API+Authentication not working

Forum for questions and support relating to the 1.30.x releases only.
Locked
clueo8
Posts: 5
Joined: Tue Mar 10, 2015 10:47 am

API+Authentication not working

Post by clueo8 »

I have ZM v1.30.2 installed via apt (http://ppa.launchpad.net/iconnor/zoneminder/ubuntu) on Ubuntu 14.04. I'm trying to get the zm API working with OPT_USE_AUTH enabled. The API page is green so that part is okay. If I disable OPT_USE_AUTH, /zm/api/host/getVersion.json works fine. With OPT_USE_AUTH enabled, I get "Not Authenticated":

Code: Select all

{ "success": false, "data": { "name": "Not Authenticated", "message": "Not Authenticated", "url": "\/zm\/api\/host\/getVersion.json", "exception": { "class": "UnauthorizedException", "code": 401, "message": "Not Authenticated", "trace": [ "#0 [internal function]: AppController->beforeFilter(Object(CakeEvent))", "#1 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Event\/CakeEventManager.php(243): call_user_func(Array, Object(CakeEvent))", "#2 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Controller\/Controller.php(677): CakeEventManager->dispatch(Object(CakeEvent))", "#3 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Routing\/Dispatcher.php(189): Controller->startupProcess()", "#4 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Routing\/Dispatcher.php(167): Dispatcher->_invoke(Object(HostController), Object(CakeRequest))", "#5 \/usr\/share\/zoneminder\/www\/api\/app\/webroot\/index.php(108): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))", "#6 {main}" ] }, "queryLog": { "default": { "log": [ { "query": "SELECT `Config`.`Id`, `Config`.`Name`, `Config`.`Value`, `Config`.`Type`, `Config`.`DefaultValue`, `Config`.`Hint`, `Config`.`Pattern`, `Config`.`Format`, `Config`.`Prompt`, `Config`.`Help`, `Config`.`Category`, `Config`.`Readonly`, `Config`.`Requires` FROM `zm`.`Config` AS `Config` WHERE `Config`.`Name` = 'ZM_OPT_USE_API' LIMIT 1", "params": [ ], "affected": 1, "numRows": 1, "took": 0 }, { "query": "SELECT `Config`.`Id`, `Config`.`Name`, `Config`.`Value`, `Config`.`Type`, `Config`.`DefaultValue`, `Config`.`Hint`, `Config`.`Pattern`, `Config`.`Format`, `Config`.`Prompt`, `Config`.`Help`, `Config`.`Category`, `Config`.`Readonly`, `Config`.`Requires` FROM `zm`.`Config` AS `Config` WHERE `Config`.`Name` = 'ZM_OPT_USE_AUTH' LIMIT 1", "params": [ ], "affected": 1, "numRows": 1, "took": 0 }, { "query": "SELECT `Config`.`Id`, `Config`.`Name`, `Config`.`Value`, `Config`.`Type`, `Config`.`DefaultValue`, `Config`.`Hint`, `Config`.`Pattern`, `Config`.`Format`, `Config`.`Prompt`, `Config`.`Help`, `Config`.`Category`, `Config`.`Readonly`, `Config`.`Requires` FROM `zm`.`Config` AS `Config` WHERE `Config`.`Name` = 'ZM_OPT_USE_API' LIMIT 1", "params": [ ], "affected": 1, "numRows": 1, "took": 0 }, { "query": "SELECT `Config`.`Id`, `Config`.`Name`, `Config`.`Value`, `Config`.`Type`, `Config`.`DefaultValue`, `Config`.`Hint`, `Config`.`Pattern`, `Config`.`Format`, `Config`.`Prompt`, `Config`.`Help`, `Config`.`Category`, `Config`.`Readonly`, `Config`.`Requires` FROM `zm`.`Config` AS `Config` WHERE `Config`.`Name` = 'ZM_OPT_USE_AUTH' LIMIT 1", "params": [ ], "affected": 1, "numRows": 1, "took": 0 } ], "count": 4, "time": 0 } } } }
I tried capturing my cookies.txt and curling with those but that also does not work, displays the same 'Not Authenticated' message as above. I have Apache 2.4, here are my ZM specific configs:

Code: Select all

ScriptAlias /zm/cgi-bin "/usr/lib/zoneminder/cgi-bin"
<Directory "/usr/lib/zoneminder/cgi-bin">
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    AllowOverride All
    Require all granted
</Directory>

Alias /zm /usr/share/zoneminder/www
<Directory /usr/share/zoneminder/www>
  php_flag register_globals off
  Options -Indexes +FollowSymLinks
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>
</Directory>

<Directory /usr/share/zoneminder/www/api>
    AllowOverride All
</Directory>
Normal ZM webpage operation is fine, I'm using https/cert from letsencrypt, its just the APIs which aren't working with OPT_USE_AUTH enabled. Been searching around and can't find a solution to my particular problem. Apache error logs don't display anything when hitting the api. Thanks in advance.
rockedge
Posts: 1173
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA

Re: API+Authentication not working

Post by rockedge »

have you looked at this? from the manual : http://zoneminder.readthedocs.io/en/latest/api.html

The APIs tie into ZoneMinder’s existing security model. This means if you have OPT_AUTH enabled, you need to log into ZoneMinder using the same browser you plan to use the APIs from. If you are developing an app that relies on the API, you need to do a POST login from the app into ZoneMinder before you can access the API.

Then, you need to re-use the authentication information of the login (returned as cookie states) with subsequent APIs for the authentication information to flow through to the APIs.

This means if you plan to use cuRL to experiment with these APIs, you first need to do

Code: Select all

curl -d "username=XXXX&password=YYYY&action=login&view=console" -c cookies.txt  http://yourzmip/zm/index.php
replacing XXXX and YYYY with your username and password, respectively.

Please make sure you do this in a directory where you have write permissions, otherwise cookies.txt will not be created and the command will silently fail.

What the “-c cookies.txt” does is store a cookie state reflecting that you have logged into ZM. You now need to apply that cookie state to all subsequent APIs. You do that by using a ‘-b cookies.txt’ to subsequent APIs if you are using CuRL like so:

Code: Select all

curl -b cookies.txt http://yourzmip/zm/api/monitors.json
This would return a list of monitors and pass on the authentication information to the ZM API layer.

So remember, if you are using authentication, please add a -b cookies.txt to each of the commands below if you are using CuRL. If you are not using CuRL and writing your own app, you need to make sure you pass on cookies to subsequent requests in your app.
Examples (please read security notice above)

You will see each URL ending in either .xml or .json. This is the format of the request, and it determines the format that any data returned to you will be in. I like json, however you can use xml if you’d like.

(In all examples, replace ‘server’ with IP or hostname & port where ZoneMinder is running)
clueo8
Posts: 5
Joined: Tue Mar 10, 2015 10:47 am

Re: API+Authentication not working

Post by clueo8 »

Yes, I have read and understand that. I tried saving the cookies and using curl and that does not work with the API. I've also tried logging in then going to API in same browser session and that fails to work. What I really am trying to use is zmNinja but my APIs are not working and I know it's because of this error. I think possibly somewhere else in my apache config could be interfearing.
bbunge
Posts: 2930
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: API+Authentication not working

Post by bbunge »

I do not remember having issues with the API's in Ubuntu 14.04. Ubuntu 16.04 had some permissions issues that were fixed by: chown -R www-data:www-data /usr/share/zoneminder/



14.04 Ubuntu install procedure: https://wiki.zoneminder.com/Ubuntu_Serv ... e_easy_way
User avatar
asker
Posts: 1553
Joined: Sun Mar 01, 2015 12:12 pm

Re: API+Authentication not working

Post by asker »

@clueo8 - please see https://github.com/ZoneMinder/ZoneMinder/issues/1813
Please participate with data requested (and see workaround - not a full fix)
I no longer work on zmNinja, zmeventnotification, pyzm or mlapi. I may respond on occasion based on my available time/interest.

Please read before posting:
How to set up logging properly
How to troubleshoot and report - ES
How to troubleshoot and report - zmNinja
ES docs
zmNinja docs
detxm80
Posts: 38
Joined: Fri Oct 13, 2017 9:42 am

Re: API+Authentication not working

Post by detxm80 »

Hi, i've 1.32.1 and i've api problem:

Code: Select all

	
success	false
data	
name	"Not Authenticated"
message	"Not Authenticated"
url	"/zm/api/host/getVersion.json"
exception	
class	"UnauthorizedException"
code	401
message	"Not Authenticated"
trace	
0	"#0 /usr/share/zoneminder/www/api/lib/Cake/Event/CakeEventManager.php(243): AppController->beforeFilter(Object(CakeEvent))"
1	"#1 /usr/share/zoneminder/www/api/lib/Cake/Controller/Controller.php(677): CakeEventManager->dispatch(Object(CakeEvent))"
2	"#2 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(189): Controller->startupProcess()"
3	"#3 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(HostController), Object(CakeRequest))"
4	"#4 /usr/share/zoneminder/www/api/app/webroot/index.php(107): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))"
5	"#5 {main}"
queryLog	[]
can you help me?

it's seems to not create a problem, but i want to resolve it
tnx

edit: i i use my domains ex domains.zoneminder.com/zm/api/host/getVersion.json it's all ok, if i use local ip ex http://xxx.xxx.x.x/zm/api/host/getVersion.json i'm get api error
bbunge
Posts: 2930
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: API+Authentication not working

Post by bbunge »

detxm80 wrote: Wed Oct 10, 2018 3:46 pm Hi, i've 1.32.1 and i've api problem:

Code: Select all

	
success	false
data	
name	"Not Authenticated"
message	"Not Authenticated"
url	"/zm/api/host/getVersion.json"
exception	
class	"UnauthorizedException"
code	401
message	"Not Authenticated"
trace	
0	"#0 /usr/share/zoneminder/www/api/lib/Cake/Event/CakeEventManager.php(243): AppController->beforeFilter(Object(CakeEvent))"
1	"#1 /usr/share/zoneminder/www/api/lib/Cake/Controller/Controller.php(677): CakeEventManager->dispatch(Object(CakeEvent))"
2	"#2 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(189): Controller->startupProcess()"
3	"#3 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(HostController), Object(CakeRequest))"
4	"#4 /usr/share/zoneminder/www/api/app/webroot/index.php(107): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))"
5	"#5 {main}"
queryLog	[]
can you help me?

it's seems to not create a problem, but i want to resolve it
tnx

edit: i i use my domains ex domains.zoneminder.com/zm/api/host/getVersion.json it's all ok, if i use local ip ex http://xxx.xxx.x.x/zm/api/host/getVersion.json i'm get api error
Linux distro and version?

Did you by chance upgrade from Ubuntu 16.04 to 18.04? If you did make sure PHP 7.0 is removed and 7.2 is configured for Zoneminder.
detxm80
Posts: 38
Joined: Fri Oct 13, 2017 9:42 am

Re: API+Authentication not working

Post by detxm80 »

bbunge wrote: Sun Oct 14, 2018 6:01 pm
detxm80 wrote: Wed Oct 10, 2018 3:46 pm Hi, i've 1.32.1 and i've api problem:

Code: Select all

	
success	false
data	
name	"Not Authenticated"
message	"Not Authenticated"
url	"/zm/api/host/getVersion.json"
exception	
class	"UnauthorizedException"
code	401
message	"Not Authenticated"
trace	
0	"#0 /usr/share/zoneminder/www/api/lib/Cake/Event/CakeEventManager.php(243): AppController->beforeFilter(Object(CakeEvent))"
1	"#1 /usr/share/zoneminder/www/api/lib/Cake/Controller/Controller.php(677): CakeEventManager->dispatch(Object(CakeEvent))"
2	"#2 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(189): Controller->startupProcess()"
3	"#3 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(HostController), Object(CakeRequest))"
4	"#4 /usr/share/zoneminder/www/api/app/webroot/index.php(107): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))"
5	"#5 {main}"
queryLog	[]
can you help me?

it's seems to not create a problem, but i want to resolve it
tnx

edit: i i use my domains ex domains.zoneminder.com/zm/api/host/getVersion.json it's all ok, if i use local ip ex http://xxx.xxx.x.x/zm/api/host/getVersion.json i'm get api error
Linux distro and version?

Did you by chance upgrade from Ubuntu 16.04 to 18.04? If you did make sure PHP 7.0 is removed and 7.2 is configured for Zoneminder.
Hi, ubuntu 18.04 clean install and php 7.2, only with local io i’ve problem not by my domain name
Sekhar
Posts: 1
Joined: Fri Aug 30, 2019 4:00 pm

Re: API+Authentication not working

Post by Sekhar »

Were you able to get this working? I'm having the same issue.
eaglesvr
Posts: 6
Joined: Tue Dec 25, 2018 1:48 am

Re: API+Authentication not working

Post by eaglesvr »

Noticed this issue as well after the recent ZM update a couple days ago to the version 1.33.13. - zm cameras disappeared in Home Assistant
When OPT_USE_AUTH is unchecked API works and returns the matching version. What I can see that the request uses the correct cookie ZMSESSID - returned by the login response in another browser's tab. API test also worked when zm switched to basic auth mode. Today's update to 1.33.14 hasn't fixed the issue. ZM is running behind nginx reverse proxy. It worked with ZM version 1.33.12 and below. Considering switching to basic auth, although that will result in other issues since basic auth is not supported by contemporary browsers anymore, especially on IOS.
Tried this via local http and external https- both returned 401, "Not Authenticated" error
After multiple attempts to reconfigure zm and nginx somehow I got zm cameras showing in Home Assistant again. But API test still fails(?)
Looks like API test just did not work much earlier. Anyway, it would be a good idea to fix it.
brezuicabogdan
Posts: 2
Joined: Fri Jun 07, 2019 9:01 am

Re: API+Authentication not working

Post by brezuicabogdan »

Same exact issue here after upgrading to latest version.
HA cannot connect anymore and trying to manually authenticate on /api always turns out in a failure.

Please fix this as it keeps my entire cams system detached.

Thank you.
bbunge
Posts: 2930
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: API+Authentication not working

Post by bbunge »

As I understand there have been some I changes in the api on 1.33.x. Your problem may be with the HA system not the new Zoneminder. Best to start with a fresh Bionic install then add 1.32.x. While 1.33.14 is working for me it is a development version and can have issues.

Edit: Just checked my Bionic/ZM 1.33.14 with an old version of ZMNinja. Can't playback events but can view monitors. So, you will likely have to upgrade the HA system or go back to ZM 1.30.4. I still have the install packages available for some flavors of 1.30.4 as I still use it. Plan to rebuild a 1.30.4 system this week as there are some hardware issues I need to fix for a customer.
User avatar
asker
Posts: 1553
Joined: Sun Mar 01, 2015 12:12 pm

Re: API+Authentication not working

Post by asker »

The latest master has fixed the API login issues. Note that this is only related to 1.33.x. This thread is in 1.30.4 but has since morphed into 1.32.x and now 1.33.x related issues.
I no longer work on zmNinja, zmeventnotification, pyzm or mlapi. I may respond on occasion based on my available time/interest.

Please read before posting:
How to set up logging properly
How to troubleshoot and report - ES
How to troubleshoot and report - zmNinja
ES docs
zmNinja docs
blauter
Posts: 7
Joined: Fri Dec 07, 2018 7:23 pm

Re: API+Authentication not working

Post by blauter »

Should this have addressed the issue with home assistant? I am on latest 1.33.14 and still getting the below error in ZM when HA tries to connect. Or does HA code have to be updated to support new auth?

Thanks.

2019-09-13 20:41:58 Error: [UnauthorizedException] Not Authenticated
Request URL: /zm/api/host/getVersion.json
Stack Trace:
#0 /usr/share/zoneminder/www/api/lib/Cake/Event/CakeEventManager.php(243): AppController->beforeFilter(Object(CakeEvent))
#1 /usr/share/zoneminder/www/api/lib/Cake/Controller/Controller.php(677): CakeEventManager->dispatch(Object(CakeEvent))
#2 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(189): Controller->startupProcess()
#3 /usr/share/zoneminder/www/api/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(HostController), Object(CakeRequest))
#4 /usr/share/zoneminder/www/api/app/webroot/index.php(107): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#5 {main}

EDIT: Corrected version I am on.
Last edited by blauter on Sat Sep 14, 2019 2:05 am, edited 1 time in total.
eaglesvr
Posts: 6
Joined: Tue Dec 25, 2018 1:48 am

Re: API+Authentication not working

Post by eaglesvr »

Rolled back to 1.32. Everything works now: api test and HA cams. Unfortunately I could not find any simple way to downgrade database. import zm schema from 1.33 didn't work.
Locked