Jup, that would be a valid explanation.
seems there are people on Discord with a store issue as well
and now it’s back and installed
OK I think I know one of the reasons for the error Daniel. If I click on open webui from the addin, it seems to be hardwired to port 3218 and my duckdns address but I’m using caddy and a different port number… It works in my iFrame…
This addon is driving me nuts, I’m trying to use it from outside the network, my config looks like this, so with everything very much left open:
I’m trying to access it via various PCs and mobile devices and every single one of them gives me this error:
INFO:2018-11-15 07:07:41,901:main:x.x.x.x - “GET / HTTP/1.1” 401 -
WARNING:2018-11-15 07:07:53,370:main:Client IP not within allowed networks.
INFO:2018-11-15 07:07:53,370:main:x.x.x.x - “GET / HTTP/1.1” 420 -
WARNING:2018-11-15 07:07:53,754:main:Client IP banned.
Who is doing the banning if all the above stuff is disabled?? In the browser I just get asked for the password and get a Policy Not Fulfilled message every time.
That’s the problem. You have to add “0.0.0.0/0” to your list of allowed networks. With the allowed networks empty you either have to use the sesame or sesame_totp_secret options to whitelist your client IP. Using the sesame feature adds security, because without it an attacker would have direct access and could brute force the credentials.
But 0.0.0.0/0 is what I tried before and it still didn’t work…in any case, I installed the Cloud9-based IDE addon and am a happy camper, it worked flawlessly without any config required except for the port forwarding
@danielperna84, can the ‘sesame_totp_secret’ be used in combination with Hassio and configurator plugin (I assume so)? How will the configuration look like? I’ve got this working for the ‘sesame’ but this seems to always end up in a ‘Policy not fulfilled’ page.
What I’ve done so far is change the plugin config with the following:
"sesame_totp_secret":"C00LIcanaccessthisnow"
And created a password (manually) with the same string in the google authenticator.
Opening the web page with the ‘sesame_totp_secret’ string, the google authenticator time code or a combination of both does not work.
btw, the following two different network configurations return me this error:
__main:Invalid value for ALLOWED_NETWORKS. Using empty list.
"allowed_networks": [""],
"allowed_networks": ["192.168.1.1/8"],
Any idea why I can’t use an empty list (as suggested earlier in your posts) or white list my internal network range?
Thanks!
Well, what should work would be something like https://yourdomain.com/path/to/configurator/123456
, where 123456 is the code from the authenticator.
When you get a “policy not fulfilled” error, there also will be an error in the log of the configurator that tell’s you the exact reason. That’s what we need to know.
Those are both incorrect values for the allowed networks. An empty list would be just []
, and assuming your private network is 192.168.1.x
, the correct value would be 192.168.1.0/24
.
Although with hassio I believe the network actually has to be 172.30.0.0/16
, which is the internal network hassio is using. Add that to the list and keep the 192.168.1.0/24
as well.
I did try this as well (forgot to mention in previous post); the result however is the same (Invalid value…)
At this point I get and ‘empty response’ and the configurator logging in showing me the below:
----------------------------------------
----------------------------------------
Exception happened during processing of request from ('192.168.1.1', 52705)
Traceback (most recent call last):
File "/usr/local/lib/python3.6/socketserver.py", line 651, in process_request_thread
self.finish_request(request, client_address)
File "/usr/local/lib/python3.6/socketserver.py", line 361, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/local/lib/python3.6/socketserver.py", line 721, in __init__
self.handle()
File "/usr/local/lib/python3.6/http/server.py", line 418, in handle
self.handle_one_request()
File "/usr/local/lib/python3.6/http/server.py", line 406, in handle_one_request
method()
File "/configurator.py", line 4708, in do_GET
super().do_GET()
File "/configurator.py", line 3721, in do_GET
if TOTP and TOTP.verify(chunk):
File "/usr/local/lib/python3.6/site-packages/pyotp/totp.py", line 68, in verify
return utils.strings_equal(str(otp), str(self.at(for_time)))
File "/usr/local/lib/python3.6/site-packages/pyotp/totp.py", line 35, in at
return self.generate_otp(self.timecode(for_time) + counter_offset)
File "/usr/local/lib/python3.6/site-packages/pyotp/otp.py", line 33, in generate_otp
hasher = hmac.new(self.byte_secret(), self.int_to_bytestring(input), self.digest)
File "/usr/local/lib/python3.6/site-packages/pyotp/otp.py", line 50, in byte_secret
return base64.b32decode(self.secret, casefold=True)
File "/usr/local/lib/python3.6/base64.py", line 246, in b32decode
raise binascii.Error('Incorrect padding')
binascii.Error: Incorrect padding
----------------------------------------
----------------------------------------
Hhmm, don’t know why that is happening. People usually at least have their local network whitelisted by default, so this problem doesn’t get to the surface usually.
That indicates, that the secret you are using is not valid base32. You can use this tool to convert your secret into base32 (leave out the possible equal-signs). That’s also what you have to enter in the authenticator app.
Thanks for helping out; works like a charm!
Try to restart configurator addon and see log , you should find an ip inside
copy it
and paster in allowed networks and restart the configurator addon , It will works
note:::::::: don’t forget to update the addon
hope it works good
Um… well it’s worked fine since last June…
Could anyone point me in the right direction here, my Configurator add-on doesn’t work and hasn’t for some time, I couldn’t figure out why so I just left it. I can see all of the files, but can’t see any code in them. Where should I look first to try and resolve this? This is what I see instead of the code, is it something to do with the ‘._’ before the configuration.yaml? ;
that’s good
._configuration.yaml
is not the correct file. Maybe it’s some temporary file another editor has generated.
The main problem is, that the files you are trying to open contain data that die configurator cannot display. So in case of a temp-file this might actually be binary data. And if it’s really a text-file, then it might be related to the encoding. This can happen if you use non-regular characters in your configuration. By non-regular I mean letters, that are not a-z or 0-9. However, I know at least german letters like ü
don’t cause problems. I have heard before, that special letters in other languages aren’t supported that well.
Thanks Daniel,
I have just closed the code editor and ejected of of the files that I had open on my mac which I used to edit HA, then uninstalled and reinstalled the configurator, now I have both the .configuration & a configuration files. I could just ignore the ones with . in front of the file names but that is a bit messy, could I simply delete all of those file?
Also, I have just realised that the when I open the Configurator webpage, it is a http, not https. Could this be my problem?
Probably yes. But just in case, make a backup.
And no, http/s is not related to your problem. If that’s not configured correctly you either can use the configurator, or it doesn’t work at all.
Thanks Daniel, I’ve got it all working again.