Controlicz - Easy Domoticz to Alexa Integration

Alexa, Google Home and Siri
Bikey
Posts: 423
Joined: Sunday 22 February 2015 13:19
Target OS: Raspberry Pi
Domoticz version: 3.xxx
Location: Netherlands
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Bikey » Monday 23 October 2017 17:07

@Madgeni:
I really appreciate your hard work and the service, but I'm a little worried about security and privacy.

Your service now hosts the credentials, IP/Port-numbers, and probably logs of all the the devices and all the interactions of over 300 Domoticz users as I understand. That makes it an interesting attack-vector for the bad guys. And of course we also need to "trust" you with all this information, even if I believe this is all with the best intentions.

Could you eleborate a bit on the privacy and security measures you have in place and why we can trust that this setup is not too risky? (I can't find any privacy/security statements on Controlicz.com)

It would be a little bit better if Controlicz would not have to have access to the local Domoticz-installation (thus needing to opening firewalls and providing credentials) but if Domoticz would initiate the connection to the service, and the service itself could be secured with 2FA, just like it is done by MyDomoticz.com.

What do you think of this, is that something on your roadmap?

cherowley
Posts: 83
Joined: Tuesday 24 February 2015 16:54
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by cherowley » Tuesday 24 October 2017 17:21

Hi Madgeni,

Great work!

Just wondering, is there any way to filter which devices in domoticz are visible to controlicz?

I only want to add certain devices to controlicz you see and already have rooms setup...

Ideally controlicz would look for devices in a specifically named room, say a room called "controlicz" ;)

I could always remove the unwanted ones after discovery one by one in the alex app but that isn't practical as any small change requiring rediscovery would add them all back again...

Thanks!

sach
Posts: 77
Joined: Wednesday 12 October 2016 14:33
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by sach » Tuesday 24 October 2017 17:26

cherowley wrote:
Tuesday 24 October 2017 17:21
Hi Madgeni,

Great work!

Just wondering, is there any way to filter which devices in domoticz are visible to controlicz?

I only want to add certain devices to controlicz you see and already have rooms setup...

Ideally controlicz would look for devices in a specifically named room, say a room called "controlicz" ;)

I could always remove the unwanted ones after discovery one by one in the alex app but that isn't practical as any small change requiring rediscovery would add them all back again...

Thanks!
You should setup a new user and only assign the devices you would like Alexa to see to that user.
Don't forget to change the credentials in controlicz.

cherowley
Posts: 83
Joined: Tuesday 24 February 2015 16:54
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by cherowley » Tuesday 24 October 2017 17:29

sach wrote:
Tuesday 24 October 2017 17:26

You should setup a new user and only assign the devices you would like Alexa to see to that user.
Don't forget to change the credentials in controlicz.

Ooo, hadn't thought of that approach, many thanks sach :)

emailuser
Posts: 3
Joined: Thursday 26 October 2017 14:20
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by emailuser » Thursday 26 October 2017 14:24

Hi Madgeni

I am running Domoticz on RaspberryPi , setup my account on Controlicz , create roomplan , added devices , created user , allowed devices per user , enabled skill - but still no luck , tried multiple times .. read FAQ `s .. appreciate any help

Bikey
Posts: 423
Joined: Sunday 22 February 2015 13:19
Target OS: Raspberry Pi
Domoticz version: 3.xxx
Location: Netherlands
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Bikey » Thursday 26 October 2017 15:55

Bikey wrote:
Monday 23 October 2017 17:07
@Madgeni:
I really appreciate your hard work and the service, but I'm a little worried about security and privacy.

Your service now hosts the credentials, IP/Port-numbers, and probably logs of all the the devices and all the interactions of over 300 Domoticz users as I understand. That makes it an interesting attack-vector for the bad guys. And of course we also need to "trust" you with all this information, even if I believe this is all with the best intentions.

Could you eleborate a bit on the privacy and security measures you have in place and why we can trust that this setup is not too risky? (I can't find any privacy/security statements on Controlicz.com)

It would be a little bit better if Controlicz would not have to have access to the local Domoticz-installation (thus needing to opening firewalls and providing credentials) but if Domoticz would initiate the connection to the service, and the service itself could be secured with 2FA, just like it is done by MyDomoticz.com.

What do you think of this, is that something on your roadmap?
Any thoughts on this?

dgilbert2
Posts: 22
Joined: Wednesday 16 August 2017 8:08
Target OS: Raspberry Pi
Domoticz version: 3.8153
Location: UK
Contact:

Re: Easy Domoticz to Alexa Integration

Post by dgilbert2 » Thursday 26 October 2017 21:18

emailuser wrote:
Thursday 26 October 2017 14:24
I am running Domoticz on RaspberryPi , setup my account on Controlicz , create roomplan , added devices , created user , allowed devices per user , enabled skill - but still no luck , tried multiple times .. read FAQ `s .. appreciate any help
Have you opened port 443 in your router? You should be able to access Domoticz through https://YOUR_IP_ADDRESS when not on your own network. Check this works as this is how Controlicz connects (for this test I just use my smartphone browser and ensure connected by 3G or 4G, ie not the your home wi-fi).

emailuser
Posts: 3
Joined: Thursday 26 October 2017 14:20
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by emailuser » Thursday 26 October 2017 21:45

Hi , yes can access via https:// from my phone , this gets me to the web login page .. where i need to enter my web username and password .. is these the credentials that have to be in controlicz ? as this web login is different to the users i have created in domoticz settings-users

dgilbert2
Posts: 22
Joined: Wednesday 16 August 2017 8:08
Target OS: Raspberry Pi
Domoticz version: 3.8153
Location: UK
Contact:

Re: Easy Domoticz to Alexa Integration

Post by dgilbert2 » Thursday 26 October 2017 21:56

Yes, use the "uid" and "pwd" you provided Controlicz and you should also have setup a user in Domoticz with the same credentials.

emailuser
Posts: 3
Joined: Thursday 26 October 2017 14:20
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by emailuser » Thursday 26 October 2017 22:28

happy days working .. needed to ensure my website protection user was a user that was in the user list and make sure that was user on controlicz .. all working :)

Madgeni
Posts: 496
Joined: Friday 25 March 2016 18:43
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Madgeni » Friday 27 October 2017 22:38

Hi - sorry, half term so been away :)

@bikey - I saw your post, and was dying to respond, but didn't have a chance - this is a complex subject - so let's start at the beginning :)

In order to interact with Alexa, you need to use Oauth2, and your HA system needs to be connected to the internet. I guess those are the two main requirements.

I wrote a skill originally, which had a 'fake' oauth2 server, and a skill which required you to host it yourself on a lambda. Whilst this was fine for some, the bar was a little high for some people, and I wanted to provide something more 'native' to Alexa. To do this, i therefore *had* to provide a centralised service for Alexa to connect to, and a working Oauth2 server (after all, i wanted to protect your data!) - so Controlicz was born.
Controlicz as a web app uses a proper ssl cert - and the data you provide me is encrypted using bcrypt.
The interaction between Amazon and controlicz is via tokens, so no credentials are passed.
I've run various OWASP tests against Controlicz, and whilst it has room for improvement, it is reasonably sound.

I have no access to your details - all i have is token details from Amazon, and logging the REST Apis i've had to build to get this working in the Amazon Cloudwatch logs.

HOWEVER - the domoticz API itself only provides consumption using username:password in the url, which is, let's face it, sub-optimal. There is nothing I can do about that, I don't own Domoticz, but they have an almost constant backlog of devices to add, amend, or alter, so can see why external access to individual implementations isn't a priority. But it is weak. that is why I enforce you setting up SSL ( I can't enforce you using an actual SSL cert - but you should). For complete transparency, I can turn on logging of the calls to your hosts, but they are not persisted anywhere, and I only do this if someone contacts me with an issue, and I have to go through a fairly complex process to link an oauth token to the actual call, which no-one else could have.

Also, i don't know mydomoticz - but remember, Alexa is incepting the call, so it's not down to Domoticz sending a heartbeat/status update, it has to respond to something it is asked to do by Alexa. There's no real opportunity for 2FA, i could, for sign up to Controlicz, but once you've registered, it's down to Oauth2 to handle the interaction (and the direct call to your Domoticz host).

I will say that I want Controlicz to be used, i believe in it, and want to expand it to Google Home/OK Google, Siri, a chat bot and more - but am limited to fitting it with a distributed HA system, rather than a centralised one :)

I would also note that, like Domoticz devs, I do this for free - and incur a bill each month for hosting Controlicz and the lambdas to run the Alexa integration!
Like Controlicz? Want to help keep the lights on? https://paypal.me/madgeni :)

Native Alexa skill - register at http://www.controlicz.com

Bikey
Posts: 423
Joined: Sunday 22 February 2015 13:19
Target OS: Raspberry Pi
Domoticz version: 3.xxx
Location: Netherlands
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Bikey » Monday 30 October 2017 0:24

Hi thanks for your elaboration on the subject. And again also thanks for all the efforts you put into this.

About my reference to MyDomoticz: what they do is to make the local Domoticz installation to connect to the "MyDomoticz" cloud (using a token) and then maintain the connection. After that, the MyDomoticz cloud works as a proxy for calls to the local installation.

So the connection setup is not initiated from "the internet", but the other way around. By doing so, you no longer have to open up your firewall or provide your local Domoticz credentials to a cloud provider. Which then also can not be hacked by anyone. The account on 'MyDomoticz" can also be secured with 2FA, so brute force attacks are not possible anymore (in contrast with opening Domoticz to the internet).

This kind of setup is used by most other home automation systems with local installations that need to connect to the cloud, like Philips HUE and Logitec Harmony and even by the Amazon Echo itself, so I think this is a best practice you may want to consider?

To do this for Controlicz of course would require adjustments to the Domotica-code so it would establish the connection, but hopefully much of the code of MyDomoticz can be reused and hopefully the developers can help you with that.

Madgeni
Posts: 496
Joined: Friday 25 March 2016 18:43
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Madgeni » Monday 30 October 2017 1:44

Ok, so documentation is limited on myDomoticz - but they don't provide Oauth2 tokens, so i'm unclear on the security model. Philips Hue use a proprietary model (essentially they've rolled their own Oauth2), Amazon use Oauth2. I use Oauth2.
2FA adds another layer of security for initial access, yes, but again, Alexa initiates these requests, programmatically, via 'the internet', and as it runs discoveries quite frequently, i can't see how 2FA would work (it can't) and besides, that's the point of issuing Oauth2 tokens anyway.

A quick glance at OpenHab's Cloud Service shows me that it's providing the same service that I do, the difference is that the client software can run an oauth2 client, so no need to store details centrally.
The TL:DR is that i'm doing it the right way *with the constraints set by the current Domoticz setup*. If they built an oauth2 service, or an oauth2 client, there would be no need for a centralised register - but whatcanyoudo?
Also, not sure about opening up to the internet, if you want stuff to connect to you outside your network, and you're not using a VPN, it's connected to the internet - like an Echo, like a Hue Bridge.

I'm all for debate, and am constantly aware that i'm advocating connecting your stuff to my stuff, and the trust around that. If it makes you feel any better, i've designed and built large-scale platforms for banks and finance companies with stringent regulatory constraints.
But at the end of the day, if you don't want to use it, don't :)
Like Controlicz? Want to help keep the lights on? https://paypal.me/madgeni :)

Native Alexa skill - register at http://www.controlicz.com

Madgeni
Posts: 496
Joined: Friday 25 March 2016 18:43
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Madgeni » Monday 30 October 2017 18:13

So i'm after some victims, i mean Beta testers for the new version. It will require you to PM me your email address, disable controlicz, and enable the new skill, then use it as normal, and let me know what's not working. This version offers you Scenes in the right place on the app (/shrugs), but also status updates back to the App (so you can check status of devices via the App - is that light on, is the front door open? etc)

As I mentioned, Amazon have deprecated the current version of their API, so I've had to refactor *everything* - there are bound to be some bugs, but it has to be done i'm afraid!

For those who don't take part, don't worry! Once i've ironed out any issues, the transition *should* be seamless to you, and Controlicz will continue to be the skill. I've created a separate skill for testing purposes only.
Like Controlicz? Want to help keep the lights on? https://paypal.me/madgeni :)

Native Alexa skill - register at http://www.controlicz.com

Swifty
Posts: 77
Joined: Saturday 31 December 2016 22:03
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Swifty » Tuesday 31 October 2017 15:16

I'm game... I'll ping you my email in a PM.

Also, I was reading yesterday about 'Groups' in the Alexa app, it seems you can place an echo and a number of devices into a group, which according to the burlb (I think) should allow things like 'Alexa, turn on the light' - which will act on the device located in the same room as the echo (without specifically naming the device).

I tried it out last night and couldn't really get it to work any further than turning on / off whatever the group name was.. any ideas how/if this integrates with controlicz?

I've got multiple echos / lights / tvs etc.. it would be great to just say 'turn on the light', 'turn off the tv' and have that work in whatever room I said it in, rather than remembering specific namings.

Madgeni
Posts: 496
Joined: Friday 25 March 2016 18:43
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Madgeni » Tuesday 31 October 2017 16:58

they seem to work fine from the app - added in a scene and a couple of switches to a group called 'Test' - then added one of my Echos, and could say 'Alexa Test on' and it turned everything in the group on
Like Controlicz? Want to help keep the lights on? https://paypal.me/madgeni :)

Native Alexa skill - register at http://www.controlicz.com

sach
Posts: 77
Joined: Wednesday 12 October 2016 14:33
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by sach » Tuesday 31 October 2017 18:03

I don't think the Groups with Echo devices are implemented fully outside of the US yet. I was testing this yesterday too.
Usually the case that the US gets new features well before us. :-(

sgeaglef15
Posts: 7
Joined: Monday 21 August 2017 15:17
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by sgeaglef15 » Wednesday 01 November 2017 11:50

Hi Madgeni,

Thank you so much for all the work you have put into Controlicz, it is awesome!!

I like to check with you if Virtual switch is being supported by Controlicz?

> Have 1 TP link switch which I have added it as a virtual Switch via this guide (http://forums.4fips.com/viewtopic.php?f=3&p=7315)
> After doing so I added the Virtual switch to a room/floor plan and ran rediscover on alexa but to no avail, switch does not appear.

Madgeni
Posts: 496
Joined: Friday 25 March 2016 18:43
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by Madgeni » Wednesday 01 November 2017 11:52

Hey sgeaglef15 :)

Can you do me a favour, and post a screenshot from the Domoticz Device tab? Name/SubType are part of the decision making for discovery - that could be why it's not finding it.
Like Controlicz? Want to help keep the lights on? https://paypal.me/madgeni :)

Native Alexa skill - register at http://www.controlicz.com

sgeaglef15
Posts: 7
Joined: Monday 21 August 2017 15:17
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: Easy Domoticz to Alexa Integration

Post by sgeaglef15 » Wednesday 01 November 2017 15:24

Hi Madgeni,

Here you go, please see attachment.

Regards
Attachments
4B6F5638-0146-4ED4-8C44-AC8CD308EAB8.jpeg
4B6F5638-0146-4ED4-8C44-AC8CD308EAB8.jpeg (131.95 KiB) Viewed 458 times
BD347B56-5412-49F1-8B46-8D49372E3188.jpeg
BD347B56-5412-49F1-8B46-8D49372E3188.jpeg (300.93 KiB) Viewed 458 times

Post Reply

Who is online

Users browsing this forum: Madgeni, ultratoto14 and 0 guests