Add support for Dream Machine

woodjme / unifi-hotspot

A Node.js based external portal server for authorising Wi-Fi guests on Unifi products

Apache License 2.0

68 stars 25 forks source link

Add support for Dream Machine #68

Closed vpetersson closed 3 weeks ago

vpetersson commented 1 month ago

The current version does not work with Dream Machines. The changes appears to be fairly simple, but they are non-backward compatible.

As things stand now, the required changes include:

Using new API end point for login and logout (/api/auth/(login|logout))
Using a JSON as the Content-Type in the API call
Using cookies instead of bearer token (possibly not necessary)

I've been able to make the login work with some manual hacks but it's far from ready to be integrated. I'm yet to make the required changes to the device approval.

This might require some kind of setting as it might be hard to make this backward compatible.

woodjme commented 1 month ago

Thanks @vpetersson

I’ll be getting a UCG ultra soon which I assume will be similar to the dream machine (unifios etc) so will be able to add support.

vpetersson commented 1 month ago

Awesome. Yeah, it's most likely the same API.

vpetersson commented 1 month ago

Sorry for the Python code, but just wanted to whip up something that can be used to test with quickly.

Logging in

> login_url = f'https://192.168.x.y/api/auth/login'
> response = requests.post(login_url, json={
    'username': UNIFI_USER,
    'password': UNIFI_PASS
    }, verify=False)

Check permission

There's a new 'hotspotoperator' permission that can be used now, which vastly reduces the amount of harm of leaked credentials:

> if hotspotoperator' in response.json()['permissions']['network.management']
        print('Unifi Login Successful')
            return response.cookies

Device approval

Yet to get the actual device approval to work, as that seems to changed. It seems like it should be https://<udm-ip-address>/proxy/network/api/s/{UNIFI_SITENAME}/cmd/stamgr now (where UNIFI_SITENAME is always default in local connections). Yet, I'm having no luck but haven't had much time to allocate towards this.

woodjme commented 1 month ago

Started working on this albeit I'm away for a week now. #69

woodjme commented 1 month ago

Progress for this in #69 - annoyingly the new UDM devices throw 429 - Too Many Login Attempts quite quickly even with successful login attempts so need to look at reusing sessions.

woodjme commented 3 weeks ago

Closed in #69

Note the hotspot operator role doesn't have permissions you use the API. I presume it's for people logging in to generate vouchers and view clients etc.