Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use hashed Token #33

Open
F4bsi opened this issue Jan 12, 2022 · 0 comments
Open

Use hashed Token #33

F4bsi opened this issue Jan 12, 2022 · 0 comments
Assignees
@kvj

Comments

@F4bsi
Copy link

F4bsi commented Jan 12, 2022

I think it would be a good idea to use the hashed token ( Documentation ) instead of the plain version to protect the token a little bit better.

This seems to be only possible in the hardware bridge, so maybe this needs to be checked before using it if possible.

This line

hass_nuki_ng/custom_components/nuki_ng/nuki.py

Line 65 in 3eabba4

return f"{url}{path}?token={self.token}{extra_str}"

probably needs to change to something like this

timestamp = datetime.utcnow().isoformat()[:-7]+'Z'
rand_num = str(random.randint(0,65535))
hash_token = hashlib.sha256((f"{timestamp},{rand_num},{token}").encode()).hexdigest()
return f"{url}{path}?ts={timestamp}&rnr={rand_num}&hash={hash_token}{extra_str}"

but I'm just starting with python so I'm not quite sure about the right syntax. Also I am not 100 percent sure about the random number format where the documentation says "uint16". Maybe someone with more experience can create a pull request for that? :)
@kvj kvj self-assigned this Mar 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kvj kvj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kvj @F4bsi