Enable Trust

[niro1987]

Please review and test these changes.

Changes

• Removed _stepup variable as it was not being used anywhere
• Add trust request to validate_mfa method and update cookies accordingly
• Add login request to login_cookie method to attempt login with the trust cookie
• Add untrust request to logout method to remove trust between server and the local instance

[niro1987]

FYI I'm testing the code in a dev container, still waiting for the extra log entry (where the issue used to be) to pop up.

[Olen]

Tested it, for a while now. Unfortunately it does not seem to work. Although I got a better error log at least:

2023-08-15 17:10:51.743 DEBUG (MainThread) [custom_components.verisure] Finished fetching verisure data in 0.580 seconds (success: True)
2023-08-15 17:11:52.022 DEBUG (MainThread) [custom_components.verisure] Finished fetching verisure data in 0.858 seconds (success: True)
2023-08-15 17:12:52.417 DEBUG (MainThread) [custom_components.verisure] Cookie expired, acquiring new cookies
2023-08-15 17:12:53.197 ERROR (MainThread) [custom_components.verisure] Credentials expired for Verisure, {"errorGroup": "UNAUTHORIZED","errorCode": "AUT_00011","errorMessage": "Invalid session cookie"}
2023-08-15 17:12:53.203 ERROR (MainThread) [custom_components.verisure] Authentication failed while fetching verisure data: Credentials expired for Verisure
2023-08-15 17:12:53.209 DEBUG (MainThread) [custom_components.verisure] Finished fetching verisure data in 1.046 seconds (success: False)

And I need to log in again in HA.

[niro1987]

Sadly, not the result I was hoping for, but it does give use useful information.

[niro1987]

Currently we send all cookies on every request, assuming that the server would only read the ones that it needs.
Strictly speaking, the app only sends vid an vs-refresh cookies on /auth/token requests, and only sends vid and vs-access on /graphql requests, and so on..

I'm not sure if leaving out unnecessary cookies will help, but it might be worth a shot.

[niro1987]

@Olen Can you update your dev env and retest please, I'll do the same but haven't seen the issue in my dev env so far.
run pip uninstall vsure and pip install git+https://github.com/niro1987/python-verisure.git@trust#vsure==2.6.5 to update the vsure package

[niro1987]

I wonder why we don't see the 'reauth' issue anymore. Is it because we're handling the 500 responses differently (since 2023.08) or did something change with the Verisure API. If it's the former, why did @Olen still see the issue after 2023.08? If it's the later, ... we might be trying to fix something that isn't broken.

I truly doubt adding 'trust' will change anything. As far as I can see, the only reason to get the trust cookie is to re-authenticate without user interaction (entering the MFA code), i.e. when the session-, refresh- or vid cookie expires or is lost, like when you update the app for example.

Love to hear your thoughts on the matter.

[niro1987]

The changes have been tested extensivly and without any error. @Olen was finally able to reproduce the 'reauth' issue and recovered: home-assistant/core#97885 (comment)

@persandstrom please review these changes

[Olen]

I can verify that my installation has now been running for more than 48 hours without requiring reconfiguration. That has not happened for a long time, so it seems like this is working.

2023-08-21 09:38:19.120 INFO (MainThread) [homeassistant.setup] Setting up verisure
2023-08-21 09:38:19.121 INFO (MainThread) [homeassistant.setup] Setup of domain verisure took 0.0 seconds
(...)
2023-08-21 09:38:25.231 DEBUG (MainThread) [custom_components.verisure] Finished fetching verisure data in 1.002 seconds (success: True)

I have seen two "Cookie expired"- messages about 25 hours apart since then:

2023-08-22 10:56:36.452 DEBUG (MainThread) [custom_components.verisure] Cookie expired, acquiring new cookies
(...)
2023-08-23 12:07:10.464 DEBUG (MainThread) [custom_components.verisure] Cookie expired, acquiring new cookies

If it still is running fine tomorrow, I will do a test where I will change the password, just to verify that this is detected by HA and that I will be asked to supply the new password in the GUI.

[persandstrom]

Looks good!

Let's wait for @Olen final test

[Olen]

Sorry. Forgot to add the result here as well.

It ran fine for four days and recovered from all errors Verisure decided to throw at me.
Today I tried to change my password directly in the Verisure app, and HA responded by presenting a "Please log in again" prompt.
I updated HA with the new password, and the Integration started working again.

So all seems fine now. Thanks for the effort.

[persandstrom]

Thank you @niro1987 and @Olen