fairgame icon indicating copy to clipboard operation
fairgame copied to clipboard

Published 20 hours ago verified publisher icon Hari-Nagarajan

Feature Request: 2FA support for headless mode

Open timbru31 opened this issue 3 years ago • 11 comments

Currently fairgame does not work correctly when running on a 2FA protected account in headless mode as it expects the user to enter the OTP code in the browser windows itself.

Ideally, fairgame would prompt the user for the OTP from the Python CLI and then pass the value via chromedriver onto the page. This should basically be something like otp_field.send_keys(otp_input + Keys.RETURN) (pseudo code)

timbru31 avatar Mar 27 '21 13:03 timbru31

Makes sense, please make a PR to implement.

DakkJaniels avatar Mar 27 '21 14:03 DakkJaniels

Already on it 👍

timbru31 avatar Mar 27 '21 14:03 timbru31

It should also be possible to implement a built-in TOTP generator where the user can save their TOTP secret in the credential file and it handled automatically.

There are plenty of python TOTP generators that could handle this.

digitalentropy avatar Apr 25 '21 20:04 digitalentropy

Have fun explaining the user how to get the QR code encoded data into fairgame. While of course this is possible, I'd vote against this. Users already struggle to understand what the test flag is.

timbru31 avatar Apr 25 '21 21:04 timbru31

Unless I am missing something there is a "Can't scan the barcode?" link at the bottom of every TOTP QR that I've had to use, including Amazon's. They can just add a new authenticator app and copy the secret out of that.

I ran into an issue today where I fairgame was logged in, eventually got a hit, successfully added it to cart, but Amazon decided to prompt for OTP.

Adding built-in 2FA support would be the only way to get around this if it starts increasing in frequency.

digitalentropy avatar Apr 26 '21 00:04 digitalentropy

@digitalentropy please submit a PR for it. Thanks.

DakkJaniels avatar Apr 26 '21 01:04 DakkJaniels

They can just add a new authenticator app and copy the secret out of that.

99,99% of the users have TOTP setup, aka the QR code is no longer displayed. Correct me if I'm wrong, but the most famous apps such as Google Authenticator, Microsoft Authenticator nor Authy allows the re-display of the QR code or secret.

timbru31 avatar Apr 26 '21 01:04 timbru31

They can just add a new authenticator app and copy the secret out of that.

99,99% of the users have TOTP setup, aka the QR code is no longer displayed. Correct me if I'm wrong, but the most famous apps such as Google Authenticator, Microsoft Authenticator nor Authy allows the re-display of the QR code or secret.

I've confirmed that Amazon allows the user to add multiple authenticator apps, so one could simply add a new one for fairgame.

Unfortunately I don't have time at the moment to write the code for it. I was simply providing feedback that I felt was practical and useful. That said, if someone who does have the time has an interest in doing so, I think it's a very worthwhile idea.

digitalentropy avatar Apr 26 '21 02:04 digitalentropy

Is this still not being implemented? 😥

Cr4z33 avatar Jul 16 '21 12:07 Cr4z33

It's in PR #636. You can load that if you need it.

DakkJaniels avatar Jul 16 '21 15:07 DakkJaniels

@DakkJaniels thanks, but I am not quite sure I understood properly. 😅

Do I have to add/edit anything in my (Docker running) fairgame or do I have to downgrade it to a specific release?

Cr4z33 avatar Jul 18 '21 08:07 Cr4z33