undiscord icon indicating copy to clipboard operation
undiscord copied to clipboard

Published 20 hours ago verified publisher icon victornpb

"Could not detect the authorization token! Please make sure Undiscord is up to date"

Open oti4500 opened this issue 1 year ago • 11 comments

Undiscord Version

v5.2.0

Browser

1.48.158 Chromium: 110.0.5481.77 (Official Build) (64-bit)

Extension

TamperMonkey

Reproduction steps

  1. Click to 'trash' icon
  2. Get Author ID, server id and channel id, if nsfw channel, click the checkbox
  3. Click to the Delete button

Actual results

This discord deleting tool doesn't working. I can write no where manually my authentication token (if required).

"Could not detect the authorization token! Please make sure Undiscord is up to date"

Expected results

...

Bug affects

  • [ ] DMs
  • [ ] DMs (group)
  • [X] Channels
  • [X] Channel (NSFW)

Additional information & file uploads

...

oti4500 avatar Mar 11 '23 08:03 oti4500

I had the same issue. The dev tools window must be closed when you start it

hendersonyang avatar Mar 11 '23 21:03 hendersonyang

I had the same issue. The dev tools window must be closed when you start it

you are right, see https://github.com/victornpb/undiscord/pull/439#issuecomment-1455146141

victornpb avatar Mar 13 '23 01:03 victornpb

Wish I could say the issue stopped but it hasn't for me.

KitsuTheFloof avatar Mar 19 '23 17:03 KitsuTheFloof

I also didn't have dev tools open

KitsuTheFloof avatar Mar 20 '23 18:03 KitsuTheFloof

For some reason the token key is not in the local storage anymore. The way I found to fix that is copying the token manually and pasting in the local script inside the getToken function. Attention to not share the local version of your script since it is with your hardcoded token (why would you do that anyways?).

alexcmgit avatar Mar 23 '23 02:03 alexcmgit

For some reason the token key is not in the local storage anymore. The way I found to fix that is copying the token manually and pasting in the local script inside the getToken function. Attention to not share the local version of your script since it is with your hardcoded token (why would you do that anyways?).

they store the token in the localStorage they just read it there and store it in memory to hide it, then store it back once you close discord.

I’m not sure if this is a recent change, but if they do something that's I’m not able to get it automatically I will have to add a text box so you can paste the token manually. I’m very busy this week but I'll try to check this when I can.

what browser and version are you using? I've experienced this issue occasionally in Firefox and Brave but not Chrome

victornpb avatar Mar 23 '23 04:03 victornpb

Google Chrome 111.0.5563.66 (Official Build) (64-bit) (cohort: 111_Win_Cotrol)
Revision c710e93d5b63b7095afe8c2c17df34408078439d-refs/branch-heads/5563@{#995}
OS Windows 10 Version 21H2 (Build 19044.2006)
JavaScript V8 11.1.277.13
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

One thing we could do to get the token programatically is to sniff the tab network requests and wait for the first request with Authorization header key (maybe ask the user to do some action that requires this?).

alexcmgit avatar Mar 23 '23 05:03 alexcmgit

v5.2.1 adds a field to manually input the token under the Advanced section image

I still have to investigate why some people are having issues, but this provides a escape hatch for those having problems

victornpb avatar Mar 27 '23 15:03 victornpb

This issue was also seen when the "Downloads" bottom bar was shown in Brave browser. Closing that bar, made it work again.

delrius-euphoria avatar Mar 29 '23 21:03 delrius-euphoria

that makes sense! their very naive logic to detect devtools thinks the download bar is devtools and disable local storage

victornpb avatar Mar 29 '23 22:03 victornpb

@hannahgrayson19 Thanks for adding it back. Up until Undiscord 4.3.1, the UI had a token input box by default. Can I ask why you chose to get rid of it starting with Undiscord 5.0.0?

my goal with 5.0 was to make it more user friendly and less technical.

while developers understands the risks of handling a token the average user might not. I don’t want undiscord to make users get used to the idea that copying/pasting token is a normal thing, and think they can also do it with any random tool.

You can see I put warning about tokens pretty much everywhere.

https://github.com/victornpb/undiscord#security-concerns

https://github.com/victornpb/undiscord/wiki/authToken

I also put in place lots of things to ensure security of the users:

Like always showing the token as password, not log it anywhere, redact feature by default to ensure the user doesn't leak personal info by accident...

Also: https://github.com/victornpb/undiscord/wiki/Security-Policy

So that was my reasoning taking it out and just make it automatic so people don't have to touch it, but I think adding it back in the advanced section as a fall back is a good compromise

victornpb avatar Mar 30 '23 02:03 victornpb