UPDATE: This functionality has been added to the official Unifi Network Integration: UniFi Network integration - official thread - #64 by Robban
Thank you for all the interest in this project, it was both humbling and exciting to see so many people interested in my work, and it was a most amazing feeling when @Robban chose to include it in the official integration.
Although I continue to use this original code from the project below (if it ain’t broke, don’t fix it), I would encourage you to use the official integration if it meets your needs. Robban is a much better coder than I am, and the official integration is much more foolproof to install and configure than what I’ve done below.
I’ll leave this thread up for historical preservation/education’s sake, but you should consider this project closed and no longer supported.
Thank you!!!
I saw lots and lots of people asking about how to do this when I was searching for how to do it, so hopefully this helps some people out. I can’t take all the credit for this, so have a look at this thread (Automating unifi port forwarding based upon presence detection) by @jon102034050, which was the genesis of my knowledge to get started with the project.
Since I’m a real n00b when it comes to HomeAssistant, a lot of this has been dumbed down, and there’s not as much variable passing as his stuff, nor is the secrets file leveraged since that can’t be used in the UI, and when I tried to manually add them to automations.yaml it broke all my automations, so…
This solution can be used to change the passwords for as many SSIDs as you like. The QR code output will be saved in /config/www, and the filename will be the unifi SSID name that is passed in from the automation call.
We will need the id of the wireless network you want to change the password on. To get this, log into your unifi controller and click “Edit” next to the wireless network. Then look in the address bar of your browser. The long alphanumeric string at the end of the URL is the ID of that network. Copy that.
So, the first thing we need is the following code, saved in the scripts directory, and named “wifichange.sh”
#!/bin/sh
cookie=$(mktemp)
headers=$(mktemp)
curl_cmd="curl --silent --output /dev/null --cookie ${cookie} --cookie-jar ${cookie} --insecure"
change() {
# generate new password
NEW_PWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
# generate QR code
wget --output-document=/config/www/${5}.png "http://api.qrserver.com/v1/create-qr-code/?data=WIFI:T:WPA;S:${5};P:${NEW_PWD};H:;&size=100x100"
# authenticate against unifi controller
${curl_cmd} -H 'Content-Type: application/json' -D ${headers} -d "{\"username\":\"$1\", \"password\":\"$2\"}" https://${3}/api/auth/login
# grab the `x-csrf-token` and strip the newline (added when upgraded to controller 6.1.26)
csrf="$(awk -v FS=': ' '/^x-csrf-token/{print $2}' "${headers}" | tr -d '\r')"
# change wifi password
${curl_cmd} -k -X PUT https://${3}/proxy/network/api/s/default/rest/wlanconf/${4} -H "Content-Type: application/json" -H "x-csrf-token: ${csrf}" -d @- <<-EOF
{
"_id":"$4",
"x_passphrase":"$NEW_PWD"
}
EOF
}
"$@"
Add this to your configuration.yaml:
shell_command:
unifi_wlanchange: /bin/bash /config/scripts/wifichange.sh change {{ username }} {{ password }} {{ baseurl }} {{ network_id }} {{ ssid }}
camera:
- platform: generic
name: guestqrcode
still_image_url: http://xxx.xxx.xxx.xxx:8123/local/<ssid>.png
verify_ssl: false
Be sure to use http or https accordingly for the camera config!
And the automation (UI-friendly, can be copy/pasted into your automations.yaml file without breaking anything - just make sure to change the “- id” value to something unique). Be sure to modify the username, password, IP address, and the network_id in the data portion. The network_id is the id that you copied from the end of the URL when you clicked “Edit” on the wireless network in the unifi controller.
Note that you need to use a LOCAL user on the UBNT gear, the ssh account will not work.
- id: '1111111111111'
alias: wifiPW
description: ''
trigger:
- platform: time
at: 03:00
condition: []
action:
- service: shell_command.unifi_wlanchange
data:
username: myuser
password: mypassword
baseurl: unifi.ip.add.ress
network_id: my_id_from_unifi_url
ssid: ssid_of_wireless_network_to_change
mode: single
Then, I just added a tab to the frontend, used a wifi icon, and added a picture card to it with these settings:
type: picture-entity
show_state: false
show_name: false
entity: camera.guestqrcode
camera_image: camera.guestqrcode
tap_action:
action: none
hold_action:
action: none
Viola! Your wifi password changes however often you specify, and is very secure, and still super-easy for your guests to connect to.
edit: 1/18/2022 with new version that is much easier to understand and maintain. Props to @rootnegativ1 for pointing me in the right direction about not sending the entire JSON payload with his link to the reddit post.
edit: 1/25/2022 updated code to allow passing the SSID as a variable, and to change the name of the QR code file to the SSID instead of the network_id.
edit: 7/22/2022 cleaned up code a bit in preparation for YouTube video