aioamazondevices 0.9.0__py3-none-any.whl → 0.11.0__py3-none-any.whl

aioamazondevices/__init__.py

@@ -1,6 +1,6 @@
 """aioamazondevices library."""
 
-__version__ = "0.9.0"
+__version__ = "0.11.0"
 
 
 from .api import AmazonDevice, AmazonEchoApi
@@ -12,6 +12,6 @@ from .exceptions import (
 __all__ = [
     "AmazonDevice",
     "AmazonEchoApi",
-    "CannotConnect",
     "CannotAuthenticate",
+    "CannotConnect",
 ]

aioamazondevices/api.py

@@ -15,8 +15,9 @@ from urllib.parse import parse_qs, urlencode
 
 import orjson
 from bs4 import BeautifulSoup, Tag
-from httpx import URL, AsyncClient, Response
+from httpx import URL, AsyncClient, Auth, Response
 
+from .auth import Authenticator
 from .const import (
     _LOGGER,
     AMAZON_APP_BUNDLE_ID,
@@ -35,7 +36,7 @@ from .const import (
     SAVE_PATH,
     URI_QUERIES,
 )
-from .exceptions import CannotAuthenticate, CannotRegisterDevice
+from .exceptions import CannotAuthenticate, CannotRegisterDevice, WrongMethod
 
 
 @dataclass
@@ -59,6 +60,7 @@ class AmazonEchoApi:
         login_country_code: str,
         login_email: str,
         login_password: str,
+        login_data_file: str | None,
         save_raw_data: bool = False,
     ) -> None:
         """Initialize the scanner."""
@@ -81,23 +83,43 @@ class AmazonEchoApi:
         self._cookies = self._build_init_cookies()
         self._headers = DEFAULT_HEADERS
         self._save_raw_data = save_raw_data
+        self._login_stored_data: dict[str, Any] = self._load_data_file(login_data_file)
         self._serial = self._serial_number()
+        self._website_cookies: dict[str, Any] = self._load_website_cookies()
 
         self.session: AsyncClient
 
+    def _load_data_file(self, data_file: str | None) -> dict[str, Any]:
+        """Load stored login data from file."""
+        if not data_file or not (file := Path(data_file)).exists():
+            _LOGGER.debug(
+                "Cannot find previous login data file <%s>",
+                data_file,
+            )
+            return {}
+
+        with Path.open(file, "rb") as f:
+            return cast(dict[str, Any], json.load(f))
+
+    def _load_website_cookies(self) -> dict[str, Any]:
+        """Get website cookies, if avaliables."""
+        if not self._login_stored_data:
+            return {}
+
+        return cast(dict, self._login_stored_data["website_cookies"])
+
     def _serial_number(self) -> str:
         """Get or calculate device serial number."""
-        fullpath = Path(SAVE_PATH, "login_data.json")
-        if not fullpath.exists():
+        if not self._login_stored_data:
             # Create a new serial number
             _LOGGER.debug("Cannot find previous login data, creating new serial number")
             return uuid.uuid4().hex.upper()
 
-        with Path.open(fullpath, "rb") as file:
-            data = json.load(file)
-
         _LOGGER.debug("Found previous login data, loading serial number")
-        return cast(str, data["device_info"]["device_serial_number"])
+        return cast(
+            str,
+            self._login_stored_data["device_info"]["device_serial_number"],
+        )
 
     def _build_init_cookies(self) -> dict[str, str]:
         """Build initial cookies to prevent captcha in most cases."""
@@ -193,7 +215,7 @@ class AmazonEchoApi:
         parsed_url = parse_qs(url.query.decode())
         return parsed_url["openid.oa2.authorization_code"][0]
 
-    def _client_session(self) -> None:
+    def _client_session(self, auth: Auth | None = None) -> None:
         """Create httpx ClientSession."""
         if not hasattr(self, "session") or self.session.is_closed:
             _LOGGER.debug("Creating HTTP ClientSession")
@@ -202,6 +224,7 @@ class AmazonEchoApi:
                 headers=DEFAULT_HEADERS,
                 cookies=self._cookies,
                 follow_redirects=True,
+                auth=auth,
             )
 
     async def _session_request(
@@ -216,6 +239,7 @@ class AmazonEchoApi:
             method,
             url,
             data=input_data,
+            cookies=self._website_cookies,
         )
         content_type: str = resp.headers.get("Content-Type", "")
         _LOGGER.debug("Response content type: %s", content_type)
@@ -367,8 +391,8 @@ class AmazonEchoApi:
         await self._save_to_file(login_data, "login_data", JSON_EXTENSION)
         return login_data
 
-    async def login(self, otp_code: str) -> dict[str, Any]:
-        """Login to Amazon."""
+    async def login_mode_interactive(self, otp_code: str) -> dict[str, Any]:
+        """Login to Amazon interactively via OTP."""
         _LOGGER.debug("Logging-in for %s [otp code %s]", self._login_email, otp_code)
         self._client_session()
 
@@ -432,6 +456,28 @@ class AmazonEchoApi:
         _LOGGER.info("Register device: %s", register_device)
         return register_device
 
+    async def login_mode_stored_data(self) -> dict[str, Any]:
+        """Login to Amazon using previously stored data."""
+        if not self._login_stored_data:
+            _LOGGER.debug(
+                "Cannot find previous login data,\
+                    use login_interactive() method instead",
+            )
+            raise WrongMethod
+
+        _LOGGER.debug(
+            "Logging-in for %s with stored data",
+            self._login_email,
+        )
+
+        auth = Authenticator.from_dict(
+            self._login_stored_data,
+            self._domain,
+        )
+        self._client_session(auth)
+
+        return self._login_stored_data
+
     async def close(self) -> None:
         """Close httpx session."""
         if hasattr(self, "session"):
@@ -467,8 +513,7 @@ class AmazonEchoApi:
 
         # Remove stale, orphaned and virtual devices
         final_devices_list: dict[str, Any] = devices.copy()
-        for serial in devices:
-            device = devices[serial]
+        for serial, device in devices.items():
             if (
                 DEVICES not in device
                 or device[DEVICES].get("deviceType") == AMAZON_DEVICE_TYPE

aioamazondevices/auth.py

@@ -0,0 +1,315 @@
+"""Custom authentication module for httpx."""
+
+import base64
+from collections.abc import Generator
+from datetime import UTC, datetime, timedelta
+from typing import (
+    Any,
+    cast,
+)
+
+import httpx
+from httpx import Cookies
+from pyasn1.codec.der import decoder
+from pyasn1.type import namedtype, univ
+from rsa import PrivateKey, pkcs1
+
+from .const import _LOGGER, AMAZON_APP_NAME, AMAZON_APP_VERSION
+from .exceptions import (
+    AuthFlowError,
+    AuthMissingAccessToken,
+    AuthMissingRefreshToken,
+    AuthMissingSigningData,
+    AuthMissingTimestamp,
+    AuthMissingWebsiteCookies,
+)
+
+
+def base64_der_to_pkcs1(base64_key: str) -> str:
+    """Convert DER private key to PEM format."""
+
+    class PrivateKeyAlgorithm(univ.Sequence):  # type: ignore[misc]
+        component_type = namedtype.NamedTypes(
+            namedtype.NamedType("algorithm", univ.ObjectIdentifier()),
+            namedtype.NamedType("parameters", univ.Any()),
+        )
+
+    class PrivateKeyInfo(univ.Sequence):  # type: ignore[misc]
+        component_type = namedtype.NamedTypes(
+            namedtype.NamedType("version", univ.Integer()),
+            namedtype.NamedType("pkalgo", PrivateKeyAlgorithm()),
+            namedtype.NamedType("key", univ.OctetString()),
+        )
+
+    encoded_key = base64.b64decode(base64_key)
+    (key_info, _) = decoder.decode(encoded_key, asn1Spec=PrivateKeyInfo())
+    key_octet_string = key_info.components[2]
+    key = PrivateKey.load_pkcs1(key_octet_string, format="DER")
+    return cast(str, key.save_pkcs1().decode("utf-8"))
+
+
+def refresh_access_token(
+    refresh_token: str,
+    domain: str,
+) -> dict[str, Any]:
+    """Refresh an access token."""
+    body = {
+        "app_name": AMAZON_APP_NAME,
+        "app_version": AMAZON_APP_VERSION,
+        "source_token": refresh_token,
+        "requested_token_type": "access_token",
+        "source_token_type": "refresh_token",
+    }
+
+    resp = httpx.post(f"https://api.amazon.{domain}/auth/token", data=body)
+    resp.raise_for_status()
+    resp_dict = resp.json()
+
+    expires_in_sec = int(resp_dict["expires_in"])
+    expires = (datetime.now(UTC) + timedelta(seconds=expires_in_sec)).timestamp()
+
+    return {"access_token": resp_dict["access_token"], "expires": expires}
+
+
+def refresh_website_cookies(
+    refresh_token: str,
+    domain: str,
+) -> dict[str, str]:
+    """Fetch website cookies for a specific domain."""
+    url = f"https://www.amazon.{domain}/ap/exchangetoken/cookies"
+
+    body = {
+        "app_name": AMAZON_APP_NAME,
+        "app_version": AMAZON_APP_VERSION,
+        "source_token": refresh_token,
+        "requested_token_type": "auth_cookies",
+        "source_token_type": "refresh_token",
+        "domain": f".amazon.{domain}",
+    }
+
+    resp = httpx.post(url, data=body)
+    resp.raise_for_status()
+    resp_dict = resp.json()
+
+    raw_cookies = resp_dict["response"]["tokens"]["cookies"]
+    website_cookies = {}
+    for domain_cookies in raw_cookies:
+        for cookie in raw_cookies[domain_cookies]:
+            website_cookies[cookie["Name"]] = cookie["Value"].replace(r'"', r"")
+
+    return website_cookies
+
+
+def user_profile(access_token: str, domain: str) -> dict[str, Any]:
+    """Return Amazon user profile from Amazon."""
+    headers = {"Authorization": f"Bearer {access_token}"}
+
+    resp = httpx.get(f"https://api.amazon.{domain}/user/profile", headers=headers)
+    resp.raise_for_status()
+    profile: dict[str, Any] = resp.json()
+
+    if "user_id" not in profile:
+        raise ValueError("Malformed user profile response.")
+
+    return profile
+
+
+def sign_request(
+    method: str,
+    path: str,
+    body: bytes,
+    adp_token: str,
+    private_key: str,
+) -> dict[str, str]:
+    """Create signed headers for http requests."""
+    date = datetime.now(UTC).isoformat("T") + "Z"
+    str_body = body.decode("utf-8")
+
+    data = f"{method}\n{path}\n{date}\n{str_body}\n{adp_token}"
+
+    key = PrivateKey.load_pkcs1(private_key.encode("utf-8"))
+    cipher = pkcs1.sign(data.encode(), key, "SHA-256")
+    signed_encoded = base64.b64encode(cipher)
+
+    signature = f"{signed_encoded.decode()}:{date}"
+
+    return {
+        "x-adp-token": adp_token,
+        "x-adp-alg": "SHA256withRSA:1.0",
+        "x-adp-signature": signature,
+    }
+
+
+class Authenticator(httpx.Auth):  # type: ignore[misc]
+    """Amazon Authenticator class."""
+
+    access_token: str | None = None
+    activation_bytes: str | None = None
+    adp_token: str | None = None
+    customer_info: dict[str, Any] | None = None
+    device_info: dict[str, Any] | None = None
+    device_private_key: str | None = None
+    expires: float | None = None
+    domain: str
+    refresh_token: str | None = None
+    store_authentication_cookie: dict[str, Any] | None = None
+    website_cookies: dict[str, Any] | None = None
+    requires_request_body: bool = True
+    _forbid_new_attrs: bool = True
+    _apply_test_convert: bool = True
+
+    def update_attrs(self, **kwargs: Any) -> None:  # noqa: ANN401
+        """Update attributes from dict."""
+        for attr, value in kwargs.items():
+            setattr(self, attr, value)
+
+    @classmethod
+    def from_dict(
+        cls,
+        data: dict[str, Any],
+        domain: str,
+    ) -> "Authenticator":
+        """Instantiate an Authenticator from authentication dictionary."""
+        auth = cls()
+
+        auth.domain = domain
+
+        if "login_cookies" in data:
+            auth.website_cookies = data.pop("login_cookies")
+
+        if data["device_private_key"].startswith("MII"):
+            pk_der = data["device_private_key"]
+            data["device_private_key"] = base64_der_to_pkcs1(pk_der)
+
+        auth.update_attrs(**data)
+
+        _LOGGER.info("load data from dictionary for domain %s", auth.domain)
+
+        return auth
+
+    def auth_flow(
+        self,
+        request: httpx.Request,
+    ) -> Generator[httpx.Request, httpx.Response, None]:
+        """Auth flow to be executed on every request by :mod:`httpx`."""
+        available_modes = self.available_auth_modes
+
+        _LOGGER.debug("Auth flow modes: %s", available_modes)
+        if "signing" in available_modes:
+            self._apply_signing_auth_flow(request)
+        elif "bearer" in available_modes:
+            self._apply_bearer_auth_flow(request)
+        else:
+            message = "signing or bearer auth flow are not available."
+            _LOGGER.critical(message)
+            raise AuthFlowError(message)
+
+        yield request
+
+    def _apply_signing_auth_flow(self, request: httpx.Request) -> None:
+        if self.adp_token is None or self.device_private_key is None:
+            raise AuthMissingSigningData
+
+        headers = sign_request(
+            method=request.method,
+            path=request.url.raw_path.decode(),
+            body=request.content,
+            adp_token=self.adp_token,
+            private_key=self.device_private_key,
+        )
+
+        request.headers.update(headers)
+        _LOGGER.info("signing auth flow applied to request")
+
+    def _apply_bearer_auth_flow(self, request: httpx.Request) -> None:
+        if self.access_token_expired:
+            self.refresh_access_token()
+
+        if self.access_token is None:
+            raise AuthMissingAccessToken
+
+        headers = {"Authorization": "Bearer " + self.access_token, "client-id": "0"}
+        request.headers.update(headers)
+        _LOGGER.info("bearer auth flow applied to request")
+
+    def _apply_cookies_auth_flow(self, request: httpx.Request) -> None:
+        if self.website_cookies is None:
+            raise AuthMissingWebsiteCookies
+        cookies = self.website_cookies.copy()
+
+        Cookies(cookies).set_cookie_header(request)
+        _LOGGER.info("cookies auth flow applied to request")
+
+    @property
+    def available_auth_modes(self) -> list[str]:
+        """List available authentication modes."""
+        available_modes = []
+
+        if self.adp_token and self.device_private_key:
+            available_modes.append("signing")
+
+        if self.access_token:
+            if self.access_token_expired and not self.refresh_token:
+                pass
+            else:
+                available_modes.append("bearer")
+
+        if self.website_cookies:
+            available_modes.append("cookies")
+
+        return available_modes
+
+    def refresh_access_token(self, force: bool = False) -> None:
+        """Refresh access token."""
+        if force or self.access_token_expired:
+            if self.refresh_token is None:
+                message = "No refresh token found. Can't refresh access token."
+                _LOGGER.critical(message)
+                raise AuthMissingRefreshToken(message)
+
+            refresh_data = refresh_access_token(
+                refresh_token=self.refresh_token,
+                domain=self.domain,
+            )
+
+            self.update_attrs(**refresh_data)
+        else:
+            _LOGGER.info(
+                "Access Token not expired. No refresh necessary. "
+                "To force refresh please use force=True",
+            )
+
+    def set_website_cookies_for_country(self) -> None:
+        """Set website cookies for country."""
+        if self.refresh_token is None:
+            raise AuthMissingRefreshToken
+
+        self.website_cookies = refresh_website_cookies(
+            self.refresh_token,
+            self.domain,
+        )
+
+    def user_profile(self) -> dict[str, Any]:
+        """Get user profile."""
+        if self.access_token is None:
+            raise AuthMissingAccessToken
+
+        return user_profile(access_token=self.access_token, domain=self.domain)
+
+    @property
+    def access_token_expires(self) -> timedelta:
+        """Time to access token expiration."""
+        if self.expires is None:
+            raise AuthMissingTimestamp
+        return datetime.fromtimestamp(self.expires, UTC) - datetime.now(
+            UTC,
+        )
+
+    @property
+    def access_token_expired(self) -> bool:
+        """Return True if access token is expired."""
+        if self.expires is None:
+            raise AuthMissingTimestamp
+        return datetime.fromtimestamp(self.expires, UTC) <= datetime.now(
+            UTC,
+        )

aioamazondevices/const.py

@@ -26,9 +26,18 @@ DOMAIN_BY_COUNTRY = {
     },
 }
 
+# Amazon APP info
+AMAZON_APP_BUNDLE_ID = "com.amazon.echo"
+AMAZON_APP_ID = "MAPiOSLib/6.0/ToHideRetailLink"
+AMAZON_APP_NAME = "AioAmazonDevices"
+AMAZON_APP_VERSION = "2.2.556530.0"
+AMAZON_DEVICE_SOFTWARE_VERSION = "35602678"
+AMAZON_DEVICE_TYPE = "A2IVLV5VM2W81"
+AMAZON_CLIENT_OS = "16.6"
+
 DEFAULT_HEADERS = {
     "User-Agent": (
-        "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) "
+        f"Mozilla/5.0 (iPhone; CPU iPhone OS {AMAZON_CLIENT_OS.replace('.', '_')} like Mac OS X) "  # noqa: E501
         "AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
     ),
     "Accept-Language": "en-US",
@@ -43,16 +52,20 @@ URI_QUERIES = {
     "bluetoothStates": "/api/bluetooth",
 }
 
-# Amazon APP info
-AMAZON_APP_BUNDLE_ID = "com.amazon.echo"
-AMAZON_APP_ID = "MAPiOSLib/6.0/ToHideRetailLink"
-AMAZON_APP_NAME = "AioAmazonDevices"
-AMAZON_APP_VERSION = "2.2.556530.0"
-AMAZON_DEVICE_SOFTWARE_VERSION = "35602678"
-AMAZON_DEVICE_TYPE = "A2IVLV5VM2W81"
-AMAZON_CLIENT_OS = "16.6"
-
 # File extensions
 SAVE_PATH = "out"
 HTML_EXTENSION = ".html"
 JSON_EXTENSION = ".json"
+
+DEVICE_TYPE_TO_MODEL = {
+    "A1RABVCI4QCIKC": "Echo Dot (Gen3)",
+    "A2DS1Q2TPDJ48U": "Echo Dot Clock (Gen5)",
+    "A2H4LV5GIZ1JFT": "Echo Dot Clock (Gen4)",
+    "A2U21SRK4QGSE1": "Echo Dot Clock (Gen4)",
+    "A32DDESGESSHZA": "Echo Dot (Gen3)",
+    "A32DOYMUN6DTXA": "Echo Dot (Gen3)",
+    "A3RMGO6LYLH7YN": "Echo Dot (Gen4)",
+    "A3S5BH2HU6VAYF": "Echo Dot (Gen2)",
+    "A4ZXE0RM7LQ7A": "Echo Dot (Gen5)",
+    "AKNO1N0KSFN8L": "Echo Dot (Gen1)",
+}

aioamazondevices/exceptions.py

@@ -21,3 +21,31 @@ class CannotRetrieveData(AmazonError):
 
 class CannotRegisterDevice(AmazonError):
     """Exception raised when device registration fails."""
+
+
+class WrongMethod(AmazonError):
+    """Exception raised when the wrong login metho is used."""
+
+
+class AuthFlowError(AmazonError):
+    """Exception raised when auth flow fails."""
+
+
+class AuthMissingTimestamp(AmazonError):
+    """Exception raised when expires timestamp is missing."""
+
+
+class AuthMissingAccessToken(AmazonError):
+    """Exception raised when access token is missing."""
+
+
+class AuthMissingRefreshToken(AmazonError):
+    """Exception raised when refresh token is missing."""
+
+
+class AuthMissingSigningData(AmazonError):
+    """Exception raised when some data for signing are missing."""
+
+
+class AuthMissingWebsiteCookies(AmazonError):
+    """Exception raised when website cookies are missing."""

{aioamazondevices-0.9.0.dist-info → aioamazondevices-0.11.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aioamazondevices
-Version: 0.9.0
+Version: 0.11.0
 Summary: Python library to control Amazon devices
 Home-page: https://github.com/chemelli74/aioamazondevices
 License: Apache-2.0
@@ -20,6 +20,8 @@ Requires-Dist: beautifulsoup4
 Requires-Dist: colorlog
 Requires-Dist: httpx
 Requires-Dist: orjson
+Requires-Dist: pyasn1
+Requires-Dist: rsa
 Project-URL: Bug Tracker, https://github.com/chemelli74/aioamazondevices/issues
 Project-URL: Changelog, https://github.com/chemelli74/aioamazondevices/blob/main/CHANGELOG.md
 Project-URL: Repository, https://github.com/chemelli74/aioamazondevices

aioamazondevices-0.11.0.dist-info/RECORD

@@ -0,0 +1,10 @@
+aioamazondevices/__init__.py,sha256=eHj5kvzoE6UEcFSzlUNHQLMnf0dOnaLkg1fTo_HzBF8,277
+aioamazondevices/api.py,sha256=e0hlC1sznOeu735ckO-ihHuDh6MofI_1PxL-r2sEaYc,18782
+aioamazondevices/auth.py,sha256=vLJh7iOEUYu-44WOvmrmZZueOcwz5dmHAGQmqs9fJME,10099
+aioamazondevices/const.py,sha256=T143A-tHoBTjIocWin9q4BQ_2kUozj-EwWGba3RoqSs,1852
+aioamazondevices/exceptions.py,sha256=qK_Hak9pc-lC2FPW-0i4rYIwNpEOHMmA9Rii8F2lkQo,1260
+aioamazondevices/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aioamazondevices-0.11.0.dist-info/LICENSE,sha256=sS48k5sp9bFV-NSHDfAJuTZZ_-AP9ZDqUzQ9sffGlsg,11346
+aioamazondevices-0.11.0.dist-info/METADATA,sha256=OfxPWgkBJEubCOu4Zo5r9qMIOAbU4BURJmx7CK_wv98,4743
+aioamazondevices-0.11.0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
+aioamazondevices-0.11.0.dist-info/RECORD,,

aioamazondevices-0.9.0.dist-info/RECORD

@@ -1,9 +0,0 @@
-aioamazondevices/__init__.py,sha256=uvo6LseWC7RF7rLYW5_5MxB9lsIE-azOJqwDtdoZmY4,276
-aioamazondevices/api.py,sha256=5WuQuXi0TX6pjuZBn5JcqPPNUe43E8FnLhSmYGfe4vE,17168
-aioamazondevices/const.py,sha256=MJYY90iUDvj1x3MKEh5RQoflQ-ftnIp0YvJLTSemGEI,1351
-aioamazondevices/exceptions.py,sha256=yQ9nL4UwBdHNXvdRj8TRemed6PXBmExP8lbHaAp04vY,546
-aioamazondevices/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-aioamazondevices-0.9.0.dist-info/LICENSE,sha256=sS48k5sp9bFV-NSHDfAJuTZZ_-AP9ZDqUzQ9sffGlsg,11346
-aioamazondevices-0.9.0.dist-info/METADATA,sha256=apvr3suIW9DI-5_lw2K8YBnsuq38jdV9v61V9EsYc6s,4701
-aioamazondevices-0.9.0.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
-aioamazondevices-0.9.0.dist-info/RECORD,,