{RESOLVED} 1.30.2 bug with api and authentification

Forum for questions and support relating to the 1.30.x releases only.
Forum rules
Locked
fennec
Posts: 59
Joined: Thu Mar 20, 2014 1:17 am

{RESOLVED} 1.30.2 bug with api and authentification

Post by fennec »

Hi

after update from iconnor-zoneminder-master to 1.30.2

all my python scripts stop because i have a problem with cookies

My code

Code: Select all

url1="http://"+ip+"/zm/index.php?username="+username+"&password="+password+"&action=login&view=console"
	req1 = urllib2.Request(url1)
	response = urllib2.urlopen(req1)
	cookie = response.headers.get('Set-Cookie')
	url=urllib2.Request('http://'+ip+'/zm/api/events/index/MonitorId:'+monit+'/StartTime%20=:'+date+'%20'+heur+'.json')
	url.add_header('cookie', cookie)
	url=urllib2.urlopen(url)
in 1.30.1 all is ok but now

Code: Select all

Traceback (most recent call last):
  File "/home/fennec/scripts/videozm.py", line 90, in <module>
    url=urllib2.urlopen(url)
  File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 410, in open
    response = meth(req, response)
  File "/usr/lib/python2.7/urllib2.py", line 523, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.7/urllib2.py", line 448, in error
    return self._call_chain(*args)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 531, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 401: Unauthorized
print cookie

Code: Select all

ZMSESSID=4allb0rbi9mi9cbpjbee9ssdm0; path=/; HttpOnly, zmSkin=classic; expires=Mon, 21-Dec-2026 13:23:20 GMT; Max-Age=311040000, zmCSS=flat; expires=Mon, 21-Dec-2026 13:23:20 GMT; Max-Age=311040000, ZMSESSID=dnktpou2l27lqga7s80eeqfn52; path=/; HttpOnly
Thanks for your help
Last edited by fennec on Sun Feb 12, 2017 8:52 am, edited 1 time in total.
Top
User avatar
knight-of-ni
Posts: 2404
Joined: Thu Oct 18, 2007 1:55 pm
Location: Shiloh, IL

Re: 1.30.2 bug with api and authentification

Post by knight-of-ni »

I don't have a lot of experience working with cookies or how they should work with zoneminder, so we may need to wait until someone else can jump in.

However, what I can tell you is that the following works for me on a couple of 1.30.2 machines (one CentOS 7 and the other Armbian/Debian 8 ) I am testing from:
- http://server/zm/api/host/getVersion.json returns proper result after authenticating
- The commandline works too: curl http://server/zm/api/host/getVersion.json
- zmninja works

If you don't have zmninja, then try at least first step:
- login to the web console using the same user & pwd as your python script
- paste http://server/zm/api/host/getVersion.json into you bowser and tell us what you get
Visit my blog for ZoneMinder related projects using the Raspberry Pi, Orange Pi, Odroid, and the ESP8266
All of these can be found at https://zoneminder.blogspot.com/
Top
User avatar
iconnor
Posts: 2900
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:
Contact iconnor

Re: 1.30.2 bug with api and authentification

Post by iconnor »

One of the security issues we fixed with this release had to do with setting the secure flag when setting the cookie. I'm not exactly sure why that would cause you problems, but to restore 1.30.1 behaviour, you can comment out lines 113 to 121 of index.php in /usr/share/zoneminder/www/index.php
Top
fennec
Posts: 59
Joined: Thu Mar 20, 2014 1:17 am

Re: 1.30.2 bug with api and authentification

Post by fennec »

Thanks for all

i try that
Top
SteveGilvarry
Posts: 494
Joined: Sun Jun 29, 2014 1:12 pm
Location: Melbourne, AU

Re: 1.30.2 bug with api and authentification

Post by SteveGilvarry »

I think the new flags on the cookie are preventing you from passing the cookie around between two requests, I tried cookielib and it works for me. But not a bug, just client side cookie handling complexity.

Code: Select all

import cookielib, urllib2
ip='xxx.xxx.xxx.xxx'
username='admin'
password='admin'
monit='1'
date='20170212'
heur='06'
url1='http://'+ip+'/zm/index.php?username='+username+'&password='+password+'&action=login&view=console'
apiurl='http://'+ip+'/zm/api/events/index/MonitorId:'+monit+'/StartTime%20=:'+date+'%20'+heur+'.json'

cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
r = opener.open(url1)
content = r.read()
api = opener.open(apiurl)
apicontent = api.read()
Production Zoneminder 1.37.x (Living dangerously)
Random Selection of Cameras (Dahua and Hikvision)
Top
fennec
Posts: 59
Joined: Thu Mar 20, 2014 1:17 am

Re: 1.30.2 bug with api and authentification

Post by fennec »

SteveGilvarry wrote:I think the new flags on the cookie are preventing you from passing the cookie around between two requests, I tried cookielib and it works for me. But not a bug, just client side cookie handling complexity.

Code: Select all

import cookielib, urllib2
ip='xxx.xxx.xxx.xxx'
username='admin'
password='admin'
monit='1'
date='20170212'
heur='06'
url1='http://'+ip+'/zm/index.php?username='+username+'&password='+password+'&action=login&view=console'
apiurl='http://'+ip+'/zm/api/events/index/MonitorId:'+monit+'/StartTime%20=:'+date+'%20'+heur+'.json'

cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
r = opener.open(url1)
content = r.read()
api = opener.open(apiurl)
apicontent = api.read()

Thanks it's works :D :D
Top
Locked

Return to “ZoneMinder 1.30.x”