SynologyDSM doesn't handle 2-step authentication #11
Comments
|
@Quentame, do you think that after your improvements and rework in 0.5.0 you can implement also this ? ;-) Simone |
|
Hi @chemelli74 ! Hope you are doing fine, it's crazy out there (I'm on the other side of the Alps). Will think about it 😉 , just add it to the 0.6.0 release ! As I have to lot of work at the moment, I'll apreciate any first draft on this feature, PR are welcomed ! Thank you. |
|
Copy from home-assistant/core#31477 (comment) : From Synology support: Step 1. Login with OTP and enable device token query: answer: Step 2. Login with device name and without OTP query: answer: |
|
Seems not too complicated. That's odd that we should send account + password on step 2, same for password in step 1. Should the user know if the account is 2-SA or the library can know it with a request ? |
:-)
As I read the suggestion step 1 is the first time ever you login. Step 2 is for all subsequent login.
Nope, no way to get it programmatically. Simone |
|
Seems we can get some insights with returned error codes. Simone |
|
Offical info on error codes from Syno API guide, pag. 16:
Simone |
|
Very nice @chemelli74, thanks for this API guide ! 🎉 So we can programatically with HTTP codes, even more easier 💃 Don't hesitate to add API documentations/guides to the README with a PR 😉 |
|
As I know nothing about python, I wrote a bash script to see if everything works as it should. Simone |
|
While testing your file I have : And testing with a 2SA account I got |
First line should be " #!/bin/bash", seems there is a extra CR on the end somehow.
400 is login error; can you please double check username & pwd ? Maybe special characters in pwd are not handled correctly by my draft code. Simone |
|
Try downloading script using " wget https://pastebin.com/raw/SJc7pbv0" (raw file). Simone |
|
Thanks I forgot to tell that I'm on a UNIX based system, but you get it. Fot the 400, I put the link directly on my browser address bar, and I double checked my credentials, after some tries, I went to DSM, connect, enter the 2SA code and that worked. |
|
Can you register there #26 ? |
|
By entering "https://$host:$port/webapi/auth.cgi?api=SYNO.API.Auth&version=$apiver&method=login&enable_device_token=yes&account=$usr&passwd=$pwd&device_name=$device_name" with right values on your web browser, what answer are you getting ? I'm on DSM 6 |
|
I'm seeing a "SYNO.API.OTP" api on DSM 6 : https://github.com/kwent/syno/blob/master/definitions/DSM/6.2.2/24922/query.api |
|
Have you tested your script ? On which DSM version ? May you provide requests (anonymize, host + credentials) ? |
Done |
Yes
:-) of course
6.2.2
Will do tomorrow, no access to NAS right now P.S. Try also from localhost |
|
Sorry but can’t test on local network, I’m in self quarantine at parent’s house. |
So you are testing trough internet ? Your NAS is published by a firewall nat rule ? If so I can test this config as well. Simone |
|
Yes, from this address : https://nas.my_website.com:443/ The NAS has basic firewall set. Connecting throw the DSM UI is working and asking 2SA code from Google Authenticator. |
|
Find the solution ! My user was from the "users" group only, adding "administrators" solves, I got the 403 🎉 |
|
Successfully getting the device ID! Coding in progress 🔄 |
|
So actually, this is a bug on the Synology API side: the password is correct so it should not send me a 400 code, but a 402 "Permission denied" ... First draft here #29 Will try later this week-end with an HA implementation 😉 |
* Bump py from 1.9.0 to 1.10.0 * Bump pyyaml from 5.3.1 to 5.4.1 * Bump jinja2 from 2.11.2 to 2.11.3
Hi,
just found that is this library to handle the communication;
Please check home-assistant/core#31477
At the end of the thread there is the official API calls.
Thank you,
Simone
The text was updated successfully, but these errors were encountered: