- This topic has 14 replies, 8 voices, and was last updated 8 years, 11 months ago by
.
-
Posts
-
If I try the url http://ospi:8080/jo?pw=mypassword I get a {“fwv”:213} response, not the json with all the variables. Other command as/jc?pw=mypassword return {“result”:2} (unauthorized). I am sure the password is correct. What I am doing wrong?
I’m also seeing a problem. It seems like it isn’t able to authenticate the password. I’m trying to update the script url: http://{ipaddress}/cu?pw={password}&jsp={newscripturl}, and I get the same {“result”:2} response. If I go into Options->Advanced and select “Ignore Password”, then it works.
I’m using OpenSprinkler hardware rev 2.3.
With the password MD5 hashed it works as expected. Thanks. It makes sense, you don’t want to send your password in clear
The MD5 password hashing feature was added in 2.1.3, and appears to be required now (cleartext passwords will no longer work). Ray has a brief writeup on the change in the 2.1.3 firmware release announcement.
That makes sense, thanks! I guess I missed the post, is the user manual going to be updated as well?
Yes, the user manual will be updated however schedules have been very busy and keeping up is difficult.
With that said, I apologize for the documentation falling out of sync with the software but we will remedy this ASAP.
Thank you!
Note that the MD5 hash must be in LOWER CASE.
That is:
3EC21257E0DF5194E94A1F0FEF3F654F
is not:
3ec21257e0df5194e94a1f0fef3f654ffor the purposes of successful API pw= authentication.
Can I get clarification on the MD5 password hashing with the API. Is it ONLY added and supported in 2.1.3 and up or was it possible to send MD5 password hashes in 2.1.0, 2.1.1 and 2.1.2 with the API, but not required?
So, firmware prior to 2.1.3 did not correctly store 32 character strings (the length of an MD5 hash) and therefore was not really supported.
I should be more specific, let’s say I have firmware 2.1.0, 2.1.1 or 2.1.2 on my OpenSprinkler and I try to access an api endpoint like so: http://<op>/jc?pw=a6d82bced638de3def1e9bbb4983225c (where the password for the device is “opendoor” and “a6d82bced638de3def1e9bbb4983225c” is the password MD5 hash for opendoor); is the data for the endpoint returned, or is an error returned?
I’m too lazy to downgrade my firmware and find out for myself.
It depends on the specific command. For the /jc command, if the password is correct, it returns JSON data of controller variables. If the password is incorrect, it will return an error code. For other commands (such as /cc) which are GET commands to change controller variables, it always returns an error code (with 1 indicating it has succeeded and any number other than 1 indicating an error). The list of error code is in the source code:
https://github.com/OpenSprinkler/OpenSprinklerGen2/blob/master/server.cpp#L74Btw, to be precise, it doesn’t make sense to say “md5 hashed”. How is the hash encoded?
It would be more precise to specify: the hexadecimal representation of the md5 hash.
A hash is a binary number and it can be represented in many formats (base64, octal, etc).
- You must be logged in to reply to this topic.