Secured Commands #25
Description
Is there a way to send secured command for elements that require Visualisation Password?
I'm attaching documentation below from official Loxone docs. I'm not sure which method from this library should I use to get that hashes and salts.
Secured Commands
We have the possibility to use a “visualization password” for Controls (set in Loxone Config), those passwords are added to the commands as described below:
- request the visualization password from the user - {visuPw}
- request a {key}, {salt} and the used hashing algorithm {hashAlg} from the Miniserver
(“jdev/sys/getvisusalt/{user}”)
a. {user} = the user whos visu password has been entered- Create an {hashAlg} hash (SHA1, SHA256,..) of “{visuPw}:{salt}” -> {visuPwHash}
- Create an HMAC-SHA1 or HMAC-SHA256 hash using the uppercase {visuPwHash} and the {key} (see Hashing) - {hash}
- send “jdev/sps/i os/{hash}/{uuid}/{command}”
a. response has Code 200 if password was correct and command could be executed
b. a response with Code 500 means the password was incorrectHashing
- the key from the “jdev/sys/getkey” , “jdev/sys/getkey2” or “jdev/sys/getvisusalt” responses are hex-encoded
- create a hash from the desired text (user:passHash, visuPwHash, token) using HMAC-SHA1 or HMAC-SHA256 with the {key} received in the answer
a. To create ‘passHash’ & ‘visuPwHash’ use the hashing algorithm {hashAlg} that is defined in the answer of the corresponding requests- encode the hash back to hex