Login Restriction

[atwoodjw]

Describe The Bug:
Vesync iOS app is constantly getting logged out. When logged out, I must turn off WiFi to log back in successfully. I reached out to support and they wrote the following.

In order to ensure the security of your account, our system has login restrictions in place. It appears that your account is experiencing frequent logins through HomeKit, which may be causing this issue. We recommend that you unlink HomeKit from your account (or device) to prevent it from logging in excessively and causing abnormal login behavior on the mobile app.

So it appears that the plugin is frequently logging in and causing a restriction to be place on some combination of account + IP address. (If I toggle WiFi off, I'm able to sign in.)

To Reproduce:
Connect iOS device to WiFi. Log in to Vesync iOS app. Configure plugin. Wait a few hours, then try to open Vesync iOS app. Notice you've been signed out and can't sign back in. Disable WiFi, then sign in successfully.

Expected behavior:
Vesync iOS app not constantly logged out.

Logs:

No relevant plugin logs. Issue manifests in first-party app.

Plugin Config:

{
    "name": "Levoit Humidifiers",
    "email": "XXX",
    "password": "XXX",
    "accessories": {
        "cool_mist": false,
        "warm_mist": false,
        "sleep_mode": false,
        "display": false,
        "night_light": false
    },
    "options": {
        "showOffWhenDisconnected": true
    },
    "platform": "LevoitHumidifiers",
    "_bridge": {
        "username": "XXX",
        "port": 123
    }
}

Screenshots:

Environment:

• Plugin Version:
• Homebridge Version: 1.7.0
• Node.js Version: v20.10.0
• NPM Version: 10.2.3
• Operating System: Ubuntu Jammy Jellyfish (22.04.3 LTS)

[pschroeder89]

This is interesting, thanks for writing this up and including their response. Levoit has consistently worked hard to prevent this plugin and its use in HomeBridge, and I wonder if this is a new attempt to do that.

I'll try to investigate what triggers the logout and see if I can mitigate it later today.

[pschroeder89]

@atwoodjw Does this happen consistently for you? I don't see this on my setup. Do you have any steps to trigger it?
Also, which device do you have?

[pschroeder89]

@atwoodjw I'm having a hard time understanding how VeSync determined the requests were coming specifically from HomeKit. We use the Android app's user agent for all requests, so if they knew we were spoofing the agent, they couldn't possibly know the requests were coming from HomeKit / this plugin and not some other homebrew home ecosystem. Can you give me some more details when you have a chance?

[atwoodjw]

Sorry for the radio silence. I have 3x LV600S. Yes, this happens consistently. If the Homebridge plugin is enabled, I can't sign into the VeSync iOS app when on my home WiFi (same external IP address). If I toggle WiFi off and use cellular data, I can sign into the iOS app. If I disable the Homebridge plugin and wait a day, I can sign into the iOS app on my home WiFi again.

Very strange. If Levoit is able to determine that logins are coming from HomeKit, I would expect them to block them, yet the plugin seems to be working flawlessly; it's their first-party app that breaks as a result of the login restriction. 🤷‍♂️

Ultimately, this isn't that big a deal. I rarely use the iOS app now, in favor of the Home app. Just a minor annoyance. Feel free to close.

[pschroeder89]

Thanks for the info! Would you mind removing showOffWhenDisconnected from your config and seeing if the issue persists? I'm intrigued by this issue tbh.

[atwoodjw]

Issue persists, even with showOffWhenDisconnected set to false.

[StevenByle]

Experiencing identical behavior as @atwoodjw. Was constantly getting logged out of the Vesync app on iOS after setting up the Homebridge plugin.

Here's my config:

{
    "name": "Levoit Humidifiers",
    "email": "XXXXX",
    "password": "XXXXX",
    "accessories": {
        "humidity_sensor": true,
        "mist": true,
        "warm_mist": false,
        "sleep_mode": true,
        "display": true,
        "night_light": true,
        "auto_pro": false
    },
    "options": {
        "showOffWhenDisconnected": false
    },
    "_bridge": {
        "username": "XXXXX",
        "port": 56704
    },
    "platform": "LevoitHumidifiers"
}

However, I did find a workaround to continue to use both Homebridge and the Vesync iOS app (which I've done for other plugins). I created a new Levoit account using a gmail alias (myemail+homebridge@gmail.com) and then shared the humidifier device to the new account (sharing the home isn't enough for the devices to show up). I then updated my plugin config to use the new account and kept my original account signed into the Vesync iOS app. So far 24 hours later I've stayed logged into the app.

This of course doesn't help solve the auth issue. No clue what kind of auth they are doing for their APIs, but it seems like access/id tokens are being revoked for that user due to the login behavior/attempts from the Homebridge plugin.

[pschroeder89]

Thanks for the info and workaround. I'm wondering if they're only allowing a single token for some users (slow rollout). I can't repro with my setup.

More questions:
What devices / firmwares?
Which VeSync app version?
Is your account verified in VeSync? (Go to the app, settings, account and security, Account and it will tell you).
Country?
Can you turn debug mode on in the plugin config and post the logs from the child bridge?

[StevenByle]

@pschroeder89 - Sorry for the delayed response:

• What devices / firmwares? - Levoit Classic 300S Humidifier firmware version 1.3.04 (2.0.00)
• Which VeSync app version? - iOS app version 5.0.61
• Is your account verified in VeSync? (Go to the app, settings, account and security, Account and it will tell you).
  Country? - Verified, USA
• Can you turn debug mode on in the plugin config and post the logs from the child bridge? Now that I've switched it over to the alias account there's no issue to log. I'd need to go back to my main account to get it to start kicking me out again. Let me know if you cannot recreate this and really want me to try this again.

[pschroeder89]

Thanks for the info, unfortunately there's nothing glaring that I can see that would cause this for some users. Whatever it is seems to be on VeSync's end. I'll pass around your workaround to other users as needed, and will close this issue.