Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MPD/YMPD Causing "Invalid Login Attempts" #3

Open
thechickenmoo opened this issue Nov 6, 2024 · 3 comments
Open

MPD/YMPD Causing "Invalid Login Attempts" #3

thechickenmoo opened this issue Nov 6, 2024 · 3 comments

Comments

@thechickenmoo
Copy link

I installed this addon, then added the integration so I can use MPD as a media player. This all worked great.
Whenever I play any local files, or use the TTS option, I immediately get a homeassistant notification (I removed part of the hostname and the internal IP for security's sake.):

Login attempt or request with invalid authentication from XXXXXXX-mpd.local.hass.io (172.xxx.xxx.xxx). See the log for details.

Looking at the logs in homeassistant, I have a few different entries:

Login attempt or request with invalid authentication from 68413af6-mpd.local.hass.io (172.30.33.8). Requested URL: '/media/local/cover.png'. (Music Player Daemon 0.23.15)

Retrieving artwork through `readpicture` command failed: [5@0] {readpicture} avformat_open_input() failed: Invalid data found when processing input.

Then, looking at the addon logs (again, obfuscating authsig and ips for security), there are many entries similar to below:

player: played "http://X.X.X.X:8123/media/local/blablabla.mp3?authSig=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx"
exception: got HTTP status 401
exception: got HTTP status 401
exception: got HTTP status 401

From this, I derive the understanding that MPD or YMPD is sending a request to homeassistant to ask for the album art. This request is being sent with a "signature" that homeassistant interprets as a login attempt, and an invalid response is sent back to the addon, causing it to try 3 more times.

This eventually leads to an IP Ban, unless that feature is disabled. I even tried adding the CIDR network as a trusted network and it still shows it as an invalid attempt, likely due to the fact that it's still trying to "authenticate" even though it's not required.

To Reproduce

  1. Install Addon
  2. Configure Integration (I used localhost, 127.0.0.1, and even the container host name, with no difference in result)
  3. Select the media player "Media Player Daemon"
  4. Play a local file, or TTS that doesn't have album art.

Expected behavior
File plays on local speakers, no random 'login attempts' created.

Screenshots
N/A (unless you have something specific I'm not clear on here)

System

  • Supervisor version: 2024.10.3
  • HomeAssistant Core: 2024.10.4
  • HAOS system version: 13.2
  • Host hardware: PI 4
  • MPD AddOn Version: 1.7.3
@Poeschl
Copy link
Member

Poeschl commented Nov 10, 2024

Unfortunately I didn't find any option to disable the cover art retrieval in the mopidy config :(
There was a discussion in the old addon repository, but no solution for it so far: Poeschl/Hassio-Addons#379

@ovizii
Copy link

ovizii commented Nov 16, 2024

I can confirm, I just started seeing this behaviour too. (I say started to, as I have not used the add-on very often)

@vtb77
Copy link

vtb77 commented Dec 11, 2024

The same thing happens to me. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ovizii @thechickenmoo @Poeschl @vtb77