[PROJECT] Driver for Unifi Network Controllers

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:25.419 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Event: Last Login = Thu Dec 10 18:23:25 CST 2020

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:25.412 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Login header data [X-Frame-Options:DENY, Keep-Alive:timeout=60, Access-Control-Expose-Headers:Access-Control-Allow-Origin,Access-Control-Allow-Credentials, vary:Origin, Access-Control-Allow-Credentials:true, Connection:keep-alive, Set-Cookie:csrf_token=g6vIOp4alaJE4f59JzO2PuTrZI5PdSWm; Path=/; Secure, Content-Length:30, Date:Fri, 11 Dec 2020 00:23:24 GMT, Content-Type:application/json;charset=UTF-8]

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:25.410 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Login response data {"meta":{"rc":"ok"},"data":[]}

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:20.275 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Event: Last Login = Thu Dec 10 18:23:20 CST 2020

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:20.272 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Login header data [X-Frame-Options:DENY, Keep-Alive:timeout=60, Access-Control-Expose-Headers:Access-Control-Allow-Origin,Access-Control-Allow-Credentials, vary:Origin, Access-Control-Allow-Credentials:true, Connection:keep-alive, Set-Cookie:csrf_token=ZtqLHT41Hy089ZTftaxRMTGhcwuPh4We; Path=/; Secure, Content-Length:30, Date:Fri, 11 Dec 2020 00:23:19 GMT, Content-Type:application/json;charset=UTF-8]

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:20.270 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Login response data {"meta":{"rc":"ok"},"data":[]}

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:20.202 pm[debug](http://192.168.10.15/device/edit/1629)UniFi - Driver version up to date

[dev:1629](http://192.168.10.15/logs/past#dev1629)2020-12-10 06:23:19.449 pm[trace](http://192.168.10.15/device/edit/1629)UniFi - Event: Last Refresh = Thu Dec 10 18:23:19 CST 2020

Um... I do not know off the top of my head to be honest. It looks like it responds with an http 200 status (normally an all good, here is your data) but with no response and then the header has that DENY in it plus it lacks a cookie.

So it does not work for the login... but recognized it as a login...

Can you remind me, which controller specifically are you attempting to connect to and include what version of firmware it has? I think it is possible to look up some API stuff from Ubiquiti if you know the version.

Controller is running on a cloud Key. Version is 6.0.41

Thanks for the quick response. I doubt I will get it worked out tonight but I will try to take a look and should definitely have more info by tomorrow night.

No hurry. Thank you for your hard work.

The X-Frame-Options:DENY is most likely a red herring, though it certainly caught my eye too.

I had a deja vu moment, and I wonder if you're running into this issue due to using asynchronous POST for the login: asynchttpPost header issue

Here's a dump of all of the headers from my successful synchronous POST login, in case it helps:

image1355×235 14 KB

Are you using the code available in GitHub? I have yet to see the second token - unifises.

No, I happened to be writing my own thing when I noticed this project. So, I'm learning as @snell goes and also sharing things that I discover. I'll PM you my version just to see if you're able to get a login to work, in case that helps for further debugging.

@snell, a synchronous HTTP POST for login worked for @Bago. Do you want to give that a try in your driver in case other users have the same issue?

@tomw:
I actually made a new version earlier that includes a sync post and a bunch of other changes... But did not post it yet (I ran out of time at lunch and had to get back to work).

That said, happy to take a look at it and see if I will need to make changes to what I already made.

If your implementation with sync HTTP works for you then I assume it will work for @bago, too.

I'll be watching closely to see what other interesting ideas you come up with for info to expose in your driver.

The driver packages I made for personal use are mainly for presence detection via device connections. Happy to share via Github if anyone is interested.

If it works for me, I do not know it will work for @Bago because I cannot remember if he uses a UDMP or other (plus I have been working late, getting up early all week and it is starting to show...).

One thing the version I post this afternoon will now include is Alarms. Any active (not archived) alarm on the controller will now be displayed.

I use the USG-Pro-4 with Cloud Key. I’m hopeful. Thanks for all you do.

@Bago... sorry, as soon as I saw your response... I know you have told me at least twice now. :deep sigh:

Updated Version(s):

• UnifiAPI.groovy = 0.1.3

Change(s):

• Switched Login to be using a synchronous httpPost command rather than the previous asynchttpPost. This should help it determine the correct cookie. Thanks @tomw!
• Alarms are now polled. In the refresh the driver will now poll for any active (NOT ARCHIVED) alarms that the controller might have. It could poll all but that gets REALLY long really quickly. Right now it will put the message associated with the alarm into a list for attribute "Alarms" and post it as an event. If there are no active ones you will just get an empty list there.
• Some minor tweaks/code cleanup.

Different Topic(s):

• There are a number of commands I have tried out and have commented out at this time that are stored in the driver. Not sure how much value they are but if anyone is interested you can always uncomment one, run it, check over the log data (need debug or trace set) and decide if there is something useful to you there that could be made more important. These commands are:

1. CheckClients = Obtains the ENTIRE client list and provides a massive amount of information.
2. CheckAccountStatus = Obtains all the information on the controller about the user that is being used for login. This is also a pretty large amount but I found it to have little that I thought was of real value.
3. RefreshUnifiDevices = Refreshes all unifi devices but also provides a massive amount of data in general
4. RefreshOnlineClients = Refreshes data for clients currently online, providing a list of EVERY client online with a lot of data for them as well
5. RefreshAllClients = Refresh data for all clients that have ever connected
6. CurrentHealth = Similar to CurrentStats.
7. CurrentSites = Extremely limited info.
8. SysInfo = Gets general system information.
9. RogueAP = Polls LOTS of data on rogue Access Points detected.

• There is one command that is listed in some of the API resources online but does not work on my UDMP (gets a 404 - Not Found) response. It MAY have to do with the fact that the UDMP does not have wifi built in even though I have a UAP-LR connected (I thought maybe it had data provided by that). In any case, this command is SpectrumScan and is expected to scan the wifi spectrum. Not sure if it would work for someone with a UDM.

That did it. Thanks.

It does retrieve info. But presence gives this:

`dev:16292020-12-11 04:15:55.845 pmerrorUniFi - Unauthorized for MACExists, login again

dev:16292020-12-11 04:59:57.149 pmerrorUniFi - Unauthorized for CheckAlarms, login again
`

image1276×1636 185 KB

Well... Better but not there yet. Need to look at what is different for those.

You're getting 401 (unauthorized) errors after what looks like a successful login. Same symptom with @snell 's driver as well as mine that you tried. It's really weird.

There are a bunch of reports of people getting 401 errors even in the controller web interface with Cloud Key controllers, and the recommended troubleshooting step is to repair or compact the internal database: UniFi - Network Controller: Repairing Database Issues on the UniFi Controller – Ubiquiti Networks Support and Help Center

Seems maybe worth a try. Before you do that, is there anything in the logs on the controller that stands out?

I’ve never received any 401 errors using the web interface. I’ll compact for grins and giggles.

Yeah, I'll admit it's sort of

I planned on buying a cloud key eventually. You have me curious enough that maybe I'll just pull the trigger now and figure this out, unless @snell has any other ideas.

@Bago: Only thing (besides what @tomw already mentioned) I can wonder about is the account permissions maybe. Do you have more than one account for it, and MAYBE (just maybe), the controller is blocking access to those specific things for the account you normally use?