Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/api/ endpoint auth issue #135857

Open
lutzvahl opened this issue Jan 17, 2025 · 1 comment
Open

/api/ endpoint auth issue #135857

lutzvahl opened this issue Jan 17, 2025 · 1 comment
Labels
integration: unifiprotect

Comments

@lutzvahl
Copy link
Contributor

lutzvahl commented Jan 17, 2025
edited
Loading

The problem

I'm using any of the /API/ endpoint in a notification. Showing the video/image is working, but using the same API endpoint as clickAction target is not.

A) Show the image / video
B) add a link to HA to show the full event video

A) is working fine, the thumbnail or video is part of the notification.

B) is failing with: 401: Unauthorized error.

Based on the wiki: These URLs work great when trying to send notifications. Home Assistant will automatically sign the URLs and make them safe for external consumption if used in an automation or notify action.

Signing the URL part of the clickAction doesn't seem to work.

Notification example below

What version of Home Assistant Core has the issue?

core-2025.1.2

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

unifiprotect

Link to integration documentation on our website

https://www.home-assistant.io/integrations/unifiprotect/

Diagnostics information

No response

Example YAML snippet

tag: Motion
channel: Motion
ttl: 0
priority: high
time-sensitive: 1
clickAction: >-
  /api/unifiprotect/thumbnail/{{ config_entry_id(trigger.entity_id) }}/{{
  state_attr(trigger.entity_id, 'event_id') }}
video: >-
  /api/unifiprotect/video/{{ config_entry_id(trigger.entity_id) }}/{{
  state_attr(trigger.entity_id, 'event_id') }}

Anything in the logs that might be useful for us?

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:136
integration: HTTP (documentation, issues)
First occurred: 16:40:10 (1 occurrences)
Last logged: 16:40:10

Login attempt or request with invalid authentication from Pixel-9-Pro (192.168.6.169). Requested URL: '/api/unifiprotect/video/62a3f5f0039c6b03e70003e9/672497ae0047d903e4001f4f/2025-01-17T15:11:07+00:00/2025-01-17T15:11:22+00:00?external_auth=1'. (Mozilla/5.0 (Linux; Android 15; Pixel 9 Pro Build/AP4A.250105.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/132.0.6834.79 Mobile Safari/537.36)

Additional information

No response
@home-assistant
Copy link

Hey there @RaHehl, mind taking a look at this issue as it has been labeled with an integration (unifiprotect) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of unifiprotect can trigger bot actions by commenting:

  • @home-assistant close Closes the issue.
  • @home-assistant rename Awesome new title Renames the issue.
  • @home-assistant reopen Reopen the issue.
  • @home-assistant unassign unifiprotect Removes the current integration label and assignees on the issue, add the integration domain after the command.
  • @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
  • @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

(message by CodeOwnersMention)

unifiprotect documentation
unifiprotect source
(message by IssueLinks)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
integration: unifiprotect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lutzvahl