Closed fireattack closed 2 years ago
The webpage looks like this:
Flow:
https://account.nicovideo.jp/login/redirector?show_button_twitter=1&site=niconico&show_button_facebook=1&sec=header_pc&next_url=%2F
with usual cookies and form dataLocation
and GET https://account.nicovideo.jp/mfa?continue=https://account.nicovideo.jp/login/mfa/callback?site%3Dniconico%26sec%3Dheader_pc...
https://account.nicovideo.jp/mfa?site=niconico&continue=https%3A%2F%2Faccount.nicovideo.jp%2Flogin%2Fmfa%2Fcallback%3Fsite%3Dniconico%26sec%3Dheader_pc%26...
as form data (otp
, is_mfa_trusted_dace
boolean to mark as trusted device)Location
and GET https://account.nicovideo.jp/login/mfa/callback?site=niconico&sec=header_pc...
Trusting the device seems to do nothing for me, I'm prompted for a code each time. Maybe related to browser privacy fingerprinting.
Basic scaffolding for this is done. Further detail:
ブラウザ
for the device name in the Nico account panel login history2段階認証の設定
disabled in my account but I'm getting prompted for this each login. Definitely seems like a check against suspicious requests, compromised accounts, etc.--session-cookie
) should work as they always have, nothing has changed in how the session actually works@fireattack Can you try with the branch and tell me how it works for you?
Looks good to me!
Given the circumstance, should we start considering saving session or session cookie (even by default, but at least having option) so we can re-use it without re-entering the code every time?
Great! That also seems like a good idea -- probably a dedicated file similar to how we do --netrc
but likely user-specified. I'll consider how to approach that.
When I tried to login today, Niconico asked me to input the verification code sent to my email (it did send), which obviously
nndownload
didn't handle well.This is probably something new, as I've never seen it before.