search

iMicknl / python-overkiz-api

Async Python wrapper to interact with internal Somfy TaHoma API, or other OverKiz API's.
MIT License
45 stars 27 forks source link

Bad credentials while server is under maintenance #979

Closed RichieB2B closed 10 months ago

RichieB2B commented 10 months ago

Today the atlantic_cozytouch server keeps saying Bad credentials but when I start the Cozytouch iOS app it says:

Server currently under maintenance, please try again later

It would be great if we can figure out the way the app detects this and do the same in the API library.

RichieB2B commented 10 months ago

The server response to /enduser-mobile-web/enduserAPI/login currently always is a 401:

{"errorCode":"AUTHENTICATION_ERROR","error":"Bad credentials"}
iMicknl commented 10 months ago

@RichieB2B are you sure the error code is Bad Credentials? When the Somfy server are offline due to maintenance, we will raise an MaintenanceException. If CozyTouch has a similar message, we can definitely implement this..

https://github.com/iMicknl/python-overkiz-api/blob/b66eb17432fa852a1bdde7ca5aaf36bd61865840/pyoverkiz/client.py#L883-L887

RichieB2B commented 10 months ago

Yes, I verified it was a BadCredentialsException exactly as stated here in the comments: https://github.com/iMicknl/python-overkiz-api/blob/b66eb17432fa852a1bdde7ca5aaf36bd61865840/pyoverkiz/client.py#L910-L912

I have seen the MaintenanceException on the Atlantic server as well, just not today. Interestingly though the iOS app did tell me there was a maintenance going on. Maybe it checks another endpoint before attempting to log in.

iMicknl commented 10 months ago

For CozyTouch login, it will call another endpoint first. Could be that they raised a different status message on that endpoint, which we don't catch. Without understanding the actual message, it will be impossible to implement this unfortunately.

RichieB2B commented 10 months ago

I did not have time to troubleshoot the iOS app today but I'll try to figure this out if it happens again.

iMicknl commented 10 months ago

No need to reverse engineer the iOS app by the way; you could use the pyOverkiz package (requires checking out the source) and dump the full request of the login + /login endpoint.

I will close this issue for now, happy to reopen if we have new information.

RichieB2B commented 10 months ago

I did that already using

https://github.com/RichieB2B/overkiz2mqtt/blob/0af54ee2298f7ef483b4ac3a23da1023fc8e704a/overkiz2mqtt.py#L63-L77

which gave me this result: https://github.com/iMicknl/python-overkiz-api/issues/979#issuecomment-1725453397

iMicknl commented 10 months ago

@RichieB2B this is only the result of the login endpoint. Better is to dump the REST API response, however this is not out of the box possible in PyOverkiz at the moment, you would need to add some print statements (or use a debugger).

RichieB2B commented 10 months ago

This is the endpoint that failed (401), the /token and /magellan/accounts/jwt endpoints still gave 200 OK.

There is no need to change PyOverkiz for dumping requests/responses. See how I did it using aiohttp.TraceConfig():

https://github.com/RichieB2B/overkiz2mqtt/blob/5b914d28f00dbeae3f290c24d7f9018505512e48/overkiz2mqtt.py#L56-L77

RichieB2B commented 7 months ago

Right now there is another outage so I decided to troubleshoot the CozyTouch app. At startup it calls:

GET /api/MaintenanceStatus?code=XYZ&application=gacoma&environment=production HTTP/1.1
Host: apis-availability.iot-groupe-atlantic.com
Uniqid: CT3.7.6IOS[guid]
Accept: */*
Content-Type: application/json
Appinstallnumber: [guid]
Accept-Language: en-GB,en;q=0.9
User-Agent: Cozytouch/58 CFNetwork/1485 Darwin/23.1.0
Accept-Encoding: gzip, deflate, br
Connection: close

Where XYZ is a secret (static?) code. The response currently is:

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 12:04:24 GMT
Content-Type: application/json; charset=utf-8
Connection: close
Vary: Accept-Encoding
Request-Context: appId=cid-v1:415f78d6-4e0e-4b76-87ad-e04a41b06f08
Content-Length: 116

{"app":"gacoma","isInMaintenance":true,"maintenanceStartDate":null,"maintenanceEndDate":null,"rollbackOldSso":false}

I will post the response when the service is restored but I guess isInMaintenance will be false.

The headers Uniqid and Appinstallnumber contain a guid but these headers are not required to receive a response.

RichieB2B commented 7 months ago

The Atlantic Overkiz API is back up. The response now is:

{"app":"gacoma","isInMaintenance":false,"maintenanceStartDate":0,"maintenanceEndDate":0,"rollbackOldSso":false}
iMicknl commented 7 months ago

@RichieB2B do you know what the regular endpoint is returning when it is in maintenance? It is not great to pull /api/MaintenanceStatus?code=XYZ&application=gacoma&environment=production on every login to be honest. We could implement this, but would not be ideal.

RichieB2B commented 7 months ago

@iMicknl During this outage /enduser-mobile-web/enduserAPI/login was returning an HTTP 400:

ClientResponseError during login: 400, message="Invalid header value char:\n\n  b'Cache-Control: no-cache'\n                           ^"
RichieB2B commented 7 months ago

I tried to find the Somfy maintenance URL using the Tahoma app but I need a Connexoon box to get past the provisioning. Or I need to sign in with an existing account that is already provisioned with a Somfy Overkiz device.

iMicknl commented 7 months ago

@RichieB2B this API is only for Atlantic. Other Overkiz servers don't use these endpoints.