Closed Sebmaster closed 11 months ago
Hah I was going to look into implementing this but you beat me to it. Thanks!
Question about the know device token, do we know how often that gets reset? I know i personally have to relogin to their site on my browser frequently, so I worry that this would be invalidated too. A possible alternate method is to get the actual TOTP key and generate the 2fa response inside this library. That's what this other library does https://github.com/bvlaicu/coned
know i personally have to relogin to their site on my browser frequently, so I worry that this would be invalidated too.
The device token cookie has a lifetime of 2yrs. I guess we'd have to re-setup after that time (if it also gets deleted from the server side).
A possible alternate method is to get the actual TOTP key and generate the 2fa response inside this library.
It's not allowing me to set an Authenticator app up on the website, but maybe that's just my account 🤦♂️
Have you looked at https://github.com/bvlaicu/coned? They are using a headless browser that we cannot use here due to https://github.com/home-assistant/architecture/blob/master/adr/0004-webscraping.md. But it might help to see how they are handling 2FA. Also could you take a stub updating the config flow of the integration? That might influence how we should change the library API to handle 2FA.
I use @bvlaicu's add-on. The MFA that's easiest to use is the "secret question" - and my mum's maiden name just happens to be dpAW5mVQkiqgku9sWU
It's great that the add-on exists, but it's hard to set up and brittle. This PR is excellent news.
Have you looked at https://github.com/bvlaicu/coned?
Yeah I checked after the earlier config there, however ConEd doesn't allow me to setup security question as a type (maybe they deprecated that) and blocked TOTP from being set up.
I just checked again and it did allow me to get that set up, so I'll switch to generating a TOTP secret automatically.
Also could you take a stub updating the config flow of the integration? That might influence how we should change the library API to handle 2FA.
My plan was to just add another text field there to provide the device token/now TOTP secret, but I can get that PRd too.
It would be great if we are able to get "Orange & Rockland" in the same pull request. ORU is a sister company to ConEdison and they use the same website as ConEd (albeit rebranded).
@hirshy I don't have access to user auth for them, so I think that'd have to be added after we're done with this one (and maybe create some reusable subclass/methods).
Accompanying PR in HA: https://github.com/home-assistant/core/pull/97878. Managed to get it running and fixed another bug with double-logins.
This adds ConEd (NY) to the supported utility providers. To work around mfa requirements, we allow providing a TOTP secret which we generate 2FA codes from.
The wiring isn't quite complete here. Adding the
optional_auth
currently breaks all the other utilities since they're not expecting that parameter. Do we just add the param to those and don't use it? I'm not quite sure what the proper way to do this in Python is.