Fritz OS 7.25 provides a username that must be used to obtain a session ID

[stevedcc]

The problem

Yesterday (2021-02-25), Fritz OS 7.25 was released. The integrations for home assistant under core/homeassistant/components/fritzbox/ no longer work.

2021-02-26 12:40:46 WARNING (SyncWorker_0) [pyfritzhome.fritzhome] login failed 0000000000000000 2021-02-26 12:40:46 ERROR (MainThread) [homeassistant.helpers.entity] Update for binary_sensor.dusche_fenster fails Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/fritzbox/binary_sensor.py", line 71, in update self._device.update() File "/usr/local/lib/python3.8/site-packages/pyfritzhome/fritzhome.py", line 411, in update node = self._fritz.get_device_element(self.ain) File "/usr/local/lib/python3.8/site-packages/pyfritzhome/fritzhome.py", line 137, in get_device_element elements = self.get_device_elements() File "/usr/local/lib/python3.8/site-packages/pyfritzhome/fritzhome.py", line 130, in get_device_elements plain = self._aha_request('getdevicelistinfos') File "/usr/local/lib/python3.8/site-packages/pyfritzhome/fritzhome.py", line 100, in _aha_request plain = self._request(url, params) File "/usr/local/lib/python3.8/site-packages/pyfritzhome/fritzhome.py", line 50, in _request rsp.raise_for_status() File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 943, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://192.168.178.1/webservices/homeautoswitch.lua?switchcmd=getdevicelistinfos&sid=07a17e23b6367880 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 278, in async_update_ha_state await self.async_device_update() File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 474, in async_device_update raise exc File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/usr/src/homeassistant/homeassistant/components/fritzbox/binary_sensor.py", line 74, in update self._fritz.login() File "/usr/local/lib/python3.8/site-packages/pyfritzhome/fritzhome.py", line 118, in login raise LoginError(self._user) pyfritzhome.errors.LoginError: login for user="admin" failed

The logs show that that home assistant is trying to authorise using the user "admin"

My testing shows that a get to http://fritz.box/login_sid.lua now provides an XML user:

<?xml version="1.0" encoding="utf-8"?> <SessionInfo> <SID>0000000000000000</SID> <Challenge>XXXX</Challenge> <BlockTime>0</BlockTime> <Rights></Rights> <Users> <User last="1">fritzXXXX</User> </Users> </SessionInfo>

I have been able to succesfully obtain a session id programatically when using this user. When using "admin" or "" I have not been able to obtain a session id.

What is version of Home Assistant Core has the issue?

core-2021.2.3

What was the last working version of Home Assistant Core?

core-2021.2.3

What type of installation are you running?

Home Assistant OS

Integration causing the issue

fritzbox

Link to integration documentation on our website

No response

Example YAML snippet

# Put your YAML below this line

Anything in the logs that might be useful for us?

# Put your logs below this line

[isibizi]

Delete and add the integrations works for me (SmartHome)

[m4d-maNu]

Look in your FritzOS 7.25 under System -> User ; here is a New User "fritz4363" change this name to "admin" and change the this password to your FritzBox Login Password. Then Restart Homeassistant. Now works the integration, again.

[sibbl]

I didn't want to change the Fritz Box username but could get my Fritz!Box Smart Home integration working again by following these steps:

1. remove the Fritz!Box Smart Home integration from HA
2. restart HA (otherwise it would still say that the credentials are wrong when readding the integration right away)
3. add Fritz!Box Smart Home Integration again with the new username instead of admin

[probot-home-assistant[bot]]

fritzbox documentation fritzbox source _{^{(message by IssueLinks)}}

[kongo09]

This might be related: https://github.com/home-assistant/home-assistant.io/issues/17713

[kongo09]

Starting with FRITZ!OS 7.24 a random username is created for the admin user as documented here: https://avm.de/fileadmin/user_upload/Global/Service/Schnittstellen/Recommendations%20for%20user%20guidance%20for%20logging%20into%20a%20FRITZBox_v1.1_EN.pdf

[kongo09]

As I cannot open a feature request here, my suggestion to solve this in a user friendly way would be to autodiscover the admin username as described in the documentation. This can be done by calling the URL: http://fritz.box/login_sid.lua?version=2 and checking the XML:

To map this functionality, third-party applications starting with FRITZ!OS 7.24 and later can retrieve a user list and the last logged in FRITZ!Box user via login_sid.lua?version=2 (the user list is located here under in the response XML, the last logged in user is marked with ) or via TR-064 (urn:LANConfigSecuritycom:serviceId:LANConfigSecurity1). If the user list is empty, access to it has been blocked, e.g. because it is being accessed from the Internet and not from the home network. 1) If there is only one FRITZ! user and this user is the one that was created automatically (with the naming scheme as described above), the user name is automatically added when logging in to the FRITZ!Box web interface and the user is only asked for their FRITZ!Box password. 2) If, in addition to other FRITZ!Box users, there is exactly one automatically created FRITZ!Box user, and this was the last user to log in, the user name is automatically added to the FRITZ!Box web interface when logging in, and the user is only asked for their FRITZ!Box password. In addition, another link allows the complete user list to be displayed and selected. 3) If there are several users and the last user logged in did not correspond to the name scheme of the automatically created user, a selection list for the user name and a link to the alternative login option is offered only with the FRITZ!Box password. 4) In all other cases you will be asked for the user name and password and a selection list for the user name will be displayed when accessing from the home network.

As an example, my XML looks like this:

<SessionInfo>
  <SID>0000000000000000</SID>
  <Challenge>2$60000$bc2fb16126ab227e004015d24c1849b2$6000$0a9cd1ef5dc0504377fa78d9c661e1fd</Challenge>
  <BlockTime>0</BlockTime>
  <Rights/>
  <Users>
    <User last="1">fritz0123</User>
  </Users>
</SessionInfo>

[stevedcc]

How does this differ from the original bug Report? It even showed the same xml with just the user number blanked out

On Thu 6. May 2021 at 11:34, kongo09 @.***> wrote:

As I cannot open a feature request here, my suggestion to solve this in a user friendly way would be to autodiscover the admin username as described in the documentation. This can be done by calling the URL: http://fritz.box/login_sid.lua?version=2 and checking the XML:

To map this functionality, third-party applications starting with FRITZ!OS 7.24 and later can retrieve a user list and the last logged in FRITZ!Box user via login_sid.lua?version=2 (the user list is located here under in the response XML, the last logged in user is marked with ) or via TR-064 (urn:LANConfigSecurity�com:serviceId:LANConfigSecurity1). If the user list is empty, access to it has been blocked, e.g. because it is being accessed from the Internet and not from the home network.

1. If there is only one FRITZ! user and this user is the one that was created automatically (with the naming scheme as described above), the user name is automatically added when logging in to the FRITZ!Box web interface and the user is only asked for their FRITZ!Box password.
2. If, in addition to other FRITZ!Box users, there is exactly one automatically created FRITZ!Box user, and this was the last user to log in, the user name is automatically added to the FRITZ!Box web interface when logging in, and the user is only asked for their FRITZ!Box password. In addition, another link allows the complete user list to be displayed and selected.
3. If there are several users and the last user logged in did not correspond to the name scheme of the automatically created user, a selection list for the user name and a link to the alternative login option is offered only with the FRITZ!Box password.
4. In all other cases you will be asked for the user name and password and a selection list for the user name will be displayed when accessing from the home network.

As an example, my XML looks like this:

0000000000000000 2$60000$bc2fb16126ab227e004015d24c1849b2$6000$0a9cd1ef5dc0504377fa78d9c661e1fd 0 fritz0123

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/home-assistant/core/issues/47102#issuecomment-833383932, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABG4THDDLKUA5SA7TEBUSLDTMJPBXANCNFSM4YIXU5CQ .

-- Steven Crawford Laubestr. 17, 60594 Frankfurt am Main +49 (0) 69 680 99480

[kongo09]

How does this differ from the original bug Report?

• Referring to the original developer documentation by AVM
• Highlighting the steps required to identify the admin user if there is more than one user in the XML
• Pointing out that this is a change that already happened with FRITZ!OS 7.24 and not 7.25

[mib1185]

The documentation has already been updated accordingly --> home-assistant/home-assistant.io#17877 Those no code change is needed and honestly, that last logged in user must not be the admin user which to be used for HA :wink:

[mib1185]

@stevedcc did you mind to give us an update, if solution provided by @sibbl worked for you as well?

[stevedcc]

I fixed the issue long ago by changing the usernames in my FRITZ!Box. It controlled my heating so I couldn‘t wait around to find a fix.

On Sun 25. Jul 2021 at 21:08, Michael @.***> wrote:

@stevedcc https://github.com/stevedcc did you mind to give us an update, if solution provided by @sibbl https://github.com/sibbl worked for you as well?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/home-assistant/core/issues/47102#issuecomment-886244656, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABG4THEK65Z5W64YX5C7N7TTZROJHANCNFSM4YIXU5CQ .

-- Steven Crawford Laubestr. 17, 60594 Frankfurt am Main +49 (0) 69 680 99480

[mib1185]

ok, so may I ask you to close this issue, since it is resolved, thx