home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
73.66k stars 30.8k forks source link

Unable to set up SmartThings #123711

Open MrSuttonmann opened 3 months ago

MrSuttonmann commented 3 months ago

The problem

I am attemping to set up SmartThings, however when I paste my access token in I get the following error:

SmartThings could not validate the webhook URL. Please ensure the webhook URL is reachable from the internet and try again.

The debug logs show the following error:

2024-08-12 16:24:25.139 DEBUG (MainThread) [homeassistant.components.smartthings.smartapp] Setup endpoint for https://[redacted]/api/webhook/8740c0433fa3c9a8fb5e1fd9a8d40bba2a5f9a5f194eef12513a68afad3b3156
2024-08-12 16:24:41.671 ERROR (MainThread) [homeassistant.components.smartthings.config_flow] API error setting up the SmartApp: {'requestId': '5241629901631418226', 'error': {'code': 'ConstraintViolationError', 'message': 'The request is malformed.', 'details': [{'code': 'TargetNon200Error', 'target': 'https://[redacted]/api/webhook/8740c0433fa3c9a8fb5e1fd9a8d40bba2a5f9a5f194eef12513a68afad3b3156', 'message': 'Target did not respond with a 200 status. Upstream status code=403', 'details': []}]}}
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/smartthings/config_flow.py", line 132, in async_step_pat
    app, client = await create_app(self.hass, self.api)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/smartthings/smartapp.py", line 146, in create_app
    app, client = await api.create_app(app)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/pysmartthings/smartthings.py", line 110, in create_app
    entity = await self._service.create_app(app.to_data())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/pysmartthings/api.py", line 171, in create_app
    return await self.post(API_APPS, data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/pysmartthings/api.py", line 395, in post
    return await self.request("post", self._api_base + resource, data=data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/pysmartthings/api.py", line 368, in request
    raise APIResponseError(
pysmartthings.errors.APIResponseError: Unprocessable Entity (422): {"requestId": "5241629901631418226", "error": {"code": "ConstraintViolationError", "message": "The request is malformed.", "details": [{"code": "TargetNon200Error", "target": "https://[redacted]/api/webhook/8740c0433fa3c9a8fb5e1fd9a8d40bba2a5f9a5f194eef12513a68afad3b3156", "message": "Target did not respond with a 200 status. Upstream status code=403", "details": []}]}}

What version of Home Assistant Core has the issue?

core-2024.8.0

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant Container

Integration causing the issue

SmartThings

Link to integration documentation on our website

https://www.home-assistant.io/integrations/smartthings

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

home-assistant[bot] commented 3 months ago

smartthings documentation smartthings source

daroga0002 commented 2 months ago

I had similar issue in past and it occured be TLS1.3 enforcment on my Gateway. I would suggest you to check does there is support for TLS1.2 on endpoint https://[redacted]/api/webhook/8740c0433fa3c9a8fb5e1fd9a8d40bba2a5f9a5f194eef12513a68afad3b3156

MrSuttonmann commented 2 months ago

@daroga0002 - I have looked at the Cloudflare TLS config settings, there's no enforcement on TLS1.3.

As an additional note, I have used RestNinja to make a POST request to the given webhook which returned a 200 response.

daroga0002 commented 2 months ago

I would rather recommend to perform real check by soemthing like to confirm in 100%: curl -k https://google.com --tlsv1.2

MrSuttonmann commented 2 months ago

@daroga0002 - I've tested this in Postman now too, with both TLS1.2 and 1.3, both returned 200 responses with the payload shown at the bottom of the SmartThings documentation page.

I have however noticed that the SmartThings integration has a dependency on pysmartthings by @andrewsayre - the repository has been archived as of May this year. It's possible Samsung have made a breaking change which this library hasn't been updated for and therefore fails.

It is also not good to have an integration depend on an abandoned project - perhaps HA could adopt the repository?

carlhye commented 2 months ago

I'm having the same issue. Not possible to validate the Smartthings webhook, other services works fine.

daroga0002 commented 2 months ago

@MrSuttonmann assuming you using cloudflare delivered certificates?

carlhye commented 2 months ago

@MrSuttonmann assuming you using cloudflare delivered certificates?

Yes, that's correct - forgot to mention this... Will update CF tunnels to the latest build tonight, to see if this helps.

CF Tunnel is not running inside HA, but on a seperat system.

MrSuttonmann commented 2 months ago

@daroga0002 I'm using Cloudflare Tunnels, which does provide its own certificates, yes.

carlhye commented 2 months ago

Update:

Did not help to update the tunnel...

Update 2: Have been using the SmartThings/HA integration for about two years, and it recently just stopped working. Tried to delete it and reinstall/authorise the integration (this have worked before), but now I can't link them. HA sees the ST hub just fine on the local network.

MrSuttonmann commented 2 months ago

@daroga0002 - I am experiencing exactly the same as @carlhye. My integration was working for about two years, but became erratic about 6 months ago with no new updated values until I reloaded the integration. I deleted the integration and attempted setup again which is where this issue is now present.

This is why I do not think Cloudflare certificates are the issue, or TLS1.3, especially as I have shown that the webhook responds properly externally with either TLS1.2 or 1.3.

The issue here lies solely within the SmartThings integration - and as I pointed out in my earlier message, the pysmarthings repository was abandoned right around the time my integration stopped working properly. Therefore I can only conclude that Samsung have changed SmartThings in a way that the library doesn't support and now the integration is failing.

RN-Say commented 1 month ago

Same issue. Following.

IngmarStein commented 1 month ago

I changed the Minimum TLS Version from 1.3 to 1.2 in the Cloudflare dashboard and that made the registration successful (I got Unprocessable Entity (422) before).

ruilima commented 1 month ago

I landed here because I had the same issue. I solved it this way:

Bypass Cloudflare for Webhooks: You need to create a page rule in Cloudflare to bypass the security checks for your webhook URL. Here's how: Go to your Cloudflare dashboard. Navigate to Page Rules. Create a new rule for https://{{yourdomain}}.com/api/webhook/*. In the settings for that rule, select "Disable Security" , Browser Integrity Check: disabled and Cache Level: bypass This will ensure that Cloudflare doesn't block legitimate webhook requests to that URL.

If you want more security, you can configure Cloudflare to only allow requests from known IP ranges, such as SmartThings servers.

Captura de ecrã 2024-10-10, às 22 45 48
niro1987 commented 3 weeks ago

Following, same issue but my HA is behind a Synology Reverse Proxy. The request to the webhook does return a 200 response and I also see the webhook request getting logged.

LarsNorgaard commented 2 weeks ago

Has to be something about cloudflare. I get the error too, but just tried with nabu cloud and that worked just fine.

daroga0002 commented 2 weeks ago

Probably most of people arleady have it but maybe check configuration do you have trusted proxies:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.10

homeassistant:
  external_url: "https://ha.example.io"
  internal_url: "http://homeassistant.local:8123"
ca1986 commented 1 week ago

I had some similar issues with a webhook error that brought me here trying to set up the SmartThings integration for a newer refrigerator.

My issue was definitely tied to Cloudflare settings, I noticed there is a newer setting for bots to "Block AI Bots", I could not get through the setup until I turned off Bot Fight Mode and Block AI Bots,

I did turn these back on after the integration setup completed. I may have to do some further research and see if I can determine if I can get a custom rule in place to allow this traffic as I don't want those settings turned off.

Using the custom page rule that @ruilima suggested did not work in my case but that's a fantastic start toward what I am trying to accomplish.

pedrocks69 commented 4 days ago

I'm here because i'm also having issues following SmartThings working fine for the last year or so.

I also use cloudflare with HA behind NGINX proxy manager. I've tried the suggestions of adding a page rule (@ruilima), ensuring the trusted proxy is listed (for nginx), unchecking bot fight mode, unticking tls 1.3 and setting minimum tls to 1.1. Nothing seems to work and although i can see the webhook requests in the CloudFlare analytics page, it does not appear to blocked.

However quickly spinning up a free trial of Nabu Casa and signing in, Smart Things can suddenly re-authenticate and work again, pointing the problem somewhere at either CloudFlare or my NGINX config.

Anyone got any ideas to try as i would rather not pay for Nabu Casa