Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lovelace: Login attempt or request with invalid authentication #23055

Open
olbjan opened this issue Apr 12, 2019 · 27 comments

Comments

@olbjan
Copy link

@olbjan olbjan commented Apr 12, 2019

Home Assistant release with the issue:

0.91.0 - 0.91.2

Last working Home Assistant release (if known):

Operating environment (Hass.io/Docker/Windows/etc.):

Hass.io on HassOS on Pi and NUC

Component/platform:

Frontend

Description of problem:
When adding a generic camera entity to a picture-elements card (say a floorplan) in lovelace, I get `Login attempt or request with invalid authentication from IPˋ about one in three or four times upon opening the Home Assistant site.
This happens in the iOS companion app and in Safari, Firefox and Chrome on PC.

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

elements:
  - entity: camera.living_room
    style:
      left: 28%
      top: 12%
    type: state-icon
image: /local/floorplan.jpg
title: Floorplan
type: picture-elements

Traceback (if applicable):


Additional information:

  • Removing the camera entity removes the problem
  • I tried a run with log level set to debug but there was nothing logged that did point me towards what caused this
@justinvoelker

This comment has been minimized.

Copy link

@justinvoelker justinvoelker commented Apr 28, 2019

Experiencing the same problem with some cameras from a ZoneMinder instance with the config below.

Home Assistant 0.92.0 running within Docker on a Raspberry Pi

zoneminder:
  - host: 192.168.***.***
    ssl: true
    username: !secret zoneminder_username
    password: !secret zoneminder_password
camera:
  - platform: zoneminder

Checking the device states shows the following. In this instance, indoor_01 is the camera throwing the error.

Entity State Attributes
camera.indoor_01 unavailable friendly_name: indoor-01
entity_picture: /api/camera_proxy/camera.indoor_01?token=...
supported_features: 0
camera.indoor_02 idle access_token: ...
friendly_name: indoor-02
entity_picture: /api/camera_proxy/camera.indoor_02?token=...
supported_features: 0
@orson1282

This comment has been minimized.

Copy link
Contributor

@orson1282 orson1282 commented Jun 4, 2019

Same here with Zoneminder running Home Assistant 0.93.2 in Docker on Ubuntu 18.04 and Zoneminder on another server.

@jjlawren

This comment has been minimized.

Copy link
Contributor

@jjlawren jjlawren commented Jul 9, 2019

I've run HA through a proxy to see why this occurs. For some reason the picture-* cards will make requests to the camera even when it's just an icon on the card and not acting as a picture/stream:

Example HTTP call made when loading the view that contains one of the above cards:

GET /api/camera_proxy/camera.my_camera?token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 401

For some reason 1) the card requests data from the camera when it shouldn't and 2) this request fails with a 401 auth error somewhat consistently.

@orson1282

This comment has been minimized.

Copy link
Contributor

@orson1282 orson1282 commented Sep 4, 2019

I think I found a solution for my issue. I added the use_x_forwarded_for and trusted_proxies variables to the http integration... as I'm using a proxy.

So it looks like this:

http:
  base_url: https://xxxxxxx.duckdns.org
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.x.x
@sreknob

This comment has been minimized.

Copy link

@sreknob sreknob commented Sep 7, 2019

Just chiming in here, having the same issue with my iPhone getting IP banned using beta companion app. Running in docker with trusted proxies and use_x_forwarded_for both on.

http:
    base_url: https://ha.xxxxxxx.com
    ip_ban_enabled: true
    login_attempts_threshold: 5
    use_x_forwarded_for: true
    trusted_proxies:
      - 172.17.0.0/16

Just looking at my config, I am using the docker ip address range given that's what I had to use before when using trusted networks. Would it make more sense to use my local subnet for proxies instead?

@Santobert

This comment has been minimized.

Copy link
Member

@Santobert Santobert commented Sep 9, 2019

Same here. Homeassistant runs in docker. I use a mjpeg camera and floorplans.

2019-09-09 06:01:13 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.208.1

192.168.208.1 is the docker host that proxyes requests from IPv6. This error also occurs with IPv4. The traceback then contains the IP address of the requesting device.

The error only occurs when my Android device (Google Chrome) reloads the page.

@danbowkley

This comment has been minimized.

Copy link

@danbowkley danbowkley commented Oct 28, 2019

Same here on 100.3, no proxy, HA in a venv on Ubuntu 18.04 with UniFi cameras as well as generic camera entities passing the rtmp feed from the UniFi NVR (so I can cast them). Have to ssh in, delete the ban file, and restart to get back in. The NVR and HA are running on the same machine.

@davericher

This comment was marked as spam.

Copy link

@davericher davericher commented Oct 31, 2019

+1 :/

@yaba

This comment was marked as spam.

Copy link

@yaba yaba commented Nov 4, 2019

+1

1 similar comment
@Legsmaniac

This comment was marked as spam.

Copy link

@Legsmaniac Legsmaniac commented Nov 5, 2019

+1

@raymondoooo

This comment has been minimized.

Copy link

@raymondoooo raymondoooo commented Nov 5, 2019

Same here. Been like this for a while. I had to disable IP Bans.

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 5, 2019

Same here. Been like this for a while. I had to disable IP Bans.

How do you disable IP Bans please?

@raymondoooo

This comment has been minimized.

Copy link

@raymondoooo raymondoooo commented Nov 5, 2019

Just remove the line from your yaml.

https://www.home-assistant.io/integrations/http

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 5, 2019

Um... I don't have any line in my yaml.
Yet outside IP's are banned.
I even tried adding ip_ban_enabled: false and still no luck.
Something amiss somewhere.....

@joaoasilva

This comment has been minimized.

Copy link

@joaoasilva joaoasilva commented Nov 5, 2019

I'm having exactly the same problem since the last version, can this be addressed? All my cameras stopped working with HA.
Thanks

@Mariusthvdb

This comment has been minimized.

Copy link
Contributor

@Mariusthvdb Mariusthvdb commented Nov 5, 2019

ha 101.2 here Hassio on Rpi4, getting constant 192.168.1.1 login bans, while my config uses:

  auth_providers:
   - type: homeassistant
   - type: trusted_networks
     trusted_networks:
       - 127.0.0.1
       - 192.168.1.0/24

Schermafbeelding 2019-11-04 om 15 38 39

edit/update

appeared that my long-lived-acces-token got wiped during update, so one of my rest sensors tried to initialize but didn't get authenticated....

how that happend I don't know, but reinstalling an acces-token solved it.

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 5, 2019

Got my cameras working again by downgrading to 0.99.3
Wondering if it's got anything to do with the demise of JSON?

@yaba

This comment has been minimized.

Copy link

@yaba yaba commented Nov 6, 2019

Mine is fixed, totally forgot that Node-RED was using legacy auth method.
Warning message should include details about where the request is coming from.

@joaoasilva

This comment has been minimized.

Copy link

@joaoasilva joaoasilva commented Nov 6, 2019

This is related with Lovelace @yaba . Also, you didn't provided the steps to fix it which doesn't help much.

@yaba

This comment has been minimized.

Copy link

@yaba yaba commented Nov 6, 2019

@joaoasilva Sorry. I've came to this thread because lovelace/HA was giving Login attempt or request with invalid authentication from every 2 seconds.
Since I've also have a camera entity like the top user, I've tried to disable it and restart HA. Same problem.
Disabled every camera and possible integrations that could be using legacy auth and problem persisted.
Later I've remembered that Node-RED was using node-red-contrib-home-assistant instead of node-red-contrib-home-assistant-websocket, removed the old integration and installed the new one which supports tokens. Fixed.

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 6, 2019

No idea what Node Red is so pretty sure that's not my problem.
Mine is still camera related though and is to do with my triggers calling via web requests.......

URL = http://xxxxxxxx.noip.me:8123/api/services/media_player/play_media?api_password=<password>

Method - POST

Content Type = Application/JSON

Body = { "entity_id" : "media_player.lounge_display" , "media_content_id" : "http://xxxxxxxx.noip.me:xxxxx/mjpg/Front/video.mjpg" , "media_content_type" : "image/jpg"}

API password is set and correct yet they still kept getting blocked.
As I said above, wondering is it's anything to do with the demise of JSON on 0.100.x because of the Content Type = Application/JSON ?

Anyone? Any ideas?

Happy with 0.99.3 for now, works for me with no problems whatsoever.

@tribut

This comment has been minimized.

Copy link
Contributor

@tribut tribut commented Nov 6, 2019

Authenticating via ?api_password is no longer supported. This is mentioned prominently in the release notes:

https://www.home-assistant.io/blog/2019/10/30/release-101/#api-password-and-trusted-networks

You will have to switch to authentication tokens.

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 6, 2019

I did read that but it still works with version 0.99.3 yet it was supposed to have been depreciated long since?

So if I used tokens, how do I call it? I mean, instead of ?api_password what do I use?

@tribut

This comment has been minimized.

Copy link
Contributor

@tribut tribut commented Nov 6, 2019

Yes, it has long been marked as deprecated, but support for it was only removed in 0.101.

Using authentication tokens is described in the dev docs:

https://developers.home-assistant.io/docs/en/external_api_rest.html

It boils down to setting the an HTTP header like this: Authorization: Bearer ABCDEFG.

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 7, 2019

Thank you.
I'll give it a whirl in the morning.

@Legsmaniac

This comment has been minimized.

Copy link

@Legsmaniac Legsmaniac commented Nov 7, 2019

Hmmmm. I'm obviously not doing something right. More help needed please?

So, instead of
http://xxxxxxxx.noip.me:8123/api/services/media_player/play_media?api_password=<password>
what should it be? I've tried things like
http://xxxxxxxx.noip.me:8123/api/services/media_player/play_media?Authorization: Bearer <token>
which doesn't work, tried without the ? replacing with a space, still no go. In fact, I must have tried about 20 different ways and now I'm getting into a muddle.
Sorry to be a pain. I'm useless.

@Hypfer

This comment has been minimized.

Copy link

@Hypfer Hypfer commented Nov 8, 2019

@Legsmaniac The HTTP Header is not part of the URL

You need to set it somewhere else.

For CURL see https://curl.haxx.se/docs/manpage.html#-H
For Postman see https://learning.getpostman.com/docs/postman/sending-api-requests/requests/#headers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.