python-fints
python-fints copied to clipboard
raphaelm
DKB does not accept connections anymore
Hi!
I recently recognized that my previous working application suddenly throws an error while fetching transactions from my DKB account. I used the example code from https://python-fints.readthedocs.io/en/latest/trouble.html to verify if the error I receive is a result of incorrect session handling inside my application or if there are general problems with DKB sessions. If I use the example code I'm getting the following output:
We need the name of the TAN medium, let's fetch them from the bank
Dialog response: 9050 - Die Nachricht enthält Fehler.
Dialog response: 9800 - Dialog abgebrochen
Dialog response: 9010 - Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
Traceback (most recent call last):
File "test.py", line 42, in <module>
minimal_interactive_cli_bootstrap(f)
File "/home/***/.local/lib/python3.7/site-packages/fints/utils.py", line 322, in minimal_interactive_cli_bootstrap
m = client.get_tan_media()
File "/home/***/.local/lib/python3.7/site-packages/fints/client.py", line 1360, in get_tan_media
response = dialog.send(seg)
File "/home/***/.local/lib/python3.7/site-packages/fints/dialog.py", line 156, in send
self.client.process_response_message(self, response, internal_send=internal_send)
File "/home/***/.local/lib/python3.7/site-packages/fints/client.py", line 230, in process_response_message
self._process_response(dialog, None, response)
File "/home/***/.local/lib/python3.7/site-packages/fints/client.py", line 1284, in _process_response
raise FinTSClientError("Error during dialog initialization, could not fetch BPD. Please check that you "
fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
I also found out, that the dialog-id sometimes is 0 during the communication:
We need the name of the TAN medium, let's fetch them from the bank
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 494, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '0', # Dialog-ID
message_number = 1, # Nachrichtennummer
),
Does anyone else happen to experience the same error or has information about how to fix this?
Bye Jan
Hi Have the same issue.
WARNING:fints.client:You should register your program with the ZKA and pass your own product_id as a parameter.
We need the name of the TAN medium, let's fetch them from the bank
ERROR:fints.client:Dialog response: 9050 - Die Nachricht enthält Fehler.
ERROR:fints.client:Dialog response: 9800 - Dialog abgebrochen
ERROR:fints.client:Dialog response: 9010 - Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
Having the same issue with DKB:
Dialog response: 9050 - Die Nachricht enthält Fehler.
Dialog response: 9800 - Dialog abgebrochen
Dialog response: 9010 - Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
! fints client exception for DKB (blz 12030000) user XXX: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
BLZ: 12030000 URL: https://banking-dkb.s-fints-pt-dkb.de/fints30
Tried all settings from OpenHBCI but no success.
I'm connecting to DKB for a few months now, without problems. Is this resolved?
I have been using it before successfully (p until 2 months ago) but now I'm receiving the same error. So it is not resolved.
What's the end date of the time span for which you are showing transactions? For DKB, I need to set end_date=datetime.date.today()
This problem still persists. The documentation on the response code 9010 which is received is not too helpful either:
Hi,
I tested the DKB using the test script, everything (despite get holdings) works.
The TAN methods response contains the following items:
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 4), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '3050',
reference_element = None,
text = 'UPD nicht mehr aktuell, aktuelle Version enthalten.',
),
fints.formals.Response( # Rückmeldung
code = '3920',
reference_element = None,
text = 'Zugelassene Zwei-Schritt-Verfahren für den Benutzer.',
parameters = [
'921',
],
),
fints.formals.Response( # Rückmeldung
code = '0020',
reference_element = None,
text = 'Der Auftrag wurde ausgeführt.',
),
],
),
DKB offers quite some TAN options. Have you tried playing with them? I've only activated Push-TAN and it works.
@frederictobiasc do you have an example Code for using the TAN to log in? In the Troubleshot Test Code i only got the same error as before.
I also tried the following Code from the Website
with f:
# Since PSD2, a TAN might be needed for dialog initialization. Let's check if there is one required
if f.init_tan_response:
print("A TAN is required", f.init_tan_response.challenge)
tan = input('Please enter TAN:')
f.send_tan(f.init_tan_response, tan)
# Fetch accounts
accounts = f.get_sepa_accounts()
with the error result
fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
In general, using https://banking-dkb.s-fints-pt-dkb.de/fints30 for BLZ 12030000 is still correct? Asking cause in the long response i also saw this:
ERROR:fints.client:Dialog response: 9050 - Die Nachricht enthält Fehler.
ERROR:fints.client:Dialog response: 9800 - Dialog abgebrochen
ERROR:fints.client:Dialog response: 9010 - Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
Hi @bst2k,
I only used the test script I linked above, so I cannot provide any other code.
If I were you, I would carefully check for typos. Here are my client_args (redacted).
logging.basicConfig(level=logging.DEBUG)
client_args = (
'12030000', # BLZ
'username', # USER
'password',
'https://banking-dkb.s-fints-pt-dkb.de/fints30' # ENDPOINT
)
If this doesn't work, I would start and contact DKB if I were you, because then there must obviously something wrong. I had a conversation with a technical support representative of DKB myself and he stated that they happily assist in case of problems. Maybe you want to ask them for a development account of their FinTS implementation?
I hope that helps! BTW: I fixed the link above to the test script.
There can't be any typos due i copy login and password from KeePass and the online login works. Also the Bank Data must be correct, I found the confirmation in the FAQ:
Falls du die Schnittstelle zu unserem Banking im Programm manuell einrichten musst, nutze diese Parameter:
Bankleitzahl: 120 300 00
Sicherheitsmedium: HBCI-PIN mit chipTAN/TAN2go
Benutzerkennung: Dein Anmeldename
Kunden-ID: Dieses Feld bitte frei lassen
HBCI-Version: FinTS 3.0
Kommunikationsadresse: https://banking-dkb.s-fints-pt-dkb.de/fints30
So it reads like there is no adjustments for the account needed. To be sure I wrote an message to the DKB Support.
When i log into my online banking I get an push from my "DKB-Banking" app where i need to confirm the log in, probably the connection is blocked cause I got no push message to confirm. Did somebody know an workaround for this?
I also don't get a Pushtan for login. This is only necessary when doing things like requesting data. Would you mind telling what TAN options are enabled in your DKB account? If you want to, you can also share your (anonymized) log for me to compare. Maybe this leads to some insights.
Thanks for your help @frederictobiasc
My only activated TAN is TAN2go.
If I run this Code:
import logging
from fints.client import FinTS3PinTanClient
logging.basicConfig(
level=logging.DEBUG,
filename="log.log",
filemode="w"
)
f = FinTS3PinTanClient(
'12030000',
'LOGIN',
'PASSWORD',
'https://banking-dkb.s-fints-pt-dkb.de/fints30'
)
with f:
info = f.get_information()
print(info)
I get an successfully result from DKB.
{'bank': {'name': 'Deutsche Kreditbank Aktiengesellschaft', 'supported_operations': .....
If I change the get_information to get_sepa_accounts I got the same error like in the other Threads:
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): banking-dkb.s-fints-pt-dkb.de:443
DEBUG:urllib3.connectionpool:https://banking-dkb.s-fints-pt-dkb.de:443 "POST /fints30 HTTP/1.1" 200 882
DEBUG:fints.connection:Received <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
...
fints.segments.dialog.HIRMG2( # Rückmeldungen zur Gesamtnachricht
header = fints.formals.SegmentHeader('HIRMG', 3, 2), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '9050',
reference_element = None,
text = 'Die Nachricht enthält Fehler.',
),
fints.formals.Response( # Rückmeldung
code = '3905',
reference_element = None,
text = 'Es wurde keine Challenge erzeugt.',
),
fints.formals.Response( # Rückmeldung
code = '9800',
reference_element = None,
text = 'Dialog abgebrochen',
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 4), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '3920',
reference_element = None,
text = 'Zugelassene Zwei-Schritt-Verfahren für den Benutzer.',
parameters = [
'921',
],
),
fints.formals.Response( # Rückmeldung
code = '9955',
reference_element = None,
text = 'Auftrag nicht ausgeführt - Die Gerätebezeichnung ist unbekannt. (MBV07390100255)',
),
],
),
...
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Same error occurs when running the "Troubleshooting" Code.
If I change the get_information to get_sepa_accounts I got the same error like in the other Threads:
I just tested it, and it works wonderfully for me. IMO, this justifies opening a ticket at DKB FinTS support. I'm curious to hear what they tell.
Is there any chance you have multiple devices registered for the Tan2go mechanism? Have you already found this thread?
Ticket is open, when the support replies I share the answer here.
No I did not found this Thread, thanks for sharing. I definitely got only one device connected, believe there couldn't be more then one. Could you tell me where I set up the pushTan Device Name? I didn't see this in the documentation.
I don't know where to set it up. I just guessed that there may be a problem if more than one push tan device is registered at the bank. For me, it just works. But I just noticed, that I also have "chipTan" activated. Maybe this changes the behaviour? Probably fiddling with the options wouldn't hurt.
chipTan was activated at the start, I deactivated it yesterday while testing, so this sadly changed nothing. In my "TAN2go-Verwaltung" there is only one connected device show up, my Device that I am using daily. Ticket is still open :-(
Hi @bst2k,
I got news for you. I got hold on a DKB account showing your reported issue. Could you please check one thing? Please make sure, you're using a customized login name (not 12345_p). You can set one in the online banking: Service -> "Anmeldename für mein Banking ändern"
If you needed to change it, please give it an hour before you try python-fints.
@frederictobiasc thanks for your Tip. My login was really still like "12345_p" but is now changed to a customized one. I waited for around one hour and tried it again. Unfortunately I still have the same error and still no DKB response.
@bst2k thanks for verifying that. I did another thing, just wanted to make sure, this is unrelated to the account name: I added the account in Gnucash (you can also use KMyMoney, both use Aqbanking as backend for FinTS). After successfully adding the account there, I was able to use it as well with python-fints.
Would you mind trying that and report back if this works for you as well? If possible, keep the logs so that we can examine what operations were executed. This could help fixing the bug here.
@frederictobiasc I took a look at GnuCash and .... got the same error of "BPD nicht mehr aktuell, aktuelle Version enthalten. (S)", so I think there must be any DKB Account Settings to be adjusted.
23:39:34 Server-Zertifikat abrufen
23:39:34 Verbindung vorbereiten
23:39:34 Mit Server verbinden...
23:39:34 Verwende GnuTLS Default Ciphers.
23:39:34 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
23:39:58 Verbunden.
23:39:58 Verbindung beendet.
23:39:58 Zertifikat erhalten
23:39:58 Allgemeine Bankinfos abrufen (SCA)
23:39:58 AqHBCI gestartet
23:39:58 Aufträge werden kodiert
23:39:58 Nachricht senden
23:39:58 Verwende GnuTLS Default Ciphers.
23:39:58 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
23:39:58 Nachricht gesendet
23:39:58 Aufträge gesendet
23:39:58 Auf Antwort warten
23:39:58 Antwort erhalten
23:39:58 HBCI: 3060 - Bitte beachten Sie die enthaltenen Warnungen/Hinweise. (M)
23:39:58 HBCI: 0100 - Dialog beendet. (M)
23:39:58 HBCI: 3050 - BPD nicht mehr aktuell, aktuelle Version enthalten. (S)
23:39:58 HBCI: 0020 - Informationen fehlerfrei entgegengenommen. (S)
23:39:58 Beende Dialog mit dem Server
23:39:58 Aufträge werden kodiert
23:39:58 Nachricht senden
23:39:58 Verwende GnuTLS Default Ciphers.
23:39:58 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
23:39:58 Nachricht gesendet
23:39:58 Aufträge gesendet
23:39:58 Auf Antwort warten
23:39:58 Antwort erhalten
23:39:58 HBCI: 0010 - Nachricht entgegengenommen. (M)
23:39:58 HBCI: 0100 - Dialog beendet. (M)
23:39:58 AqHBCI abgeschlossen.
23:39:58 Gefundene Serveradresse: SSL: banking-dkb.s-fints-pt-dkb.de/fints30, none
23:39:58 Gefundene Serveradresse: TCP: banking.s-fints-pt-dkb.de, base64
23:39:58 Systemkennung abrufen
23:39:58 AqHBCI gestartet
23:39:58 Aufträge werden kodiert
23:40:08 Aufträge konnten nicht kodiert werden
23:40:08 AqHBCI abgeschlossen.
23:40:08 Die Aktion wurde durch den Benutzer abgebrochen.
23:40:08 Vorgang abgeschlossen, Sie können das Fenster nun schließen.
- EDIT I tried this with the StarMoney software as they advertise it on the website and now it works! However, I had to enter a pushTan for the setup and had to confirm the log in in the app. Thank you very much for your help :)
@bst2k glad that worked out for you too.GnuCash required me to enter a TAN too. Please note that "BPD nicht mehr aktuell" != "could not fetch BPD", so that's an improvement ;)
I'm posting the log file of the AqHBCI transaction after that python-fints started working. Maybe any of the developers, eg. @raphaelm can make sense of it:
11:11:19 Server-Zertifikat abrufen
11:11:19 Verbindung vorbereiten
11:11:19 Mit Server verbinden...
11:11:19 Verwende GnuTLS Default Ciphers.
11:11:19 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:11:25 Verbunden.
11:11:25 Verbindung beendet.
11:11:25 Zertifikat erhalten
11:11:25 Allgemeine Bankinfos abrufen (SCA)
11:11:25 AqHBCI gestartet
11:11:25 Aufträge werden kodiert
11:11:25 Nachricht senden
11:11:25 Verwende GnuTLS Default Ciphers.
11:11:25 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:11:25 Nachricht gesendet
11:11:25 Aufträge gesendet
11:11:25 Auf Antwort warten
11:11:25 Antwort erhalten
11:11:25 HBCI: 3060 - Bitte beachten Sie die enthaltenen Warnungen/Hinweise. (M)
11:11:25 HBCI: 0100 - Dialog beendet. (M)
11:11:25 HBCI: 3050 - BPD nicht mehr aktuell, aktuelle Version enthalten. (S)
11:11:25 HBCI: 0020 - Informationen fehlerfrei entgegengenommen. (S)
11:11:25 Beende Dialog mit dem Server
11:11:25 Aufträge werden kodiert
11:11:25 Nachricht senden
11:11:25 Verwende GnuTLS Default Ciphers.
11:11:25 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:11:26 Nachricht gesendet
11:11:26 Aufträge gesendet
11:11:26 Auf Antwort warten
11:11:26 Antwort erhalten
11:11:26 HBCI: 0010 - Nachricht entgegengenommen. (M)
11:11:26 HBCI: 0100 - Dialog beendet. (M)
11:11:26 AqHBCI abgeschlossen.
11:11:26 Gefundene Serveradresse: SSL: banking-dkb.s-fints-pt-dkb.de/fints30, none
11:11:26 Gefundene Serveradresse: TCP: banking.s-fints-pt-dkb.de, base64
11:11:26 Systemkennung abrufen
11:11:26 AqHBCI gestartet
11:11:26 Aufträge werden kodiert
11:11:36 Nachricht senden
11:11:36 Verwende GnuTLS Default Ciphers.
11:11:36 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:11:36 Nachricht gesendet
11:11:36 Aufträge gesendet
11:11:36 Auf Antwort warten
11:11:36 Antwort erhalten
11:11:36 HBCI: 3060 - Bitte beachten Sie die enthaltenen Warnungen/Hinweise. (M)
11:11:36 HBCI: 0020 - Auftrag ausgeführt. (S)
11:11:36 HBCI: 3920 - Zugelassene Zwei-Schritt-Verfahren für den Benutzer. (S)
11:11:36 HBCI: 0020 - Der Auftrag wurde ausgeführt. (S)
11:11:36 Dialog wurde nicht abgebrochen, PIN scheint gültig zu sein
11:11:36 Beende Dialog mit dem Server
11:11:36 Aufträge werden kodiert
11:11:36 Nachricht senden
11:11:36 Verwende GnuTLS Default Ciphers.
11:11:36 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:11:36 Nachricht gesendet
11:11:36 Aufträge gesendet
11:11:36 Auf Antwort warten
11:11:36 Antwort erhalten
11:11:36 HBCI: 0010 - Nachricht entgegengenommen. (M)
11:11:36 HBCI: 0100 - Dialog beendet. (M)
11:11:36 Dialog wurde nicht abgebrochen, PIN scheint gültig zu sein
11:11:36 AqHBCI abgeschlossen.
11:11:49 Anforderung der Kontenliste
11:11:49 AqHBCI gestartet
11:11:49 Wähle iTAN Modus "TAN2go" (921, Version 6, Prozess 2)
11:11:49 Aufträge werden kodiert
11:11:49 Nachricht senden
11:11:49 Verwende GnuTLS Default Ciphers.
11:11:49 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:11:49 Nachricht gesendet
11:11:49 Aufträge gesendet
11:11:49 Auf Antwort warten
11:11:49 Antwort erhalten
11:11:49 HBCI: 3060 - Bitte beachten Sie die enthaltenen Warnungen/Hinweise. (M)
11:11:49 HBCI: 3920 - Zugelassene Zwei-Schritt-Verfahren für den Benutzer. (M)
11:11:49 HBCI: 0030 - Auftrag empfangen - Bitte die empfangene TAN eingeben.(MBT62820200002) (S)
11:11:49 Dialog wurde nicht abgebrochen, PIN scheint gültig zu sein
11:12:30 Aufträge werden kodiert
11:12:30 Nachricht senden
11:12:30 Verwende GnuTLS Default Ciphers.
11:12:30 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:12:30 Nachricht gesendet
11:12:30 Auf Antwort warten
11:12:30 Antwort erhalten
11:12:30 HBCI: 3060 - Bitte beachten Sie die enthaltenen Warnungen/Hinweise. (M)
11:12:30 HBCI: 3050 - UPD nicht mehr aktuell, aktuelle Version enthalten. (S)
11:12:30 HBCI: 3050 - BPD nicht mehr aktuell, aktuelle Version enthalten. (S)
11:12:30 HBCI: 3920 - Zugelassene Zwei-Schritt-Verfahren für den Benutzer. (S)
11:12:30 HBCI: 0020 - Der Auftrag wurde ausgeführt. (S)
11:12:30 Die TAN "123465" wurde benutzt, Sie können sie streichen.
11:12:30 Dialog wurde nicht abgebrochen, PIN scheint gültig zu sein
11:12:30 Beende Dialog mit dem Server
11:12:30 Aufträge werden kodiert
11:12:30 Nachricht senden
11:12:30 Verwende GnuTLS Default Ciphers.
11:12:30 TLS: SSL-Ciphers ausgehandelt: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
11:12:30 Nachricht gesendet
11:12:30 Aufträge gesendet
11:12:30 Auf Antwort warten
11:12:30 Antwort erhalten
11:12:30 HBCI: 0010 - Nachricht entgegengenommen. (M)
11:12:30 HBCI: 0100 - Dialog beendet. (M)
11:12:30 Dialog wurde nicht abgebrochen, PIN scheint gültig zu sein
11:12:30 AqHBCI abgeschlossen.
11:12:30 Vorgang abgeschlossen, Sie können das Fenster nun schließen.
Hi there,
I am facing the same issue as the OP with DKB, tried the same script on trouble page. I made some more research on this and I think something is wrong in the lib on getting the TAN medium procedure.
I printed out the fetched TAN mechanism in line 312:
https://github.com/raphaelm/python-fints/blob/9e80e6bab933ec2651c34526caec360a0e000d56/fints/utils.py#L309-L311
and got this info:
[('921', fints.formals.TwoStepParameters6(security_function='921', tan_process='2', tech_id='TAN2go', zka_id=None, zka_version=None, name='TAN2go', max_length_input=6, allowed_format=fints.formals.AllowedFormat.NUMERIC, text_return_value='TAN-Nummer', max_length_return_value=3, multiple_tans_allowed=True, tan_time_dialog_association=fints.formals.TANTimeDialogAssociation.ALLOWED, cancel_allowed=False, sms_charge_account_required=fints.formals.SMSChargeAccountRequired.MUST_NOT, principal_account_required=fints.formals.PrincipalAccountRequired.MUST_NOT, challenge_class_required=False, challenge_structured=False, initialization_mode=fints.formals.InitializationMode.CLEARTEXT_PIN_NO_TAN, description_required=fints.formals.DescriptionRequired.MUST, response_hhd_uc_required=False, supported_media_number=2))]
I could identify that there is only one current mechanism '921' which is Tan2Go, having tan_proccess='2'.
Then I get the debug printout corresponding to fints/utils.py#L320 with the following message including the HKTAN6 segment:
We need the name of the TAN medium, let's fetch them from the bank
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 494, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '0', # Dialog-ID
message_number = 1, # Nachrichtennummer
),
[...]
fints.segments.auth.HKTAN6( # Zwei-Schritt-TAN-Einreichung, version 6
header = fints.formals.SegmentHeader('HKTAN', 5, 6), # Segmentkopf
tan_process = '4', # TAN-Prozess
segment_type = 'HKIDN', # Segmentkennung
parameter_challenge_class = fints.formals.ParameterChallengeClass( # Parameter Challenge-Klasse
parameters = [
None,
# 8 empty items skipped
],
),
tan_medium_name = 'DUMMY', # Bezeichnung des TAN-Mediums
),
Obviously, there is the wrong tan_process requested ('4') instead of '2' which is stated in the printed mechanism.
The corresponding reply:
[...]
fints.segments.dialog.HIRMG2( # Rückmeldungen zur Gesamtnachricht
header = fints.formals.SegmentHeader('HIRMG', 3, 2), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '9050',
reference_element = None,
text = 'Die Nachricht enthält Fehler.',
),
fints.formals.Response( # Rückmeldung
code = '3905',
reference_element = None,
text = 'Es wurde keine Challenge erzeugt.',
),
fints.formals.Response( # Rückmeldung
code = '9800',
reference_element = None,
text = 'Dialog abgebrochen',
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 4), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '3920',
reference_element = None,
text = 'Zugelassene Zwei-Schritt-Verfahren für den Benutzer.',
parameters = [
'921',
],
),
fints.formals.Response( # Rückmeldung
code = '9955',
reference_element = None,
text = 'Auftrag nicht ausgeführt - Die Gerätebezeichnung ist unbekannt. (MBV07390100255)',
),
],
),
[...]
Here, the reply has errors (9050, 9800,9955) which are simply ignored by the lib!
Next, the debug message indicates sending another message right after this one:
NOTE:
There is no DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): banking-dkb.s-fints-pt-dkb.de:443 message between receiving the reply and sending the next message!
[...]
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 390, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '219139696033=178479258792BLDS=', # Dialog-ID
message_number = 2, # Nachrichtennummer
),
...
fints.segments.auth.HKTAB4( # TAN-Generator/Liste anzeigen Bestand, version 4
header = fints.formals.SegmentHeader('HKTAB', 3, 4), # Segmentkopf
tan_media_type = fints.formals.TANMediaType2.ALL, # TAN-Medium-Art: Alle
tan_media_class = fints.formals.TANMediaClass3.ALL, # TAN-Medium-Klasse: Alle Medien
),
fints.segments.message.HNSHA2( # Signaturabschluss, version 2
header = fints.formals.SegmentHeader('HNSHA', 4, 2), # Segmentkopf
security_reference = '8045870', # Sicherheitskontrollreferenz
user_defined_signature = fints.formals.UserDefinedSignature( # Benutzerdefinierte Signatur
pin = '***',
),
),
[...]
to which comes the reply:
[...]
fints.segments.dialog.HIRMG2( # Rückmeldungen zur Gesamtnachricht
header = fints.formals.SegmentHeader('HIRMG', 3, 2), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '9050',
reference_element = None,
text = 'Die Nachricht enthält Fehler.',
),
fints.formals.Response( # Rückmeldung
code = '9800',
reference_element = None,
text = 'Dialog abgebrochen',
),
fints.formals.Response( # Rückmeldung
code = '9010',
reference_element = None,
text = 'Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.',
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 3), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '9010',
reference_element = None,
text = 'Auftrag wegen genereller Fehler in Auftragsnachricht nicht verarbeitet.',
),
],
),
[...]
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
ERROR:fints.client:Dialog response: 9050 - Die Nachricht enthält Fehler.
ERROR:fints.client:Dialog response: 9800 - Dialog abgebrochen
ERROR:fints.client:Dialog response: 9010 - Die angegebene Bankreferenz/Dialog-ID ist nicht gültig.
These errors are now detected by the lib but I think the final errors are just a consequence of the previous ones which were disregarded:
- I think the last message should have had
dialog_id = 0(because of the previous errors the previous dialog was considered to be ended by DKB server, so that a new one with id 0 is expected) - the leading message with dialog_id 0 should have the right
tan_process.
Can anyone acknowledge that my observations are right? Otherwise what else can be the problem here?
Can anyone acknowledge that my observations are right?
No, at least your second observation is wrong.
If tan_process=2 is wanted, it is correct that the client replies with tan_process=4. If you want to read up on that, here's the relevant spec: https://www.hbci-zka.de/dokumente/spezifikation_deutsch/fintsv3/FinTS_3.0_Security_Sicherheitsverfahren_PINTAN_2020-07-10_final_version.pdf
You'll want to first read chapter B.4.2 "Abläufe bei Prozessveriante 2" starting on page 29.
For the first observation, without having looked into it in detail, it indeed looks like a bug that the 9050 response code does not result in a Python exception.
Otherwise what else can be the problem here?
No idea. It's interesting that get_sepa_accounts seems to be a problem, which usually is one of the more straight-forward calls. Maybe something is wrong with our HKSPA1 implementation, or maybe with DKB's. Maybe they want 2FA for HKSPA1? Would be weird. No idea, and no fun to debug since I don't have a DKB account ;)
I see a few people have tried gnucash/aqbanking, has anyone tried hibiscus/hbci4java? In hibiscus, it's possible to pull a trace of the raw HBCI communication, so if hibiscus works, one (probably not me) could start a message-by-message comparison with our output to try to figure out the difference.
For the first observation, without having looked into it in detail, it indeed looks like a bug that the 9050 response code does not result in a Python exception.
@raphaelm , thanks for acknowledging at least that there is something wrong because of failed parsing the errors from the reply. I think, it should be easy to debug / check under which circumstances can this happen. This is important because it could avoid consequent misleading errors. I could myself dig deeper if you could tell me some references which file/module/function(s)/parameters should I look into/at. Meanwhile I am reading the passage from the doc you mentioned.
It's interesting that
get_sepa_accountsseems to be a problem, which usually is one of the more straight-forward calls.
I did not even reach that function and had already an exception ;)
I could now break down the issue to the following call stack: https://github.com/raphaelm/python-fints/blob/9e80e6bab933ec2651c34526caec360a0e000d56/fints/utils.py#L321 https://github.com/raphaelm/python-fints/blob/9e80e6bab933ec2651c34526caec360a0e000d56/fints/client.py#L1360 https://github.com/raphaelm/python-fints/blob/9e80e6bab933ec2651c34526caec360a0e000d56/fints/dialog.py#L34-L37 https://github.com/raphaelm/python-fints/blob/9e80e6bab933ec2651c34526caec360a0e000d56/fints/dialog.py#L47-L85 https://github.com/raphaelm/python-fints/blob/9e80e6bab933ec2651c34526caec360a0e000d56/fints/dialog.py#L115-L158 In the dialog.send() function:
- no callbacks passed to
connection.send()function (line 137), - due to
internal_send = truethe error messages are not logged inclient.process_response_message() - the errors 9050, 9800 are not handled in
client._process_response()(line 1266 inclient.py)
That is why the lib just disregards the errors and goes further causing further subsequent errors.
I have seen in line 140:
# FIXME Better handling of HKEND in exception case
which indicates that the problem was recognized and I assume that a solution has to be implemented.
How could a solution to parse the errors occurred in this phase look like?
Of course, this would not solve the final problem with DKB having issue with TAN-process=4 and DUMMY as device description, but at least it will stop at the first error and not cause subsequent errors.
Sinece approx. 2 Month dkb tan2go doesn't work. The app just opens for less than a second before it closes again. Do not receive any TAN's from this app.
