DakkJaniels
commented
3 years ago Makes sense, please make a PR to implement.
Open timbru31 opened 3 years ago
DakkJaniels
commented
3 years ago Makes sense, please make a PR to implement.
timbru31
commented
3 years ago Already on it 👍
digitalentropy
commented
3 years ago It should also be possible to implement a built-in TOTP generator where the user can save their TOTP secret in the credential file and it handled automatically.
There are plenty of python TOTP generators that could handle this.
timbru31
commented
3 years ago Have fun explaining the user how to get the QR code encoded data into fairgame. While of course this is possible, I'd vote against this. Users already struggle to understand what the test flag is.
digitalentropy
commented
3 years ago Unless I am missing something there is a "Can't scan the barcode?" link at the bottom of every TOTP QR that I've had to use, including Amazon's. They can just add a new authenticator app and copy the secret out of that.
I ran into an issue today where I fairgame was logged in, eventually got a hit, successfully added it to cart, but Amazon decided to prompt for OTP.
Adding built-in 2FA support would be the only way to get around this if it starts increasing in frequency.
DakkJaniels
commented
3 years ago @digitalentropy please submit a PR for it. Thanks.
timbru31
commented
3 years ago They can just add a new authenticator app and copy the secret out of that.
99,99% of the users have TOTP setup, aka the QR code is no longer displayed. Correct me if I'm wrong, but the most famous apps such as Google Authenticator, Microsoft Authenticator nor Authy allows the re-display of the QR code or secret.
digitalentropy
commented
3 years ago They can just add a new authenticator app and copy the secret out of that.
99,99% of the users have TOTP setup, aka the QR code is no longer displayed. Correct me if I'm wrong, but the most famous apps such as Google Authenticator, Microsoft Authenticator nor Authy allows the re-display of the QR code or secret.
I've confirmed that Amazon allows the user to add multiple authenticator apps, so one could simply add a new one for fairgame.
Unfortunately I don't have time at the moment to write the code for it. I was simply providing feedback that I felt was practical and useful. That said, if someone who does have the time has an interest in doing so, I think it's a very worthwhile idea.
Cr4z33
commented
3 years ago Is this still not being implemented? 😥
DakkJaniels
commented
3 years ago It's in PR #636. You can load that if you need it.
Cr4z33
commented
3 years ago @DakkJaniels thanks, but I am not quite sure I understood properly. 😅
Do I have to add/edit anything in my (Docker running) fairgame or do I have to downgrade it to a specific release?
Currently fairgame does not work correctly when running on a 2FA protected account in headless mode as it expects the user to enter the OTP code in the browser windows itself.
Ideally, fairgame would prompt the user for the OTP from the Python CLI and then pass the value via chromedriver onto the page. This should basically be something like
otp_field.send_keys(otp_input + Keys.RETURN)(pseudo code)