search

pschroeder89 / homebridge-levoit-humidifiers

Levoit Humidifiers Plugin for Apple HomeKit via Homebridge
Apache License 2.0
70 stars 9 forks source link

Login Restriction #57

Closed atwoodjw closed 7 months ago

atwoodjw commented 8 months ago

Describe The Bug: Vesync iOS app is constantly getting logged out. When logged out, I must turn off WiFi to log back in successfully. I reached out to support and they wrote the following.

In order to ensure the security of your account, our system has login restrictions in place. It appears that your account is experiencing frequent logins through HomeKit, which may be causing this issue. We recommend that you unlink HomeKit from your account (or device) to prevent it from logging in excessively and causing abnormal login behavior on the mobile app.

So it appears that the plugin is frequently logging in and causing a restriction to be place on some combination of account + IP address. (If I toggle WiFi off, I'm able to sign in.)

To Reproduce: Connect iOS device to WiFi. Log in to Vesync iOS app. Configure plugin. Wait a few hours, then try to open Vesync iOS app. Notice you've been signed out and can't sign back in. Disable WiFi, then sign in successfully.

Expected behavior: Vesync iOS app not constantly logged out.

Logs:

No relevant plugin logs. Issue manifests in first-party app.

Plugin Config:

{
    "name": "Levoit Humidifiers",
    "email": "XXX",
    "password": "XXX",
    "accessories": {
        "cool_mist": false,
        "warm_mist": false,
        "sleep_mode": false,
        "display": false,
        "night_light": false
    },
    "options": {
        "showOffWhenDisconnected": true
    },
    "platform": "LevoitHumidifiers",
    "_bridge": {
        "username": "XXX",
        "port": 123
    }
}

Screenshots: IMG_0518

IMG_0517

Environment:

pschroeder89 commented 8 months ago

This is interesting, thanks for writing this up and including their response. Levoit has consistently worked hard to prevent this plugin and its use in HomeBridge, and I wonder if this is a new attempt to do that.

I'll try to investigate what triggers the logout and see if I can mitigate it later today.

pschroeder89 commented 8 months ago

@atwoodjw Does this happen consistently for you? I don't see this on my setup. Do you have any steps to trigger it? Also, which device do you have?

pschroeder89 commented 7 months ago

@atwoodjw I'm having a hard time understanding how VeSync determined the requests were coming specifically from HomeKit. We use the Android app's user agent for all requests, so if they knew we were spoofing the agent, they couldn't possibly know the requests were coming from HomeKit / this plugin and not some other homebrew home ecosystem. Can you give me some more details when you have a chance?

atwoodjw commented 7 months ago

Sorry for the radio silence. I have 3x LV600S. Yes, this happens consistently. If the Homebridge plugin is enabled, I can't sign into the VeSync iOS app when on my home WiFi (same external IP address). If I toggle WiFi off and use cellular data, I can sign into the iOS app. If I disable the Homebridge plugin and wait a day, I can sign into the iOS app on my home WiFi again.

Very strange. If Levoit is able to determine that logins are coming from HomeKit, I would expect them to block them, yet the plugin seems to be working flawlessly; it's their first-party app that breaks as a result of the login restriction. 🤷‍♂️

Ultimately, this isn't that big a deal. I rarely use the iOS app now, in favor of the Home app. Just a minor annoyance. Feel free to close.

pschroeder89 commented 7 months ago

Thanks for the info! Would you mind removing showOffWhenDisconnected from your config and seeing if the issue persists? I'm intrigued by this issue tbh.

atwoodjw commented 7 months ago

Issue persists, even with showOffWhenDisconnected set to false.

StevenByle commented 7 months ago

Experiencing identical behavior as @atwoodjw. Was constantly getting logged out of the Vesync app on iOS after setting up the Homebridge plugin.

Here's my config:

{
    "name": "Levoit Humidifiers",
    "email": "XXXXX",
    "password": "XXXXX",
    "accessories": {
        "humidity_sensor": true,
        "mist": true,
        "warm_mist": false,
        "sleep_mode": true,
        "display": true,
        "night_light": true,
        "auto_pro": false
    },
    "options": {
        "showOffWhenDisconnected": false
    },
    "_bridge": {
        "username": "XXXXX",
        "port": 56704
    },
    "platform": "LevoitHumidifiers"
}

However, I did find a workaround to continue to use both Homebridge and the Vesync iOS app (which I've done for other plugins). I created a new Levoit account using a gmail alias (myemail+homebridge@gmail.com) and then shared the humidifier device to the new account (sharing the home isn't enough for the devices to show up). I then updated my plugin config to use the new account and kept my original account signed into the Vesync iOS app. So far 24 hours later I've stayed logged into the app.

This of course doesn't help solve the auth issue. No clue what kind of auth they are doing for their APIs, but it seems like access/id tokens are being revoked for that user due to the login behavior/attempts from the Homebridge plugin.

pschroeder89 commented 7 months ago

Thanks for the info and workaround. I'm wondering if they're only allowing a single token for some users (slow rollout). I can't repro with my setup.

More questions: What devices / firmwares? Which VeSync app version? Is your account verified in VeSync? (Go to the app, settings, account and security, Account and it will tell you). Country? Can you turn debug mode on in the plugin config and post the logs from the child bridge?

StevenByle commented 7 months ago

@pschroeder89 - Sorry for the delayed response:

pschroeder89 commented 7 months ago

Thanks for the info, unfortunately there's nothing glaring that I can see that would cause this for some users. Whatever it is seems to be on VeSync's end. I'll pass around your workaround to other users as needed, and will close this issue.