Asbestos Supply

2022-02-17 Our Family Wizard Sucks

Background

My ex-wife and I started using Our Family Wizard to communicate. The software seems to have a lot of features but the only one we use is the messaging. It’s a huge step back from Gmail! Here’s a list of issues I encountered on the first day alone:

  1. No auto-save as draft. If you start writing a message and then get distracted it will be lost when you come back.
  2. Terrible draft handling. If you start writing a message but aren’t ready to send it you’ll need to cancel out of it and then press save as draft. If you open it again and then exit out again it will ask again if you’d like to save or discard. If you made some changes you don’t want to save you might find yourself pressing Discard. This will actually delete the draft entirely. Which leads me to...
  3. No trash folder. If you accidentally delete something it’s gone forever.
  4. No scheduled send. I use this Gmail feature all the time but Our Family Wizard doesn’t have it

My crazy idea

So Our Family Wizard messaging sucks and Gmail is great, I wondered if there is a way to send emails from Gmail and have the message relayed to Our Family Wizard. I know how to send email from Gmail so the first step here would be to figure out how to send messages to Our Family Wizard without using their GUI.

First I opened up the website at ourfamilywizard.com, opened up the Network tab in Chrome, and logged in. The username & password was sent as form data to /login which sets a cookie and redirects to /home.form. Ok, not too bad, I could definitely recreate that. I then clicked on messages and went to create a new message. Ugh. There was a ton of html pages and javascript. I didn’t really want to parse through all that to figure out how to send a message.

Our Family Wizard has iOS and Android apps, though, so it definitely has an API, right? I fired up Proxyman on my iPhone, loaded the Our Family Wizard app, and immediately started to see the traffic to their API endpoints! Proxyman makes it super simple to proxy HTTPS traffic, too... (this was my first time using Proxyman. In the past I’ve used Charles. Proxyman seems simpler IMO).

Endpoints

I clicked around a bit and found the most important endpoints for my use case:

Login

This requires a POST to [https://ofw.ourfamilywizard.com/pub/v1/accesstoken](https://ofw.ourfamilywizard.com/pub/v1/accesstoken) The username and password is sent as Basic authentication and content-type is application/json. The app sent a bunch of additional headers (ofw-client-device, ofw-version, ofw-locale, ofw-client, and ofw-client-os) but with some trial and error I found that only two were required: ofw-version and ofw-client. Without these headers the server returned either an error or a message that it was down for maintenance. Weird.

In the end I was able to successfully login using the following HTTPie command

http -a {username}:{password} POST https://ofw.ourfamilywizard.com/pub/v1/accesstoken ‘ofw-version’:’5.3.0’ ‘ofw-client’:’iPhone’

Which returns a response body looking something like

{"status": 200, "token": "{TOKEN}", "renewToken": "{PRESUMABLY_SOME_SORT_OF_REFRESH_TOKEN}"}

Subsequent calls would need that {TOKEN} passed in as the bearer token. And those ofw-version and ofw-client headers, too. Every call seems to need those. Did I say weird?

Getting a list of recipients

In order to send a message you first need to know the id of the person you want to send it to. In my case this will always be my ex-wife (though I understand from reading the manual that this could also be a child or attorney). But the endpoint is still nice to know. Getting a list of possible recipients is a GET to https://ofw.ourfamilywizard.com/pub/v1/messageRecipients. Note that those same ofw-version and ofw-client headers seem to be required to get anything but an “Internal Server Error” message.

The final HTTPie command looks like

http https://ofw.ourfamilywizard.com/pub/v1/messageRecipients Authorization:'Bearer {TOKEN}' 'ofw-version':'5.3.0' 'ofw-client':'iPhone'

which returns a response body looking something like

[
    {
        "active": true,
        "color": "#66AA00",
        "displayInitials": "BG",
        "firstName": "Bill",
        "lastName": "Gates",
        "name": "Bill Gates",
        "type": "parent",
        "userId": 1112223
    },
    {
        "active": true,
        "color": "#CC3333",
        "displayInitials": "SJ",
        "firstName": "Steve ",
        "lastName": "Jobs",
        "name": "Steve Jobs",
        "type": "lawyer",
        "userId": 11122244
    }
]

Notice the second one has type lawyer. I added my attorney which is how I know this to be a valid value. I do not know the value for a child though presumably it’s just child?

Anyway, note those userId's, they’re important for the next step.

Sending a message

So suppose you want to message Bill Gates, the next step would be to do a POST to https://ofw.ourfamilywizard.com/pub/v2/messages. This requires a JSON body with the following fields:

  • recipentIds (array of user id’s)
  • subject (a string)
  • body (a string)
  • includeOriginal (a boolean which is set to false when composing a new message, atm I’m not sure exactly what this does)
  • draft (a boolean which by default is set to false)
  • background(a boolean which by default is set to false on new messages, atm I’m not sure what this does)
  • replyToId (defaults to 0, presumably this is the message being replied to)
  • attachments (which is a blank object by default and I have not played around with it)

In the end I was able to send a message using the following HTTPie command (recall that all requests require the Authentication header along with those 2 other headers ofw-version and ofw-client):

http POST https://ofw.ourfamilywizard.com/pub/v2/messages Authorization:'Bearer {TOKEN}' 'ofw-version':'5.3.0' 'ofw-client':'iPhone' recipientIds:='[11122233]' subject='message' body="body\nwith\nnewlines" includeOriginal=false draft=false background=false replyToId=0 attachments:='{}'

Renewing a token

I opened the app after a few hour break and noticed it made a POST to https://ofw.ourfamilywizard.com/pub/v1/renewtoken to renew the token. Along with those silly ofw-version and ofw-client headers it passes an Authorization header with Bearer {TOKEN} . Unlike the other endpoints though, this one uses form/multipart

The body contains 2 fields: renew_token which contains the renew token value and grant_type which contains the value renewtoken

The response is the same as the Login response with a new token and renewToken.

Summary

I was able to determine some important endpoints for logging in and sending messages with Our Family Wizard. Perhaps I will build some sort of email relay tooling (maybe using AWS SES?) to enable me to continue to use Gmail for composing my messages. Stay tuned...

update: I bought OurFamilyWizardSucks.com and plan to release something there at some point...

update: I’ve got this working for my own use