pyaarlo
pyaarlo copied to clipboard
twrecked
2FA using IMAP stopped working
I discovered today that logging into Arlo with 2FA IMAP suddenly stopped working after months of successful logins. I use my Gmail account and an app password that I assume is still valid. 2FA failed with both 0.8.0a5 and 0.8.0a6 installed. (BTW: Thanks so much keeping this code working with Arlo!)
I run pyaarlo on a Raspberry Pi with uWSGI and connect to Hubitat using asynchronous HTTP GET requests. Below is the log of starting up uWSGI:
*** Starting uWSGI 2.0.19.1 (32bit) on [Sun Jul 4 13:06:23 2021] *** compiled with version: 8.3.0 on 17 June 2020 09:19:11 os: Linux-4.19.118-v7+ #1311 SMP Mon Apr 27 14:21:24 BST 2020 nodename: arlo-pi machine: armv7l clock source: unix pcre jit disabled detected number of CPU cores: 4 current working directory: /home/pi detected binary path: /usr/local/bin/uwsgi chdir() to /home/pi/webapp/ *** WARNING: you are running uWSGI without its master process manager *** your processes number limit is 7336 your memory page size is 4096 bytes detected max file descriptor number: 1024 lock engine: pthread robust mutexes thunder lock: disabled (you can enable it with --thunder-lock) uwsgi socket 0 bound to TCP address 0.0.0.0:8000 fd 3 Python version: 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0] Python main interpreter initialized at 0x17acdf8 python threads support enabled your server socket listen backlog is limited to 100 connections your mercy for graceful operations on workers is 60 seconds mapped 64408 bytes (62 KB) for 1 cores *** Operational MODE: single process *** 2021-07-04 13:06:24,880 - pyaarlo - INFO - pyarlo 0.8.0a6 starting... 2021-07-04 13:06:24,881 - pyaarlo - WARNING - Problem creating aarlo 2021-07-04 13:07:56,432 - pyaarlo - ERROR - 2fa core retrieval failed failed to login(2fa core retrieval failed)
I disabled IMAP 2FA and instead configured console 2FA using this login:
arlo = pyaarlo.PyArlo(username=USERNAME, password=PASSWORD, tfa_source='console', tfa_type='SMS', storage_dir='aarlo', verbose_debug=True)
but I got the errors below when starting up uWSGI with pyarlo 0.8.0a6. Arlo did manage to return an authentication code on my iPhone. ...
uwsgi socket 0 bound to TCP address 0.0.0.0:8000 fd 3
Python version: 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]
Python main interpreter initialized at 0x20dcdf8
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 64408 bytes (62 KB) for 1 cores
*** Operational MODE: single process ***
2021-07-04 14:35:23,371 - pyaarlo - INFO - pyarlo 0.8.0a6 starting...
Enter Code: Traceback (most recent call last):
File "./arloApp.py", line 38, in
Please close this issue. 2FA using IMAP is working again. Not sure what the problem was. I fixed the warning I was getting by creating the storage_dir "aarlo" which I had omitted.
Perfect timing, I was just about to reply.
I added token caching and it needs a directory to store that information, I guess I need to make that code more robust. I'll also improve the docs for this piece.
And the token caching means it should only generate the 2FA email once every 14 days. If it causes you problems you can turn it off with the save_session=False option.
Uh-oh…IMAP 2FA failed again….seems intermittent...
*** Operational MODE: single process *** 2021-07-04 15:08:35,099 - pyaarlo - INFO - pyarlo 0.8.0a6 starting... 2021-07-04 15:09:41,355 - pyaarlo - ERROR - 2fa core retrieval failed failed to login(2fa core retrieval failed)
I checked my Google app password and it seems to be okay.
On Jul 4, 2021, at 3:04 PM, Steve Herrell @.***> wrote:
Perfect timing, I was just about to reply.
I added token caching and it needs a directory to store that information, I guess I need to make that code more robust. I'll also improve the docs for this piece.
And the token caching means it should only generate the 2FA email once every 14 days. If it causes you problems you can turn it off with the save_session=False option.
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/twrecked/pyaarlo/issues/69#issuecomment-873671097, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACQGB2SPPGYPUFHQDBYIZHDTWDLFVANCNFSM47ZQMWRQ.
Ahh....when I included save_session=False in my login, it worked:
*** Operational MODE: single process *** 2021-07-04 15:29:21,377 - pyaarlo - INFO - pyarlo 0.8.0a6 starting... 2021-07-04 15:29:35,161 - pyaarlo - INFO - pyaarlo starting WSGI app 0 (mountpoint='') ready in 19 seconds on interpreter 0x1889df8 pid: 658 (default app) spawned uWSGI worker 1 (and the only) (pid: 658, cores: 1) [pid: 658|app: 0|req: 1/1] 192.168.0.153 () {28 vars in 351 bytes} [Sun Jul 4 15:29:59 2021] GET / => generated 62 bytes in 47 msecs (HTTP/1.1 200) 2 headers in 79 bytes (1 switches on core 0) [pid: 658|app: 0|req: 2/2] 192.168.0.153 () {28 vars in 351 bytes} [Sun Jul 4 15:29:59 2021] GET / => generated 62 bytes in 3 msecs (HTTP/1.1 200) 2 headers in 79 bytes (1 switches on core 0)
Thanks for the update. I'll double check the authentication operation here.
It's working here for me.
If you get a chance do you mind trying it again with pyaarlo debug enabled. You can add verbose_debug=True to the PyArlo options and turn on DEBUG level logging (I don't know how to do that with the software you are using).
One final question, are you using Arlo in English or another language?
edit: you can ignore that last question, it's working when you don't save the session so I don't think there is an issue reading the code from the emails.
Hi Steve-
It’s working for me now too. This is the login I used:
log in
add verbose_debug=True to enable even more debugging
add dump=True to enable event stream packet dumps
arlo = pyaarlo.PyArlo(username=USERNAME, password=PASSWORD, tfa_source='imap',tfa_type='email', tfa_host=TFA_HOST,tfa_username=TFA_USER, tfa_password=TFA_PWD, save_state=True, dump=False, storage_dir='aarlo', save_session=True, verbose_debug=True)
Should I change any of these settings (maybe just setting verbose_debug=False)?
I had set save_session to False, but changed it to True. Could that have been the problem?
I am using pyaarlo in English.
Thanks.
-Scott San Francisco, CA
On Jul 4, 2021, at 3:12 PM, Scott Miller @.***> wrote:
Uh-oh…IMAP 2FA failed again….seems intermittent...
*** Operational MODE: single process *** 2021-07-04 15:08:35,099 - pyaarlo - INFO - pyarlo 0.8.0a6 starting... 2021-07-04 15:09:41,355 - pyaarlo - ERROR - 2fa core retrieval failed failed to login(2fa core retrieval failed)
I checked my Google app password and it seems to be okay.
On Jul 4, 2021, at 3:04 PM, Steve Herrell @.*** @.***>> wrote:
Perfect timing, I was just about to reply.
I added token caching and it needs a directory to store that information, I guess I need to make that code more robust. I'll also improve the docs for this piece.
And the token caching means it should only generate the 2FA email once every 14 days. If it causes you problems you can turn it off with the save_session=False option.
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/twrecked/pyaarlo/issues/69#issuecomment-873671097, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACQGB2SPPGYPUFHQDBYIZHDTWDLFVANCNFSM47ZQMWRQ.