Neuigkeiten:

Am Sonntag den 8.12.2024 kann es ab ca. 8:00 Uhr zu kurzzeitigen Einschränkungen / Ausfällen bei den Diensten des FHEM Vereines kommen.
Die Server müssen mal gewartet und dabei neu gestartet werden ;)

Hauptmenü

Neue Version von HTTPMOD mit neuen Features zum Testen

Begonnen von StefanStrobel, 05 Dezember 2015, 08:31:32

Vorheriges Thema - Nächstes Thema

fireball

Hi,

kann mir jemand auf die Sprünge helfen, wo mein Problem liegt?!
Ausgangssituation, ich frage meine Katzenklappe ab. Nach einem Login bekommt man einen Token und den sollte man dann für weitere Anfragen nutzen.

Das ist mein Device:
Internals:
   BUSY       0
   DEF        https://app.api.surehub.io/api/me/start 300
   FUUID      66acb8ca-f33f-0804-6cfa-8787b17a4c2a5eb8
   Interval   60
   LastAuthTry 2024-08-02 16:19:26
   MainURL    https://app.api.surehub.io/api/me/start
   ModuleVersion 4.2.0 - 11.8.2023
   NAME       Katzenklappe
   NOTIFYDEV  global
   NR         717
   NTFY_ORDER 50-Katzenklappe
   STATE      1
   TYPE       HTTPMOD
   eventCount 40
   httpbody   {"data":}
   sid        eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
   value     
   CompiledRegexes:
   HttpUtils:
     NAME       
     addr       https://app.api.surehub.io:443
     auth       0
     buf       
     code       200
     compress   1
     conn       
     data       
     displayurl https://app.api.surehub.io/api/me/start
     header     Content-Type: application/json
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
     host       app.api.surehub.io
     httpheader HTTP/1.1 200 OK
Date: Fri, 02 Aug 2024 14:20:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Server: nginx
ETag: "ykJ1B9fWBkqtFfvnxv88fQCIPmc"
api-supported-versions: 1.0
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
     httpversion 1.1
     hu_blocking 0
     hu_filecount 1
     hu_port    443
     hu_portSfx
     ignoreredirects 1
     loglevel   4
     path       /api/me/start
     protocol   https
     redirects  0
     timeout    2
     url        https://app.api.surehub.io/api/me/start
     sslargs:
   QUEUE:
   READINGS:
     2024-08-02 15:39:52   LAST_ERROR      read from https://app.api.surehub.io:443 timed out
     2024-08-02 14:10:15   Status          1
   REQUEST:
     context    reading
     data       
     header     Content-Type: application/json
Accept: application/json
Authorization: Bearer $sid
     ignoreredirects 0
     num        unknown
     retryCount 0
     type       update
     url        https://app.api.surehub.io/api/me/start
   defptr:
     readingBase:
       Status     reading
     readingNum:
       Status     01
     readingOutdated:
     requestReadings:
       update:
         Status     reading 01
Attributes:
   enableControlSet 1
   enableCookies 1
   extractAllJSON 0
   get01CheckAllReadings 0
   get01ExtractAllJSON 0
   get01Name  Tiere
   get01URL   https://app.api.surehub.io/api/pet/546255
   get1Name   Geräte
   get1URL    https://app.api.surehub.io/api/pet/546255
   httpVersion 1.1
   icon       hm-tc-it-wm-w-eu
   reAuthRegex .*401.*
   replacement01Mode key
   replacement01Regex %%Katzenklappe_Secret%%
   replacement01Value Katzenklappe_Secret
   requestHeader1 Content-Type: application/json
   requestHeader2 Accept: application/json
   requestHeader4 Authorization: Bearer $sid
   room       GARAGE
   set01Max   100
   set01Method PATCH
   set01Min   0
   set01Name  Auf
   set01TextArg 1
   set01URL   http://Katzenklappe /data/v2/domain/Shutter/$val1/RequestAction
   set01ValueSeparator ,
   showBody   1
   showError  1
   sid1Data   {"email_address":"xxxxxxxxxxx","password":"%%Katzenklappe_Secret%%","device_id":"1160528"}
   sid1Header1 Content-Type: application/json
   sid1Header2 accept: application/json
   sid1IdJSON data_token
   sid1URL    https://app.api.surehub.io/api/auth/login
   userattr   reAuthRegex requestHeader2 requestHeader3 sidHeader1 sidHeader2
   verbose    5


Die LoginSeite wird über sid1 - Abgefragt und es wird auch ein Token erstellt.
Dieser wird auch für die URL unter DEF genutzt.

Ich will jetzt aber weitere URLs abfragen, mit get01 usw... evtl. sogar set01 (das ist nur als Dummy angelegt).
Hier seh ich aber im Log, dass trotz requestHeader4 Authorization: Bearer $sid dieser Token bei den getXX nicht genommen wird.

Im Log sieht man das dann hier, bei "HandleSendQueue sends get1" steht No Data, No Header!

2024.08.02 15:58:43 5: Katzenklappe: JSON Flatter sets data_token to eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
2024.08.02 15:58:43 4: Katzenklappe: extracted JSON values to internal
2024.08.02 15:58:43 5: Katzenklappe: GetCookies is looking for Cookies
2024.08.02 15:58:43 5: Katzenklappe: ExtractSid called, context sid, num 1
2024.08.02 15:58:43 5: Katzenklappe: Checking SID with JSON data_token
2024.08.02 15:58:43 4: Katzenklappe: ExtractSid set sid to eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
2024.08.02 15:58:43 4: Katzenklappe: checking for redirects, code=200, ignore=0
2024.08.02 15:58:43 4: Katzenklappe: no redirects to handle
2024.08.02 15:58:43 5: Katzenklappe: Read callback sets LAST_REQUEST to auth1
2024.08.02 15:58:43 5: Katzenklappe: HandleSendQueue called from Fhem internal timer, qlen = 1
2024.08.02 15:58:43 5: Katzenklappe: Replace called for type get1, regex (?^:%%Katzenklappe_Secret%%), mode key, value Katzenklappe_Secret input: https://app.api.surehub.io/api/pet/xxxxxx
2024.08.02 15:58:43 5: Katzenklappe: ReadKeyValue tries to read value for Katzenklappe_Secret from file
2024.08.02 15:58:43 5: Katzenklappe: no separator for multiple values (Context get1, 1)
2024.08.02 15:58:43 4: Katzenklappe: HandleSendQueue sends get1 with timeout 2 to https://app.api.surehub.io/api/pet/xxxxxx, No Data, No Header
2024.08.02 15:58:44 5: Katzenklappe: ReadCallback called from __ANON__
2024.08.02 15:58:44 4: Katzenklappe: Read callback: request type was get1 retry 1,
2024.08.02 15:58:44 5: Katzenklappe: Read callback: body empty
2024.08.02 15:58:44 4: Katzenklappe: BodyDecode is not decoding the response body (charset not found, bodyDecode defaults to none)
2024.08.02 15:58:44 5: Katzenklappe: GetCookies is looking for Cookies
2024.08.02 15:58:44 5: Katzenklappe: ExtractSid called, context get, num 1
2024.08.02 15:58:44 4: Katzenklappe: checking for redirects, code=401, ignore=0
2024.08.02 15:58:44 4: Katzenklappe: no redirects to handle
2024.08.02 15:58:44 5: Katzenklappe: Read callback sets LAST_REQUEST to get1
2024.08.02 15:58:44 5: Katzenklappe: CheckAuth is checking buffer with ReAuthRegex (?^:.*401.*)
2024.08.02 15:58:44 4: Katzenklappe: CheckAuth decided new authentication required
2024.08.02 15:58:44 4: Katzenklappe: Authentication still required but no retries left - did last authentication fail?
2024.08.02 15:58:44 5: Katzenklappe: ExtractReading for context get, num 1 - no individual parse definition
2024.08.02 15:58:44 5: Katzenklappe: Read starts parsing response to get1 with defined readings:
2024.08.02 15:58:44 4: Katzenklappe: Read response to get1 didn't match any Reading
2024.08.02 15:58:44 5: Katzenklappe: HandleSendQueue called from ReadCallback, qlen = 0
2024.08.02 15:58:44 5: Katzenklappe: HandleSendQueue found no usable entry in queue


Ich dachte die requestHeaderXX sind globale Werte und werden bei allen GET/SET gesendet?!

Sieht jemand viell. mein Problem?

VG+Danke
René

fireball

Habs hinbekommen, die Lösung war, bei jeden getXX auch die Header zu setzen:
get01Header01 Authorization: Bearer $sid
get01Header02 Content-Type: application/json, Accept: application/json

VG
René

Onkel.Tom

Hallo zusammen,

meine bisher funktionierende HTTPMOD-Abfrage muss angepaßt werden, da ASEKO ihre Webseite (https://aseko.cloud) modernisiert hat.
Dabei bekomme ich immer den Fehlercode 400 / Bad Request zurück und vermute, dass es an dem Attribut get02Data liegt:

define WC HTTPMOD https://aseko.cloud/auth/login 0
setuuid WC 66e1ee9c-f33f-2bca-f94e-fabd2c256d671044
attr WC userattr sid01ldRegex
attr WC bodyDecode utf-8
attr WC enableCookies 1
attr WC extractAllJSON 1
attr WC get01CheckAllReadings 1
attr WC get01Data {"email":"xxx","password":"yyy","cloud":"zzz"}
attr WC get01Header1 Content-Type: application/json
attr WC get01Header2 Accept: */*
attr WC get01Name Auth
attr WC get01URL https://auth.aseko.acs.aseko.cloud/auth/login
attr WC get02CheckAllReadings 1
attr WC get02Data {"operationName":"UnitDetail","variables":{"sn":"sss"},"query":"query UnitDetail($sn: String!) {\
  unitBySerialNumber(serialNumber: $sn) {\
    __typename\
    ... on UnitNotFoundError {\
      serialNumber\
      __typename\
    }\
    ... on UnitAccessDeniedError {\
      serialNumber\
      __typename\
    }\
    ... on UnitNeverConnected {\
      serialNumber\
      name\
      note\
      statusMessages {\
        __typename\
        severity\
        type\
        message\
        detail\
      }\
      __typename\
    }\
    ... on Unit {\
      serialNumber\
      name\
      note\
      brandName {\
        __typename\
        id\
        primary\
        secondary\
      }\
      statusMessages {\
        __typename\
        severity\
        type\
        message\
        detail\
      }\
      heating {\
        __typename\
        lastReset\
      }\
      waterFilling {\
        __typename\
        id\
        waterLevel\
        lastReset\
      }\
      consumables {\
        __typename\
        ... on LiquidConsumable {\
          type\
          canister {\
            __typename\
            id\
            hasWarning\
          }\
          tube {\
            __typename\
            id\
            hasWarning\
          }\
          __typename\
        }\
        ... on ElectrolyzerConsumable {\
          type\
          electrode {\
            __typename\
            hasWarning\
          }\
          __typename\
        }\
      }\
      notificationConfiguration {\
        __typename\
        id\
        type\
        name\
        enabled\
        lowWarningLevel\
        highWarningLevel\
        color\
        currentValue\
        suffix\
        hasWarning\
        possibleWarningLevels\
      }\
      unitModel {\
        __typename\
        id\
        tabs {\
          hideNotifications\
          hideConsumables\
          hideProtocolExport\
          __typename\
        }\
      }\
      __typename\
    }\
  }\
}"}
attr WC get02Header1 Content-Type: application/json
attr WC get02Header2 Accept: */*
attr WC get02Header3 Authorization: Bearer $sid
attr WC get02Name Daten
attr WC get02URL https://graphql.acs.prod.aseko.cloud/graphql
attr WC reAuthRegex /auth/login
attr WC reading100JSON message
attr WC reading100Name message
attr WC reading101JSON statusCode
attr WC reading101Name statusCode
attr WC reading102JSON error
attr WC reading102Name error
attr WC reading103JSON user_isActive
attr WC reading103Name user_isActive
attr WC reading104JSON token
attr WC reading104Name token
attr WC reading105JSON user_lang
attr WC reading105Name user_lang
attr WC reading106JSON user_email
attr WC reading106Name user_email
attr WC reading107JSON user_name
attr WC reading107Name user_name
attr WC reading108JSON user_createdAt
attr WC reading108Name user_createdAt
attr WC reading109JSON user_id
attr WC reading109Name user_id
attr WC reading110JSON user_updatedAt
attr WC reading110Name user_updatedAt
attr WC reading111JSON user_surname
attr WC reading111Name user_surname
attr WC reading112JSON errors_01_extensions_stacktrace_6
attr WC reading112Name errors_01_extensions_stacktrace_6
attr WC reading113JSON errors_01_extensions_stacktrace_2
attr WC reading113Name errors_01_extensions_stacktrace_2
attr WC reading114JSON errors_01_extensions_stacktrace_4
attr WC reading114Name errors_01_extensions_stacktrace_4
attr WC reading115JSON errors_01_message
attr WC reading115Name errors_01_message
attr WC reading116JSON errors_01_extensions_stacktrace_5
attr WC reading116Name errors_01_extensions_stacktrace_5
attr WC reading117JSON errors_01_extensions_stacktrace_0
attr WC reading117Name errors_01_extensions_stacktrace_0
attr WC reading118JSON errors_01_extensions_stacktrace_3
attr WC reading118Name errors_01_extensions_stacktrace_3
attr WC reading119JSON errors_01_extensions_code
attr WC reading119Name errors_01_extensions_code
attr WC reading120JSON errors_01_extensions_stacktrace_1
attr WC reading120Name errors_01_extensions_stacktrace_1
attr WC reading121JSON errors_01_extensions_stacktrace_8
attr WC reading121Name errors_01_extensions_stacktrace_8
attr WC reading122JSON errors_01_extensions_stacktrace_7
attr WC reading122Name errors_01_extensions_stacktrace_7
attr WC reading123JSON errors_01_extensions_originalError_statusCode
attr WC reading123Name errors_01_extensions_originalError_statusCode
attr WC reading124JSON data
attr WC reading124Name data
attr WC reading125JSON errors_01_path_0
attr WC reading125Name errors_01_path_0
attr WC reading126JSON errors_01_locations_01_column
attr WC reading126Name errors_01_locations_01_column
attr WC reading127JSON errors_01_extensions_originalError_message
attr WC reading127Name errors_01_extensions_originalError_message
attr WC reading128JSON errors_01_locations_01_line
attr WC reading128Name errors_01_locations_01_line
attr WC showError 1
attr WC verbose 5


In Burpsuite sieht das so aus:

Du darfst diesen Dateianhang nicht ansehen.
 

Die Fehlermdeldung deutet m.E. auf das Query hin:

2024.09.14 10:55:30 5: WC: Read callback: body
{"message":"Bad control character in string literal in JSON at position 102 (line 1 column 103)","error":"Bad Request","statusCode":400}


Anbei das ganze Log:
2024.09.14 10:55:30 5: WC: get called with Daten
2024.09.14 10:55:30 5: WC: get found option Daten in attribute get02Name
2024.09.14 10:55:30 4: WC: get will now request Daten, no optional value
2024.09.14 10:55:30 5: WC: AddToQueue adds type get02 to URL https://graphql.acs.prod.aseko.cloud/graphql, data {"operationName":"UnitDetail","variables":{"sn":"sss"},"query":"query UnitDetail($sn: String!) {
  unitBySerialNumber(serialNumber: $sn) {
    __typename
    ... on UnitNotFoundError {
      serialNumber
      __typename
    }
    ... on UnitAccessDeniedError {
      serialNumber
      __typename
    }
    ... on UnitNeverConnected {
      serialNumber
      name
      note
      statusMessages {
        __typename
        severity
        type
        message
        detail
      }
      __typename
    }
    ... on Unit {
      serialNumber
      name
      note
      brandName {
        __typename
        id
        primary
        secondary
      }
      statusMessages {
        __typename
        severity
        type
        message
        detail
      }
      heating {
        __typename
        lastReset
      }
      waterFilling {
        __typename
        id
        waterLevel
        lastReset
      }
      consumables {
        __typename
        ... on LiquidConsumable {
          type
          canister {
            __typename
            id
            hasWarning
          }
          tube {
            __typename
            id
            hasWarning
          }
          __typename
        }
        ... on ElectrolyzerConsumable {
          type
          electrode {
            __typename
            hasWarning
          }
          __typename
        }
      }
      notificationConfiguration {
        __typename
        id
        type
        name
        enabled
        lowWarningLevel
        highWarningLevel
        color
        currentValue
        suffix
        hasWarning
        possibleWarningLevels
      }
      unitModel {
        __typename
        id
        tabs {
          hideNotifications
          hideConsumables
          hideProtocolExport
          __typename
        }
      }
      __typename
    }
  }
}"}, header Content-Type: application/json
Accept: */*
Authorization: Bearer $sid, retry 0, initial queue len: 0
2024.09.14 10:55:30 5: WC: HandleSendQueue called from AddToSendQueue, qlen = 1
2024.09.14 10:55:30 5: WC: no separator for multiple values (Context get02, 02)
2024.09.14 10:55:30 5: WC: HandleSendQueue is using Cookie refreshToken with path  and Value ttt (key refreshToken;, destination path is /graphql)
2024.09.14 10:55:30 5: WC: DoCookies is adding Cookie header: refreshToken=ttt
2024.09.14 10:55:30 4: WC: HandleSendQueue sends get02 with timeout 2 to https://graphql.acs.prod.aseko.cloud/graphql,
data: {"operationName":"UnitDetail","variables":{"sn":"sss"},"query":"query UnitDetail($sn: String!) {
  unitBySerialNumber(serialNumber: $sn) {
    __typename
    ... on UnitNotFoundError {
      serialNumber
      __typename
    }
    ... on UnitAccessDeniedError {
      serialNumber
      __typename
    }
    ... on UnitNeverConnected {
      serialNumber
      name
      note
      statusMessages {
        __typename
        severity
        type
        message
        detail
      }
      __typename
    }
    ... on Unit {
      serialNumber
      name
      note
      brandName {
        __typename
        id
        primary
        secondary
      }
      statusMessages {
        __typename
        severity
        type
        message
        detail
      }
      heating {
        __typename
        lastReset
      }
      waterFilling {
        __typename
        id
        waterLevel
        lastReset
      }
      consumables {
        __typename
        ... on LiquidConsumable {
          type
          canister {
            __typename
            id
            hasWarning
          }
          tube {
            __typename
            id
            hasWarning
          }
          __typename
        }
        ... on ElectrolyzerConsumable {
          type
          electrode {
            __typename
            hasWarning
          }
          __typename
        }
      }
      notificationConfiguration {
        __typename
        id
        type
        name
        enabled
        lowWarningLevel
        highWarningLevel
        color
        currentValue
        suffix
        hasWarning
        possibleWarningLevels
      }
      unitModel {
        __typename
        id
        tabs {
          hideNotifications
          hideConsumables
          hideProtocolExport
          __typename
        }
      }
      __typename
    }
  }
}"},
header: Content-Type: application/json
Accept: */*
Authorization: Bearer $sid
Cookie: refreshToken=ttt
2024.09.14 10:55:30 5: WC: ReadCallback called from __ANON__
2024.09.14 10:55:30 4: WC: Read callback: request type was get02 retry 0,
header: HTTP/1.1 400 Bad Request
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 14 Sep 2024 08:55:30 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 136
Connection: close
X-Powered-By: Express
Vary: Origin
ETag: W/"88-yeHe6rGFWRwwUnBMNxmPTW8R9E0", body length 136
2024.09.14 10:55:30 5: WC: Read callback: body
{"message":"Bad control character in string literal in JSON at position 102 (line 1 column 103)","error":"Bad Request","statusCode":400}
2024.09.14 10:55:30 4: WC: BodyDecode is decoding the response body as utf-8
2024.09.14 10:55:30 5: WC: JSON Flatter called : prefix , ref is HASH(0x55b0d86718)
2024.09.14 10:55:30 5: WC: JSON Flatter in hash while, key = statusCode, value = 400
2024.09.14 10:55:30 5: WC: JSON Flatter sets statusCode to 400
2024.09.14 10:55:30 5: WC: JSON Flatter in hash while, key = message, value = Bad control character in string literal in JSON at position 102 (line 1 column 103)
2024.09.14 10:55:30 5: WC: JSON Flatter sets message to Bad control character in string literal in JSON at position 102 (line 1 column 103)
2024.09.14 10:55:30 5: WC: JSON Flatter in hash while, key = error, value = Bad Request
2024.09.14 10:55:30 5: WC: JSON Flatter sets error to Bad Request
2024.09.14 10:55:30 4: WC: extracted JSON values to internal
2024.09.14 10:55:30 5: WC: GetCookies is looking for Cookies
2024.09.14 10:55:30 5: WC: ExtractSid called, context get, num 02
2024.09.14 10:55:30 4: WC: checking for redirects, code=400, ignore=0
2024.09.14 10:55:30 4: WC: no redirects to handle
2024.09.14 10:55:30 5: WC: Read callback sets LAST_REQUEST to get02
2024.09.14 10:55:30 5: WC: CheckAuth is checking buffer with ReAuthRegex (?^:/auth/login)
2024.09.14 10:55:30 5: WC: CheckAuth decided no authentication required
2024.09.14 10:55:30 5: WC: ExtractReading for context get, num 02 - no individual parse definition
2024.09.14 10:55:30 5: WC: FormatReading is encoding the reading value as utf-8 because no encoding was specified and the response body charset was unknown or decoded
2024.09.14 10:55:30 5: WC: Read sets reading statusCode to value 400 of JSON statusCode
2024.09.14 10:55:30 5: WC: FormatReading is encoding the reading value as utf-8 because no encoding was specified and the response body charset was unknown or decoded
2024.09.14 10:55:30 5: WC: Read sets reading message to value Bad control character in string literal in JSON at position 102 (line 1 column 103) of JSON message
2024.09.14 10:55:30 5: WC: FormatReading is encoding the reading value as utf-8 because no encoding was specified and the response body charset was unknown or decoded
2024.09.14 10:55:30 5: WC: Read sets reading error to value Bad Request of JSON error
2024.09.14 10:55:30 5: WC: Read starts parsing response to get02 with defined readings: 100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128
2024.09.14 10:55:30 5: WC: ExtractReading message with json message ...
2024.09.14 10:55:30 5: WC: FormatReading is encoding the reading value as utf-8 because no encoding was specified and the response body charset was unknown or decoded
2024.09.14 10:55:30 5: WC: ExtractReading for reading100-1 sets message to Bad control character in string literal in JSON at position 102 (line 1 column 103)
2024.09.14 10:55:30 5: WC: ExtractReading value as hex is 42616420636f6e74726f6c2063686172616374657220696e20737472696e67206c69746572616c20696e204a534f4e20617420706f736974696f6e2031303220286c696e65203120636f6c756d6e2031303329
2024.09.14 10:55:30 5: WC: ExtractReading statusCode with json statusCode ...
2024.09.14 10:55:30 5: WC: FormatReading is encoding the reading value as utf-8 because no encoding was specified and the response body charset was unknown or decoded
2024.09.14 10:55:30 5: WC: ExtractReading for reading101-1 sets statusCode to 400
2024.09.14 10:55:30 5: WC: ExtractReading value as hex is 343030
2024.09.14 10:55:30 5: WC: ExtractReading error with json error ...
2024.09.14 10:55:30 5: WC: FormatReading is encoding the reading value as utf-8 because no encoding was specified and the response body charset was unknown or decoded
2024.09.14 10:55:30 5: WC: ExtractReading for reading102-1 sets error to Bad Request
2024.09.14 10:55:30 5: WC: ExtractReading value as hex is 4261642052657175657374
2024.09.14 10:55:30 5: WC: ExtractReading user_isActive with json user_isActive ...
2024.09.14 10:55:30 5: WC: ExtractReading user_isActive with json user_isActive did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_isActive with json /^user_isActive/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_isActive did not match
2024.09.14 10:55:30 5: WC: ExtractReading token with json token ...
2024.09.14 10:55:30 5: WC: ExtractReading token with json token did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading token with json /^token/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading token did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_lang with json user_lang ...
2024.09.14 10:55:30 5: WC: ExtractReading user_lang with json user_lang did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_lang with json /^user_lang/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_lang did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_email with json user_email ...
2024.09.14 10:55:30 5: WC: ExtractReading user_email with json user_email did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_email with json /^user_email/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_email did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_name with json user_name ...
2024.09.14 10:55:30 5: WC: ExtractReading user_name with json user_name did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_name with json /^user_name/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_name did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_createdAt with json user_createdAt ...
2024.09.14 10:55:30 5: WC: ExtractReading user_createdAt with json user_createdAt did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_createdAt with json /^user_createdAt/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_createdAt did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_id with json user_id ...
2024.09.14 10:55:30 5: WC: ExtractReading user_id with json user_id did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_id with json /^user_id/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_id did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_updatedAt with json user_updatedAt ...
2024.09.14 10:55:30 5: WC: ExtractReading user_updatedAt with json user_updatedAt did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_updatedAt with json /^user_updatedAt/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_updatedAt did not match
2024.09.14 10:55:30 5: WC: ExtractReading user_surname with json user_surname ...
2024.09.14 10:55:30 5: WC: ExtractReading user_surname with json user_surname did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading user_surname with json /^user_surname/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading user_surname did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_6 with json errors_01_extensions_stacktrace_6 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_6 with json errors_01_extensions_stacktrace_6 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_6 with json /^errors_01_extensions_stacktrace_6/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_6 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_2 with json errors_01_extensions_stacktrace_2 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_2 with json errors_01_extensions_stacktrace_2 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_2 with json /^errors_01_extensions_stacktrace_2/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_2 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_4 with json errors_01_extensions_stacktrace_4 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_4 with json errors_01_extensions_stacktrace_4 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_4 with json /^errors_01_extensions_stacktrace_4/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_4 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_message with json errors_01_message ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_message with json errors_01_message did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_message with json /^errors_01_message/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_message did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_5 with json errors_01_extensions_stacktrace_5 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_5 with json errors_01_extensions_stacktrace_5 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_5 with json /^errors_01_extensions_stacktrace_5/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_5 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_0 with json errors_01_extensions_stacktrace_0 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_0 with json errors_01_extensions_stacktrace_0 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_0 with json /^errors_01_extensions_stacktrace_0/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_0 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_3 with json errors_01_extensions_stacktrace_3 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_3 with json errors_01_extensions_stacktrace_3 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_3 with json /^errors_01_extensions_stacktrace_3/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_3 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_code with json errors_01_extensions_code ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_code with json errors_01_extensions_code did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_code with json /^errors_01_extensions_code/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_code did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_1 with json errors_01_extensions_stacktrace_1 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_1 with json errors_01_extensions_stacktrace_1 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_1 with json /^errors_01_extensions_stacktrace_1/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_1 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_8 with json errors_01_extensions_stacktrace_8 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_8 with json errors_01_extensions_stacktrace_8 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_8 with json /^errors_01_extensions_stacktrace_8/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_8 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_7 with json errors_01_extensions_stacktrace_7 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_7 with json errors_01_extensions_stacktrace_7 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_7 with json /^errors_01_extensions_stacktrace_7/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_stacktrace_7 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_statusCode with json errors_01_extensions_originalError_statusCode ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_statusCode with json errors_01_extensions_originalError_statusCode did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_statusCode with json /^errors_01_extensions_originalError_statusCode/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_statusCode did not match
2024.09.14 10:55:30 5: WC: ExtractReading data with json data ...
2024.09.14 10:55:30 5: WC: ExtractReading data with json data did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading data with json /^data/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading data did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_path_0 with json errors_01_path_0 ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_path_0 with json errors_01_path_0 did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_path_0 with json /^errors_01_path_0/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_path_0 did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_column with json errors_01_locations_01_column ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_column with json errors_01_locations_01_column did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_column with json /^errors_01_locations_01_column/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_column did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_message with json errors_01_extensions_originalError_message ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_message with json errors_01_extensions_originalError_message did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_message with json /^errors_01_extensions_originalError_message/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_extensions_originalError_message did not match
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_line with json errors_01_locations_01_line ...
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_line with json errors_01_locations_01_line did not match a key directly - trying regex match to create a list
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_line with json /^errors_01_locations_01_line/ got keylist
2024.09.14 10:55:30 5: WC: ExtractReading errors_01_locations_01_line did not match
2024.09.14 10:55:30 4: WC: Read response matched 6, unmatch 26 Reading(s)
2024.09.14 10:55:30 5: WC: Read response to get02 matched statusCode message error message statusCode error
2024.09.14 10:55:30 5: WC: Read response to get02 did not match user_isActive token user_lang user_email user_name user_createdAt user_id user_updatedAt user_surname errors_01_extensions_stacktrace_6 errors_01_extensions_stacktrace_2 errors_01_extensions_stacktrace_4 errors_01_message errors_01_extensions_stacktrace_5 errors_01_extensions_stacktrace_0 errors_01_extensions_stacktrace_3 errors_01_extensions_code errors_01_extensions_stacktrace_1 errors_01_extensions_stacktrace_8 errors_01_extensions_stacktrace_7 errors_01_extensions_originalError_statusCode data errors_01_path_0 errors_01_locations_01_column errors_01_extensions_originalError_message errors_01_locations_01_line
2024.09.14 10:55:30 5: WC: HandleSendQueue called from ReadCallback, qlen = 0
2024.09.14 10:55:30 5: WC: HandleSendQueue found no usable entry in queue

jump to the top


Für jede Hilfestellung bis ich außerordentlich dankbar.

VG
Onkel Tom

dennisk

Hallo zusammen,

ich habe heute mein Arch Linux System vollständig aktualisiert, inklusive FHEM, und neu gestartet. Dabei wurde Perl auf die Version 5.40 aktualisiert. Nun habe ich im Log beim Start von FHEM das hier gefunden:
PERL WARNING: Attempt to call undefined import method with arguments (":all") via package "SetExtensions" (Perhaps you forgot to load the package?) at /usr/share/fhem/FHEM/98_HTTPMOD.pm line 64, <$fh> line 182.Vor dem Update war das definitiv noch nicht im Log. Kann das irgendwas mit Perl 5.40 zu tun haben? Oder hat jemand sonst eine Idee, woran das liegen könnte? Fehlerhaftes Verhalten konnte ich bis jetzt jedenfalls nicht feststellen.

Für Ideen/Hilfestellung wäre ich dankbar. Wenn noch Infos benötigt werden, liefere ich die gerne.

Vielen Dank schon mal.


dennisk

#1325
Zitat von: Prof. Dr. Peter Henning am 16 September 2024, 09:24:41https://stackoverflow.com/questions/23291534/what-is-the-use-of-qwall-in-perl

LG

pah

Danke für den Hinweis! Nach weiterem Einlesen bin ich für Perl 5.40 dann hierüber gestolpert: https://perldoc.perl.org/perl5400delta#Calling-the-import-method-of-an-unknown-package-produces-a-warning
Dort heißt es im letzten Abschnitt:
"It will also detect cases where a user passes an argument when using a package that does not provide its own import, for instance most "pure" class definitions do not define an import method."
Und wenn ich in SetExtensions.pm schaue, dann finde ich keine import Methode. Verstehe ich es also richtig, dass die Warnung deswegen mit Perl 5.40 auftaucht? Und wenn ich in 98_HTTPMOD.pm in Zeile 64 aus
use SetExtensions   qw(:all); dann
use SetExtensions; mache, sollte keine Warnung mehr kommen, der Code aber trotzdem wie gehabt funktionieren?

Edit: Grade ausprobiert, nach der Änderung startet FHEM ohne die Warnung. Und HTTPMOD scheint noch zu funktionieren. Spricht etwas gegen diese Anpassung? Könnte das dann auch übernommen werden?

StefanStrobel

Hallo dennisk,

vermutlich spricht nichts gegen die Änderung und wenn ich nichts gegenteiliges finde, checke ich es so ein.

Gruss
   Stefan

StefanStrobel

Hallo Onkel Tom,

wie kommst Du denn an ein gültiges Authorization-Token?
In Deiner Konfiguration kann ich keine Anmelde-Sequenz oder Extraktion des Tokens erkennen.

Gruss
   Stefan

Onkel.Tom

Zitat von: StefanStrobel am 23 September 2024, 17:35:40Hallo Onkel Tom,

wie kommst Du denn an ein gültiges Authorization-Token?
In Deiner Konfiguration kann ich keine Anmelde-Sequenz oder Extraktion des Tokens erkennen.

Gruss
  Stefan

Hallo Stefan,

mit dem get01Data liefere ich user, password und cloud und bekomme u.a. ein Token zurück,
dass ich im nächsten Schritt get02Header3 Authorization: Bearer $sid wieder anbringe.

In der Zwischenzeit bin ich ein bisschen weiter - und irgendwie auch wieder nicht  :'( :
Mit dem get01 durchlaufe ich die Authorisierung und bekomme das Token.
Mit dem anschließenden get02 möchte ich die Daten abholen und bekomme jetzt zumindest ein HTTP 200 ok zurück.
Im body erhalte ich jedoch folgende Fehlermeldung, die doch auf ein Authorisierungsproblem hindeutet:

Zitat2024.09.23 21:16:39 5: WC: Read callback: body
{"errors":[{"message":"jwt malformed","locations":[{"line":1,"column":786}],"path":["units"],"extensions":{"code":"UNAUTHENTICATED","stacktrace":["UnauthorizedException: jwt malformed","    at AuthGuard.canActivate (/app/dist/infrastructure/auth/auth.guard.js:54:23)","    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","    at async GuardsConsumer.tryActivate (/app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/guards/guards-consumer.js:16:17)","    at async canActivateFn (/app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/helpers/external-context-creator.js:155:33)","    at async target (/app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/helpers/external-context-creator.js:73:31)","    at async /app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/helpers/external-proxy.js:9:24"],"originalError":{"message":"jwt malformed","statusCode":401}}}],"data":null}

Dort wird jwt malformed und statuscode 401 gemeldet.

In der Browser-Konsole ist mir noch aufgefallen, dass ein Header baggage gesetzt wird, deren Daten mir bislang unbekannt sind:

Du darfst diesen Dateianhang nicht ansehen.

Könnte das fehlende baggage die Authorisierung behindern ?

Anbei mein aktuelles Log:
Zitat2024.09.23 21:16:39 5: WC: get called with Daten
2024.09.23 21:16:39 5: WC: get found option Daten in attribute get02Name
2024.09.23 21:16:39 4: WC: get will now request Daten, no optional value
2024.09.23 21:16:39 5: WC: AddToQueue adds type get02 to URL https://graphql.acs.prod.aseko.cloud/graphql, data {"operationName":"UnitList","variables":{"after":null,"first":15,"search":""},"query":"fragment UnitFragment on Unit { __typename serialNumber name note brandName { id primary secondary __typename } position statusMessages { __typename type severity message } consumables { __typename ... on LiquidConsumable { canister { __typename id hasWarning } tube { __typename id hasWarning } __typename } ... on ElectrolyzerConsumable { electrode { __typename hasWarning } __typename } } online offlineFor hasWarning notificationConfiguration { __typename id hasWarning } unitModel { __typename id tabs { hideNotifications hideConsumables __typename } }} fragment UnitNeverConnectedFragment on UnitNeverConnected { __typename serialNumber name note position statusMessages { __typename severity type message detail }} query UnitList($after: String, $first: Int, $search: String) { units(after: $after, first: $first, searchQuery: $search) { cursor units { ...UnitFragment ...UnitNeverConnectedFragment __typename } __typename }}"}, header Content-Type: application/json
Sec-Fetch-Site: same-site
Cache-Control: no-cache
Accept: */*
Authorization: Bearer $sid
Connection: keep-alive
x-app-name: pool-live
User-Agent:   Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Referer: https://aseko.cloud/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors, retry 0, initial queue len: 0
2024.09.23 21:16:39 5: WC: HandleSendQueue called from AddToSendQueue, qlen = 1
2024.09.23 21:16:39 5: WC: no separator for multiple values (Context get02, 02)
2024.09.23 21:16:39 5: WC: HandleSendQueue is using Cookie refreshToken with path  and Value ttt (key refreshToken;, destination path is /graphql)
2024.09.23 21:16:39 5: WC: DoCookies is adding Cookie header: refreshToken=ttt
2024.09.23 21:16:39 4: WC: HandleSendQueue sends get02 with timeout 2 to https://graphql.acs.prod.aseko.cloud/graphql,
data: {"operationName":"UnitList","variables":{"after":null,"first":15,"search":""},"query":"fragment UnitFragment on Unit { __typename serialNumber name note brandName { id primary secondary __typename } position statusMessages { __typename type severity message } consumables { __typename ... on LiquidConsumable { canister { __typename id hasWarning } tube { __typename id hasWarning } __typename } ... on ElectrolyzerConsumable { electrode { __typename hasWarning } __typename } } online offlineFor hasWarning notificationConfiguration { __typename id hasWarning } unitModel { __typename id tabs { hideNotifications hideConsumables __typename } }} fragment UnitNeverConnectedFragment on UnitNeverConnected { __typename serialNumber name note position statusMessages { __typename severity type message detail }} query UnitList($after: String, $first: Int, $search: String) { units(after: $after, first: $first, searchQuery: $search) { cursor units { ...UnitFragment ...UnitNeverConnectedFragment __typename } __typename }}"},
header: Content-Type: application/json
Sec-Fetch-Site: same-site
Cache-Control: no-cache
Accept: */*
Authorization: Bearer $sid
Connection: keep-alive
x-app-name: pool-live
User-Agent:   Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Referer: https://aseko.cloud/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Cookie: refreshToken=ttt
2024.09.23 21:16:39 5: WC: ReadCallback called from __ANON__
2024.09.23 21:16:39 4: WC: Read callback: request type was get02 retry 0,
header: HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 23 Sep 2024 19:16:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1376
Connection: keep-alive
X-Powered-By: Express
Vary: Origin
cache-control: no-store
ETag: W/"560-HHnqyN9OATuy7XUvCNqeTDDXy84", body length 1376
2024.09.23 21:16:39 5: WC: Read callback: body
{"errors":[{"message":"jwt malformed","locations":[{"line":1,"column":786}],"path":["units"],"extensions":{"code":"UNAUTHENTICATED","stacktrace":["UnauthorizedException: jwt malformed","    at AuthGuard.canActivate (/app/dist/infrastructure/auth/auth.guard.js:54:23)","    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","    at async GuardsConsumer.tryActivate (/app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/guards/guards-consumer.js:16:17)","    at async canActivateFn (/app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/helpers/external-context-creator.js:155:33)","    at async target (/app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/helpers/external-context-creator.js:73:31)","    at async /app/node_modules/.pnpm/@nestjs+core@10.3.8_@nestjs+common@10.3.8_@nestjs+microservices@10.3.8_@nestjs+platform-expre_a3p53zd7vkx56ttsu3cpzr66sy/node_modules/@nestjs/core/helpers/external-proxy.js:9:24"],"originalError":{"message":"jwt malformed","statusCode":401}}}],"data":null}

2024.09.23 21:16:39 4: WC: BodyDecode is decoding the response body as utf-8 (charset header utf-8, bodyDecode set to auto)


Vielen Dank im voraus für jede Hilfestellung !

Viele Grüße
Onkel Tom

StefanStrobel

Der baggage-Header könnte das Problem sein.
Wird der beim Login erzeugt?

Startest Du das get01 manuell?
Dafür sind eigentlich die sidXX-Attribute gedacht, um das Login bei Bedarf automatisch durchlaufen zu lassen.

Gruss
   Stefan

Onkel.Tom


Hallo Stefan,

ja, das get01 rufe ich derzeit manuell auf; damit kann ich besser schrittweise Testen.

Ich habe mir den Baggage Header nochmal genauer angeschaut.
Scheinbar sind darin die Werte für sentry-trace_id und sentry-replay_id veränderlich.

Zudem scheint der Header sentry-trace auch wichtig zu sein, der sich u.a. aus der sentry-replay_id zusammensetzt.

Beim Aufruf der Webseite mit der Web-Entwicklerkonsole im Browser konnte ich jetzt noch weitere Aufrufe vor der Login-Abfrage loggen,
Diese beinhalten diverse veränderliche Daten, deren Herkunft mir allerdings unklar ist.
Jede Abfrage wird mit einer id beantwortet.
Die rückgemeldete id der vierten Abfrage ist die sentry-replay_id im Baggage Header.
Soweit so gut.

Damit hänge ich jetzt an der Frage, woher die weiteren Informationen kommen, die als Daten den Aufrufen mitgegeben werden.
Zudem ist der Anfrage-Inhalt ab der dritten Abfrage tlw. "unleserlich" (sh. grüne Markierung auf Screenshot).

Du darfst diesen Dateianhang nicht ansehen.

Wo kann ich weiter nach den fehlenden Anfrage-Informationen suchen ?
Kommen hierfür andere Stellen in Frage als die Antworten vorheriger Abfragen ?
Kann man die Informationen im Browser-Werkzeug leserlich darstellen ? 

Bin weiterhin sehr dankbar für jede Hilfe.

Grüße
Onkel Tom


Onkel.Tom

Hier nochmal der Anhang:

Du darfst diesen Dateianhang nicht ansehen.

StefanStrobel

Hallo Onkel.Tom,

das sieht für mich proprietär bzw. nach Binärdaten aus.
Eventuell sind die Daten aber für das Login auch gar nicht nötig.
Ich würde versuchen mich mit der Burp-Suite vom ersten Request an durchzuhangeln und die Requests nachzubilden.

Gruss
   Stefan

Onkel.Tom

#1333
Hallo Stefan,

ok, ich habe jetzt in Burpsuite alle Schritte nochmal durchlaufen und aufgezeichnet (siehe Anlage):

Du darfst diesen Dateianhang nicht ansehen.

Bisher hatte ich in HTTPMOD nur die Schritte #24 und #30 abgebildet.

Schritt #24 war m.E. soweit erfolgreich.
Dort konnte ich die Anmeldung mit user, password, etc. vollziehen und habe das token zurückbekommen.

Schritt #30 und dann #34 liefern lt. Burpsuite die Daten, die ich haben möchte.

Im Schritt #30 bekomme ich zwar den response header HTTP/1.1 200 OK, aber der body enthält eine Fehlermeldung u.a. mit statuscode 401 und jwt malformed, was m.E. auf einen Berechtigungsfehler hindeutet.

Daher immer noch meine Vermutung, das ich dort im Anfrage-header den Baggague und sentry-Trace mitgeben muss,
deren Inhalte ich jedoch nicht kenne bzw. nicht weiß, woher ich die Daten bekomme.

Es könnte sein, dass die Daten aus den Schritten #12-#22 bzw. #28 kommen.
Dort müsste ich jedoch bereits im Schritt #12 ebenfalls Daten im Anfrage-Header mitgeben, die ich nicht kenne, zB. event_id, trace_id, span_id, ....

In keinem der Responses der vorangehenden Schritte #1-#11 finde ich im Burpsuite diese Daten.

Wie könnte ich in der Analyse weiter vorgehen ?

VG
Onkel Tom



StefanStrobel

Hallo,

wenn es mit dem Wiederholen nicht klappt und Du tatsächlich "Binärdaten" mitschicken musst, dann müssen diese ja auch im Browser erzeugt werden.
Hast Du mal den Javascript-Code angesehen, ob man da was erkennen kann?

Gruss
   Stefan