- This topic has 22 replies, 7 voices, and was last updated 9 months, 3 weeks ago by
.
-
Posts
-
Hi all,
after the recent 2.3.2 update, all of my android-devices lost their site-configs AND I’m no longer able to connect via SSL & BasicAuth. I checked the third-party-app from opensprinkler.de (“opensprinkler pro”) and this is working just fine.
Greetings,
GregorSeeing exactly the same thing here. My Apache logs show the following when I try to connect.
166.177.122.80 – – [10/Jul/2023:09:12:08 -0500] “OPTIONS /opensprinkler//jo?pw=d41d8cd98f00b204e9800998ecf8427e HTTP/1.1” 401 381
166.177.122.80 – – [10/Jul/2023:09:12:08 -0500] “OPTIONS /opensprinkler/ HTTP/1.1” 401 381
166.177.122.80 – – [10/Jul/2023:09:12:29 -0500] “-” 408 –Thank you for reporting this issue. Unfortunately, Android introduces breaking changes with every single version and matters are more complicated when using Cordova as the abstraction.
I am going to dig into this today and will hopefully have an update soon.
Thank you again!
Hello,
It appears Android webview is now enforcing CORS and the error is not due to SSL but rather due to the basic auth. As you can see here:
CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.In order to resolve this, you will need to add this CORS header to your reverse proxy setup. Something like:
Access-Control-Allow-Headers: *orAccess-Control-Allow-Headers: Authorizationshould do the trick.This does not require an app update but please let me know if you are able to add this header what the result is.
Thanks again,
SamerHi all,
can confirm that basic auth is the problem – after disabling it, app is working as expected. For tomorrow (late in Europe now) I’ll figure out, how to tell my proxy (traefik) to add CORS-Headers as suggested. Will keep you informed.
Good night,
GregorI have added the following to my Apache reverse proxy config:
Header always set Access-Control-Allow-Headers “*”
Header always set Access-Control-Allow-Origin “*”And curl shows that the headers are being sent back by the proxy:
< HTTP/1.1 401 Unauthorized
< Date: Mon, 10 Jul 2023 21:37:45 GMT
< Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.5.1 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Origin: *
< WWW-Authenticate: Basic realm=”OpenSprinkler”
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1I’m still seeing the same behavior from the app, however, telling me to check the IP or port.
You are getting back a 401 which indicates a bad user/pass. Can you validate the user/pass is correct using Postman or something other than the application please?
I’ve added tc-opencors-headers (aka Access-Control-Allow-Headers: * ) middleware to my traefik proxy, but still get no connection. Will look for some logs, which is a challenge in my kubernets-setup…
I found this post from the 2.2.2 iOS update which also had CORS changes and suggest looking into it for the Android app as well:
https://opensprinkler.com/forums/topic/ios-app-currently-not-working/#post-70047
Thank you,
SamerThanks Samer for pointing us to that post.
Can anyone confirm success in applying this for the recent android-client. I’ve set up my proxy as described, but still cannot connect with basicauth….
If you are willing to share your information with me to try, please open a support ticket and let’s discuss your specific setup there. Maybe we can setup a temp password I can try.
Let me know.
Thank you,
SamerThanks, Samer,
I learned that my specific setup relies on a middleware, that I’ve no control of.
For reference if someone runs into the same: I use Truenas-Scale with traefik from the truecharts.org -repo as proxy and opensprinkler is set up there as external-service. Adding tc-opencors-chain as middleware didn’t do the trick and from https://github.com/truecharts/charts/issues/6004 I learned that developers are not willing to make any change there now.
…so I’m quite sure that you can’t help me out of this mess, Samer 🙂
sunny greetings from Portugal,
GregorThank you for the follow up Gregor and hope you are able to find another solution that gives you control to add the headers needed.
All the modern mobile OSes seem to require all of the added security which makes sense but makes this more complicated. As an aside, we do now have an OpenThings Cloud that might help with this and provide SSL between the app and our server.
Thanks and best wishes!
I haven’t been able to access my system since the android app update. It is asking for my password but it’s been 6 years or so since I installed the controller and none of the passwords I can remember work. do I need to reset the device and start from scratch? I only access it while on the same network so no proxy or anything for remote access. not sure if the stuff mentioned above in this thread relates to my situation?
How should I proceed?-Race
I (and my wife) are facing the same problem after the recent App update on Android. It works in Browser (also mobile) but does not work with Basic Auth + SSL after upgrade:
IP was: myserver:99999/mylocation/
Then SSL and Basic Auth enabled.
On the OSPi in the Apache conf, I had:
`
<Location /mylocation/>
AuthType Basic
AuthName “Restricted”
AuthUserFile /etc/apache2/.htpasswd
AuthBasicProvider file
Require user myuser
ProxyPreserveHost On
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Location>
`First I added simply this to this block:
Header set Access-Control-Allow-Origin "*"
but no success after restarting Apache and the AppThen I tried the snippet from the linked https://opensprinkler.com/forums/topic/ios-app-currently-not-working/#post-70047 IOS topic. But still no success.
So in the end I disabled the http auth in the app and on the Apache:
`
<Location /mylocation/>
#AuthType Basic
#AuthName “Restricted”
#AuthUserFile /etc/apache2/.htpasswd
#AuthBasicProvider file
#Require user myuser
ProxyPreserveHost On
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Location>
`Then with disabled “Use Auth” in the App I could re-add the site again. Since I am using SSL/https anyway, I guess this is okay with just the simple OpenSprinkler password…
Race, I would first suggest you try to access the device from the browser using the IP address on the local network to rule out other issues. Please let us know how that goes first.
Thank you,
SamerI have tried through a desktop browser also but I can’t figure out the password, the one I thought I had used isn’t working. It’s been faithfully chugging along for at least 8 years without trouble and I’m not sure what password I used when setting it up for sure.
Thank you
Hi Race, this problem here is when you have also an extra http auth password next to your normal OpenSprinkler password – and when you can login via Browser but not using the Android app (which just had a recent minor update which seemed to introduce a bug). In your case it rather seems like you have to find a way to reset your password. I am not sure how you can do this, probably also depends on what OpenSprinkler hardware you have (OSPi or other). The default password is “opendoor” (without the quotes), just in case.
If you google for opensprinkler and password reset, then there are quite a few other folks asking.
Hope this helps a bit.
The OpenSprinkler firmware user manual is on our support website:
https://openthings.freshdesk.com/support/homeThe device password is by default opendoor unless if you have changed it. If you don’t remember anymore, you can use the on-board buttons to set the controller to ignore password. The firmware user manual explains how.
If you have OpenSprinkler Pi, there are no buttons you can use to reset the password. Unfortunately there you will have to ssh to your RPi, or connect it to a keyboard and monitor, and delete the configurations files to trigger a factory reset. You can, however, save your configuration files to a different folder in order to recover settings later.
I can’t remember ever needing a password to connect via the app or via the web interface. However, I’m having an issue now that sounds just like the one @racelife is having. I opened my app today, and it’s suddenly requiring a password to connect to my site. It’s also requiring a password if I try to connect via web at http://192.168.1.232/
Can you provide a link to the instructions for setting the controller to ignore password? I have searched and searched the user manuals, but I can’t find those instructions.
OK, so the search function on the support homepage does *not* search the actual user manuals. You have to download those and search them separately.
For @racelife and anyone else having this issue, here is how Support explained it to me:
[b-quote]What happened was that the recent Android update removed the previously saved sites due to Google changing Android SDK. So your previously saved sites (including saved password) are probably deleted. All you need to do is to re-add the device by using its IP (or using OTC token if you have set it up for remote access via OTC). If you don’t remember the device password, you can reset the device password using buttons on the controller.[/b-quote]
Here are instructions for resetting the password:
[quote]if you have forgotten your device password, you can use buttons to bypass the password.
To do so, first remove power from OpenSprinkler; then plug the power back in, as soon as you see the OpenSprinkler Logo, press and hold push-button B3, and continue holding B3 until the LCD displays ‘Setup Options’. Then click B3 as many times as you need until it shows ‘Ignore Password’. Click B1 to select Yes, and finally press and hold B3 until the controller reboots itself. Now you can access the controller with any password. For security reasons, we recommend you to immediately change the password and set the Ignore Password option back to No.[/quote]
These instructions allowed me to regain access to my device.
Here is the user guide that has those instructions and more:
https://raysfiles.com/os_compiled_firmware/docs/2.2.0/OSUserManual220(1).pdf
- You must be logged in to reply to this topic.