Looking into it. Thanks for reporting it.
Take your time...no rush here
Btw, my tasker task did reboot the hub. I just ran the wrong one....so it's just another data point that the hub can be rebooted without authentication.
Again...no big deal...focus on other things...this can wait.
Right @gparra.
Lol, I guess this comes to show every single feature request has a potential negative impact on someone... its just impossible to please everyone, it does make these guys job a lot harder...
That said, I am the one who's right!
Hotfix 2.0.1.114 is available with bug fixes for Alexa, Hue, code folding, 24 time display in apps, and reboot/shutdown endpoint security.
Looks like you won this one @gparra.
Security wins over convenience again...as it should...but it still hurts my heart.
Keeping my on you @gparra. Ready to auto-flag any "feature" requests. And now I got @SmartHomePrimer at my side in case I miss one. Make a request...I dare you.
That means the tasker method you showed me doesn't work anymore?
I havent had the heart to confirm...I want to keep hope alive for as long as possible.
But I'm pretty sure it won't work anymore. In case your interested @vjv, I'm building a task force. It's you me and @SmartHomePrimer so far. We can't let this happen again.
#securitySucks #flags4Gparra.
I'm in !!!
crap...
Not sure if anyone here is watching the latest season of "The Last Kingdom" but I now feel like Uhtred after he got cursed by Skade...
[runs and installs Tasker on my phone, starts tinkering with this thing in hope of finding a solution to lift the curse]
@patrick what was the solution applied in the patch? was the reboot page completely removed? I get a 404 after authenticating...
Be careful what Yee asks for...Yee might get it.
I'm doing the exact same thing right now...nothing is working. And I get the Uhtred reference as well.
Have to stop watching it now that Vikings' back on...get them confused if I watch simultaneously.
@patrick are you using basic authentication for the hub?
The hub uses a token based authentication. You will need to hit the login endpoint first with a user and password and then get the resulting token from the session for other sessions.
Weird, I may not be doing things right but I'm using the same mechanism I use to get the backups which gets the session from the login page and then hits the download URL and works fine, in this case i'm hitting the http://ipaddress:8080/hub/restart instead and get the hubitat 404 page...
It should be /hub/reboot not restart
I haven't set up any users, will there still be authentication required for the pages?
@vjv @mike I can confirm that the tasker method I shared no longer works with the latest hot fix and User Admin turned on.
The bad news - I did quite a bit of googling and testing but was unable to figure out how authenticate with a token. It's simply beyond my abilities.
The kinda good news - if you dont NEED user admin, you can disable it and the tasker method will work again. Remote reboot is more important for me at this point so that's what I did.
What was the hate clan name again?
I will not disable user login
I tried /hub/reboot and same thing I get a 404, if I can figure out how to do this authenticated I'll find a way for you guys to do it with Tasker but everything I do even after authenticating and passing the session is giving me a 404...
Don't Hate....FLAG!!
Seriously though...this was an oversight by the HE team that would have been closed at some point anyway. While I'm not as security conscious as others, I definitely understand the concerns.
And @gparra's got 24 hours before the Curse of Skade becomes permanent. Hopefully he finds a solution....either way justice will be served.