aioamazondevices 0.8.0__tar.gz → 0.10.0__tar.gz

{aioamazondevices-0.8.0 → aioamazondevices-0.10.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aioamazondevices
-Version: 0.8.0
+Version: 0.10.0
 Summary: Python library to control Amazon devices
 Home-page: https://github.com/chemelli74/aioamazondevices
 License: Apache-2.0
@@ -20,6 +20,8 @@ Requires-Dist: beautifulsoup4
 Requires-Dist: colorlog
 Requires-Dist: httpx
 Requires-Dist: orjson
+Requires-Dist: pyasn1
+Requires-Dist: rsa
 Project-URL: Bug Tracker, https://github.com/chemelli74/aioamazondevices/issues
 Project-URL: Changelog, https://github.com/chemelli74/aioamazondevices/blob/main/CHANGELOG.md
 Project-URL: Repository, https://github.com/chemelli74/aioamazondevices

{aioamazondevices-0.8.0 → aioamazondevices-0.10.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "aioamazondevices"
-version = "0.8.0"
+version = "0.10.0"
 description = "Python library to control Amazon devices"
 authors = ["Simone Chemelli <simone.chemelli@gmail.com>"]
 license = "Apache-2.0"
@@ -27,10 +27,12 @@ beautifulsoup4 = "*"
 colorlog = "*"
 httpx = "*"
 orjson = "*"
+pyasn1 = "*"
+rsa = "*"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^8.1"
-pytest-cov = "^5.0"
+pytest-cov = ">=5,<7"
 
 [tool.semantic_release]
 version_toml = ["pyproject.toml:tool.poetry.version"]

{aioamazondevices-0.8.0 → aioamazondevices-0.10.0}/src/aioamazondevices/__init__.py

@@ -1,6 +1,6 @@
 """aioamazondevices library."""
 
-__version__ = "0.8.0"
+__version__ = "0.10.0"
 
 
 from .api import AmazonDevice, AmazonEchoApi

{aioamazondevices-0.8.0 → aioamazondevices-0.10.0}/src/aioamazondevices/api.py

@@ -15,8 +15,9 @@ from urllib.parse import parse_qs, urlencode
 
 import orjson
 from bs4 import BeautifulSoup, Tag
-from httpx import URL, AsyncClient, Response
+from httpx import URL, AsyncClient, Auth, Response
 
+from .auth import Authenticator
 from .const import (
     _LOGGER,
     AMAZON_APP_BUNDLE_ID,
@@ -28,13 +29,14 @@ from .const import (
     AMAZON_DEVICE_TYPE,
     DEFAULT_ASSOC_HANDLE,
     DEFAULT_HEADERS,
+    DEVICES,
     DOMAIN_BY_COUNTRY,
     HTML_EXTENSION,
     JSON_EXTENSION,
     SAVE_PATH,
     URI_QUERIES,
 )
-from .exceptions import CannotAuthenticate, CannotRegisterDevice
+from .exceptions import CannotAuthenticate, CannotRegisterDevice, WrongMethod
 
 
 @dataclass
@@ -58,7 +60,8 @@ class AmazonEchoApi:
         login_country_code: str,
         login_email: str,
         login_password: str,
-        save_html: bool = False,
+        login_data_file: str | None,
+        save_raw_data: bool = False,
     ) -> None:
         """Initialize the scanner."""
         # Force country digits as lower case
@@ -79,24 +82,44 @@ class AmazonEchoApi:
         self._url = f"https://www.amazon.{domain}"
         self._cookies = self._build_init_cookies()
         self._headers = DEFAULT_HEADERS
-        self._save_html = save_html
+        self._save_raw_data = save_raw_data
+        self._login_stored_data: dict[str, Any] = self._load_data_file(login_data_file)
         self._serial = self._serial_number()
+        self._website_cookies: dict[str, Any] = self._load_website_cookies()
 
         self.session: AsyncClient
 
+    def _load_data_file(self, data_file: str | None) -> dict[str, Any]:
+        """Load stored login data from file."""
+        if not data_file or not (file := Path(data_file)).exists():
+            _LOGGER.debug(
+                "Cannot find previous login data file <%s>",
+                data_file,
+            )
+            return {}
+
+        with Path.open(file, "rb") as f:
+            return cast(dict[str, Any], json.load(f))
+
+    def _load_website_cookies(self) -> dict[str, Any]:
+        """Get website cookies, if avaliables."""
+        if not self._login_stored_data:
+            return {}
+
+        return cast(dict, self._login_stored_data["website_cookies"])
+
     def _serial_number(self) -> str:
         """Get or calculate device serial number."""
-        fullpath = Path(SAVE_PATH, "login_data.json")
-        if not fullpath.exists():
+        if not self._login_stored_data:
             # Create a new serial number
             _LOGGER.debug("Cannot find previous login data, creating new serial number")
             return uuid.uuid4().hex.upper()
 
-        with Path.open(fullpath, "rb") as file:
-            data = json.load(file)
-
         _LOGGER.debug("Found previous login data, loading serial number")
-        return cast(str, data["device_info"]["device_serial_number"])
+        return cast(
+            str,
+            self._login_stored_data["device_info"]["device_serial_number"],
+        )
 
     def _build_init_cookies(self) -> dict[str, str]:
         """Build initial cookies to prevent captcha in most cases."""
@@ -192,7 +215,7 @@ class AmazonEchoApi:
         parsed_url = parse_qs(url.query.decode())
         return parsed_url["openid.oa2.authorization_code"][0]
 
-    def _client_session(self) -> None:
+    def _client_session(self, auth: Auth | None = None) -> None:
         """Create httpx ClientSession."""
         if not hasattr(self, "session") or self.session.is_closed:
             _LOGGER.debug("Creating HTTP ClientSession")
@@ -201,6 +224,7 @@ class AmazonEchoApi:
                 headers=DEFAULT_HEADERS,
                 cookies=self._cookies,
                 follow_redirects=True,
+                auth=auth,
             )
 
     async def _session_request(
@@ -215,6 +239,7 @@ class AmazonEchoApi:
             method,
             url,
             data=input_data,
+            cookies=self._website_cookies,
         )
         content_type: str = resp.headers.get("Content-Type", "")
         _LOGGER.debug("Response content type: %s", content_type)
@@ -235,7 +260,7 @@ class AmazonEchoApi:
         output_path: str = SAVE_PATH,
     ) -> None:
         """Save response data to disk."""
-        if not self._save_html:
+        if not self._save_raw_data:
             return
 
         output_dir = Path(output_path)
@@ -366,8 +391,8 @@ class AmazonEchoApi:
         await self._save_to_file(login_data, "login_data", JSON_EXTENSION)
         return login_data
 
-    async def login(self, otp_code: str) -> dict[str, Any]:
-        """Login to Amazon."""
+    async def login_mode_interactive(self, otp_code: str) -> dict[str, Any]:
+        """Login to Amazon interactively via OTP."""
         _LOGGER.debug("Logging-in for %s [otp code %s]", self._login_email, otp_code)
         self._client_session()
 
@@ -431,6 +456,28 @@ class AmazonEchoApi:
         _LOGGER.info("Register device: %s", register_device)
         return register_device
 
+    async def login_mode_stored_data(self) -> dict[str, Any]:
+        """Login to Amazon using previously stored data."""
+        if not self._login_stored_data:
+            _LOGGER.debug(
+                "Cannot find previous login data,\
+                    use login_interactive() method instead",
+            )
+            raise WrongMethod
+
+        _LOGGER.debug(
+            "Logging-in for %s with stored data",
+            self._login_email,
+        )
+
+        auth = Authenticator.from_dict(
+            self._login_stored_data,
+            self._domain,
+        )
+        self._client_session(auth)
+
+        return self._login_stored_data
+
     async def close(self) -> None:
         """Close httpx session."""
         if hasattr(self, "session"):
@@ -441,7 +488,7 @@ class AmazonEchoApi:
         self,
     ) -> dict[str, Any]:
         """Get Amazon devices data."""
-        devices = {}
+        devices: dict[str, Any] = {}
         for key in URI_QUERIES:
             _, raw_resp = await self._session_request(
                 "GET",
@@ -457,10 +504,21 @@ class AmazonEchoApi:
 
             _LOGGER.debug("JSON data: |%s|", json_data)
 
-            devices.update(
-                {
-                    key: json_data,
-                },
-            )
-
-        return devices
+            for data in json_data[key]:
+                dev_serial = data.get("serialNumber") or data.get("deviceSerialNumber")
+                if previous_data := devices.get(dev_serial):
+                    devices[dev_serial] = previous_data | {key: data}
+                else:
+                    devices[dev_serial] = {key: data}
+
+        # Remove stale, orphaned and virtual devices
+        final_devices_list: dict[str, Any] = devices.copy()
+        for serial in devices:
+            device = devices[serial]
+            if (
+                DEVICES not in device
+                or device[DEVICES].get("deviceType") == AMAZON_DEVICE_TYPE
+            ):
+                final_devices_list.pop(serial)
+
+        return final_devices_list

aioamazondevices-0.10.0/src/aioamazondevices/auth.py

@@ -0,0 +1,315 @@
+"""Custom authentication module for httpx."""
+
+import base64
+from collections.abc import Generator
+from datetime import UTC, datetime, timedelta
+from typing import (
+    Any,
+    cast,
+)
+
+import httpx
+from httpx import Cookies
+from pyasn1.codec.der import decoder
+from pyasn1.type import namedtype, univ
+from rsa import PrivateKey, pkcs1
+
+from .const import _LOGGER, AMAZON_APP_NAME, AMAZON_APP_VERSION
+from .exceptions import (
+    AuthFlowError,
+    AuthMissingAccessToken,
+    AuthMissingRefreshToken,
+    AuthMissingSigningData,
+    AuthMissingTimestamp,
+    AuthMissingWebsiteCookies,
+)
+
+
+def base64_der_to_pkcs1(base64_key: str) -> str:
+    """Convert DER private key to PEM format."""
+
+    class PrivateKeyAlgorithm(univ.Sequence):  # type: ignore[misc]
+        component_type = namedtype.NamedTypes(
+            namedtype.NamedType("algorithm", univ.ObjectIdentifier()),
+            namedtype.NamedType("parameters", univ.Any()),
+        )
+
+    class PrivateKeyInfo(univ.Sequence):  # type: ignore[misc]
+        component_type = namedtype.NamedTypes(
+            namedtype.NamedType("version", univ.Integer()),
+            namedtype.NamedType("pkalgo", PrivateKeyAlgorithm()),
+            namedtype.NamedType("key", univ.OctetString()),
+        )
+
+    encoded_key = base64.b64decode(base64_key)
+    (key_info, _) = decoder.decode(encoded_key, asn1Spec=PrivateKeyInfo())
+    key_octet_string = key_info.components[2]
+    key = PrivateKey.load_pkcs1(key_octet_string, format="DER")
+    return cast(str, key.save_pkcs1().decode("utf-8"))
+
+
+def refresh_access_token(
+    refresh_token: str,
+    domain: str,
+) -> dict[str, Any]:
+    """Refresh an access token."""
+    body = {
+        "app_name": AMAZON_APP_NAME,
+        "app_version": AMAZON_APP_VERSION,
+        "source_token": refresh_token,
+        "requested_token_type": "access_token",
+        "source_token_type": "refresh_token",
+    }
+
+    resp = httpx.post(f"https://api.amazon.{domain}/auth/token", data=body)
+    resp.raise_for_status()
+    resp_dict = resp.json()
+
+    expires_in_sec = int(resp_dict["expires_in"])
+    expires = (datetime.now(UTC) + timedelta(seconds=expires_in_sec)).timestamp()
+
+    return {"access_token": resp_dict["access_token"], "expires": expires}
+
+
+def refresh_website_cookies(
+    refresh_token: str,
+    domain: str,
+) -> dict[str, str]:
+    """Fetch website cookies for a specific domain."""
+    url = f"https://www.amazon.{domain}/ap/exchangetoken/cookies"
+
+    body = {
+        "app_name": AMAZON_APP_NAME,
+        "app_version": AMAZON_APP_VERSION,
+        "source_token": refresh_token,
+        "requested_token_type": "auth_cookies",
+        "source_token_type": "refresh_token",
+        "domain": f".amazon.{domain}",
+    }
+
+    resp = httpx.post(url, data=body)
+    resp.raise_for_status()
+    resp_dict = resp.json()
+
+    raw_cookies = resp_dict["response"]["tokens"]["cookies"]
+    website_cookies = {}
+    for domain_cookies in raw_cookies:
+        for cookie in raw_cookies[domain_cookies]:
+            website_cookies[cookie["Name"]] = cookie["Value"].replace(r'"', r"")
+
+    return website_cookies
+
+
+def user_profile(access_token: str, domain: str) -> dict[str, Any]:
+    """Return Amazon user profile from Amazon."""
+    headers = {"Authorization": f"Bearer {access_token}"}
+
+    resp = httpx.get(f"https://api.amazon.{domain}/user/profile", headers=headers)
+    resp.raise_for_status()
+    profile: dict[str, Any] = resp.json()
+
+    if "user_id" not in profile:
+        raise ValueError("Malformed user profile response.")
+
+    return profile
+
+
+def sign_request(
+    method: str,
+    path: str,
+    body: bytes,
+    adp_token: str,
+    private_key: str,
+) -> dict[str, str]:
+    """Create signed headers for http requests."""
+    date = datetime.now(UTC).isoformat("T") + "Z"
+    str_body = body.decode("utf-8")
+
+    data = f"{method}\n{path}\n{date}\n{str_body}\n{adp_token}"
+
+    key = PrivateKey.load_pkcs1(private_key.encode("utf-8"))
+    cipher = pkcs1.sign(data.encode(), key, "SHA-256")
+    signed_encoded = base64.b64encode(cipher)
+
+    signature = f"{signed_encoded.decode()}:{date}"
+
+    return {
+        "x-adp-token": adp_token,
+        "x-adp-alg": "SHA256withRSA:1.0",
+        "x-adp-signature": signature,
+    }
+
+
+class Authenticator(httpx.Auth):  # type: ignore[misc]
+    """Amazon Authenticator class."""
+
+    access_token: str | None = None
+    activation_bytes: str | None = None
+    adp_token: str | None = None
+    customer_info: dict[str, Any] | None = None
+    device_info: dict[str, Any] | None = None
+    device_private_key: str | None = None
+    expires: float | None = None
+    domain: str
+    refresh_token: str | None = None
+    store_authentication_cookie: dict[str, Any] | None = None
+    website_cookies: dict[str, Any] | None = None
+    requires_request_body: bool = True
+    _forbid_new_attrs: bool = True
+    _apply_test_convert: bool = True
+
+    def update_attrs(self, **kwargs: Any) -> None:  # noqa: ANN401
+        """Update attributes from dict."""
+        for attr, value in kwargs.items():
+            setattr(self, attr, value)
+
+    @classmethod
+    def from_dict(
+        cls,
+        data: dict[str, Any],
+        domain: str,
+    ) -> "Authenticator":
+        """Instantiate an Authenticator from authentication dictionary."""
+        auth = cls()
+
+        auth.domain = domain
+
+        if "login_cookies" in data:
+            auth.website_cookies = data.pop("login_cookies")
+
+        if data["device_private_key"].startswith("MII"):
+            pk_der = data["device_private_key"]
+            data["device_private_key"] = base64_der_to_pkcs1(pk_der)
+
+        auth.update_attrs(**data)
+
+        _LOGGER.info("load data from dictionary for domain %s", auth.domain)
+
+        return auth
+
+    def auth_flow(
+        self,
+        request: httpx.Request,
+    ) -> Generator[httpx.Request, httpx.Response, None]:
+        """Auth flow to be executed on every request by :mod:`httpx`."""
+        available_modes = self.available_auth_modes
+
+        _LOGGER.debug("Auth flow modes: %s", available_modes)
+        if "signing" in available_modes:
+            self._apply_signing_auth_flow(request)
+        elif "bearer" in available_modes:
+            self._apply_bearer_auth_flow(request)
+        else:
+            message = "signing or bearer auth flow are not available."
+            _LOGGER.critical(message)
+            raise AuthFlowError(message)
+
+        yield request
+
+    def _apply_signing_auth_flow(self, request: httpx.Request) -> None:
+        if self.adp_token is None or self.device_private_key is None:
+            raise AuthMissingSigningData
+
+        headers = sign_request(
+            method=request.method,
+            path=request.url.raw_path.decode(),
+            body=request.content,
+            adp_token=self.adp_token,
+            private_key=self.device_private_key,
+        )
+
+        request.headers.update(headers)
+        _LOGGER.info("signing auth flow applied to request")
+
+    def _apply_bearer_auth_flow(self, request: httpx.Request) -> None:
+        if self.access_token_expired:
+            self.refresh_access_token()
+
+        if self.access_token is None:
+            raise AuthMissingAccessToken
+
+        headers = {"Authorization": "Bearer " + self.access_token, "client-id": "0"}
+        request.headers.update(headers)
+        _LOGGER.info("bearer auth flow applied to request")
+
+    def _apply_cookies_auth_flow(self, request: httpx.Request) -> None:
+        if self.website_cookies is None:
+            raise AuthMissingWebsiteCookies
+        cookies = self.website_cookies.copy()
+
+        Cookies(cookies).set_cookie_header(request)
+        _LOGGER.info("cookies auth flow applied to request")
+
+    @property
+    def available_auth_modes(self) -> list[str]:
+        """List available authentication modes."""
+        available_modes = []
+
+        if self.adp_token and self.device_private_key:
+            available_modes.append("signing")
+
+        if self.access_token:
+            if self.access_token_expired and not self.refresh_token:
+                pass
+            else:
+                available_modes.append("bearer")
+
+        if self.website_cookies:
+            available_modes.append("cookies")
+
+        return available_modes
+
+    def refresh_access_token(self, force: bool = False) -> None:
+        """Refresh access token."""
+        if force or self.access_token_expired:
+            if self.refresh_token is None:
+                message = "No refresh token found. Can't refresh access token."
+                _LOGGER.critical(message)
+                raise AuthMissingRefreshToken(message)
+
+            refresh_data = refresh_access_token(
+                refresh_token=self.refresh_token,
+                domain=self.domain,
+            )
+
+            self.update_attrs(**refresh_data)
+        else:
+            _LOGGER.info(
+                "Access Token not expired. No refresh necessary. "
+                "To force refresh please use force=True",
+            )
+
+    def set_website_cookies_for_country(self) -> None:
+        """Set website cookies for country."""
+        if self.refresh_token is None:
+            raise AuthMissingRefreshToken
+
+        self.website_cookies = refresh_website_cookies(
+            self.refresh_token,
+            self.domain,
+        )
+
+    def user_profile(self) -> dict[str, Any]:
+        """Get user profile."""
+        if self.access_token is None:
+            raise AuthMissingAccessToken
+
+        return user_profile(access_token=self.access_token, domain=self.domain)
+
+    @property
+    def access_token_expires(self) -> timedelta:
+        """Time to access token expiration."""
+        if self.expires is None:
+            raise AuthMissingTimestamp
+        return datetime.fromtimestamp(self.expires, UTC) - datetime.now(
+            UTC,
+        )
+
+    @property
+    def access_token_expired(self) -> bool:
+        """Return True if access token is expired."""
+        if self.expires is None:
+            raise AuthMissingTimestamp
+        return datetime.fromtimestamp(self.expires, UTC) <= datetime.now(
+            UTC,
+        )

{aioamazondevices-0.8.0 → aioamazondevices-0.10.0}/src/aioamazondevices/const.py

@@ -26,32 +26,32 @@ DOMAIN_BY_COUNTRY = {
     },
 }
 
+# Amazon APP info
+AMAZON_APP_BUNDLE_ID = "com.amazon.echo"
+AMAZON_APP_ID = "MAPiOSLib/6.0/ToHideRetailLink"
+AMAZON_APP_NAME = "AioAmazonDevices"
+AMAZON_APP_VERSION = "2.2.556530.0"
+AMAZON_DEVICE_SOFTWARE_VERSION = "35602678"
+AMAZON_DEVICE_TYPE = "A2IVLV5VM2W81"
+AMAZON_CLIENT_OS = "16.6"
+
 DEFAULT_HEADERS = {
     "User-Agent": (
-        "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) "
+        f"Mozilla/5.0 (iPhone; CPU iPhone OS {AMAZON_CLIENT_OS.replace('.', '_')} like Mac OS X) "  # noqa: E501
         "AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
     ),
     "Accept-Language": "en-US",
     "Accept-Encoding": "gzip",
 }
 
+DEVICES = "devices"
 URI_QUERIES = {
-    "base": "/api/devices-v2/device",
-    "status": "/api/dnd/device-status-list",
-    "preferences": "/api/device-preferences",
-    "automations": "/api/behaviors/v2/automations",
-    "bluetooth": "/api/bluetooth",
+    DEVICES: "/api/devices-v2/device",
+    "doNotDisturbDeviceStatusList": "/api/dnd/device-status-list",
+    "devicePreferences": "/api/device-preferences",
+    "bluetoothStates": "/api/bluetooth",
 }
 
-# Amazon APP info
-AMAZON_APP_BUNDLE_ID = "com.amazon.echo"
-AMAZON_APP_ID = "MAPiOSLib/6.0/ToHideRetailLink"
-AMAZON_APP_NAME = "AioAmazonDevices"
-AMAZON_APP_VERSION = "2.2.556530.0"
-AMAZON_DEVICE_SOFTWARE_VERSION = "35602678"
-AMAZON_DEVICE_TYPE = "A2IVLV5VM2W81"
-AMAZON_CLIENT_OS = "16.6"
-
 # File extensions
 SAVE_PATH = "out"
 HTML_EXTENSION = ".html"

aioamazondevices-0.10.0/src/aioamazondevices/exceptions.py

@@ -0,0 +1,51 @@
+"""Comelit SimpleHome library exceptions."""
+
+from __future__ import annotations
+
+
+class AmazonError(Exception):
+    """Base class for aioamazondevices errors."""
+
+
+class CannotConnect(AmazonError):
+    """Exception raised when connection fails."""
+
+
+class CannotAuthenticate(AmazonError):
+    """Exception raised when credentials are incorrect."""
+
+
+class CannotRetrieveData(AmazonError):
+    """Exception raised when data retrieval fails."""
+
+
+class CannotRegisterDevice(AmazonError):
+    """Exception raised when device registration fails."""
+
+
+class WrongMethod(AmazonError):
+    """Exception raised when the wrong login metho is used."""
+
+
+class AuthFlowError(AmazonError):
+    """Exception raised when auth flow fails."""
+
+
+class AuthMissingTimestamp(AmazonError):
+    """Exception raised when expires timestamp is missing."""
+
+
+class AuthMissingAccessToken(AmazonError):
+    """Exception raised when access token is missing."""
+
+
+class AuthMissingRefreshToken(AmazonError):
+    """Exception raised when refresh token is missing."""
+
+
+class AuthMissingSigningData(AmazonError):
+    """Exception raised when some data for signing are missing."""
+
+
+class AuthMissingWebsiteCookies(AmazonError):
+    """Exception raised when website cookies are missing."""

aioamazondevices-0.8.0/src/aioamazondevices/exceptions.py

@@ -1,23 +0,0 @@
-"""Comelit SimpleHome library exceptions."""
-
-from __future__ import annotations
-
-
-class AmazonError(Exception):
-    """Base class for aioamazondevices errors."""
-
-
-class CannotConnect(AmazonError):
-    """Exception raised when connection fails."""
-
-
-class CannotAuthenticate(AmazonError):
-    """Exception raised when credentials are incorrect."""
-
-
-class CannotRetrieveData(AmazonError):
-    """Exception raised when data retrieval fails."""
-
-
-class CannotRegisterDevice(AmazonError):
-    """Exception raised when device registration fails."""