search

kvj / hass_nuki_ng

Better support for Nuki devices in the Home Assistant
MIT License
177 stars 34 forks source link

Use hashed Token #33

Open F4bsi opened 2 years ago

F4bsi commented 2 years ago

I think it would be a good idea to use the hashed token ( Documentation ) instead of the plain version to protect the token a little bit better.

This seems to be only possible in the hardware bridge, so maybe this needs to be checked before using it if possible.

This line https://github.com/kvj/hass_nuki_ng/blob/3eabba4c1152aa59aa29be642a76acbd8d15a3d7/custom_components/nuki_ng/nuki.py#L65 probably needs to change to something like this

timestamp = datetime.utcnow().isoformat()[:-7]+'Z'
rand_num = str(random.randint(0,65535))
hash_token = hashlib.sha256((f"{timestamp},{rand_num},{token}").encode()).hexdigest()
return f"{url}{path}?ts={timestamp}&rnr={rand_num}&hash={hash_token}{extra_str}"

but I'm just starting with python so I'm not quite sure about the right syntax. Also I am not 100 percent sure about the random number format where the documentation says "uint16". Maybe someone with more experience can create a pull request for that? :)