Denied access due to incorrect credentials

Question

Denied access due to incorrect credentials

Closed this issue 10 months ago · 7 comments

Describe the bug
Cannot login with correct credentials after update from version 0.x.x to 1.2.0.
With the used credential I can login on the webside from robonect, therefore they are correct.

Log:
You used: Username=xxxxxxxxx, Password=yyyyyyyy for login. Please double check your credentials and if they are correct - try using an easier password containing only upper- and lowercase letters and numbers. Your Robonect has denied access due to incorrect credentials. Request failed with status code 401

Versions:

Adapter version: 1.2.0
JS-Controller version: 5.0.12
Admin: 6.10.1
Node version: 18.16.0
Operating system: Armbian Linux Debian Bullseye

Answer 1 · 2023-09-28T06:08:53.000Z

I'm generally aware of this issue. I had it myself when I started updating the adapter - and it was one of the main reasons to write that update. At that time I had special characters like "#;!$" and so on in my password. Unfortunately I wasn't able to get it to work having such characters in the password.
For that reason I decided to log that hint:
if they are correct - try using an easier password containing only upper- and lowercase letters and numbers.

I'm aware that this can be only an intermediate solution - but currently I have no idea how to solve this issue since I don't know where the process crashes.
I take the password directly from the config, put it into a string and send this string to robonect via axios using a simple http connect.

If there are any ideas to solve this issue out there I'm open to hear and test it.

Answer 2 · 2023-09-28T06:36:26.000Z

Hi, you can have a look in my adapter fb-checkpresence.
I use also the password functionality.

Io-package.json:
"encryptedNative": [
"password"
],
"protectedNative": [
"password"
],

Answer 3 · 2023-09-28T06:43:10.000Z

I'm aware of this password encryption since I use it in all my adapters. But this isn't the issue. Maybe I described it more clearly in the german ioBroker forum thread: https://forum.iobroker.net/topic/11834/neuer-robonect-hx-adapter/387

Answer 4 · 2023-09-28T06:53:39.000Z

Zweites password ist groß geschrieben.
"encryptedNative": [
"password"
],
"protectedNative": [
"Password"
],

Answer 5 · 2023-09-28T06:56:59.000Z

Ja. Okay. Das verhindert den Schutz des Passwortes gegenüber anderen Adaptern - da hast Du Recht. Aber das kann nicht das eigentliche Problem sein, weil einfache Passwörter ja funktionieren. Es sind die Sonderzeichen, die das Ganze kaputt machen.

Answer 6 · 2023-09-28T20:06:15.000Z

Hast du mal HTTP-Authentifizierung ausprobiert? Das Verfahren ist ja auch in der Robonect Docu aufgeführt.

Answer 7 · 2023-10-02T07:23:43.000Z

Hast du mal HTTP-Authentifizierung ausprobiert? Das Verfahren ist ja auch in der Robonect Docu aufgeführt.

Hatte ich mir angeschaut, bin bei der v1.0.0 allerdings aufgrund eines gewissen Unverständnisses wieder davon abgekommen und habe nur eine andere Form des URL-Encoding verwendet. Aufgrund deines Hinweises habe ich mir das noch einmal angesehen und jetzt in der v1.3.0 tatsächlich umgesetzt.
Ab sofort sollten also beliebig komplexe Passwörter funktionieren.

To all non german speakers:
Basic Auth has been implemented in V1.3.0. As a result the weak password requirement has fallen and complex passwords are possible now!