API/JSON auth doesn't work without Local Networks

[glory50]

Hello

I searched the problem like of mine, and thare are some topics, but I didn't get any help, therefore I wrote a new topic to have more precise information why my JSON command doesn't work with username:password.

I used to switch devices as said in the Wiki:

http://json.htm?type=command&param=swit ... cmd=Toggle

All was good with Local Networks lised my subnet 192.168.1.*
No I need to give user rights to other people, so I had to remove my local network to make their usernames and passwords working and not their being able to change anything. But the JSON commands stopped working (of course).

I tried http://usr:[email protected]/json.htm?ty ... cmd=Toggle, but it gives an error:
Error opening url: http://usr:[email protected]/json.htm?y ... cmd=Toggle

Through different browsers I get "401 Unauthorized".

[waltervl]

Are you working on stable 2022.2 or 2022.beta as some major security changes have implemented in beta.

[glory50]

Yes, 2022.2 (build 14810). Should I upgrade?

[waltervl]

If you are already on Beta it is better to upgrade and set the "Allow Basic Authentication over plain HTTP" switch in Security settings (API Only)". Then the Json commands with user/pswd should work again.
Read page wiki https://www.domoticz.com/wiki/Security !

[glory50]

Thank you waltervl! I was far too hurry! If the 2022.2 Beta is buggy, it's definitely meanigless to try to upgrade it to a new build. So I tried to downgrade it to the last stable version 2022.2 (build 14606) knewing that stables and betas are different DB structures from some point, but I still tried. What I got was:

Code: Select all

2023-01-13 12:40:51.354 Status: Restore Database: Starting...
2023-01-13 12:40:51.643 Error: Database incompatible with this Domoticz version. (You cannot downgrade to an old Domoticz version!)
2023-01-13 12:40:51.644 Error: Restore Database: Error opening new database!

Then I restored my latest (somewhat) working beta and scratching the head how to continue. I googled a litle but found nothing so far, but I'm continuing. If sameone knows, I would be thankful for an advice or a link...

[waltervl]

I did not say beta was buggy. It is pretty stable the last days. The problem you had with authorizations was solved in latest beta.
I propose you update to the latest Beta and continue.
Use a database backup from folder domoticz/backups (I hope you had that enabled in menu settings) to continue.

[glory50]

Thank you waltervl, I'll do so! And sorry for misunderstanding your first suggestion.

[glory50]

I restored the Beta and updated it to the latest one (build 14958), but it made things even worse! If the Zigate auth data is inserted like always:

Screenshot - 1_13_2023 , 9_36_49 PM.png (26.64 KiB) Viewed 2150 times

Errors appear to the logs:

Code: Select all

Error: Zigate: Urlopen to http://192.168.1.33/json.htm?username=domdom&password=test&type=devices&rid=1176 rejected. Error: HTTP Error 401: Unauthorized

So, without Local Network, Domoticz doesn't allow the Zigate module to authenticate! And do you notice: in the logs "user:pwd" have been passed after the json.htm? ! It must be a new bug in the Domoticz code. Of course, the switches too don't work like they didn't before.

The problem is that I need users with limits to access Domoticz, thats why I can't assign the Local Network.

Any other thoughts?

[waltervl]

@kiddigital any thoughts?

[gizmocuz]

basic auth requests are only allowed for HTTPS now
so the url should be https://username:password@url:port/call

[kiddigital]

[mention]glory50 [/mention] , you need to set ‘Allow basic-auth over HTTP’ as [mention]waltervl [/mention] already mentioned. Otherwise basic-auth is only accepted over HTTPS.

Domoticz does NOT accept User/Pass as URL parameters anymore. It only accepts a proper Basic Auth Authorization header.

Testing with a regular browser can be misleading as most browser remove the ‘username:password@‘ part before sending the request as it is considered insecure. You can use a tool like Postman or commandline like curl for testing.

Is it the Zigate module that generates these requests? It looks like it does not generate a good Basic-Auth request.

[glory50]

Yes, it's Zigate. And I aready tried basic-auth - it didn't help. Maybe @pipiche could help here?

[waltervl]

I think it is better you make a GitHub issue on the zigbeeforDomoticz/zigate repository. It seems that the plugin makes a domoticz api call with user/pwd that is not supported anymore by latest beta.

[waltervl]

It seems that the ZigbeeforDomoticz plugin in Dev has been updated to use the new API way of working https://github.com/zigbeefordomoticz/Do ... /pull/1429
So perhaps change to the dev branch of the plugin.

[glory50]

It seems that the ZigbeeforDomoticz plugin in Dev has been updated to use the new API way of working https://github.com/zigbeefordomoticz/Do ... /pull/1429
So perhaps change to the dev branch of the plugin.

I understand that the dev branch should be built every time? Building kernels and a stuff is not my cup of tea anymore...

https://github.com/fairecasoimeme/ZiGate/issues/105

[waltervl]

You are already running the dev (=beta) branch of Domoticz else you do not have this issue.... So no need to build something.

You have to update the plugin. That also has a dev branch see the wiki of the plugin https://zigbeefordomoticz.github.io/wik ... gin-update