- This topic is empty.
August 23, 2014 at 2:39 pm #23127
When I try and run the run-once program, I’m getting a “401 Unauthorized” error. Password is correct, and manual mode is off.
This happens both with the website and when using the mobile app. Everything else seems to work fine.
Any idea what I’m doing wrong? The standard HTTP error pages aren’t that helpful 🙄August 23, 2014 at 4:06 pm #27913
I am pretty sure this is a complex password issue. If you are using special characters in the password than this is likely the issue.
It turns out the app didn’t properly URI encode the password field. This has been fixed however unfortunately I already pushed out 1.1.7. I will push a follow-up update very soon to address this.
Thank youAugust 24, 2014 at 1:52 am #27914
Aaaah! I can’t believe I didn’t think of this (considering the password is in the URL in clear text and wasn’t encoded) 😯 😮 😕
Thank you! So this is a problem not only in the app but also in the built-in website. Weird that it works for some of it thoughAugust 24, 2014 at 3:05 am #27915
Regarding the clear text, this is a limitation of the firmware and Arduino. We don’t have a hashing algorithm (planned) and we also don’t have SSL (Arduino limitation).
Long term, this will be addressed but short term complex passwords should work regardless and will be fixed in 1.1.8.August 25, 2014 at 2:50 pm #27916
At the very least, do POST instead of GET, so the password doesn’t end up in the url. It’s a little too obvious that way. I assume Arduino can handle a POST.
In any case the ‘correct’ way to do http is that GET only allows getting data, but POST/PUT/DELETE etc performs operations (like turning a valve on).
Overall the protocol OpenSprinkler is using is a little “weird” and not really following the typical REST patterns. It’s definitely the first time I’ve seen the need for bit-wise operators to parse input/output. I assume this is to save the amount of data being sent, but I doubt that extreme compression is worth it over just doing some normal obvious spelled-out set of JSON operators.
Btw… I get you can fix the password issue in the apps. It still needs fixing on the device itself, since it’s built-in webpages doesn’t properly encode parameters either.August 25, 2014 at 5:32 pm #27917
Correct, this has been addressed in 2.0.8.
Regarding the firmware, it’s been an evolution and there used to be no REST API until the mobile app needed/made one. This is an area of focus and still being improved.
Update: For the POST/PUT methods, those are good suggestions and will be looked at going forward.
- You must be logged in to reply to this topic.