Sure Petcare binding login failure due to rejected HTTP user agent

I upgraded from OH3.4.1 to OH4.0M3 recently and I am working through upgrade issues.

One issue I found that I am currently unable to fix is with the Sure Petcare binding. Not certain it is an OH4 specific issue or not. I just noticed it was no longer logging in successfully. Not sure when this started failing but after some digging it appears it is because login with known good username and password is being rejected based on the hard coded http user agent passed by the binding. Didn’t notice till after upgrade when I began digging into issue but I am sure it is broken in earlier releases as well since it appears to be filtered on remote server side.

The user agent hard coded in the binding, “Mozilla/5.0 (Linux; Android 7.0; SM-G930F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.36”, fails with a 403 forbidden error when I test API login using curl from command line. If I change just one character of user agent it will work and we get a JSON response with a session token. I don’t have a working openHAB dev environment setup to fix this directly but I was hoping whomever is the maintainer would see this post and hopefully get this corrected for next release and/or provide a snapshot jar to correct issue in short term.

Link to line of code in question that I believe is the issue
https://github.com/openhab/openhab-addons/blob/43d35538d5395dbe20929bd26145216d25593171/bundles/org.openhab.binding.surepetcare/src/main/java/org/openhab/binding/surepetcare/internal/SurePetcareAPIHelper.java#L66

This works

curl -v -X POST -H 'Content-Type: application/json' -d '{"email_address":"<USERNAME>","password":"<PASSWORD>","device_id":"<ANYRANDOMSTRING>"}'  -A 'Mozilla/5.0 (Linux; Android 7.0; SM-G930F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.37' https://app.api.surehub.io/api/auth/login

receive HTTP 200

This fails

curl -v -X POST -H 'Content-Type: application/json' -d '{"email_address":"<USERNAME>","password":"<PASSWORD>","device_id":"<ANYRANDOMSTRING>"}'  -A 'Mozilla/5.0 (Linux; Android 7.0; SM-G930F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.36' https://app.api.surehub.io/api/auth/login

receive HTTP 403

Having the same problem without upgrading. Seems kinda like surepet started blocking?

I can also confirm - stopped working with 3.4 as well🙀. cool that you already were figure out the reason .

Can you try this:
org.openhab.binding.surepetcare-3.4.5-SNAPSHOT.jar

See:

and:

1 Like

thank you for the quick fix!

on my system the provided .jar solves the connection issue (oh 3.4.4):

with kind regards,
Patrik

This isn’t working for me in OH4.0M3. Getting lots of new errors. Assuming it is meant for OH3.4 release. Anyone on 3.4 able to test.

2023-06-01 12:11:22.825 [ERROR] [org.openhab.core.internal.common.AbstractInvocationHandler                        ] - An error occurred while calling method 'ThingHandler.initialize()' on 'org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler@73f83d': 'void org.openhab.core.library.types.DecimalType.<init>(double)'
java.lang.NoSuchMethodError: 'void org.openhab.core.library.types.DecimalType.<init>(double)'
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareDeviceHandler.updateThing(SurePetcareDeviceHandler.java:138) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.updateThings(SurePetcareBridgeHandler.java:189) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.initialize(SurePetcareBridgeHandler.java:84) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:147) ~[?:?]
	at org.openhab.core.internal.common.Invocation.call(Invocation.java:52) ~[?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
	at java.lang.Thread.run(Thread.java:833) ~[?:?]
2023-06-01 12:11:22.850 [ERROR] [org.openhab.core.thing.internal.ThingManagerImpl                                  ] - Exception occurred while initializing handler of thing 'surepetcare:bridge:deb0d7ef91': 'void org.openhab.core.library.types.DecimalType.<init>(double)'
java.lang.NoSuchMethodError: 'void org.openhab.core.library.types.DecimalType.<init>(double)'
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareDeviceHandler.updateThing(SurePetcareDeviceHandler.java:138) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.updateThings(SurePetcareBridgeHandler.java:189) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.initialize(SurePetcareBridgeHandler.java:84) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:147) ~[?:?]
	at org.openhab.core.internal.common.Invocation.call(Invocation.java:52) ~[?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
	at java.lang.Thread.run(Thread.java:833) ~[?:?]
2023-06-01 12:11:23.781 [ERROR] [org.openhab.core.internal.common.AbstractInvocationHandler                        ] - An error occurred while calling method 'ThingHandler.initialize()' on 'org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler@73f83d': 'void org.openhab.core.library.types.DecimalType.<init>(double)'
java.lang.NoSuchMethodError: 'void org.openhab.core.library.types.DecimalType.<init>(double)'
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareDeviceHandler.updateThing(SurePetcareDeviceHandler.java:138) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.updateThings(SurePetcareBridgeHandler.java:189) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.initialize(SurePetcareBridgeHandler.java:84) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:147) ~[?:?]
	at org.openhab.core.internal.common.Invocation.call(Invocation.java:52) ~[?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
	at java.lang.Thread.run(Thread.java:833) ~[?:?]
2023-06-01 12:11:23.789 [ERROR] [org.openhab.core.thing.internal.ThingManagerImpl                                  ] - Exception occurred while initializing handler of thing 'surepetcare:bridge:deb0d7ef91': 'void org.openhab.core.library.types.DecimalType.<init>(double)'
java.lang.NoSuchMethodError: 'void org.openhab.core.library.types.DecimalType.<init>(double)'
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareDeviceHandler.updateThing(SurePetcareDeviceHandler.java:138) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.updateThings(SurePetcareBridgeHandler.java:189) ~[?:?]
	at org.openhab.binding.surepetcare.internal.handler.SurePetcareBridgeHandler.initialize(SurePetcareBridgeHandler.java:84) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
	at org.openhab.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:147) ~[?:?]
	at org.openhab.core.internal.common.Invocation.call(Invocation.java:52) ~[?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[?:?]
	at java.lang.Thread.run(Thread.java:833) ~[?:?]```

can you provide an OH4 snapshot jar file??

Of course: org.openhab.binding.surepetcare-4.0.0-SNAPSHOT.jar

That worked!! Thanks for quick turnaround.

Out of curiosity what user agent you sending now?? Hate to se this to turn into a game of whack-a-mole. We should send something a little less unique. Make it look like a current version of Firefox or Chrome so can’t be easily targeted.

For now I’m exposing/declaring who we really are, e.g. “openHAB/4.0.0”, assuming that they blocked the specific user-agent because of security or to enforce an app upgrade of older client versions under their control.

If it turns out to be the case they want to actively block everyone openly using their API, I think this would be a new situation we would have to deal with.

Do I have to add the jar manually, or are the add-ons independently updated automatically in oh 3.4? Or do I have to wait for a new 3.4 release and upgrade to that?

Thank you so much! I updated my system and then had no idea where the cat was :slight_smile: Removed the binding, added the JAR manually to Addons, re-booted and everything has come back. Many thanks!

Hello,

I like your curl for the login, can you please tell me a curl for asking if the cat is inside or outside and to set the cat to inside or outside.

thx

Klaus

You can uninstall the binding and drop the JAR in your addons directory to get the fix immediately. The PR has been merged, so the fix will also be included in 4.0. Hopefully it will also be included in any next 3.4 hotfix.

You can login to the Sure Petcare web app using desktop versions of Firefox or Chrome in developer mode (F12) and use the network tab to see the needed headers and JSON queries/responses required to craft the manual curl requests from cli. I haven’t dug into reversing the API enough to craft any valid requests outside of testing the login process at issue here. I know just enough to be dangerous and keep the application devs at work honest. There are several projects out there that have reversed the Sure Petcare api in various scripting languages that you could use that would likely be easier for you if Jacob’s binding doesn’t do what you need.

For browsers you can install addons like life http.
This will capture/show the dara traffic towards a site. So you can identify if it is a post or get request and further headers etc.

1 Like

Hello,

many thx for the hint I was able to capture and use the first two curl.

thx

Klaus

Hello,

looks like the sureflap developers changed it (back)

I can use both now, yesterday this wasn’t possible for me:

curl -v -X POST -H ‘Content-Type: application/json’ -d ‘{“email_address”:“”,“password”:“”,“device_id”:“”}’ -A ‘Mozilla/5.0 (Linux; Android 7.0; SM-G930F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.37’ https://app.api.surehub.io/api/auth/login

curl -v -X POST -H ‘Content-Type: application/json’ -d ‘{“email_address”:“”,“password”:“”,“device_id”:“”}’ -A ‘Mozilla/5.0 (Linux; Android 7.0; SM-G930F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.36’ https://app.api.surehub.io/api/auth/login

regards

Klaus