NoMore201 / playmaker

Fdroid repository manager fetching apps from Play Store
284 stars 37 forks source link

Login is not persisted #25

Closed fernandocollova closed 5 years ago

fernandocollova commented 6 years ago

What happens?

When I delete the apps docker container, and create it again, the apps asks for my login credentials.

What should have happened?

The container should persist the login in some form, as logging in again will register a new decive

How to reproduce?

Create a container as instructed in the wiki, go to the home page, login, delete the container, go to the home page, see the login prompt again.

Some meta

The main reason for this bug, is that when inspecting the source, I came across your very own gpapi, which states that:

An important note about login function:

def login(self, email=None, password=None, gsfId=None, authSubToken=None)

for first time logins, you should only provide email and password. The module will take care of initalizing the api,upload device information to the google account you supplied, and retrieving a Google Service Framework ID (which, from now on, will be the android ID of a device).

And, as far as I could see, the login in the app is done passing None as both gsfId and authSubToken, as is seen in this line

So, I'm hesitating about logging in again like this. Would you accept any pull requests to save those values somehow? Or maybe if they are sensitive, could you implement a way to view them in the web app so I can save them appropriately, and provide them somehow in the login? And sorry for asking for a feature in that second part, but I just don't know any javascript :/

NoMore201 commented 5 years ago

As stated in README.md, you can define a file inside the fdroid directory called credentials.txt, where you can store email and password for faster login process, skipping the login page. Since recently google started intensifying security checks, I suggest you to avoid this method.

Moreover with commit d9f03b7 you can define in the credentials file also the gsfId and token options. You can retrieve them using gpapi or directly printing those variables in playmaker.

Also, I don't want to automatically store those values for future logins, to prevent problems and headaches when token expires.

NoMore201 commented 5 years ago

TL;DR you can persist your login by specifying gsfId and token variables in file credentials.txt. You can retrieve those values with gpapi or modyfing playmaker code and print those variables. When token expires, it is up to you updating values