PeteRager
commented
4 months ago I suspect there's more than one way to get into this situation. Please provide the IP address of the speaker, the error message, and the integration diagnostics file.
Open rtorchia opened 1 year ago
PeteRager
commented
4 months ago I suspect there's more than one way to get into this situation. Please provide the IP address of the speaker, the error message, and the integration diagnostics file.
nugget
commented
4 months ago I just stopped serving media from Home Assistant altogether to avoid the issue. It seems like all you have to do is play a media file once to a Sonos device and then you will be forever plagued by the Sonos continually attempting to re-fetch or validate the media URL for the rest of time.
timiman
commented
4 months ago HA Log: Logger: homeassistant.components.http.ban Source: components/http/ban.py:135 integration: HTTP ([documentation](https://rc.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22)) First occurred: 20:59:40 (18 occurrences) Last logged: 21:07:34 Login attempt or request with invalid authentication from Sonos-542A1B47D4A4.fritz.box (192.168.1.49). Requested URL: '/media/local/police_go_away_angry.wav?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhOTdiMjk1OGJlNDQ0OGEwYTQ3MWIwOWYyNzRmZjYwNyIsInBhdGgiOiIvbWVkaWEvbG9jYWwvcG9saWNlX2dvX2F3YXlfYW5ncnkud2F2IiwicGFyYW1zIjpbXSwiaWF0IjoxNzE4NTM5MzMxLCJleHAiOjE3MTg2MjU3MzF9.e3fVQgNHLFrlQsFBki5Z7dJywjyxBRofKrMCS7oXUng'. (Linux UPnP/1.0 Sonos/79.1-54060 (ZPS27))
config_entry-sonos-db46da75e404cd9d9ad266b948f4fc37.json
Just a note, that I have not upgraded the mobile app of Sonos, which was a total disaster of missing a lot of features. So, I am unable to update the firmware of my Sonos speakers to the latest one -if any exist, until the mobile app is again fully functioning.
derekcentrico
commented
4 months ago @PeteRager
The debug diagnostics just repeats what I already provided above.
New examples:
2024-06-24 16:52:01.701 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.1.94 (192.168.1.94). Requested URL: '/media/local/sounds/temp/chime_tts/xchgu2w2.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJiNTI2ZWNjMjlhOTg0ZGJhYjc3MmI0MjkzNDk1ZDc5YiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvc291bmRzL3RlbXAvY2hpbWVfdHRzL3hjaGd1MncyLm1wMyIsInBhcmFtcyI6W10sImlhdCI6MTcxOTE2MzI5OCwiZXhwIjoxNzE5MjQ5Njk4fQ.l0Jd-U4a2E-iPHCEv-rbbCfWdSRRXyrdvetENhzXXvI'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS31))
2024-06-24 17:01:40.110 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.1.94 (192.168.1.94). Requested URL: '/media/local/sounds/temp/chime_tts/xchgu2w2.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJiNTI2ZWNjMjlhOTg0ZGJhYjc3MmI0MjkzNDk1ZDc5YiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvc291bmRzL3RlbXAvY2hpbWVfdHRzL3hjaGd1MncyLm1wMyIsInBhcmFtcyI6W10sImlhdCI6MTcxOTE2MzI5OCwiZXhwIjoxNzE5MjQ5Njk4fQ.l0Jd-U4a2E-iPHCEv-rbbCfWdSRRXyrdvetENhzXXvI'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS31))
2024-06-24 17:05:52.615 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.1.94 (192.168.1.94). Requested URL: '/media/local/sounds/temp/chime_tts/xchgu2w2.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJiNTI2ZWNjMjlhOTg0ZGJhYjc3MmI0MjkzNDk1ZDc5YiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvc291bmRzL3RlbXAvY2hpbWVfdHRzL3hjaGd1MncyLm1wMyIsInBhcmFtcyI6W10sImlhdCI6MTcxOTE2MzI5OCwiZXhwIjoxNzE5MjQ5Njk4fQ.l0Jd-U4a2E-iPHCEv-rbbCfWdSRRXyrdvetENhzXXvI'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS31))
2024-06-24 17:07:19.131 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.1.94 (192.168.1.94). Requested URL: '/media/local/sounds/temp/chime_tts/xchgu2w2.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJiNTI2ZWNjMjlhOTg0ZGJhYjc3MmI0MjkzNDk1ZDc5YiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvc291bmRzL3RlbXAvY2hpbWVfdHRzL3hjaGd1MncyLm1wMyIsInBhcmFtcyI6W10sImlhdCI6MTcxOTE2MzI5OCwiZXhwIjoxNzE5MjQ5Njk4fQ.l0Jd-U4a2E-iPHCEv-rbbCfWdSRRXyrdvetENhzXXvI'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS31))@nugget Strangely enough it started occurring for me only after installing the integration Chime_TTS. However, I haven't even setup anything for chimes (no MP3s exist). I do use Nabu Cloud TTS for an announcement though. It works fine across Sonos speakers.
I was led here to report further from a Community contributor: https://community.home-assistant.io/t/chime-tts-play-audio-before-after-tts-audio-lag-free/578430/515?u=derekcentrico
My YAML announcement is as follows:
- id: da21735e-351c-11ee-be56-0242ac120002
alias: Sonos Doorbell Announcement
trigger:
- platform: state
entity_id: binary_sensor.doorbell_button_pressed
to: 'on'
action:
- delay: '00:00:03' # compreface can be sluggish right now for some reason
- choose:
- conditions:
- condition: template
value_template: > # Check for face recognition matches
{{ state_attr('sensor.double_take_doorbell', 'matches') | length > 0 }}
sequence:
- service: chime_tts.say
data_template:
entity_id:
- media_player.kitchen
- media_player.dining_room
- media_player.tv_room
# - media_player.family_room
- media_player.sonos_roam
- media_player.move_2
message: >
{% set matches = state_attr('sensor.double_take_doorbell', 'matches') %}
{% set faces = matches | map(attribute='name') | list %}
{% set corrected_faces = faces | map('trim') | list %}
{% if 'viviana' in corrected_faces %}
{% set corrected_faces = corrected_faces | map('capitalize') | list %}
{% set corrected_faces = corrected_faces | map('replace', 'viviana', 'Viv-ee-ah-nah') | list %}
{% endif %}
{% if corrected_faces | length == 1 %}
{{ corrected_faces[0] }} is at the front door.
{% else %}
{{ corrected_faces | join(', ') }} are at the front door.
{% endif %}
tts_service: tts.cloud_say # Use Nabu Casa TTS service
announce: true
default:
- service: chime_tts.say
data:
entity_id:
- media_player.kitchen
- media_player.dining_room
- media_player.tv_room
# - media_player.family_room
- media_player.sonos_roam
- media_player.move_2
message: Someone is at the front door.
tts_service: tts.cloud_say
announce: true
- wait_template: "{{ not is_state('media_player.kitchen', 'playing') }}"
timeout: '00:00:04' # Timeout to avoid indefinite waiting
continue_on_timeout: true
mode: single@timiman the error is coming from the sonos_garage speaker. Please post the service call you are using.
PeteRager
commented
4 months ago @derekcentrico it does not appear that the announce parameter is being passed through via the "say" path in chimetts.
Are you able to use play_media instead and use chime tts as the media-source?
You can verify this by turning debug logging on. If it is using announce it'll log a message like this
_LOGGER.debug("Playing %s using websocket audioclip", media_id)If it's not I'll log a message like this
_LOGGER.debug("_play_media media_type %s media_id %s", media_type, media_id)service: media_player.play_media
target:
entity_id: media_player.sonos
data:
announce: true
media_content_id: >
media-source://tts/cloud?message="I am very loud"
media_content_type: "music"
extra:
volume: 80@timiman the error is coming from the sonos_garage speaker. Please post the service call you are using.
I've played another mp3 through a HA UI media control card of the sonos speaker and the notifications stopped!
I remembered that I'm using the SonosTalk mobile app occasionally, but never for that specific garage speaker. Do not know if this app is messing things up randomly.
iCSpotRun
commented
4 months ago Not sure if this helps narrow the issue down, but I started getting this error only after creating an automation to play media stored in the My Media location. Announce flag is True. Here is the log - I replaced the signature with 'XYZ' for easier reading.
Logger: homeassistant.components.http.ban Source: components/http/ban.py:135 integration: HTTP (documentation, issues) First occurred: June 19, 2024 at 5:50:29 PM (112 occurrences) Last logged: 6:48:39 AM Login attempt or request with invalid authentication from 10.10.100.171 (10.10.100.171). Requested URL: '/media/local/Chime.mp3?authSig=XYZ'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS16)) Login attempt or request with invalid authentication from 10.10.100.156 (10.10.100.156). Requested URL: '/media/local/Chime.mp3?authSig=XYZ'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS16)) Login attempt or request with invalid authentication from 10.10.100.117 (10.10.100.117). Requested URL: '/media/local/Chime.mp3?authSig=XYZ'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS16)) Login attempt or request with invalid authentication from 10.10.100.227 (10.10.100.227). Requested URL: '/media/local/Chime.mp3?authSig=XYZ'. (Linux UPnP/1.0 Sonos/79.1-53290 (ZPS16))
I don't have Chime TTS installed and I get the above errors with this service call in my automation:
service: media_player.play_media
target:
entity_id:
- media_player.basement_entertainment
- media_player.kitchen
- media_player.living_room
- media_player.master_bed_bath
data:
media_content_id: /local/chime.mp3
media_content_type: audio/mpeg
announce: trueI even recently moved the audio file from media-source://media_source to www/local/ hoping that would solve the issue. Still no luck.
PeteRager
commented
4 months ago @iCSpotRun - diagnostics file please. You may be in an ip ban situation. Try disabling and restart
derekcentrico
commented
4 months ago @derekcentrico it does not appear that the announce parameter is being passed through via the "say" path in chimetts.
Are you able to use play_media instead and use chime tts as the media-source?
You can verify this by turning debug logging on. If it is using announce it'll log a message like this
I created a new YAML per your suggestion, below, and the problem persists.
Attaching the debug log.
- id: da21735e-351c-11ee-be56-0242ac120002
alias: Sonos Doorbell Announcement
trigger:
- platform: state
entity_id: binary_sensor.doorbell_button_pressed
to: 'on'
action:
- delay: '00:00:03' # compreface can be sluggish right now for some reason
- choose:
- conditions:
- condition: template
value_template: > # Check for face recognition matches
{{ state_attr('sensor.double_take_doorbell', 'matches') | length > 0 }}
sequence:
- service: chime_tts.say
data_template:
entity_id:
- media_player.kitchen
- media_player.dining_room
- media_player.tv_room
# - media_player.family_room
- media_player.sonos_roam
- media_player.move_2
message: >
{% set matches = state_attr('sensor.double_take_doorbell', 'matches') %}
{% set faces = matches | map(attribute='name') | list %}
{% set corrected_faces = faces | map('trim') | list %}
{% if 'viviana' in corrected_faces %}
{% set corrected_faces = corrected_faces | map('capitalize') | list %}
{% set corrected_faces = corrected_faces | map('replace', 'viviana', 'Viv-ee-ah-nah') | list %}
{% endif %}
{% if corrected_faces | length == 1 %}
{{ corrected_faces[0] }} is at the front door.
{% else %}
{{ corrected_faces | join(', ') }} are at the front door.
{% endif %}
tts_service: tts.cloud_say # Use Nabu Casa TTS service
announce: true
- delay: '00:00:01' # Allow some time for the TTS file to be created
- service: media_player.play_media
data_template:
entity_id:
- media_player.kitchen
- media_player.dining_room
- media_player.tv_room
# - media_player.family_room
- media_player.sonos_roam
- media_player.move_2
announce: true
media_content_id: >
media-source://tts/cloud?message="{{ state_attr('sensor.double_take_doorbell', 'matches') | map(attribute='name') | join(' and ') }} is at the front door."
media_content_type: "music"
# extra:
# volume: 80
default:
- service: chime_tts.say
data:
entity_id:
- media_player.kitchen
- media_player.dining_room
- media_player.tv_room
# - media_player.family_room
- media_player.sonos_roam
- media_player.move_2
message: Someone is at the front door.
tts_service: tts.cloud_say
announce: true
- delay: '00:00:01' # Allow some time for the TTS file to be created
- service: media_player.play_media
data_template:
entity_id:
- media_player.kitchen
- media_player.dining_room
- media_player.tv_room
# - media_player.family_room
- media_player.sonos_roam
- media_player.move_2
announce: true
media_content_id: >
media-source://tts/cloud?message="Someone is at the front door."
media_content_type: "music"
# extra:
# volume: 80
- wait_template: "{{ not is_state('media_player.kitchen', 'playing') }}"
timeout: '00:00:04' # Timeout to avoid indefinite waiting
continue_on_timeout: true
mode: single@derekcentrico it looks like you are in a situation where HA has banned those ip addresses. They won't start working until the ban is removed. Try disabling ip ban and restarting
derekcentrico
commented
4 months ago @derekcentrico it looks like you are in a situation where HA has banned those ip addresses. They won't start working until the ban is removed. Try disabling ip ban and restarting
I'm unsure how that is the case because I do not have the variable in my configuration.yaml, so it should be defaulted to false. I added it and we shall see...
http:
ip_ban_enabled: falseThe docs are incorrect, it defaults to True.
mnott
commented
3 months ago In which file exactly do you put this code?
PeteRager
commented
3 months ago In which file exactly do you put this code?
Configuration.yaml
derekcentrico
commented
3 months ago In which file exactly do you put this code?
Add this somewhere:
http:
ip_ban_enabled: false
FSHelgeland
commented
3 months ago I have had this problem all the time as I have been using the Sonos integration. It happened all the time someone was at the door, didnt bother do something as is still worked. I have now added the ip_ban_enabled: false, and it looks as it has solved the problem. Will do some more testing and check back in.
michaelsleen
commented
1 month ago In which file exactly do you put this code?
Add this somewhere:
http: ip_ban_enabled: false
Adding this to my configuration.yaml file finally stopped this notification for me. But is it bad to leave this set to false?
Didel
commented
1 month ago http: ip_ban_enabled: falseAdding this to my configuration.yaml file finally stopped this notification for me. But is it bad to leave this set to
false?
If your installation is exposed to the internet (or if you really don't trust other devices in the internal network), then yes. By default, after 5 failed login attempts the IP trying to log in is being banned. This prevents malicious users/bots to keep trying new username/password combinations until they find one that works. The configuration you posted disables this banning mechanism. This leaves your home assistant vulnerable to unauthorized access and would allows malicious users to keep trying new passwords until they eventually find the one that works.
gerdesj
commented
1 month ago In which file exactly do you put this code?
Add this somewhere:
http: ip_ban_enabled: falseAdding this to my configuration.yaml file finally stopped this notification for me. But is it bad to leave this set to
false?
Yes and no. You are switching off Fail2ban style protection. If your passwords are say 15 characters long and involve upper/lower/numbers/special and are random gibberish then it will take rather a long time to try and guess them. Change those passwords annually and you will be extra fine! You should never have to type a password into a webpage unless something is wrong.
The model I am describing here is that if you trust yourself to login to your PC, you also trust yourself to access to other stuff you own and the programs and apps on your PC are also trustworthy. That's quite a claim so do ensue you have anti virus and so on installed and effective and keep your OS and installed apps up to date. Also keep your HA and associated stuff up to date.
So, make that setting and ensure your passwords are decent and then investigate how to fix the problem in slow time and you should be fine. You can get your browser to store passwords and it doesn't care how long they are so make use of that facility.
You might like to use a password database such as KeepassXC and have suitable backups for the data file. It is fine to write down the master password for the database somewhere, but again, make it reasonably decent. You could have a text file somewhere on your PC with the password for the database hidden within some other gibberish for a quick copy and paste. Although "security though obscurity" is frowned upon, this is not the same, provided you don't create a file called "passwords.txt"! Use some imagination and you will be much safer than if you use the same old password everywhere and muscle memory.
filikun
commented
2 weeks ago This just popped up for me all random, never had the problem before and I regularly play local chimes to sonos speakers. It seems that ip_ban_enabled: false is the only real workaround? To bad we can't set a whitelist for the ip_ban to just ignore calls from the sonos speakers.
michaelsleen
commented
1 week ago This just popped up for me all random, never had the problem before and I regularly play local chimes to sonos speakers. It seems that ip_ban_enabled: false is the only real workaround? To bad we can't set a whitelist for the ip_ban to just ignore calls from the sonos speakers.
ip_ban_enabled: false is the only solution I have found for this, but I'm concerned this leaves my HA vulnerable to attack, and unsure what else to do.
The problem
I’m getting an “invalid authentication” notification in Home Assistant multiple times a day triggered by my Sonos device. Happens so often that HA bans the IP of my Sonos.
It may be linked to after playing a media file located in the media folder of HA. The in the logs always has and error with a link to a "Requested URL" that is a file in the media folder.
I don't now why it would even attempt a login to HA, or why it is flagged in this manner.
Deleting and re-installing the integration changes nothing. Re-setting/rebooting the Sonos also does nothing.
What version of Home Assistant Core has the issue?
2023.2.5
What was the last working version of Home Assistant Core?
No response
What type of installation are you running?
Home Assistant OS
Integration causing the issue
Sonos
Link to integration documentation on our website
https://www.home-assistant.io/integrations/sonos
Diagnostics information
No response
Example YAML snippet
No response
Anything in the logs that might be useful for us?
Additional information
No response