jmaxxz / keymaker Goto Github PK
View Code? Open in Web Editor NEWA tool chain for interacting with the August lock ecosystem developed whilst researching the security of the August lock.
License: MIT License
A tool chain for interacting with the August lock ecosystem developed whilst researching the security of the August lock.
License: MIT License
I am attempting to "sign-in" with the postman collection and getting the response "API key is not valid". What might be going wrong here?
I have set the environment variables:
Variable | Initial Value |
---|---|
installid | 00000000-0000-0000-0000-000000000000 |
KeaseApiKey | 14445b6a2dba |
ApiKey | aaaaaaaaaa.bbbbbbbbbbb.cccccccccccc |
I have set my credentials on the body tab:
{
"identifier":"phone:+15551234567",
"installId":"00000000-0000-0000-0000-000000000000",
"password":"MyPassword"
}
I've tried the API and looked through some of the other issues here to understand the API. Here are my steps:
Sign In:
Request Body:
{ "identifier":"phone:+1{{MyPhoneNumber}}", "installId":"eed23768-4c85-4d32-b0e4-e3e58d657480", //gerated UUID "password":"{{MyPassword}}" }
Headers:
"x-august-api-key":"79fd0eb6-381d-4adf-95a0-47721289d1d9"
Response:
{ "installId": "eed23768-4c85-4d32-b0e4-e3e58d657480", "applicationId": "", "userId": "", "vInstallId": false, "vPassword": false, "vEmail": false, "vPhone": false, "hasInstallId": true, "hasPassword": true, "hasEmail": true, "hasPhone": true, "isLockedOut": false, "oauth": {}, "homeAccess": "", "captcha": "", "email": [], "phone": [ "phone:+1<My PhoneNumber>" ], "expiresAt": "2021-09-29T13:01:30.685Z", "temporaryAccountCreationPasswordLink": "", "iat": 1622552490, "exp": 1632920490, "LastName": "", "FirstName": "" }
I copied the x-august-access-token
from the response.
I then verified my phone and email using the Send password reset email and Send password reset phone Using the x-august-access-token
from the original request I sent the Send password reset email and got an email with the code. I sent the Verify Email request and copied the x-august-access-token
to be used with the Send password reset phone and got a code sent to my phone. I then called the Verify Phone request and copied the x-august-access-token
. I then try calling any of the GET requests that donot require a body and receive this message:
{ "code": "InvalidCredentials", "message": "access token not associated with a user" }
The API Key and Kease Api Key are set properly. Are there any other steps I should be following?
Hello. I am using your postman collection. I was able to use validation/email to get my code, but when I try to validate it, i get those error response. Can you please help?
{ "code": "InvalidArgument", "message": "Verification code for aep:email:[email protected] not found" }
My request was:
{ "code":"755211", "email":"[email protected]" }
I have been trying to get this to work but am stuck on the "validate" email or phone.
I posted /validation/email and got a valid code sent to my e-mail.
I tried posting this to the following validate/email.
{
"email":"email-addresss",
"code": "code-from-email"
}
and I am getting the following error in the body:
{
"userId": "user-id",
"_value": "email:email-address",
"resolution": "token_incomplete"
}
Does anyone have any idea what I'm doing wrong? I am using the x-august-access-token from the validation/email response header.
Originally posted by @juancortez in #5 (comment)
Hi @jmaxxz first of all many thanks for the great work on the august lock.
I wonder if you could give me some insight on the api process. At the moment i'm trying to automate the guest creation with pin numbers. However I cannot go beyond the creation of the USER and not the guest, or even a way to associate pins to guest or users
I can see a "state" parameter but I've tried all the combinations which do not let me to add a pin.
Thanks
While for research purposes this codebase is adequate for any type of general purpose application development one would expect at least some level of unit testing.
Hello I am having trouble verifying the code sent to my email:
Here is the CURL request I am using to validate the token sent to my email.
curl -X POST 'https://api-production.august.com/validate/email' \
--header 'x-august-api-key: 70eb6-81d-4df-950-4789d1d9' \
--header 'x-kease-api-key: 14445b6a2dba' \
--header 'Content-Type: application/json' \
--header 'Accept-Version: 0.0.1' \
--header 'User-Agent: August/Luna-3.2.2' \
--header 'x-august-access-token: eyJ0eXAiOiJKVQiLCJhbCU' \
--data-raw '{
"email": "<MY EMAIL>",
"code": "913658"
}'
The response I am receiving is:
{
"userId": "ce950867-f61a-49d0-8320-2e6fff82250d",
"_value": "email:<MY_EMAIL>",
"resolution": "token_incomplete"
}
Any ideas as to what is going wrong?
Hello,
So I have an August lock v1, which i am guessing had some issues during a factory Firmware update... the fact is that it no longer works and the support service just told me to (do bunch of things that did not work) buy a new one as it was not repairable...
Well I am trying to repair it ^^
It turns on, it connects to my phone, it answers back to me, but It wont move the motor nor update the firmware.
I've connected to it by JTAG and I've downloaded its firmware.
I've also recovered the firmwares (arm and ti) from the August server and I am going to try to update the system. But it seems to me that these firmwares are not full firmwares and just patches... They dont fix my full firmware issue through a JTAG programming.
I am just wondering if someone here has previously fixed their august lock or if you have a firmware that I can use for JTAG ^^
Trying to POST /session using postman but the return is "Could not get any response"
There was an error connecting to https://api-production.august.com/session.
Headers:
[
{
"key":"x-august-api-key",
"value":"727dba56-fe45–498d-b4aa-293f96aae0e5", // I found this value on https://medium.com/@nolanbrown/august-lock-rest-apis-the-basics-7ec7f31e7874
"description":"",
"enabled":true
},
{
"key":"x-kease-api-key",
"value":"727dba56-fe45–498d-b4aa-293f96aae0e5", // I found this value on https://medium.com/@nolanbrown/august-lock-rest-apis-the-basics-7ec7f31e7874
"description":"",
"enabled":true
},
{
"key":"Content-Type",
"value":"application/json",
"description":"",
"enabled":true
},
{
"key":"User-Agent",
"value":"August/Luna-3.2.2",
"description":"",
"enabled":true
},
{
"key":"Accept-Version",
"value":"0.0.1",
"description":"",
"enabled":true
}
]
Body:
{
"installId": "b7e2efe6-dd2c-11e7-9296-cec278b6b50a", // random UUID
"password": "<PASSWORD>",
"identifier": "phone:+1<PHONE>"
}
I think I'm late to the party; both version 6.0 and 7.0 of the iOS app do not store any offline keys anymore (I enabled auto-unlock momentarily which should have written them to the .plist) and neither of the backdoor passwords "KryspyKym" nor "DreadfulDoe" appear to work when entering them in the dialog the pops up when you press-hold the version number.
Does anyone have update documentation on how to get the offline keys so I can manipulate the locks via BLE, or a way to generate the debug logs through this press-hold-version-number method?
Since I started work on this project Node has deprecated the new Buffer(...) api in favor of Buffer.alloc. In keeping with Node's recommendations all calls to the old style of buffer construction should be replaced with calls to Buffer.alloc.
This will let other more easily use this work in their projects.
I'm attempting to use your extremely helpful postman collection to test out some API methods. Unfortunately it seems that two-factor now requires a code to validate token for email or phone before it can be used.
What route should I be hitting after the initial post to /session
to trigger the verification email or text?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.