Login with refresh_token not possible
Closed this issue ยท 8 comments
Script:
from tgtg import TgtgClient
client = TgtgClient(email="<your_email>", timeout=30)
client.login()
access_token = client.access_token
refresh_token = client.refresh_token
user_id = client.user_id
client = TgtgClient(access_token=access_token, refresh_token=refresh_token, user_id=user_id)
client.login()
Result of the last client.login() call:
Traceback (most recent call last):
File "script.py", line 10, in <module>
client.login()
File "/home/me/.local/lib/python3.8/site-packages/tgtg/__init__.py", line 112, in login
self._refresh_token()
File "/home/me/.local/lib/python3.8/site-packages/tgtg/__init__.py", line 98, in _refresh_token
raise TgtgAPIError(response.status_code, response.content)
tgtg.exceptions.TgtgAPIError: (404, b'{"timestamp":1637700413860,"status":404,"error":"Not Found","path":"/api/auth/v1/token/refresh"}')
The endpoint is still used in current master:
Line 17 in 31eb360
Please check the new release 0.8.0
Already running it since yesterday, it works fine, I've been kicked out after about 20 hours with the following exception:
(403, b'<html><head><title>apptoogoodtogo.com</title><style>#cmsg{animation: A 1.5s;}@keyframes A{0%{opacity:0;}99%{opacity:0;}100%{opacity:1;}}</style></head><body style="margin:0"><p id="cmsg">Please enable JS and disable any ad blocker</p><script>var dd={\'cid\':\'remo-wew==\',\'hsh\':\'removed\',\'t\':\'fe\',\'r\':\'b\',\'s\':removed,\'host\':\'geo.captcha-delivery.com\'}</script><script src="https://ct.captcha-delivery.com/c.js"></script></body></html>\n')
but this is a new issue and might not be (easily) solvable. Feel free to close this ticket when no solution is expected.
My script was pulling the API about every 90 seconds.
It seems I spoke too soon. Login with email alone isn't possible any longer, the same exception as quoted above is thrown.
Edit: The Android app is still working even with the same email at the same IP address. No captcha shown not needed.
The problem is with Header that this script sends. You can replicate this issue using Postman.
Basically - Python's Requests library adds Accept to it's headers when sending a request. This will result in getting the 403 error and captcha in response. If you do not send the Accept in header - the request will succeed.
If you send the request via Postman with Accept header - you will get an error, but you will also get a Cookie header now. Once you have that Cookie header - you can send requests with Accept in header and it will go through properly as well.
I have no time to fix it in actual Python code, as it's not my primary language that I code in, but I hope this information will steer someone onto the right tracks.
If you want to temporarily fix the issue - you can add Cookie header to headers in the Python script with the cookie generated from Postman - the script works again now - for now.
If you want dirty quick fix then you just force Accept as empty in https://github.com/ahivert/tgtg-python/blob/master/tgtg/__init__.py#L71
No, this is not proper way of fixing that, but seems to be working.
def _headers(self):
headers = {
"user-agent": self.user_agent,
"accept-language": self.language,
"Accept": "",
"Accept-Encoding": "gzip",
}
@RobbedColek Thanks for your analysis, it's spot on. The proper Python/requests fix for omitting the Accept header should be using a session for which we can hard-code the headers better. I will open a pull request for this.