Fixing unsecure connection code path

kopiro · Nov 30, 2023 · 9855573 · 9855573
1 parent b13b6ea
commit 9855573
Showing 1 changed file with 49 additions and 51 deletions.
diff --git a/src/tapoCamera.ts b/src/tapoCamera.ts
@@ -197,59 +197,57 @@ export class TAPOCamera extends OnvifCamera {
       }
     }
 
-    if (isSecureConnection) {
-      const nonce = responseData?.result?.data?.nonce;
-      const deviceConfirm = responseData?.result?.data?.device_confirm;
-
-      if (
-        nonce &&
-        deviceConfirm &&
-        this.validateDeviceConfirm(nonce, deviceConfirm)
-      ) {
-        const digestPasswd = crypto
-          .createHash("sha256")
-          .update(this.getHashedPassword() + this.cnonce + nonce)
-          .digest("hex")
-          .toUpperCase();
-
-        const digestPasswdFull = Buffer.concat([
-          Buffer.from(digestPasswd, "utf8"),
-          Buffer.from(this.cnonce!, "utf8"),
-          Buffer.from(nonce, "utf8"),
-        ]).toString("utf8");
-
-        response = await this.fetch(`https://${this.config.ipAddress}`, {
-          method: "POST",
-          body: JSON.stringify({
-            method: "login",
-            params: {
-              cnonce: this.cnonce,
-              encrypt_type: "3",
-              digest_passwd: digestPasswdFull,
-              username: this.getUsername(),
-            },
-          }),
-        });
-
-        responseData = await response.json();
-
-        this.log.debug(
-          "StokRefresh: Start_seq response :>>",
-          response.status,
-          JSON.stringify(responseData)
-        );
-
-        if (responseData?.result?.start_seq) {
-          if (responseData?.result?.user_group !== "root") {
-            // # encrypted control via 3rd party account does not seem to be supported
-            // # see https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/456
-            throw new Error("Incorrect user_group detected");
-          }
+    const nonce = responseData?.result?.data?.nonce;
+    const deviceConfirm = responseData?.result?.data?.device_confirm;
+
+    if (isSecureConnection && nonce && deviceConfirm) {
+      if (!this.validateDeviceConfirm(nonce, deviceConfirm)) {
+        throw new Error("Invalid device confirm");
+      }
+
+      const digestPasswd = crypto
+        .createHash("sha256")
+        .update(this.getHashedPassword() + this.cnonce + nonce)
+        .digest("hex")
+        .toUpperCase();
 
-          this.lsk = this.generateEncryptionToken("lsk", nonce);
-          this.ivb = this.generateEncryptionToken("ivb", nonce);
-          this.seq = responseData.result.start_seq;
+      const digestPasswdFull = Buffer.concat([
+        Buffer.from(digestPasswd, "utf8"),
+        Buffer.from(this.cnonce!, "utf8"),
+        Buffer.from(nonce, "utf8"),
+      ]).toString("utf8");
+
+      response = await this.fetch(`https://${this.config.ipAddress}`, {
+        method: "POST",
+        body: JSON.stringify({
+          method: "login",
+          params: {
+            cnonce: this.cnonce,
+            encrypt_type: "3",
+            digest_passwd: digestPasswdFull,
+            username: this.getUsername(),
+          },
+        }),
+      });
+
+      responseData = await response.json();
+
+      this.log.debug(
+        "StokRefresh: Start_seq response :>>",
+        response.status,
+        JSON.stringify(responseData)
+      );
+
+      if (responseData?.result?.start_seq) {
+        if (responseData?.result?.user_group !== "root") {
+          // # encrypted control via 3rd party account does not seem to be supported
+          // # see https://github.com/JurajNyiri/HomeAssistant-Tapo-Control/issues/456
+          throw new Error("Incorrect user_group detected");
         }
+
+        this.lsk = this.generateEncryptionToken("lsk", nonce);
+        this.ivb = this.generateEncryptionToken("ivb", nonce);
+        this.seq = responseData.result.start_seq;
       }
     } else {
       this.passwordEncryptionMethod = "md5";