node-blink-security icon indicating copy to clipboard operation
node-blink-security copied to clipboard

Published 20 hours ago verified publisher icon madshall

Hitting verification timeout with no emails coming in

Open slavik0329 opened this issue 4 years ago • 10 comments

I'm never getting a verification email. I used the cameras id as device_id and well as other strings and still not working. Verification always times out

slavik0329 avatar Jul 22 '20 20:07 slavik0329

If I set auth_2FA to true, I get the emails but then after entering the correct code I get this: BlinkAuthenticationException [Error]: Authentication problem: Unauthorized Access

slavik0329 avatar Jul 22 '20 20:07 slavik0329

Same here. I'd appreciate an advice.

eric-h-st avatar Jul 28 '20 19:07 eric-h-st

OK. I tried to make the call directly in postman, same results. The results states that the account is verified, but the client is not, meaning an email should be sent but there's nothing in my inbox or junk for that matter. Maybe they now force 2FA. So, I tried to make the 2FA calls in postman, got the email (pin good for 40m), tried to make the pin verification call, and got a 401, with application code 101 ("Not authorized"). Something must have changed in the Blink API...

eric-h-st avatar Jul 28 '20 22:07 eric-h-st

Updates I read the code and examined the response from both the v3 and v4 login requests some more, and found that, although it says:

   "client": {
        "id": xxxxx,
        "verification_required": true

it actually also has:

  "authtoken": {
        "authtoken": "xxxxxxxxxxxxxx",
        "message": "auth"
    },
    "region": {
        "tier": "u014",
        "description": "United States",
        "code": "us"
    },

so I bypassed the login process by supplying these two (_token & _region_id) directly to the Blink constructor, and what do you? it worked!

Something is odd in the process, but it seems that I'm already getting the auth token in the response for the first login call, and that client authorization is not even required, although when calling the v4 I am getting that email with the pin, even if I don't need it anymore. Blink introduced a bug? a security bug?? (for one- the pin doesn't work, but then again, it's not even needed).

Anyhow, as a temp work-around, I changed line #398 of blink.js to: if (false && (body.client || {}).verification_required) { (just to bypass that entire block) and it's all working now. I assume that Blink would fix this, sometime soon, and I'll have to re-adjust. FYI

eric-h-st avatar Jul 29 '20 05:07 eric-h-st

Please see PR I created as a workaround. I'm using this package in my module here and it works very well with the workaround. FYI

eric-h-st avatar Jul 30 '20 04:07 eric-h-st

@eric-h-st It sends email now but when I put in the pin I get oen of two errors: (node:24193) UnhandledPromiseRejectionWarning: Error: Authentication problem: An app update is required or (node:24213) UnhandledPromiseRejectionWarning: Error: Authentication problem: Unauthorized Access

Any idea what that means?

slavik0329 avatar Jul 30 '20 21:07 slavik0329

I'll check. Maybe they fixed their bug and we need to readjust.

eric-h-st avatar Jul 31 '20 01:07 eric-h-st

Well, I'm sad to say that Blink has closed the v3 API completely now, and are now only using v4, which won't validate the pin sent by email... @madshall any ideas?

eric-h-st avatar Jul 31 '20 04:07 eric-h-st

sigh

More hoops to jump though... Tomorrow I climb the ladder and see if there is power on my roof and get rid of the blinks for good.

Its been a good 5 years... Was about to swap the whites which live out doors for the blacks... Good thing I didn't.

I'll keep an eye here and see if you all are able to figure it out.

Thanks for the script regardless.

anonymous-one avatar Jul 31 '20 23:07 anonymous-one

I'm not giving up yet. I already installed a sniffer on a rooted phone and going to figure this is out. They cannot block us from adapting :-D

eric-h-st avatar Aug 01 '20 04:08 eric-h-st