search

thomst08 / OctoLight

OctoLight with auto turn off and on
7 stars 3 forks source link

Error 403 since latest updates when trying to use the API with REST #7

Closed sammyke007 closed 5 months ago

sammyke007 commented 5 months ago

Describe the bug Since one of the latest updates, I can't use Home Assistant's RESTful command service anymore. I have a template switch that is configured as:

  - platform: template
    switches:
      3d_printer_led_switch:
        friendly_name: "3D Printer LED Switch"
        value_template: "{{ is_state('binary_sensor.3d_printer_led', 'on') }}"
        turn_on:
          service: rest_command.octolight_turn_on
        turn_off:
          service: rest_command.octolight_turn_off

These rest command are configured in HA's configuration.yaml as:

rest_command:
  octolight_turn_on:
    url: "https://octo.***.***/api/plugin/octolight?action=turnOn"
    method: "get"
  octolight_turn_off:
    url: "https://octo.***.***/api/plugin/octolight?action=turnOff"
    method: "get"

Since last week I receive the following error in the HA logs:

Logger: homeassistant.components.rest_command
Source: components/rest_command/__init__.py:155
Integration: RESTful Command (documentation, issues)
First occurred: 20:27:03 (1 occurrences)
Last logged: 20:27:03

Error. Url: https://octo.***.***/api/plugin/octolight?action=turnOn. Status code 403. Payload: None

Has anything changed?

To Reproduce Steps to reproduce the behavior: Try to send my above config.

Expected behavior Toggle the OctoLight On and Off like it always did.

Your software and hardware (please complete the following information):

Additional context Add any other context about the problem here.

sammyke007 commented 5 months ago

Hmm... adding the API like mentioned in the readme works. Strange that it always worked untill last week without it...

Also for those landing here to find how to add that:

rest_command:
  octolight_turn_on:
    url: "https://octo.***.***/api/plugin/octolight?action=turnOn"
    method: "get"
    headers:
      Authorization: "Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZ"
  octolight_turn_off:
    url: "https://octo.***.***/api/plugin/octolight?action=turnOff"
    method: "get"
    headers:
      Authorization: "Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZ"

Replace ABCDEFGHIJKLMNOPQRSTUVWXYZ with your API key (Application Key) offcourse.

thomst08 commented 5 months ago

Hey @sammyke007,

I was wondering if this might occur for some, it was pointed out to me that the API calls didn't have any authentication attached. This was in update 0.1.8.

The API now checks you have a valid token attached with the "Control" permission.

This was added for security as we don't want just anyone messing with the light :S

Sorry, i was hoping this change didn't effect anyone, but you have found the solution :) Once the token is added, you should be good to go.

sammyke007 commented 5 months ago

Ok, tnx for confirming this!