Invalid login since 11/01/2021 ? #37
Comments
|
Update: Since around 12:00 Paris time i now meet a 401/{"Message":"Unable to authenticate user."}. But i can still connect with the same credential using dyson link application and dyson website. Sadly i don't know how to trace trafic between my phone and their webservices. |
|
Last time we had login issues with libpurecool they were caused by a lack of header info in the request, causing us to add a user agent (same as the app). It was assumed at the time this would eventually be blocked by dyson. |
|
Same issue here, as of today all 3 of my Dyson fans are unable to auth. Any ideas? |
|
Maybe if someone can track how the dyson app connect to the server, we will have all infos. I can try making a custom made webserver and rerouting the dns call of my phone. But can't it right now. |
|
All I can work out MITM-ing my phone is that it's using the |
|
Also an FYI @shenxn is looking to build a new local control component to link Dyson to Home Assistant. Not sure if they'd be able to shed any light on any changes to the Dyson API. Another FYI, @etheralm has said he doesn't really have the time to work on this anymore, so its unlikely we'll be able to easily PR whatever change is needed for this issue.. probably needs a fork at this point. |
|
Header needs to be changed to I tested this via postman and got the account/password things in response. |
Just tested this change to libpurecool in home assistant (by editing current header in the dyson.py) and it didn't work for me. |
The same request I tried earlier in Postman now doesn't work. seems to be hit or miss as to whether it's going to work or not 🤔 Once this auth is worked out, it may be worth considering saving the credentials the API gives in the hass integration - depending on how long they last ofc. |
|
@googanhiem Ah, interesting the I guess this could be related to the app talking to linkapp-api.dyson.com at some point during it's auth process.
Something has to be screwy though, I can't get the library to auth even if Postman can. |
|
Yeah, I can't replicate the behaviour you're talking about, too bad it would be a decent temp fix. Maybe some of the auth requests are making it through cloudflare at the moment... so if you reboot and it works.. hold off rebooting for a while if you can. |
|
Yeah, something is really odd - I've got the Account and Password auths from Postman luckily - I can manually make the library work with testing like this: which does result in the fan turning on. I was able to achieve HASS functionality again by editing adding an import of Of course, I've no idea how long those values last. And just to clarify, it seems to be repeatable that using Postman to POST Exporting the postman request as code is this: And this does actually work - providing you've just re-authenticated the official app. I also think it's worth mentioning that both those values have not changed during all my testing today. |
|
To properly send JSON data, you can use instead of manually add |
|
I think I found the problem. To make the authentication work, we should first check account status by making a GET request to |
|
@shenxn |
Ah yeah, my bad - that's just the code that postman generated. |
|
So in summary we only need to add this piece of code before we do the login. |
You can use the |
That is also an option, I just thought I would match the current code style. |
|
Hey @shenxn - apologies I am a tad confused. Are you suggesting the only change required is to add adding the following before login within the dyson.py file? The changes from @bfayers are not required? requests.get("https://{0}/v1/userregistration/userstatus?country={1}&email={2}".format( I have tried that but still not working so just curious if @bfayers changes are also requried and your suggestion gets around having to auth using the phone app before login from HA? class DysonAccount: |
|
Based on this thread I've added exactly that to my Kotlin integration with Dyson and it seems to work. The only difference is that I parse the result of the |
|
I have tried just @bfayers changes but I keep getting the following error. What am I doing wrong here? Traceback (most recent call last):
|
|
Hmm...I got it working now but I also needed to change the login logic to this: Notice I changed |
|
Hey @Alexwijn did you only change the dyson.py file not the init.py? |
|
@bfayers code works great. Thanks all |
|
Thanks @bfayers! Updated dyson.py as per your commit and restored my init.py back to original and Dyson integration is now working again. For anyone else that is confused and possibly not as technically proficient like myself, you only need to update the dyson.py file located /usr/local/lib/python3.8/site-packages/libpurecool. Refer to merge request above. Cheers |
|
@bfayers just saw your PR, made an answer on home-assistant/core#46400 (comment) but it was not the correct place to. Find on my code that i also manage a http error 429. |
|
Hi all, I'm maintaining a (plugin for Domoticz ) for the Dyson air purifiers. Can someone tell me what's the best repo for looking at code to do the authentication? As I also get the problem. Whenever Domoticz (or the plugin) restarts, I can't login to Dyson cloud account anymore. The workaround with logging in on the app works indeed for a limited amount of time. I too will copy the credentials locally as a backup method. If someone wants to add stuff to their account, they'll need to go through the workaround of logging into the app. |
|
@JanJaapKo I've managed to find the API calls the app uses to make it work @googanhiem you may also be interested (as might @shenxn ) After entering the email in the app it does these two calls: User Agent for all calls is: Call 1Body: {"email":"emailaddress"}Expected Response: {
"accountStatus":"ACTIVE",
"authenticationMethod":"EMAIL_PWD_2FA"
}Call 2Body: {"email":"emailaddress"}Expected Response: {"challengeId":"challengeIdHere"}After entering the password and code these calls are made: Call 3Body: {
"email": "emailaddress",
"password": "password",
"challengeId": "challengeIdFromEarlier",
"otpCode": "codeFromEmail"
}Expected Response: {
"account": "accountID",
"token": "token",
"tokenType": "Bearer"
}Call 4Headers: Expected Response: Same as it already is, just authenticating differently. Hope all this info is helpful in implementing. I'm unsure how we can deal with the new OTP based auth in this library more than just the recommendation of logging out and back into the app then using the library to retrieve local credentials - there might be something to be said for changing it on HASS' end to allow direct entry of local credentials that a user could retrieve themselves with the help of a script I could write. |
|
@bfayers: really good work! I tied to use it by just changing to v2 endpoint, that didn't help. v3...... Interesting would be to see if a login from something else than the app can also succeed out of the blue. Perhaps have a look into the APK...... I will update my Domitcz plugin and build a mechanism to store the machine's credentials in Domoticz DB (they have a feature called 'Config' for the plugins to store this kind of info). It will then use the Config stored credentials if none were returned from the cloud and I'll leave a note on my Wiki that users must initially first login with the app. I haven't found out yet how long the loginfrom the app clears other login's, during my testing I run into this error: |
Perhaps, thought I somewhat doubt it - in my digging into the APK there's not much info about endpoints other than the ones I found, or the ones already known about for the chinese servers.
Yep, you'll probably hit that lol just have to wait an hour. |
|
@bfayers : I tried what you pointed. But i meet a 400 at Call 2. Code is simple: import requests
uri = "https://{0}/v3/userregistration/email/auth?country={1}&culture={2}".format(
'appapi.cp.dyson.com', 'FR', 'en_US')
login = requests.post(
uri,
headers={'User-Agent': 'Dalvik/2.1.0 (Linux; U; Android 8.1.0; Google Build/OPM6.171019.030.E1)'},
json={ 'email': 'mymail' },
verify=False
)
print(login)Note that i tried with various country / culture:
Note that Call 1 works perfectly. |
Recently Dyson changed their API which broke libpurecool[1]'s integration. This resulted in prometheus-dyson being unable to enumerate devices via Dyson, and thus fail to restart successfully. libdyson refactors libpurecool with a clearer separation between the online Dyson API & the device-interaction logic. This allows us to perform a one-time login to Dyson and cache device information locally, removing the need for repeated logins to Dyson. libdyson also has a more consistent API between different models. This change starts the transition by introducing login component (account.py) and an adapter (libpurecool_adapter) to use the cached information with libpurecool. This also adds a flag (--create_device_cache) to perform the login&OTP dance with Dyson and generate the needed configuration. [1] etheralm/libpurecool#37
|
@qdel you may want to check out this repo: https://github.com/shenxn/ha-dyson I'm trying to get that converted into something that will work with Domoticz..... |
|
This was because of a typo: en_US instead of en-US |
|
@bfayers : Just trying to implement but struggeling with the |
|
@googanhiem : it is the point of 2fa: you try to login you get a code by mail and you enter code in app (like steam for example) When trying to login, the Call 2 should trigger a mail from [email protected] to your account mail. Take code from mail and place it in 'codeFromEmail'. |
|
@qdel Okay. I understand. |
|
Don't like also. But it is now quite often to have such process (apple ios dev for example...). |
I'm pretty sure it does. ;) |
|
I think the app did nothing. In fact, it is why we can auth with old api
after authent in the app. We have valid values in storage, ok then we can
use it.
I think they did this for not forcing reauth of all users.
But I do not think old endpoints will work for a long time.
Le lun. 8 mars 2021 à 12:37, Grizzelbee <[email protected]> a écrit :
… The app keep the token in internal storage
I'm pretty sure it does. ;)
But the main question is: At least for me there hasn't been any
2fa-mailing or something like that after the major day app update.
The app got updated, logged in as usual using the well known and stored
credentials - and done. That's all. No 2fa. No mail. Nothing.
So: what has the app done? That's what I like to implement - since there
seem to be still a way to login with email and pwd (some static data) as
before.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#37 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJIGL3ZBYISKHX2HKN7YM3TCSZIZANCNFSM4XOSYHDA>
.
|
|
Maybe I made myself not clear enough. |
|
The 2fa is for acquiring a token and / or the http authent we were using before. Since we have either auth mode, we don't need to re-identify, we keep acquiring device manifest with the token / http auth we have on memory. These information can be stored persistently in your phone, thus persist after reboot (validity for days, years? i don't know and i would like to)... It is why some implementation split the process of dyson cloud / dyson device: |
You'll have to find a way around it - I recommend doing the login process once and then storing the localcredentials somewhere... even if you can technically use older versions of the api/app to login without 2FA those endpoints will eventually disappear. |
|
Following the indication from @bfayers and @JanJaapKo for retrieving the local credentials for the dyson devices, this is a very trivial workaround in dyson.py. |
|
Hi, I commited there: This version i use, it includes:
Note:
Technical part:
Maybe I will try to commit my modifications if i need more. |
|
So as of today, this has stopped working again. Even the workaround of launching the Dyson mobile app before starting HA is now failing, meaning that there is no way to currently get the Dyson integration working in HA that I can see. Sadtimes. |
|
@Tloram the best option is to use HACS with ha-dyson in offline mode. It works very well and now supports WiFi credentials to determine local credentials for the devices. Given the changes Dyson have made it seems unlikely that a cloud API based solution will be workable long term. Although |
|
@bmorris591 thanks. I just set that up and working great. Guess I'll abandon the official integration for now then. Hopefully ha-dyson and ha-dyson-cloud can be integrated as the official integration replacement at some point soon. |
How do you get WiFi credentials to determine local credentials? Since dyson cloud login is not working anymore I cannot use this method to get the WiFi credentials. I have a TP04 which does not have a sticker with WiFi SSID/pass. |
Same Here, TP04 does not have a sticker |
and others
Hi,
Since the 11/01/2021 morning, the login webservice return a 500 error with the html page: error preview.
The dyson link application seems to work. Credential are correct.
Note also that cloudfare seems to limit the number of request we can do on this webservice. After a couple of 500, we take an error 429 with a Retry-After header set to 3600. (if you want, i made a fix for this and can make a PR).
The text was updated successfully, but these errors were encountered: