search

vadz / WebService-Freebox

CPAN WebService::Freebox module
0 stars 1 forks source link

Does not supports API v4 #1

Open C-Duv opened 7 years ago

C-Duv commented 7 years ago

When I run munin-run freebox_temp (from the Munin plugin) I get:

Unexpected Freebox API version 4.0.

It comes from lib/WebService/Freebox.pm which checks the version: 

die "Unexpected Freebox API version $api_version.\n" if $api_version !~ '[23].0';

Is support for v4 planned?

vadz commented 7 years ago

I didn't even know they release v4 of the API, I'll need to check what exactly has changed compared to the previous versions. Of course, any help with this would be welcome, so if you know/can find more information about the necessary changes (if any... perhaps making it work could be as simple as just relaxing the version check), it would be great. TIA!

C-Duv commented 7 years ago

Allowing the v4 version in _get_api_version() didn't made it work ;)

I now get:

Logging in failed ("POST /api/v4/login/session/" failed with HTTP error 403).

Here is some HTTP traces I got using tcpdump:

Auth process that does not works (WebService-Freebox):

  1. Request: GET /api_version Response: {"api_domain":"foobar.fbxos.fr","uid":"###-UID-###","https_available":true,"https_port":33297,"device_name":"Freebox Server","api_version":"4.0","api_base_url":"\/api\/","device_type":"FreeboxServerX,Y"}
  2. Request: GET /api/v4/login/ Response: {"success":true,"result":{"logged_in":false,"challenge":"###-SOME_CHALLENGE-###","password_salt":"###-SOME_SALT-###"}}
  3. Request: POST /api/v4/login/session/ with {"password":"###-SOME_PASSWORD-###","app_id":"org.munin.plugin.freebox","app_version":"1.0"} Response: 403 with {"uid":"###-UID-###","success":false,"msg":"Erreur d'authentification de l'application","result":{"password_salt":"###-SOME_SALT-###","challenge":"###-SOME_CHALLENGE-###"},"error_code":"invalid_token"}

Auth process that works (using ClassePhpFreebox):

  1. Request: /api_version Response: {"api_domain":"foobar.fbxos.fr","uid":"###-UID-###","https_available":true,"https_port":33297,"device_name":"Freebox Server","api_version":"4.0","api_base_url":"\/api\/","device_type":"FreeboxServerX,Y"}
  2. Request: GET /api/v4/login/authorize/2 Response: `{"success":true,"result":{"status":"granted","challenge":"###-SOME_OTHER_CHALLENGE-###","password_salt":"###-SOME_SALT-###"}}
  3. Request: POST /api/v4/login/session/ with {"app_id":"ClassePhpFreebox","app_version":"1.0","password":"###-SOME_OTHER_PASSWORD-###"} Response: {"result":{"session_token":"###-SOME_TOKEN-###","challenge":"###-SOME_OTHER_CHALLENGE-###","password_salt":"###-SOME_SALT-###","permissions":{"parental":false,"explorer":false,"contacts":false,"downloader":true,"settings":true,"calls":true,"___home":false,"pvr":false,"tv":false}},"success":true}

Subsequent requests are sent with the following HTTP header: X-Fbx-App-Auth: ###-SOME_TOKEN-###

API v4 seems to use /api/v4/login/authorize/2 to get the challenge and salt.