SynologyDSM integration doesn't handle 2-step authentication

[chemelli74]

The problem

I'm trying to enable synologyDSM integration on my NAS that has 2-step authentication.
Doesn't work out of the box, but I found the right calls to handle this.

Environment

• Home Assistant release with the issue: 0.104.3
• Last working Home Assistant release (if known): none
• Operating environment (Hass.io/Docker/Windows/etc.): Docker
• Integration causing this issue: synologydsm
• Link to integration documentation on our website: -

Problem-relevant configuration.yaml

sensor:
  - platform: synologydsm
    host: !secret synology_addr
    port: 443
    username: !secret synology_login
    password: !secret synology_pwd
    monitored_conditions:
      - cpu_total_load
      - memory_real_usage
      - disk_smart_status
      - network_up

Traceback/Error logs

2020-01-27 00:36:20 ERROR (MainThread) [homeassistant.core] Error doing job: Task exception was never retrieved
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 284, in async_update_ha_state
    self._async_write_ha_state()
  File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 320, in _async_write_ha_state
    state = self.state
  File "/usr/src/homeassistant/homeassistant/components/synologydsm/sensor.py", line 235, in state
    return round(attr / 1024.0, 1)
TypeError: unsupported operand type(s) for /: 'NoneType' and 'float'

Additional information

Removing "-network_up" I don't have any more errors in log, but all sensors report nothing; they are seen as "- %" in UI.

I found that 2-step auth is not handled by the plugin.
Steps to fix:

query Auth API using:
https://nasdnsname/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth

If "maxVersion" is >=3 (mine is 6) then OTP code can be used.
So the authorization call would be:
https://nasdnsname/webapi/auth.cgi?api=SYNO.API.Auth&version=6&method=login&account=admin&passwd=password&session=Core&format=cookie&otp_code=OTPCode&enable_device_token=yes

using "enable_device_token" all fuure calls to avoid the need of the OTP code ;-)

Integration should be enabled by UI and ask if OTP is active or not (maybe there is a API even for that). If it is, ask for the OTP code and perform the first query.
From now on I expect the code to be the same as before.

Available for testing a new version of the integration.

Simone

[Quentame]

Will look into it during #31030.

I'll test on DSM 6 with and without 2 step auth.

I will let you know, or subscribe to the PR.

Thanks for reporting !

[chemelli74]

Hi,

got an official answer from Synology support:

Step 1. Login with OTP and enable device token

query:

GET / HTTP/1.1
  webapi/auth.cgi
  ?api=SYNO.API.Auth&version=6&method=login&enable_device_token=yes&otp_code={otp_code}&account={account}&passwd={passwd}&device_name={device_name}

answer:

HTTP/1.1 200 OK
Content-type: text/plain;

{
   "data": {
       "did": "F0frflccRq3St5DERrmItae7C9HS5r6kR8VjfsqQWJv2bC3vCoYADD4q4OTzsvpOUahjZlIT46684G36ElKEYW12dApreP5lYyjaHSF8pH54SQnWIZZVaOrkSNtKNVT",
       "is_portal_port": false,
       "sid": "tMHwU7PPVGDAU1530LSN299702"
   },
   "success": true
}

Step 2. Login with device name and without OTP

query:

GET / HTTP/1.1
  webapi/auth.cgi GET HTTP/1.1
  ?api=SYNO.API.Auth&version=6&method=login&account=XXX&passwd=YYY&device_name=ZZZ&device_id=F0frflccRq3St5DERrmItae7C9HS5r6kR8VjfsqQWJv2bC3vCoYADD4q4OTzsvpOUahjZlIT46684G36ElKEYW12dApreP5lYyjaHSF8pH54SQnWIZZVaOrkSNtKNVT

answer:

HTTP/1.1 200 OK
Content-type: text/plain;
 
{
   "data": {
       "is_portal_port": false,
       "sid": "CujcTs2Wu7z3w1530LSN299702"
   },
   "success": true
}

Looking forward for your test ;-)

Simone

[chemelli74]

@Quentame did you get time to test ? :-)

Simone

[Quentame]

In 4 days I will have 😉

_{Sent with GitHawk}

[chemelli74]

In 4 days I will have 😉

Sent with GitHawk

May I test something ? 😇

Simone

[Quentame]

Hi @chemelli74 !
4 days past, haven't seen them ! 🤦‍♂️ 😅
But I was actually busy with iCloud and Synology DSM actually.

Right now we are not supporting 2-SA for Synology DSM, as you noticed.
Then, this is a feature request.

I precised the documentation accordingly on my component rework documentation PR:
https://github.com/home-assistant/home-assistant.io/pull/12597/files#diff-8d1d60502a5cdd9a7a22330a9f5efb39R89-R93

As you created an issue on the underlying library ProtoThis/python-synology#11 and HA feature request should only be on the forum https://community.home-assistant.io/c/feature-requests , I'm closing the issue here.

Best regards, and see you there ProtoThis/python-synology#11