Captcha showing up repeatedly after repeated failure and triggering forgot password

[scstraus]

Describe the bug The captcha challenges just keep showing up, asking for email, password, answering captcha and eventually just saying to press the button to attempt login, but they never stop coming however many times I jump through the hoop.

To Reproduce

1. Restart hass
2. Open the notification
3. Do the thing it asks
4. GOTO 2

Expected behavior

Working after entering the captcha

Screenshots Log is probably more useful. PMing you this

System details

• Home-assistant (version): .113.3
• Hassio (Yes/No): (Please note you may have to restart hassio 2-3 times to load the latest version of alexapy after an update. This looks like a HA bug). Yes (I haven't updated in a while)
• alexa_media (version from const.py or HA startup):2.10.1
• alexapy (version from pip show alexapy or HA startup):1.12.1

Logs I am PMing @alandtse a link with a log on the homeassistant community since I'm not sure how much sensitive info is in there (alexa media player doesn't look like it does a great job of sanitizing it's logs).

Additional context Add any other context about the problem here.

[alandtse]

There's a lot of user error in the logs and I'm not seeing anything wrong with the component.

1. You are combining your password with your captcha. Amazon's captcha is only six characters.

   2020-08-18 21:37:58 DEBUG (MainThread) [alexapy.alexalogin] Preparing post to https://www.amazon.com/ap/signin with input data: {'captcha': 'MYPASSWORDnn7x4m'}

2. At a certain point you had a typo in your email address or phone number.

   2020-08-18 21:38:12 DEBUG (MainThread) [custom_components.alexa_media.configurator] Testing login status: {'error_message': 'There was a problem\n            Enter a valid email or mobile number\n          ', 'captcha_required': True, 'captcha_image_url': 'https://opfcaptcha-prod.s3.amazonaws.com/2fbab45403734a6b807676cab70e6fc0.jpg?AWSAccessKeyId=AKIA5WBBRBBB534IDPOF&Expires=1597779792&Signature=IgBzjMKnbIXBsl3LBycz8AmfVKg%3D'}

3. You also tried entering your email in the captcha.

   2020-08-18 21:38:35 DEBUG (MainThread) [alexapy.alexalogin] Preparing post to https://www.amazon.com/ap/signin with input data: {'captcha': 'uname@email.com'}

4. Amazon is saying you're not typing in the captcha correctly multiple times. There's even times it appears you entered spaces in your captcha.

   2020-08-18 21:38:46 DEBUG (MainThread) [custom_components.alexa_media.configurator] Configurator closed for Status: {'error_message': 'There was a problem\n            Enter the characters as they are given in the challenge.\n          ', 'captcha_required': True, 'captcha_image_url': 'https://opfcaptcha-prod.s3.amazonaws.com/6263f4867ca8410ca498d6597410e5f4.jpg?AWSAccessKeyId=AKIA5WBBRBBB534IDPOF&Expires=1597779815&Signature=11PezExc0GY4PRnr9PdJiMoRP7w%3D'}
   ...
   2020-08-18 21:39:37 DEBUG (MainThread) [alexapy.alexalogin] Preparing post to https://www.amazon.com/ap/forgotpassword with input data: {'captcha': '6wpw 8d'}

5. Given the amount of errors, Amazon thinks you were getting hacked and probably sent an email to the account asking your to verify or change your password. In fact it took you to the password forgot page for the last few attempts starting from this line. I'll need to make sure we catch this error case so it's more transparent.

   2020-08-18 21:39:16 DEBUG (MainThread) [alexapy.alexalogin] POST: redirected from
   2020-08-18 21:39:16 DEBUG (MainThread) [alexapy.alexalogin] GET: 
   https://www.amazon.com/ap/forgotpassword?ie=UTF8&showRememberMe=true&showRmrMe=1&use_image_captcha=true&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&forceValidateCaptcha=true&use_audio_captcha=false&csrf=133-8502264-9701000&pageId=amzn_dp_project_dee&openid.return_to=https://alexa.amazon.com/&prevRID=3HD94XK2BZWEGMWVWVC4&openid.assoc_handle=amzn_dp_project_dee&openid.mode=checkid_setup&prepopulatedLoginId=eyJjaXBoZXIiOiJZZmxSL1BNa2twTTAxOHhJYUpiUTMxcm9GTlh1eU1VM0szOVhxa0xxUUVvPSIsInZlcnNpb24iOjEsIklWIjoiV2diczlGeWJiZWlUaldVZlY3ME9QUT09In0%3D&showPasswordChecked=false&rememberMe=true&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&encryptedPasswordExpected=&openid.ns=http://specs.openid.net/auth/2.0&timestamp=1597779545000 with
   2020-08-18 21:39:16 DEBUG (MainThread) [alexapy.alexalogin] Processing https://www.amazon.com/ap/forgotpassword?ie=UTF8&showRememberMe=true&showRmrMe=1&use_image_captcha=true&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&forceValidateCaptcha=true&use_audio_captcha=false&csrf=133-8502264-9701000&pageId=amzn_dp_project_dee&openid.return_to=https://alexa.amazon.com/&prevRID=3HD94XK2BZWEGMWVWVC4&openid.assoc_handle=amzn_dp_project_dee&openid.mode=checkid_setup&prepopulatedLoginId=eyJjaXBoZXIiOiJZZmxSL1BNa2twTTAxOHhJYUpiUTMxcm9GTlh1eU1VM0szOVhxa0xxUUVvPSIsInZlcnNpb24iOjEsIklWIjoiV2diczlGeWJiZWlUaldVZlY3ME9QUT09In0%3D&showPasswordChecked=false&rememberMe=true&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&encryptedPasswordExpected=&openid.ns=http://specs.openid.net/auth/2.0&timestamp=1597779545000
   2020-08-18 21:39:16 DEBUG (MainThread) [alexapy.alexalogin] Captcha/2FA not requested; confirming login.
   ...
   2020-08-18 21:39:39 DEBUG (MainThread) [alexapy.alexalogin] Processing https://www.amazon.com/ap/forgotpassword

If you want, you can try using Advanced Debugging and you can see the literal page Amazon is creating. You should also see if you can manually log into alexa.amazon.com. Lastly, you should try to turn on 2FA as a lot of issues can be worked around by having that enabled.

[broyuken]

Same thing is happening for me now. Constant capcha notification pops up. I type in the capcha, and it pops right back up. I never even get to the text message portion.

edit. I can log into alexa.amazon.com just fine. I've tried restarting HA, did not help.

[alandtse]

@broyuken Absent logs, I don't know what the issue is for you.

[borisfeldman]

I've also had this happen before and it was maddening... What I found has worked (mostly) for me to enter the captcha is to 1) turn off my PiHole AdBlocker and 2) Use Chrome in an incognito window [on macOS Catalina for me] and not Safari. After the captcha succeeds, I can re-enable my ad blocker and go back to using Safari as I do normally.

Suggestion: It could be helpful to have the integration send a TTS "success" message to all defined Echo's to confirm that the integration is correctly configured and everything is working end-to-end.

[cajuncoding]

I've also had this happen before and it was maddening... What I found has worked (mostly) for me to enter the captcha is to 1) turn off my PiHole AdBlocker and 2) Use Chrome in an incognito window [on macOS Catalina for me] and not Safari. After the captcha succeeds, I can re-enable my ad blocker and go back to using Safari as I do normally.

Suggestion: It could be helpful to have the integration send a TTS "success" message to all defined Echo's to confirm that the integration is correctly configured and everything is working end-to-end.

You're right, it really drives you crazy because it seems like it would affect everyone.

This was occurring for me also recently -- Alexa Media Player was working fine for a while. But a week ago I got notified to re-configure the captcha (2FA enabled) and got stuck in an endless loop of Captchas.... sure I figured I was entering 50% of them wrong because it's just darn hard to tell what they are. But not 100%. I've tried with Amazon 2FA both enabled & disabled... both kept the endless loop of Captchas.

Anyhow your tip to use Chrome Incognito actually finally worked for me. I did not have to disable my pi-hole... it was still running, but I did open up HomeAssistant in an incognito tab and then re-installed Alexa Media Player, now with 2FA disabled (as I was trying that). Upon re-logging-in through the configuration flow of HomeAssistant, it finally worked on the second captcha (which I probably did enter the first one wrong).

Thanks!

[broyuken]

I ended up just trying and it eventually went through. If this happens again I will try incognito.

[scstraus]

You are combining your password with your captcha. Amazon's captcha is only six characters.

This is exactly what it asked me to do. It told me to enter my password and the captcha, but there was only one text box.. I would love to know the "right" way of doing this. In each case I did my best to read the request and give it what it wanted, but some of the requests were very difficult.. The times I entered spaces in the captcha were after it didn't accept it without spaces about 15 times and I was just seeing if those gaps in the captcha were meant to be spaces. Go back and look at the red text it bases it's message off in the UI and in each case and you will see that I was trying to do exactly the thing it asked me to do. In some cases it was asking for an email address or phone numbers, sometimes just the captcha, sometimes my password and the captcha, sometimes press a button to attempt login....etc...etc...

Just entering the capcha many times doesn't work either, I tried that for a long time before I started reading the messages ;-).

[mwunderling]

Chiming in since I "was" experiencing the same issue scstraus & broyken commented on. The notification in HA to reauth started a few hours ago for me ....it was an endless notification loop as scstraus pointed out. Haven't made any updates on my end that could have triggered it ....it just showed up and restarting HA didn't solve it. Entering the captcha CORRECTLY never worked for me.

As suggested, using incognito mode broke the loop on my end. Not familiar with the communication between the component and Alexa....but something seems amiss there, rather than being on the user end....

[BuxtonCalvin]

I was able to break out of the loop by logging into HA in incognito mode and then bringing up the captcha. However, I was also sent a 2FA to my phone by Amazon that I had to input into the captcha after inputting the actual captcha first. Two separate captcha pop-ups. Not sure what that is about as I do not have 2FA enabled for my Amazon account.

[alandtse]

If Amazon has introduced a page that requires both a Catpcha and a 2FA push at the same time, then that would potentially be the cause. However, no one has provided the logs or advanced debugging output showing that page so I can't solve it until I see it.

On why Incognito makes a difference, Amazon is probably checking something against the IP address and treats it differently if it has logged in recently from the IP. We emulate a Chrome user agent so that probably is getting tied together to the Incognito login to avoid the part of the Catpcha/2FA check.

[riston]

I am running into similar problems the Alexa Catpcha notification remains in loop, now I am receiving:

Amazon will send a push notification per the below message. Please completely respond before continuing.

To complete the sign-in, approve the notification sent to: Mobile number

The problem is that nothing will be sent and no further action could be taken :(

[cajuncoding]

@riston

Perhaps this will help. I had this issue when I first set up alexa media player a while back and this thread resolved the issue for me perfectly:

https://community.home-assistant.io/t/alexa-media-player-2-factor-verification-code-not-received/176777/2?u=raerae1616

In summary, you need to enable 2FA using an authenticator app, I used the Google Authenticator (on iPhone) and it worked well to get me past the issue where push notifications were never sent/received.

[cajuncoding]

@alandtse

If Amazon has introduced a page that requires both a Catpcha and a 2FA push at the same time, then that would potentially be the cause. However, no one has provided the logs or advanced debugging output showing that page so I can't solve it until I see it.

On why Incognito makes a difference, Amazon is probably checking something against the IP address and treats it differently if it has logged in recently from the IP. We emulate a Chrome user agent so that probably is getting tied together to the Incognito login to avoid the part of the Catpcha/2FA check.

Incognito or not, the IP address to Amazon would be the same -- everything is behind my NAT firewall which is likely the same for everyone. However, now if you believe there is a cookie that is being used then yes maybe they are doing some tracking. But doesn't explain why there is an endless loop.

In my experience the loop constantly resulted in the HomeAssistant screen prompting for both Password + Captcha on the same screen. No requirement for 2FA... so that may be yet another different experience.

[alandtse]

@riston You're describing a different issue #807. I am marking your comment and subsequent replies as off-topic. Please continue any discussion on the appropriate thread.

[skynet01]

Happening with me as well. It takes the captcha and everything seems ok for about 30 seconds and then it comes up again. Here is what's in my log

alexaapi.get_state((<alexapy.alexaapi.AlexaAPI object at 0xa68fb568>,), {}): An error occured accessing AlexaAPI: An exception of type AlexapyLoginError occurred. Arguments: ('Session is closed',)

Websocket is missing ubid-main and ubid-acbcom cookies; please report this if anything isn't working. websocket connection is closing.

Also tried this with incognito, same thing

[brianhanifin]

I solved my problem. I am going to share my mistake in case it could help someone else.

Months ago when I removed the YAML Integration and added the Integration via the Integrations page, I forgot about to disable the notify.alexa_media YAML integration.

I didn't discover this until I tried removing the Alexa Media Player Integration from the Integrations page, and I was very, very surprised to see the following error in the log when I tested my "Turn off the fan" Alexa Routine (which calls a script in Home Assistant).

2020-08-22 08:07:33 ERROR (MainThread) [homeassistant.components.script.alexa_turn_off_the_fan] alexa_turn_off_the_fan: Error executing script.
Invalid data for call_service at pos 2: not a valid value for dictionary value @ data['entity_id']

The error is due to my Last Alexa sensor being empty, due to no media_players getting setup. That's when I searched my configuration.yaml and discovered the notify.alexa_media was still defined! Removing the notify declaration then adding the Alexa Media Player back via the Integrations page.

[alandtse]

@brianhanifin I'm not sure what your'e describing is the same problem as described on this page. Are you sure you were getting a repeated captcha problem because of your notify setting? Otherwise, I'll likely mark it as off-topic.

[brianhanifin]

I removed both integrations, re-added the Alexa Media Player integration only and the problem went away. I shared this because I happened to have this page open, and my symptoms were similar. You can delete my comments if you like, it won't hurt my feelings. 😄

[alandtse]

@brianhanifin I'm just trying to figure out if you were getting the repeated Captcha behavior or not to understand if it was a related issue.

[alandtse]

I'll be closing since the actual error submitted was because the user triggered a forgot password which is resolved in the next version. If you actually are running into this and can create logs showing that the captcha page also demands a 2FA, please open a new ticket.

[alandtse]

Reopening since at least one person appears to be debugging. If you are getting 'URL' object has no attribute 'decode'" please use this PR for alexapy and report logs.

EDIT: On second thought, I'll debug it in a new issue.