search

natekspencer / hacs-vivint

Home Assistant integration for a Vivint home security system.
MIT License
66 stars 5 forks source link

Vivint integration no longer authenticates with MFA #142

Open jvonhoff opened 1 month ago

jvonhoff commented 1 month ago

The problem

After the upgrade to 2024.8.0, my Vivint integration asked me to reconfirm my MFA code. I input the correct code, but it times out with an "Unexpected error". Repeat this 3-4 more times, including deleting the Vivint integration & setting it up anew.

I did confirm that I am able to log in (with MFA) on the official Vivint Android app, but the same MFA token does not appear to work with the integration.

As I deleted & re-installed the integration, the only debug log I have captured is below:

This error originated from a custom integration.

Logger: custom_components.vivint.config_flow
Source: custom_components/vivint/config_flow.py:168
integration: Vivint (documentation, issues)
First occurred: 1:41:31 PM (2 occurrences)
Last logged: 2:18:54 PM

500, message='Internal Server Error', url=URL('https://www.vivintsky.com/platform-user-api/v0/platformusers/2fa/validate')
503, message='Service Unavailable', url=URL('https://www.vivintsky.com/platform-user-api/v0/platformusers/2fa/validate')

What version of Home Assistant Core are you running?

core-2024.8.0

What was the last working version of Home Assistant Core?

core-2024.7.4

Anything in the logs that might be useful?

No response

Additional information

No response

natekspencer commented 1 month ago

So it looks like it no longer works if you have MFA via a device (authenticator/authy/etc). But if you have it enabled via SMS/email, it still works. I'm not sure when I'll be able to get a fix in

jvonhoff commented 1 month ago

Thanks for that info. I switched off 2FA via the Android app, and then, when I tried to log in again (2FA still disabled in the app) it sent me a text with a code that allowed Home Assistant to connect. However, when I went to re-enable 2FA, it doesn't think that Keepass is a valid 2FA app, so it wouldn't let me proceed to enable 2FA again.

So, Vivint is back functional in Home Assistant (WITH MY THANKS!) and my Vivint app appears to be using SMS 2FA, even with the 2FA switched off.

Unless you think otherwise, I'll leave this open until we can get device-based 2FA to work the way it was. We may be waiting on Vivint to update the app again, though?

natekspencer commented 1 month ago

Yeah, let's keep it open for now as I anticipate others will run into this issue in the interim.

Tuxrug commented 1 month ago

I can confirm that it began failing and promoting for MFA when I updated but I did not have MFA set up. I tried setting up MFA, that didn't work. I tried deleting, reinstallling in HACS and re-addding, that didn't work.

But then I reverted to 2024.7.4 and it still didn't work, even after the delete, reinstall, and re-add again.

Disabled MFA and signed into the mobile app with the account I use for Home Assistant, removed and readded again, and this time the Vivint app gave me an MFA that worked.

I upgraded back to 2024.8.0 and it once again prompted for MFA but the Vivint app gave two codes, neither worked. Reloading the integration caused the app to give a new code that also didn't work, I had to remove and re-add the extension again for it to authenticate. But I restarted after that and it stayed signed in.

My only idea is that something in the MFA handling changed recently on Vivint's side, and then something changing in HA 2024.8.0 afterward coincidentally invalidated the cached login. I'm not sure why it took a full remove and re-add to get the authentication to work again though and I'm not sure how to diagnose further at this point but I hope this information is helpful.

Daedilus commented 1 month ago

I've tried to follow Tuxrug's example, but to no avail. Please let me know if you want any debug logs as another example.

norimicry commented 1 month ago

+1 for having to delete and reinstall the entire integration for SMS MFA to work.

Daedilus commented 1 month ago

+1 for having to delete and reinstall the entire integration for SMS MFA to work.

Did you have to remove from hacs as well?

norimicry commented 1 month ago

Did you have to remove from hacs as well?

No, just deleting the integration from the integrations menu and set it up as a new integration.

trek-boldly-go commented 1 month ago

I am still on 2024.7.3 and my authentication has "expired" twice in the last two days. I already had 2FA disabled, but it randomly disconnected last night at 2 AM and send me 2 MFA codes via SMS back to back. Of course, I was asleep so I couldn't type in the codes within the 5 minute validity window, and I couldn't figure out how to retrigger the auth workflow (an integration restart didn't work, neither did disabling and reenabling it). I didn't want to reboot my HA, so deleting the integration config and adding it back worked. Hopefully šŸ¤ž it doesn't sign me out again.

Daedilus commented 1 month ago

I didn't want to reboot my HA, so deleting the integration config and adding it back worked. Hopefully šŸ¤ž it doesn't sign me out again.

Removing and re-adding mine still gets me stuck at the MFA. It just times out.

norimicry commented 1 month ago

Removing and re-adding mine still gets me stuck at the MFA. It just times out.

Did you remove the Authenticator MFA? It has to be the SMS MFA, which is enabled by default when you remove your Authenticator. Removing that and reinstalling the integration is what fixed it for me.

Tuxrug commented 1 month ago

I am still on 2024.7.3 and my authentication has "expired" twice in the last two days. I already had 2FA disabled, but it randomly disconnected last night at 2 AM and send me 2 MFA codes via SMS back to back. Of course, I was asleep so I couldn't type in the codes within the 5 minute validity window, and I couldn't figure out how to retrigger the auth workflow (an integration restart didn't work, neither did disabling and reenabling it). I didn't want to reboot my HA, so deleting the integration config and adding it back worked. Hopefully šŸ¤ž it doesn't sign me out again.

So far my authentication only expired when I went from 2024.7.4 to 2024.8.0, and it did it both times I tested that transition (rollback, reauth, re-update docker image). But it did not expire today when I updated from 2024.8.0 to 2024.8.1.

blakenorthrup commented 3 weeks ago

Thanks for that info. I switched off 2FA via the Android app, and then, when I tried to log in again (2FA still disabled in the app) it sent me a text with a code that allowed Home Assistant to connect. However, when I went to re-enable 2FA, it doesn't think that Keepass is a valid 2FA app, so it wouldn't let me proceed to enable 2FA again.

So, Vivint is back functional in Home Assistant (WITH MY THANKS!) and my Vivint app appears to be using SMS 2FA, even with the 2FA switched off.

Unless you think otherwise, I'll leave this open until we can get device-based 2FA to work the way it was. We may be waiting on Vivint to update the app again, though?

You are the man! Much appreciate the fix!

jvonhoff commented 3 weeks ago

You are the man! Much appreciate the fix!

All the credit for fixes goes to @natekspencer but, I'm happy I could help with a workaround! Cheers!

ndoty commented 3 weeks ago

I dsiabled 2fa in the app and tried to reconfigure the integration and i get none when typing in the SMS code i get. Core: 2024.8.2, HACS: 1.34.0, Vivint Integration: 2024.7.0. I am unable to get the integration to work at all right now.

Tuxrug commented 3 weeks ago

I dsiabled 2fa in the app and tried to reconfigure the integration and i get none when typing in the SMS code i get. Core: 2024.8.2, HACS: 1.34.0, Vivint Integration: 2024.7.0. I am unable to get the integration to work at all right now.

Remove the integration and re-add it, that's what I had to do to get it to reauthenticate.

matthewmattern commented 1 week ago

I have tried disabling 2FA in Vivint APP and setting up notification forwarding, but I never get an SMS code, not sure what if anything I am doing wrong. Vivint integration now says unknown error after asking for MFA Code. Plus I can't see to find where to delete the integration. Freaking Vivint, I also had to delete all my ZWave Switches as now their panel will only support 10 Zwaves devices. any help would be appreciated thank you

fxfitz commented 1 week ago

Seeing the same issue!

I've always used SMS 2FA. While I've always been able to get it to work by reloading the integration, getting the text with the code, can putting the code into the integration, recently (within the last few days) I don't think it has ever really successfully logged back in. I always have the "error authenticating" repair notification.

n8henrie commented 1 week ago

Another TOTP MFA user getting the same error as above.

FWIW, I'm seeing a 500 error in the hass logs when accessing https://www.vivintsky.com/platform-user-api/v0/platformusers/2fa/validate

n8henrie commented 1 week ago

Assuming perhaps some backend endpoints have changed.

No expert with this tool, but running mitmproxy on the iOS app and doing a logout / login, I see the following request:

POST https://id.vivint.com/idp/api/submit?client_id=ios Referer: https://id.vivint.com/idp/totp 

{"mfa":"123456","password":"hunter2","username":"n8henrie@fake.com"}

Don't have time to keep digging today, but thought this might be helpful.