Nuki Bridge: Hashing doesn't work for me

thomaswitt · July 16, 2019, 4:43pm

When using the Bridge API, Hashing doesn’t work (but tokens DO work).

Time seem to be ok:
$ curl -s "192.168.188.16:8080/info?token=${TOKEN}" | jq | grep currentTime ; ruby -r time -e 'puts Time.now.utc.iso8601'
"currentTime": "2019-07-16T16:40:24+00:00",
2019-07-16T16:40:24Z

I do the following to construct a token:
ruby -r time -r digest -e "token=ENV['TOKEN']; rnr=rand(1001..9999); ts=Time.now.utc.iso8601; hash=Digest::SHA256.hexdigest(%Q(#{ts},#{rand},#{token})); puts %Q(ts=#{ts}&rnr=#{rnr}&hash=#{hash})"

which results into
ts=2019-07-16T16:41:48Z&rnr=6750&hash=ecc16fbebf5c2d90839da2bba1b6e5ac1a8d0d9bba97d7b4de2e8c5fb0b8a6e2

But using this result like
curl -s "192.168.1.10:8080/info?${QUERY_PARAMS}"

always returns
HTTP 401 Unauthorized

Any ideas?

Stephan · July 17, 2019, 6:47am

I can’t recheck your hash (as I don’t know the token), but I can see only to causes for this problem:

issue in the hash-calculation
to big difference in time-stamps (wrong time on bridge)

Considering you probably checked for time difference already I will make some wild guesses regarding hash calculation that might help you:

I am not 100% sure what your calculation does, but be sure that the commas are also part of the string to be hashed, i.e. e.g. 2019-03-05T01:06:53Z,4711,123456

For the same reason timestamp format is important (but it also looks like you are doing everything correctly here).