Problem with the latest Loxone beta

[DerFlash]

trafficstars

Hey Alladdin,

thanks at first for your great work here!

As far as I know @codmpm / Patrik already contacted you about the issue regarding messages not coming through in the latest Loxone beta.

I think I already found the issue: The Loxone MS is throwing a HTTP 500 on jdev/sps/ios//<UUID>/ since the first beta. I already contacted Loxone about this, but did not get any response yet.

I did a little workaround for now, by just switching to /io/ commands for now within https://github.com/alladdin/node-lox-ws-api/blob/0d9721bdddcdaf1e1379cc823d8e33e864f76f6f/lib/Auth/Hash.js#L18 - var prefix = 'jdev/sps/ios/'+this._hmac_hash+'/'; + var prefix = 'jdev/sps/io/;

After this is works like a charm again for now.

One thing got my attention when reading the Loxone docs about it. In the "Hashing" section of https://www.loxone.com/dede/wp-content/uploads/sites/2/2016/08/loxone-communicating-with-the-miniserver.pdf they write "encode the hash back to hex". As far as I could see the /authenticate/ still works fine without encoding it back. So I assume it's just a working issue in the docs. I also just tried to hex-encode it back within the command, with no luck. So I strongly assume it's just a bug and they need to fix it.

Kind regards Björn

[codmpm]

Will there be a possibility to distiguish between a connection to a 8.x or 9.x miniserver?

Testing the 9.x beta right now...

[codmpm]

I've just installied 9.0.26 (final) and still can't send commands to the miniserver. Receving works, though.

So it seems, that we have to dstinguish between Version 8 and version 9 :-(

@alladdin, did you have any time to get to the problem?

[alladdin]

I'll have some time on friday. I'll try to analyze web interface communication. The latest documentation will be better, but I wasn't found it yet.

[alladdin]

Ok. I found the doc. The new token auth is there.

[DerFlash]

Just for reference, because I also did try to find it with no luck at first: https://www.loxone.com/dede/wp-content/uploads/sites/2/2016/08/0900_Communicating-with-the-Miniserver.pdf?x48792

[codmpm]

Thats great guys. Let me know If I can help in any way...

[christianTF]

I don't know if this is helpful in this context: In the LoxBerry Miniserverbackup we query the firmware version with a "plain" http REST web service request (line 234). https://github.com/Woersty/LoxBerry-Plugin-miniserverbackup/blob/master/webfrontend/cgi/bin/createmsbackup.pl

[alladdin]

Quick fix published. It's working for now. But I must implement token based auth. I'm working on it but I'm stucked in gettoken request (Section "Acquiring tokens" in 9.0 doc). I have a problem with calculating proper hash. The documentation is not clear in that case (like always).

[alladdin]

And sniffing communinaction is also problem, because all web interface communication is encrypted

[codmpm]

Great Job @alladdin ^^ If we can help in any way to get to the token based solution, let us know.

I've updated node-red-contrib-loxone to use the current node-lox-ws-api. Tested and working with Loxone 9.0.9.26.

Could you give us some info if the current node-lox-ws-api will still work with Lox8, as I can't test this?

Big thanks! Cheers

[alladdin]

Current (0.3.4) version on node-lox-ws-api is compatible with Lox 8.

And I found the catch with the tokens. SHA1 hash of password and salt must be uppercased ;)

[codmpm]

node-red-contrib-loxone 0.5.0 already live: https://flows.nodered.org/node/node-red-contrib-loxone

[zllimit]

hello everyone, I already updated the node-lox-ws-api to version 0.3.4, but it seems that it still can't work with Lox 9. Can someone told me how to do? Thanks!

[ghost]

Hi there,

I would be also really interested in an update to the new loxone v9 API, with the tokens. Is anyone on this right now?

Also, great work, thank you :)

[alladdin]

New token based auth for Loxone v9 is in version 0.4.0 It's implemented as new Auth class (Token-Enc)

[codmpm]

Great work!!

Question again: Does node-lox-ws-api distinguish between V8 and V9 (if necessary) and will 0.4.0 run with both versions?

Or do I have to implement version detection on the client side and use the coresponding auth-method?

[hashmet]

Thanks a lot! But how do I update the lib?

Thanks

[codmpm]

Usually you change the version in your package.json and do npm update.

But please leave the discussion to the topic. Updating node modules is not what this issue is about :-)

[alladdin]

I've implemented version 0.4.1 of ws-api to force Token-Enc auth class for version v9. The Hash and AES auth classes are for older versions

[ghost]

Hi Ladislav,

Is it fully implemented and tested yet? Also I suppose that the audit implementation will still be valid until March 2018.

Regards

Ladislav Dokulil [email protected] schrieb am Mi. 4. Okt. 2017 um 11:38:

I've implemented version 0.4.1 of ws-api to force Token-Enc auth class for version v9. The Hash and AES auth classes are for older versions

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/alladdin/node-lox-ws-api/issues/10#issuecomment-334102536, or mute the thread https://github.com/notifications/unsubscribe-auth/AHwdR0ln7j7EXF1kz8c7ODcT7K8zSs4nks5so1IEgaJpZM4PDmW8 .

[jmago17]

I have updated my package.json, and know it’s set like this: ... “dependencies”:... “node-lox-ws-api”: “0.4.1”, ...

Then I did npm update and sudo npm update. I have tried both killing Homebridge and even restarting the pi, but I did not manage it to work. I am missing something?

[codmpm]

node-red-contrib-loxone 0.6.0 with full implementation of node-lox-ws-api 0.4.2 released: https://flows.nodered.org/node/node-red-contrib-loxone The encryption type defaults to Token-Enc but the "old" ones are selectable for older versions of the miniserver.

Thank you so so much Ladislav for your hard work ^^