date': 'Mon, 22 Jan 2024 15:11:49 GMT', 'Content-Type': 'application/json', 'Content-Length': '47', 'Connection': 'keep-alive', 'Referrer-Policy': 'no-referrer', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'X-Content-Type-Options': 'nosniff', 'X-DNS-Prefetch-Control': 'off', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'Set-Cookie': 'TOKEN=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; samesite=none; secure; httponly')>

Additional information

No response

home-assistant[bot] commented 7 months ago

Hey there @kane610, mind taking a look at this issue as it has been labeled with an integration (unifi) you are listed as a code owner for? Thanks!

Code owner commands Code owners of `unifi` can trigger bot actions by commenting: - `@home-assistant close` Closes the issue. - `@home-assistant rename Awesome new title` Renames the issue. - `@home-assistant reopen` Reopen the issue. - `@home-assistant unassign unifi` Removes the current integration label and assignees on the issue, add the integration domain after the command. - `@home-assistant add-label needs-more-information` Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue. - `@home-assistant remove-label needs-more-information` Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

(message by CodeOwnersMention)

unifi documentation unifi source (message by IssueLinks)

Kane610 commented 7 months ago

Similar issues have been reported before and they are typically resolved by restarting the host of the unifi controller.

401 also means unauthorised so have you actually setup your account properly?

titiviking commented 7 months ago

In the meantime I did a firmware upgrade and it included a reboot... but the issue persists...

Account is setup correctly as the login succeeds (JWT token returned), but subsequent API's seem to omit the authorization header, hence returning a 401

Also, Unifi console confirms successful login, so connectivity and credentials are ok.

Kane610 commented 7 months ago

Have you given the proper access rights to the user? What version of unifi os and network app are you running?

titiviking commented 7 months ago

Yes I did provide proper rights...

Now its working, no idea why it suddenly was able to login...

dajomas commented 7 months ago

I have the exact same issue on 2024.2.0

It looks similar to the 403 issue (#109067). When I reload the integration it all works fine. I don't have to enter my password again.

Problem is that the tile is still showing on the integration page with a red border and a reconfigure button.

This issue exists intermittently for both Unifi Protect and Unifi Network (I don't have any of the other Unifi tools).

Restarting the Unifi controller does not fix the issue for me (Unifi Cloud Key G2 Plus with UniFi OS Version 3.2.10, Unifi Network version 8.0.28 and Unifi Protect version 2.11.21, all are the latest version as of them moment I write this)

Kane610 commented 7 months ago

I have the exact same issue on 2024.2.0

It looks similar to the 403 issue (#109067). When I reload the integration it all works fine. I don't have to enter my password again.

Problem is that the tile is still showing on the integration page with a red border and a reconfigure button.

This issue exists intermittently for both Unifi Protect and Unifi Network (I don't have any of the other Unifi tools).

Restarting the Unifi controller does not fix the issue for me (Unifi Cloud Key G2 Plus with UniFi OS Version 3.2.10, Unifi Network version 8.0.28 and Unifi Protect version 2.11.21, all are the latest version as of them moment I write this)

From what you're describing it's not the same as this issue as you can get your system to connect

dajomas commented 7 months ago

Ok, then I will open a new issue for this. No problem.