Domoticz

Open source Home Automation System
https://forum.domoticz.com/

Need to hash password

https://forum.domoticz.com/viewtopic.php?t=27298

Page 1 of 1

Need to hash password

Posted: Sunday 10 March 2019 17:38
by JanJaap
Hi,

I'm trying to build a plugin to connect to the MQTT broker in my Dyson PureLink fan. I've got some stand alone Pyhon code to get it working based on the PAHO MQTT client, which has a method

Code: Select all

    client.username_pw_set(USERNAME, _hashed_password())
which works great.

Now when I want to integrate this into a domoticz plugin, I run into an issue. The MQTT broker requires a password on connection. I'm trying to use the built in MQTT connection but that only takes the 'Password' parameter from the plugin as password. And that is not encrypted. I've tried to overwrite the password but that doesn't work:

Code: Select all

    def onStart(self):
        self.password = self._hashed_password(Parameters['Password'])
        Domoticz.Debug("START: self.Password: " + self.password)
        Parameters['Password'] = self.password #override the default password with the hased variant
        Domoticz.Debug("START: Password field hashed: " + Parameters['Password'])
        
        #create the connection
        self.mqttClient = MqttClient(self.ip_address, self.port_number, mqtt_client_id, self.onMQTTConnected, self.onMQTTDisconnected, self.onMQTTPublish, self.onMQTTSubscribed)

    def _hashed_password(self, pwd):
        """Hash password (found in manual) to a base64 encoded of its shad512 value"""
        hash = hashlib.sha512()
        hash.update(pwd.encode('utf-8'))
        return base64.b64encode(hash.digest()).decode('utf-8')
This returns nicely a hashed password in the log, but the connection is built using the plain password (which I log as well). How can I solve this?

Re: Need to hash password

Posted: Monday 11 March 2019 17:29
by Samael
AFAIK, plugin settings fields are read only.
So, you have two variants of solution:
1. Ask users to enter password hash directly in plug-in settings. You can provide a helpful link to http://www.fileformat.info/tool/hash.htm
2. In your plugin calculate hash in onStart handler and use this value later. You do not need to read the plug-in settings every time, since after updating the settings, the plug-in will restart and there will be a call to onStart again.

Re: Need to hash password

Posted: Monday 11 March 2019 21:46
by JanJaap
Hi Samael,

Tnx for the reply, the first option will be really helpfull for testing at least.

The second option doesn't work, the code snippet comes from the Onstart method. The code I made prints a hashed password at the last Domoticz.Debug statement, so apparently you can update the parameter to some extent (I presume the value of Parameters['Password'] is passed to Domoticz immediately so manipulating it in Onstart doesn't work).

Any more tips are welcome!

Re: Need to hash password

Posted: Tuesday 12 March 2019 4:59
by Dnpwwo
@JanJaap,

Elements in the Parameters dictionary are not forced to be read-only and can be changed locally. The updated values will persist until the next plugin restart. Changing them does not update anything within Domoticz however. This was partly due to:
  • implementation laziness by the author :o (me)
  • the fact that Parameters are only really used within the plugin itself meant it might be useful
and that would still be be great if it was in fact still true.

The username and password parameters are used in a couple of places internally during the connection phase of some protocols (HTTP & MQTT) but currently the initial values are used rather than the Parameters["Username/Password"] at the time of the connection.

Your use case seems valid so I'm inclined to switch the protocol code around to make it work.

Are you running the beta version of Domoticz?

Re: Need to hash password

Posted: Tuesday 12 March 2019 13:00
by JanJaap
Hi,

An update as suggested would be great! Alternatively, a setter method for the password/username on the connection object would be good as well.

I guess I'm running the beta version (updates vuia the GUI).

Regards Jan-Jaap

Re: Need to hash password

Posted: Friday 15 March 2019 0:36
by Dnpwwo
@JanJaap,

I pushed an update last night so should be in the next beta.

Let me know if it work for you.

Re: Need to hash password

Posted: Saturday 16 March 2019 9:02
by JanJaap
Yes, Works great. Thanks a lot!
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited