Add Support for Dream Machine Pro

[anthonysnyder]

Is your feature request related to a problem? Please describe.
When attempting to configure this plugin for use with my UDM Pro, I immediately get 401 Unauthorized, and eventually 429 Too Many Requests.

Describe the solution you'd like
Build out support for logging into a Dream Machine Pro

Describe alternatives you've considered

Additional context
I have a brand new LOCAL only SuperAdmin account that I am trying with this.

[Juror2372]

i have the same issue.

it used to work with my UDM Pro but i'm now getting the same error.

here's the log from HA

2024-11-27 19:30:33.775 WARNING (MainThread) [homeassistant.components.unifi] Exception on update Call https://10.16.10.1:443/proxy/network/v2/api/site/default/trafficrules received 401 Unauthorized
2024-11-27 19:30:43.775 WARNING (MainThread) [homeassistant.components.unifi] Exception on update Call https://10.16.10.1:443/proxy/network/v2/api/site/default/trafficrules received 401 Unauthorized
2024-11-27 19:30:53.775 WARNING (MainThread) [homeassistant.components.unifi] Exception on update Call https://10.16.10.1:443/proxy/network/v2/api/site/default/trafficrules received 401 Unauthorized
2024-11-27 19:31:03.775 WARNING (MainThread) [homeassistant.components.unifi] Exception on update Call https://10.16.10.1:443/proxy/network/v2/api/site/default/trafficrules received 401 Unauthorized
2024-11-27 19:31:12.850 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2024-11-27 19:31:13.151 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2024-11-27 19:31:13.164 WARNING (MainThread) [custom_components.unifi_network_rules.udm_api] Authentication failed, attempting to re-login (attempt 1)
2024-11-27 19:31:13.775 WARNING (MainThread) [homeassistant.components.unifi] Exception on update Call https://10.16.10.1:443/proxy/network/v2/api/site/default/trafficrules received 401 Unauthorized
2024-11-27 19:31:14.491 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2024-11-27 19:31:14.504 WARNING (MainThread) [custom_components.unifi_network_rules.udm_api] Authentication failed, attempting to re-login (attempt 2)
2024-11-27 19:31:15.788 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2024-11-27 19:31:15.800 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
2024-11-27 19:31:15.800 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to fetch traffic rules: Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
2024-11-27 19:31:16.078 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2024-11-27 19:31:16.089 WARNING (MainThread) [custom_components.unifi_network_rules.udm_api] Authentication failed, attempting to re-login (attempt 1)
2024-11-27 19:31:17.251 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in to UDM. Status: 429
2024-11-27 19:31:17.252 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in: Failed to log in to UDM. Status: 429
2024-11-27 19:31:17.252 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to fetch firewall rules: Failed to login
2024-11-27 19:31:17.415 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in to UDM. Status: 429
2024-11-27 19:31:17.415 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in: Failed to log in to UDM. Status: 429
2024-11-27 19:31:17.415 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to fetch traffic routes: Failed to login
2024-11-27 19:31:17.415 ERROR (MainThread) [custom_components.unifi_network_rules] Error updating data: Failed to fetch traffic rules: Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
2024-11-27 19:31:17.415 ERROR (MainThread) [custom_components.unifi_network_rules] Unexpected error fetching udm_rule_manager data

[Juror2372]

@anthonysnyder maybe the issue was with Home-Assistant, i'm running beta 2024.12.0b5 and the integration now works.

[anthonysnyder]

@Juror2372 Interesting, I will need to give it another go. I wonder if it is due to the version of HA that I can run via Docker on the Synology.

[sirkirby]

It could be the HA version and yes, definitely need a local super admin account to make things work smoothly. I've not been able to replicate, so if the issue persists, keep the info coming.

[sirkirby]

@anthonysnyder I would also suggest trying my Bruno http project to just test the login and the api requests outside of HA. It's easy to set up and run locally. If that works, then you know the account is good and working. Then its likely HA itself, or an issue that I can help sort out with the integration.

[anthonysnyder]

Oh awesome, I will test this out as soon as I am back home.

[olafhuerta97]

For my UCG it was failing on version 12.1 but working fine on 12.2!!

[anthonysnyder]

@sirkirby I feel really dumb but I cannot figure out Bruno to save my life.

That being said, I have updated to Network 9.0. I reinstalled the latest build, and attempted to log in and I am getting this now. I deleted and recreated the local admin user that I am attempting to use and have verified I can log in with it via the WebUI

[sirkirby]

Bruno is a bit complex, so no worries. This does indicate that the account you're using doesn't have the necessary admin permissions. The account needs to be a local account with full/admin access to the network application. You can also test this outside of the extension by logging in to your UDM with this same account. Let me know how it goes.

[anthonysnyder]

Logging in via an Incognito window directly to the UDM with those credentials did work.

[anthonysnyder]

[sirkirby]

Hmm, that all looks great. The only other thing I can think of is cached credentials in Home Assistant or something similar. Have you tried completely removing the extension folder, restarting, and then adding it again? When configuring the extension, it will also test the login before enabling it.

[anthonysnyder]

Let me try that now.

[anthonysnyder]

Okay, I removed it, restarted HomeAssistant, readded the file, and then restarted again, now adding the integration.

[anthonysnyder]

[anthonysnyder]

[sirkirby]

Ahh, getting somewhere now...that indicates that rate limiting has kicked in. I ran into this as well when developing it. You'll need to wait a while, an hour I believe, then try to setup and login again. This could mean there is still a login issue, but let's see what happens once the rate-limiting cools off.

[anthonysnyder]

Debugging ftw. Be back in an hour. I assume no need to remove the config file and restart HA.

[sirkirby]

I would remove it as an integration, so it stops making requests, but not uninstall the custom integration folder

[anthonysnyder]

Okay, it has been an hour, testing again now.

[anthonysnyder]

followed immediately by 429 errors, so I removed it again

[anthonysnyder]

@sirkirby Would it be helpful to enable the Debug logging and try configuring it again? I assume any logs it collect would be in the Docker logs for my HomeAssistant itself yes?

[anthonysnyder]

2025-01-14 23:48:01.328 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in to UDM. Status: 429
2025-01-14 23:47:55.701 DEBUG (MainThread) [custom_components.unifi_network_rules] Finished fetching udm_rule_manager data in 4.605 seconds (success: False)
Exception: Failed to fetch firewall policies: Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
    raise Exception(f"Failed to fetch firewall policies: {policies_error}")
  File "/config/custom_components/unifi_network_rules/__init__.py", line 49, in async_update_data
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
    return await self.update_method()
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 280, in _async_update_data
    self.data = await self._async_update_data()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 379, in _async_refresh
2025-01-14 23:47:55.682 ERROR (MainThread) [custom_components.unifi_network_rules] Unexpected error fetching udm_rule_manager data
Traceback (most recent call last):
2025-01-14 23:47:55.682 ERROR (MainThread) [custom_components.unifi_network_rules] Error updating data: Failed to fetch firewall policies: Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
2025-01-14 23:47:55.681 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in: Failed to log in to UDM. Status: 429
2025-01-14 23:47:55.682 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to fetch traffic routes: Failed to login
2025-01-14 23:47:55.679 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in to UDM. Status: 429
2025-01-14 23:47:54.526 WARNING (MainThread) [custom_components.unifi_network_rules.udm_api] Authentication failed, attempting to re-login (attempt 1)
2025-01-14 23:47:54.510 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2025-01-14 23:47:54.252 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to fetch firewall policies: Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
2025-01-14 23:47:54.251 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Request failed. Status: 401, Response: {"error":{"code":401,"message":"Unauthorized"}}
2025-01-14 23:47:54.233 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2025-01-14 23:47:52.775 WARNING (MainThread) [custom_components.unifi_network_rules.udm_api] Authentication failed, attempting to re-login (attempt 2)
2025-01-14 23:47:52.758 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2025-01-14 23:47:51.365 WARNING (MainThread) [custom_components.unifi_network_rules.udm_api] Authentication failed, attempting to re-login (attempt 1)
2025-01-14 23:47:51.340 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2025-01-14 23:47:51.095 INFO (MainThread) [custom_components.unifi_network_rules.udm_api] Successfully logged in to UDM
2025-01-14 23:47:10.666 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in to UDM. Status: 403
2025-01-14 23:47:04.975 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Failed to log in to UDM. Status: 403

[anthonysnyder]

the first log in attempt shown there was using junk username and password just so I could get to this page that I saw a debug setting on earlier today but now it is not there. O.o

[anthonysnyder]

[sirkirby]

@anthonysnyder, what version of Home Assistant are you running? ...and what are you running it on? nm Docker. As long as it's a recent version, it shouldn't matter, but I would like to rule some things out. The login success and then immediate failure don't quite make sense. The 429 after the repeated attempts do, so I could dial back the retries, which could help that.

[anthonysnyder]

Running on my DS1019+ Synology.

[kirgy]

I also have this same problem, also as chance has it - running a Dream Machine Pro (SE), with latest home assistant and using Synology DSM RS814+.

In my scenario, I'm getting 403, and subsequent 309 499. I suspect this is triggering MFA and requiring an MFA token to continue - as I'm getting routine email triggers.

Any advise here?

[sirkirby]

I also have this same problem, also as chance has it - running a Dream Machine Pro (SE), with latest home assistant and using Synology DSM RS814+.

In my scenario, I'm getting 403, and subsequent 309. I suspect this is triggering MFA and requiring an MFA token to continue - as I'm getting routine email triggers.

Any advise here?

Make sure you are using a local account without an email, as it will not be a UI and account and have MFA

[sirkirby]

@anthonysnyder working on this. I see a few things I could clean up and then try, I'll have a pull request up soon for testing

[anthonysnyder]

Absolutely no rush. You are the one who is helping me out by even providing this code, so I appreciate it so much.

[sirkirby]

When ready, I have some changes up in the login-session-management branch. Clone it down locally, or go to the Code dropdown and select Download zip. I detail the changes in pull request #11. If it still doesn't work, it should provide better logs.

[anthonysnyder]

Excellent, testing now.

[kirgy]

I also have this same problem, also as chance has it - running a Dream Machine Pro (SE), with latest home assistant and using Synology DSM RS814+.
In my scenario, I'm getting 403, and subsequent 309. I suspect this is triggering MFA and requiring an MFA token to continue - as I'm getting routine email triggers.
Any advise here?

Make sure you are using a local account without an email, as it will not be a UI and account and have MFA

thank you, this now works perfectly for me. Appreciate all the work you've done and provide on this @sirkirby

[anthonysnyder]

2025-01-17 17:25:20.983 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Login failed with status 403

2025-01-17 17:25:15.212 ERROR (MainThread) [custom_components.unifi_network_rules.udm_api] Login failed with status 403

2025-01-17 17:22:00.387 WARNING (SyncWorker_0) [homeassistant.loader] We found a custom integration unifi_network_rules which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant

[anthonysnyder]

I did something dumb....LOL

I was wondering if I blew away my entire HomeAssistant config and tried it on a new install if that would make a difference...but then I got to wondering if I could get HomeAssistant OS running via VMM. So I am gonna try that and see if it makes a difference.

:yolo:

[sirkirby]

I did something dumb....LOL

I was wondering if I blew away my entire HomeAssistant config and tried it on a new install if that would make a difference...but then I got to wondering if I could get HomeAssistant OS running via VMM. So I am gonna try that and see if it makes a difference.

:yolo:

I hope you dindn't blow away all of your config! I would recommend running on a VM; tends to be more stable. However, I will say that if running on Synology, you may have strange network issues; at least, that was the case for me. I'm running on Proxmox using this helper script on a Mini PC. I'm going to stand up a Docker test env, maybe this weekend, just for testing as well.

[anthonysnyder]

I DID blow away the config. However, I wasn't really using it for much. HomeBridge is where most of my actual stuff lives as we have a full Apple House (former employee here) so anything I create with HomeAssistant will eventually get shoved over there anyways.

[sirkirby]

Same, not the employee part :), but all Apple home with hombridge doing the heavy lifting for many homekit integrations. HomeAssisant is so much more robust for automation though, so I have moved many things over and it's also easy to expose a bridge from HA to Apple Home too. Matter makes it even easier, when it works. Let me know how the recovery goes and if the new setup clears things up.

[anthonysnyder]

Okay, progress in getting the VMM up and running.

I finally got HACS installed, and ran into this after clicking in the link in this repos ReadMe

[sirkirby]

Unfortunately, the PR merge backlog for HACS takes a very long time. It will be in the directory eventually, but not sure when. in the meantime, manual install is the only way.

[anthonysnyder]

I was able to get teh link to work by manually updating the url to the correct GH Repo.

After installing and rebooting however, I am still getting login errors