Secured Commands

[tomasbarej]

Is there a way to send secured command for elements that require Visualisation Password?

I'm attaching documentation below from official Loxone docs. I'm not sure which method from this library should I use to get that hashes and salts.

Secured Commands We have the possibility to use a “visualization password” for Controls (set in Loxone Config), those passwords are added to the commands as described below:

1. request the visualization password from the user - {visuPw}
2. request a {key}, {salt} and the used hashing algorithm {hashAlg} from the Miniserver (“​jdev/sys/getvisusalt/{user}​”) a. {user} = the user whos visu password has been entered
3. Create an {hashAlg} hash (SHA1, SHA256,..) of “{visuPw}:{salt}” -> {visuPwHash}
4. Create an HMAC-SHA1 or HMAC-SHA256 hash using the uppercase {visuPwHash} and the {key} (see ​Hashing​) - {hash}
5. send “​jdev/sps/i​ os/{hash}​/{uuid}/{command}”​ a. response has Code 200 if password was correct and command could be executed b. a response with Code 500 means the password was incorrect

Hashing

1. the key from the “​jdev/sys/getkey”​ , “jdev/sys/getkey2” or “jdev/sys/getvisusalt” responses are hex-encoded
2. create a hash from the desired text (user:passHash, visuPwHash, token) using HMAC-SHA1 or HMAC-SHA256 with the {key} received in the answer a. To create ‘passHash’ & ‘visuPwHash’ use the hashing algorithm {hashAlg} that is defined in the answer of the corresponding requests
3. encode the hash back to hex