snjoetw / py-canary Goto Github PK

Canary seems to have changed the Entry API call, code base needs an update to get the data

tested version : 0.5.2

The details of this error can be found here: home-assistant/core#35569

Per the stack trace, the error is actually in this API and occurs when attempting to replicate the login steps on the Canary website. I debugged this issue for several hours last night, but I was unable to resolve the 400/500-level HTTP errors that we get back in the response instead of a successful login payload.

Looking at the code, it is replicating the login sequence from the desktop site. Specifically, in this file: https://my.canary.is/javascripts/login.js

If you beautify the source code, you can search to find the relevant code block:

        n.cancelRequest = d,
        n.logout = p,
        n.login = function(e, t) {
            var n = new XMLHttpRequest;
            n.open("POST", "/api/auth/login"),
            n.setRequestHeader("CSRF-Token", s),
            n.setRequestHeader("Content-Type", "application/json"),
            n.onreadystatechange = function() {
                if (4 === this.readyState) {
                    200 === this.status && (c = JSON.parse(this.responseText).token,
                    o.setStoredItem("token", c),
                    o.setStoredItem("yranac.ppabew", this.responseText));
                    var e = JSON.parse(n.response);
                    "account_locked" === e.msg ? t(423, e) : t(this.status, e)
                }
            }
            ,
            n.send(JSON.stringify(e))
        }
        ,
        n.isLoggedIn = function() {
            return null !== c
        }
        ,
        r.registerAction("logout", p)

Related code:

As you can see, one of the request header names changed and there is a new Content-Type request header. I tried everything I could think of to mimic the header/cookie combination on the desktop site. Other things I tried:

• Adding an additional GET request to a random asset on the desktop site
• Adding additional header/cookie pairs from the desktop site

The only thing I noticed is on the desktop site, the value of the xsrf_token eventually changes, so you end up with 2 header/cookie tokens that start out the same, but are eventually different before the request to /api/auth/login

The only suggestion I can offer anyone else is to try proxying Python through Fiddler, which will allow you to compare the request sequence using Windiff/Winmerge to see the deltas between the Python request and the request in a desktop browser.

when the cal to get readings gets the readings to use, it uses a 2 hour window at 10 minute intervals to get data with. The resulting JSON from Canary lists 20 items, the first 12 are air quality, the next 8 are humidity. Temperature is not returned in the first 20 records. I don't know if Canary changed the order in which the data is returned (date-time vs sensor_type) but it appears to be sensor-type, then date desc.

This appears to be why temperature is missing. Changing the window of time to look at to 1 hour resulted in all three data types (air_quality, humidify and temperature) to be retuned in the Api.get_readings call.

I will attempt to fork the repo and submit a fix.. even if it's a singe character...

Currently py-canary only works with username and password. Add support for 2FA. Currently Canary sends out a code via SMS.