Pythe1337N / garmin-connect

Makes it simple to interface with Garmin Connect to get or set any data point.
MIT License
145 stars 58 forks source link

Updating user account data #43

Open wscourge opened 1 year ago

wscourge commented 1 year ago

Hey, I struggle trying to update my user account at https://www.garmin.com/account/profile/ and I figured I'll kindly ask for your help. The actual form is behind the "Edit" button on the linked URL.

It's on different subdomain (www) but bases on the same SSO auth when using the browser, and I think that's the problems' root cause, but I don't know how to properly address it. What I've tried:

const { GarminConnect } = require('garmin-connect');
const credentials = {
  email: "...",
  password: "...",
}

const GCClient = new GarminConnect(credentials);

GCClient.login(credentials.email, credentials.password)
  .then(async () => {
    await GCClient.put("https://www.garmin.com/account/api/user", {
      user_full_name: "...",
      user_email: credentials.email,
      user_country: "GB",
      user_language: "en-US"
      // _csrf: "4riLASKZ-hLBG6nQv4AJl_O0ByhU4ylxsen8",
    })
  })
  .catch(console.error)

I would like to specifically update the user_country. The error I receive is HTTP 403 Forbidden.

Thanks for this great package and keep up the good work.

Pythe1337N commented 1 year ago

The GCClient will use cookies the same way as any browser, which of course could cause some problems while using them cross domains. However, I'm not sure if domain filtering is properly implemented or if some cookies are accessible even thou they shouldn't. Probably wouldn't cause any problems sending too many/irrelevant cookies though.

GCClient also adds some extra headers that might cause problems. Right now none of the get/post/put methods support custom headers but take a look at the putJson and postJson methods of CFClient.ts and you might be able to follow along and implement it and give it a try. You'll need to rebuild the js from ts before trying it though.

To make sure, double check what headers are sent along side the account update request using the network tools of your browser to see if there might be some things that are missing. If i remember correctly, the lib itself only have two static headers sent with it's request and the current session is handled using cookies.