OpenHab Cloud and OH3 M2 server

Apps & Services openHAB Cloud
#1

There is issue with connecting android app to latest OH3 M2 server.
When I try connect app show error:
Authentication failed. Please check configured username and password respectively the provided SSL client certificate(HTTP code 401)

Open hab server show this error:

[WARN ] [ore.io.rest.auth.internal.AuthFilter] - Unauthorized API request: Invalid Basic authentication credentials

So app somehow do not send compatible username and password to server. Probably best option will be to add Authentication Token instead of username and password


#2

I see that openhab server is sace sensitive in username field and correct capitals in username has fix that issue.
But there is still isue with remote server which connecting to OpenHAB Cloud server.
App can normaly register to “Firebase Cloud Messagigng” but looks like it can’t access to sitemaps and produce error when access “https://SERVER/rest/sitemaps” and crash with error “org.openhab.habdroid.util.HttpClient$HttpException: OK”

Log from server:

2020-11-06 06:24:56.028 [DEBUG] [io.openhabcloud.internal.CloudClient] - on(): request
2020-11-06 06:24:56.029 [DEBUG] [io.openhabcloud.internal.CloudClient] - Got request 266
2020-11-06 06:24:56.029 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“host”:“SERVER”,“cache-control”:“no-cache”,“accept-encoding”:“gzip”,“user-agent”:“openhab-cloud/0.0.1”}
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Request method is GET
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header host = SERVER
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header cache-control = no-cache
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header accept-encoding = gzip
2020-11-06 06:24:56.030 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header user-agent = openhab-cloud/0.0.1
2020-11-06 06:24:56.050 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty finished receiving response header
2020-11-06 06:24:56.051 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent headers to request 266
2020-11-06 06:24:56.052 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“headers”:{“Transfer-Encoding”:“chunked”,“Server”:“Jetty(9.4.20.v20190813)”,“Date”:“Fri, 06 Nov 2020 06:24:56 GMT”,“Content-Type”:“application/json”},“responseStatusCode”:200,“responseStatusText”:“OK”,“id”:266}
2020-11-06 06:24:56.053 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty received response content of size 2120
2020-11-06 06:24:56.054 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent content to request 266
2020-11-06 06:24:56.056 [DEBUG] [io.openhabcloud.internal.CloudClient] - Finished responding to request 266
2020-11-06 06:24:56.483 [DEBUG] [io.openhabcloud.internal.CloudClient] - on(): request
2020-11-06 06:24:56.483 [DEBUG] [io.openhabcloud.internal.CloudClient] - Got request 267
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“host”:“SERVER”,“cache-control”:“no-cache”,“accept-encoding”:“gzip”,“user-agent”:“openhab-cloud/0.0.1”}
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Request method is GET
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header host = SERVER
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header cache-control = no-cache
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header accept-encoding = gzip
2020-11-06 06:24:56.484 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty set header user-agent = openhab-cloud/0.0.1
2020-11-06 06:24:56.488 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty finished receiving response header
2020-11-06 06:24:56.489 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent headers to request 267
2020-11-06 06:24:56.490 [DEBUG] [io.openhabcloud.internal.CloudClient] - {“headers”:{“Transfer-Encoding”:“chunked”,“Server”:“Jetty(9.4.20.v20190813)”,“Date”:“Fri, 06 Nov 2020 06:24:56 GMT”,“Content-Type”:“application/json”},“responseStatusCode”:401,“responseStatusText”:“OK”,“id”:267}
2020-11-06 06:24:56.490 [DEBUG] [io.openhabcloud.internal.CloudClient] - Jetty received response content of size 63
2020-11-06 06:24:56.491 [DEBUG] [io.openhabcloud.internal.CloudClient] - Sent content to request 267
2020-11-06 06:24:56.492 [WARN ] [io.openhabcloud.internal.CloudClient] - Jetty request 267 failed: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
2020-11-06 06:24:56.492 [WARN ] [io.openhabcloud.internal.CloudClient] - Response Failure: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
2020-11-06 06:24:56.494 [DEBUG] [io.openhabcloud.internal.CloudClient] - Finished responding to request 267

Looks like is related to Cloud server can please thread be moved into right forum?

#3

You can do that yourself actually. Click the pencil icon next to the topic title and you can change the title, category, and tags.

1 Like
#4

Thread moved to correct forum


After more researching it looks like openHAB Cloud addon can’t access to API or do not receive correct authentication data in request.
Is possible that special characters in password like @ can produce problems when nginx and node process requests?

#5

It might be because @ separates username and password from server in standard http://user:pass@url/path?query usage.

#6

I will try today but I think that it is not issue and they are think about that
 Probably openHAB Cloud addon do not or do not support authentication to API on same openHAB server and think that if run on it it can access to it

If @ is problem thatn also probably will be problem with username which must on openhabCloud contain @ 

For example:

http://my.name@domain:MY_PASS_WITH_@@https://server.domain/path?query

I see that if I enable in API “Implicit user role for unauthenticated requests” that access over cloud work. But my server in that case is not secured and everyone can without login access over API to items/sites and that is not option.

Is source code for cloud connect addon availible(That I check how it acces to API)?
Is there plan to add new security login to API with tokens(Probably new option in cloud addon to enter token?

#7

Take a look there: https://github.com/openhab/openhab-addons/blob/main/bundles/org.openhab.io.openhabcloud/src/main/java/org/openhab/io/openhabcloud/internal/CloudClient.java

Thats pretty much everything. What you will notice that it is a connection to openhab cloud which forwards some calls from public instance to yours without doing anything except basic credentials check.

Reason why it doesnt work for you is rather trivial and caused by cloud connector architecture. Openhab cloud rely on basic auth so you need to have the same credentials in both places (oh & oh cloud) to let it work.
If you have a missmatch and send OH credentials to openhabcloud it will mark request as unauthenticated and abstain from forwarding it.

1 Like
#8

Thanks for reply. I will check sources.
I have same username and password on both sides. On openHABCloud server account have master permissions and on OpenHAB server it have administrator permissions. Only issue which can be is that I use special characters in password and @ character at end of password. That I will try later today and if that is problem report that as bug otherwise there is some other issue beetween cloud and openhab server


#9

Im change password on openhab server and cloud server to one without @ in it and same thing happen so that special character in password is not issue


#10

I am getting the same response with the android app beta and with the homehabit app.

16:51:04.056 [WARN ] [core.io.rest.auth.internal.AuthFilter] - Unauthorized API request: Invalid Basic authentication credentials

1 Like
#11

All right, in such case it looks more like a case where openhab-cloud removes authorization header and pass request without it. When OH receives it locally it refuses it.

1 Like
#12

Im open bug report and we will see if it ill be fixed


#13

Little update
 Im check cloud addon source code, setup VSCode IDE and add new API token authentication into Cloud addon.

openhab_cloud_settings
openhab_cloud_settings1656×498 38.7 KB

Right now I testing addon and looks like it work as must.

Both option can be disabled and it normally work ONLY over cloud connection.

api_security_settings
api_security_settings912×301 23.9 KB

Because Android app do not support API Token authentication it do not connect localy. To use also local connetion in API settings “Allow Basic Authentication” must be enabled. Then it work like this:
Local connection use basic authentication which is supported by android app
Remote connection use basic authentication to connect to Cloud server but then addon localy use API key to authenticate to openhab server.
That way you can have disabled “Implicit user role for unauthenticated requests” and prevent everyone in your local network to control your openhab server


Now I need fix implementation of sendNotification() functions to get it work on OH3 and then if someone is interested to try/test it I can send jar file 
 Im new at openhab developing so probably I will need more time to understand things and fix that :slight_smile:

#14

HI
whow did you open this box ? (API token) i dont have this one

image
image1580×464 93.3 KB

#15

You don’t have this API Token because this is custom version OpenHAB Cloud addon which Im made myself for my private OpenHAB Cloud to solve issues and overide “Allow Basic Authentication” issue


#16

Hello All,

I’m facing the same issue to setup local access from my app to my openhab. I’m seeing below error:
[WARN ] [ore.io.rest.auth.internal.AuthFilter] - Unauthorized API request: Invalid Basic authentication credentials

#17
#18

Hi Rich,

thanks for sharing, I have added token as suggest on Android APP and also checked my “Allow Basic Authentication” is disable, is that true? Still not working

#19

Maybe the issue you have and the one I had is not related to this original topic but I found enabling “allow Basic Authentication” and using my new OH 3.1 admin username/password in the local settings solved the problem for me. I didn’t need to change anything in the remote settings. I couldn’t find the API token as described in the Rest API link

Edited: I figured out how I was supposed to click on my profile name in the lower left hand corner of the openHAB Main UI to create an API token. I copy and pasted that entire text into the username of the android app and it now works even after turning “allow Basic Authentication” off.

1 Like
#20

Did you fix this? Doesnt work over a Cloud connection remotely.