Problem with the latest Loxone beta

[DerFlash]

Hey Alladdin,

thanks at first for your great work here!

As far as I know @codmpm / Patrik already contacted you about the issue regarding messages not coming through in the latest Loxone beta.

I think I already found the issue:
The Loxone MS is throwing a HTTP 500 on jdev/sps/ios/// since the first beta.
I already contacted Loxone about this, but did not get any response yet.

I did a little workaround for now, by just switching to /io/ commands for now within

node-lox-ws-api/lib/Auth/Hash.js

Line 18 in 0d9721b

var prefix = 'jdev/sps/ios/'+this._hmac_hash+'/';

- var prefix = 'jdev/sps/ios/'+this._hmac_hash+'/';
+ var prefix = 'jdev/sps/io/;

After this is works like a charm again for now.

One thing got my attention when reading the Loxone docs about it. In the "Hashing" section of https://www.loxone.com/dede/wp-content/uploads/sites/2/2016/08/loxone-communicating-with-the-miniserver.pdf they write "encode the hash back to hex".
As far as I could see the /authenticate/ still works fine without encoding it back. So I assume it's just a working issue in the docs. I also just tried to hex-encode it back within the command, with no luck.
So I strongly assume it's just a bug and they need to fix it.

Kind regards
Björn

[codmpm]

Will there be a possibility to distiguish between a connection to a 8.x or 9.x miniserver?

Testing the 9.x beta right now...

[codmpm]

I've just installied 9.0.26 (final) and still can't send commands to the miniserver. Receving works, though.

So it seems, that we have to dstinguish between Version 8 and version 9 :-(

@alladdin, did you have any time to get to the problem?

[alladdin]

I'll have some time on friday. I'll try to analyze web interface communication. The latest documentation will be better, but I wasn't found it yet.

[alladdin]

Ok. I found the doc. The new token auth is there.

[DerFlash]

Just for reference, because I also did try to find it with no luck at first: https://www.loxone.com/dede/wp-content/uploads/sites/2/2016/08/0900_Communicating-with-the-Miniserver.pdf?x48792

[codmpm]

Thats great guys. Let me know If I can help in any way...

[christianTF]

I don't know if this is helpful in this context:
In the LoxBerry Miniserverbackup we query the firmware version with a "plain" http REST web service request (line 234).
https://github.com/Woersty/LoxBerry-Plugin-miniserverbackup/blob/master/webfrontend/cgi/bin/createmsbackup.pl

[alladdin]

Quick fix published. It's working for now.
But I must implement token based auth.
I'm working on it but I'm stucked in gettoken request (Section "Acquiring tokens" in 9.0 doc). I have a problem with calculating proper hash. The documentation is not clear in that case (like always).

[alladdin]

And sniffing communinaction is also problem, because all web interface communication is encrypted

[codmpm]

Great Job @alladdin ^^
If we can help in any way to get to the token based solution, let us know.

I've updated node-red-contrib-loxone to use the current node-lox-ws-api. Tested and working with Loxone 9.0.9.26.

Could you give us some info if the current node-lox-ws-api will still work with Lox8, as I can't test this?

Big thanks!
Cheers

[alladdin]

Current (0.3.4) version on node-lox-ws-api is compatible with Lox 8.

And I found the catch with the tokens. SHA1 hash of password and salt must be uppercased ;)

[codmpm]

node-red-contrib-loxone 0.5.0 already live: https://flows.nodered.org/node/node-red-contrib-loxone

[zllimit]

hello everyone,
I already updated the node-lox-ws-api to version 0.3.4, but it seems that it still can't work with Lox 9. Can someone told me how to do? Thanks!

[ghost]

Hi there,

I would be also really interested in an update to the new loxone v9 API, with the tokens.
Is anyone on this right now?

Also, great work, thank you :)

[alladdin]

New token based auth for Loxone v9 is in version 0.4.0
It's implemented as new Auth class (Token-Enc)

[codmpm]

Great work!!

Question again: Does node-lox-ws-api distinguish between V8 and V9 (if necessary) and will 0.4.0 run with both versions?

Or do I have to implement version detection on the client side and use the coresponding auth-method?

[hashmet]

Thanks a lot!
But how do I update the lib?

Thanks

[codmpm]

Usually you change the version in your package.json and do npm update.

But please leave the discussion to the topic. Updating node modules is not what this issue is about :-)

[alladdin]

I've implemented version 0.4.1 of ws-api to force Token-Enc auth class for version v9.
The Hash and AES auth classes are for older versions

[ghost]

Hi Ladislav, Is it fully implemented and tested yet? Also I suppose that the audit implementation will still be valid until March 2018. Regards Ladislav Dokulil <[email protected]> schrieb am Mi. 4. Okt. 2017 um 11:38:

…

I've implemented version 0.4.1 of ws-api to force Token-Enc auth class for version v9. The Hash and AES auth classes are for older versions — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#10 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHwdR0ln7j7EXF1kz8c7ODcT7K8zSs4nks5so1IEgaJpZM4PDmW8> .

[jmago17]

I have updated my package.json, and know it’s set like this: ... “dependencies”:... “node-lox-ws-api”: “0.4.1”, ...

Then I did npm update and sudo npm update. I have tried both killing Homebridge and even restarting the pi, but I did not manage it to work. I am missing something?

[codmpm]

node-red-contrib-loxone 0.6.0 with full implementation of node-lox-ws-api 0.4.2 released: https://flows.nodered.org/node/node-red-contrib-loxone
The encryption type defaults to Token-Enc but the "old" ones are selectable for older versions of the miniserver.

Thank you so so much Ladislav for your hard work ^^