Autor Thema: FHEM commands by curl no longer working.  (Gelesen 215 mal)

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
FHEM commands by curl no longer working.
« am: 13 März 2017, 09:45:14 »
My commands that I used to issue using curl are no longer working since I updated to the latest version last week. I get HTTP 400.... even getting a jsonList does not work

➜  ~ curl -vvv http://192.168.1.25:8083/fhem\?cmd\=jsonlist2\&XHR\=1
*   Trying 192.168.1.25...
* TCP_NODELAY set
* Connected to 192.168.1.25 (192.168.1.25) port 8083 (#0)
> GET /fhem?cmd=jsonlist2&XHR=1 HTTP/1.1
> Host: 192.168.1.25:8083
> User-Agent: curl/7.51.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Content-Length: 0
< X-FHEM-csrfToken: csrf_388773353881229
< Content-Type: text/html; charset=UTF-8
<
* Curl_http_done: called premature == 0
* Connection #0 to host 192.168.1.25 left intact

these do not work either

curl http://192.168.1.25:8083/fhem?cmd=set%20mqtt_stereo%20on > /dev/null
curl http://192.168.1.25:8083/fhem?cmd=set%20spdifremote%20itunes > /dev/null

any ideas?
AM

Offline nesges

  • Sr. Member
  • ****
  • Beiträge: 732
    • FTUI Live Demo
Antw:FHEM commands by curl no longer working.
« Antwort #1 am: 13 März 2017, 10:02:37 »
"csrfToken" is your cue. I use the following shell script (edit HOST and PORT):

CMD=$@
HOST=wopr
PORT=8083
TOKEN=`curl -s -D - "http://$HOST:$PORT/fhem&XHR=1" | awk '/X-FHEM-csrfToken/{print $2}'`
URL="http://$HOST:$PORT/fhem?XHR=1&fwcsrf=$TOKEN"
URL=${URL%$'\r'}
DATA="cmd=$CMD"

curl -s -G "$URL" --data-urlencode "$DATA"

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
Antw:FHEM commands by curl no longer working.
« Antwort #2 am: 13 März 2017, 10:31:49 »
OK.  that was it. 
set it to none.  job done. 

thank you.
AM

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
Antw:FHEM commands by curl no longer working.
« Antwort #3 am: 15 März 2017, 12:27:58 »
So the CSRFTOKEN is not working quite as expected.  I can set it to blank when its has not been defined as an attribute before, in which case my URLs that I use to control FHEM work as they used to.  However, if i restart then the CSRFTOKEN is set to 1 and everything stops working.  I have to delete the attr, then set it back to none for everything to start working again.  Seems a bit counter intuitive / a pain.  Is this expected behaviour?

Am i missing something or has controlling fhem by web links and curl commands just got a lot more difficult?
AM

Offline rudolfkoenig

  • Administrator
  • Hero Member
  • *****
  • Beiträge: 15713
Antw:FHEM commands by curl no longer working.
« Antwort #4 am: 15 März 2017, 12:38:34 »
I dont know what you mean with "I can set it to blank", csrfToken can take the attributes described in the commandref.
Default is random, so not everybody is using the same token. You can change it to a fixed value which is probably just as good as random.

With none you have a security hole if you are visiting this FHEMWEB instance with your web-browser.

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
Antw:FHEM commands by curl no longer working.
« Antwort #5 am: 15 März 2017, 12:44:06 »
I understand that there is a security risk with it being disabled, but that is what i would like at the moment.  As it stands I have everything from scripts on various rpi's to HA_bridge for control via alexa, and this update has just stopped everything from working in one update.

I can run a seperete WEB instance, on a different port with this enabled for my general browsing. 

The point is that if i set it to none, which is what i would like in this instance, at least as a temporary fix for me to learn how to change everything, it goes back to a value 1 on reboot. 
AM

Offline rudolfkoenig

  • Administrator
  • Hero Member
  • *****
  • Beiträge: 15713
Antw:FHEM commands by curl no longer working.
« Antwort #6 am: 15 März 2017, 13:00:13 »
Zitat
if i set it to none [...] it goes back to a value 1 on reboot.
Sorry, with none I mean the 4 characters n,o,n and e as in
attr WEB csrfToken noneI just clarified the documentation.

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
Antw:FHEM commands by curl no longer working.
« Antwort #7 am: 15 März 2017, 16:38:29 »
ah.  that did not work before. but it does now.  thanks
AM

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
Antw:FHEM commands by curl no longer working.
« Antwort #8 am: 17 März 2017, 14:27:57 »
Thanks for the help guys.  @nesges your script works a treat.  I now have everything working with the token!
AM

Offline andyclimb

  • Full Member
  • ***
  • Beiträge: 133
Antw:FHEM commands by curl no longer working.
« Antwort #9 am: 18 März 2017, 16:49:45 »
If anyone is interested.  Here is a script to watch an xbmc listener and send fhem commands based on it.  Also shows how to extract the card token and send valid request.  Took me a while to work out that require makes the case lower for headers...
var Xbmc = require('xbmc-listener');
var request = require('request');

var xbmc = new Xbmc({
    host: '192.168.1.138',
    username: 'xxxxx',
    password: 'xxxxx'
});


var host = "192.168.1.25";
var port = "8083";
var baseurl = 'http://' + host + ':' + port + "/fhem&XHR=1";

var cmdlist = [
    "set spdifremote tv",
    "set mqtt_stereo on",
    "set mqtt_tv on"
]

xbmc.connect();

xbmc.on('play', function(data) {

    request(baseurl, function(err, response, body) {
        var token = response.headers['x-fhem-csrftoken'];
        //console.log("TOKEN = " + token);
        var url = baseurl + "&fwcsrf=" + token;

        for (var i in cmdlist) {
            var cmd = url + "&cmd=" + encodeURIComponent(cmdlist[i]);
            request(cmd);
            //console.log(cmd);
        }
    });
});
AM