dequis / purple-facebook

Facebook protocol plugin for libpurple (moved from jgeboski/purple-facebook)
GNU General Public License v2.0
954 stars 88 forks source link

app passwords gone? #526

Open jaymzh opened 3 years ago

jaymzh commented 3 years ago

It looks like FB dropped app-passwords (or at least I can't find them in my settings anymore)... This may mean we have to support FB's full 2-factor flow properly. :/ I can no longer login via pidgin.

tbjorheim commented 3 years ago

Hi. I have the same issue. Get error "Invalid username or password (401)" when I try to connect. The app password page is also removed when I check Facebook using webbrowser. :(

A friend is still able to connect using this plugin, but he also doesn't have the app password page when checking Facebook using webbrowser.

I can't find any official information about Facebook has dropped support for app password, and the help page still refers to the app passord page, which no longer exist for me.

Maybe Facebook just has silently removed support for app passwords. That will maybe means the end for this plugin. :((

jaymzh commented 3 years ago

The internal team just confirmed for me they killed App Passwords and that the help page still being there is a mistake.

There's work to make Platform 2-fac stuff work for this plugin here: https://github.com/dequis/purple-facebook/issues/445 - any help would be appreciated.

Note that this project is in search of a new maintainer (https://github.com/dequis/purple-facebook/issues/518)

john5788 commented 3 years ago

I am seeing the same things. Without 2FA support, this plugin is dead to me.

I tried disabling 2FA on my account, but it immediately spits me back to re-enabling 2FA again. App passwords were a nice way to get around it, but they were silently removed.

dequis commented 3 years ago

The internal team just confirmed for me they killed App Passwords and that the help page still being there is a mistake.

There's work to make Platform 2-fac stuff work for this plugin here: #445 - any help would be appreciated.

Note that this project is in search of a new maintainer (#518)

I guess I'd be up for applying some changes, given the stuff in that ticket.

grimmy commented 3 years ago

The internal team just confirmed for me they killed App Passwords and that the help page still being there is a mistake.

There's work to make Platform 2-fac stuff work for this plugin here: #445 - any help would be appreciated.

Note that this project is in search of a new maintainer (#518)

~Did they kill the researcher settings too? I can't seem to get the whitehat menu item to show up in messenger on android.~

Nevermind, managed to get it working with a test account.

jaymzh commented 3 years ago

@dequis - I'd be happy to donate to your favorite charity again, if that helps. :)

grimmy commented 3 years ago

Eion was able to get me a capture from ios. Looks somewhat simple. I'll try to get to this as soon as I can.

boris-petrov commented 3 years ago

I just got hit by this too... :( I read the other issue and I'm not sure I understand correctly - is there a way right now to make Pidgin work with FB's two-factor auth?

jaymzh commented 3 years ago

@boris-petrov - yes, you can run the python script, get the token, jam it into accounts.xml and it'll work.

jaymzh commented 3 years ago

@grimmy - any update? Did the python script from the other bug help?

grimmy commented 3 years ago

I've kind of got this working, but there's some issues getting it implemented correctly and going to take me a bit of time to figure out.

akhepcat commented 2 years ago

Using the original, or my mostly-automated hack (https://raw.githubusercontent.com/akhepcat/Miscellaneous/master/pidgin-fb-login-2fa.py) of a script (to grab the necessary auth data) i'm not able as of today to log in with 2FA anymore.

I'm able to retrieve the token correctly, but shutting down pidgin, inserting the new token, and restarting just causes the login process on FB to attempt reauthentication.

Unfortunately, i don't know why, and don't have the skills/exp to look at it and see what's going on.

procule commented 2 years ago

Using the original, or my mostly-automated hack (https://raw.githubusercontent.com/akhepcat/Miscellaneous/master/pidgin-fb-login-2fa.py) of a script (to grab the necessary auth data) i'm not able as of today to log in with 2FA anymore.

I'm able to retrieve the token correctly, but shutting down pidgin, inserting the new token, and restarting just causes the login process on FB to attempt reauthentication.

Unfortunately, i don't know why, and don't have the skills/exp to look at it and see what's going on.

Same thing here :(

fangfufu commented 2 years ago

My old app password stopped working too. :(

Penaz91 commented 2 years ago

I had a similar issue where I couldn't log in using the script, remaking the account on pidgin fixed the issue. It seems it's working correctly (at least for me, currently)

akhepcat commented 2 years ago

Tried to remake the account with no success: 1) delete account 2) restart pidgin 3) create new account 4) attempt login 5) quit pidgin 6) run script 7) paste data into accounts.xml 8) start pidgin

And i'm immediately prompted by my phone "a new device requiring 2FA..." to reauthenticate.

sbstratos79 commented 2 years ago

Tried to remake the account with no success:

  1. delete account
  2. restart pidgin
  3. create new account
  4. attempt login
  5. quit pidgin
  6. run script
  7. paste data into accounts.xml
  8. start pidgin

And i'm immediately prompted by my phone "a new device requiring 2FA..." to reauthenticate.

I faced the same issue but after a couple of tries, I noticed that the accounts.xml file was being removed when I exit Pidgin. So I just made all the necessary changes to accounts.xml, copied the contents, closed Pidgin, reloaded accounts.xml, replaced its contents with the modified accounts.xml text and started Pidgin again. This worked for me but I am still facing one issue. Pidgin keeps logging in and out of fb every few minutes. Note that this relogin process doesn't need any manual intervention. It just logs in on its own. But it's very annoying since all the chat windows keep closing when it logs out.

akhepcat commented 2 years ago

I faced the same issue but after a couple of tries, I noticed that the accounts.xml file was being removed when I exit Pidgin. So I just made all the necessary changes to accounts.xml, copied the contents, closed Pidgin, reloaded accounts.xml, replaced its contents with the modified accounts.xml text and started Pidgin again. This worked for me but I am still facing one issue. Pidgin keeps logging in and out of fb every few minutes. Note that this relogin process doesn't need any manual intervention. It just logs in on its own. But it's very annoying since all the chat windows keep closing when it logs out.

@sbstratos79 - see my note over here: it works if you ignore that pop-up! (though i don't know why your accounts.xml would be deleted, that ... seems broken. maybe it's being hidden, or moved somewhere else? I'm on linux, though, and don't use it anywhere else)

https://github.com/dequis/purple-facebook/issues/445#issuecomment-1061266862

sbstratos79 commented 2 years ago

I faced the same issue but after a couple of tries, I noticed that the accounts.xml file was being removed when I exit Pidgin. So I just made all the necessary changes to accounts.xml, copied the contents, closed Pidgin, reloaded accounts.xml, replaced its contents with the modified accounts.xml text and started Pidgin again. This worked for me but I am still facing one issue. Pidgin keeps logging in and out of fb every few minutes. Note that this relogin process doesn't need any manual intervention. It just logs in on its own. But it's very annoying since all the chat windows keep closing when it logs out.

@sbstratos79 - see my note over here: it works if you ignore that pop-up! (though i don't know why your accounts.xml would be deleted, that ... seems broken. maybe it's being hidden, or moved somewhere else? I'm on linux, though, and don't use it anywhere else)

#445 (comment)

I have already seen the comment. I didn't interact with the confirmation notification. But I didn't wait for an sms code either since I've disabled sms confirmation. I use Google authenticator and using that code worked for me. But as I said, i keep getting logged out.

jaymzh commented 2 years ago

@akhepcat - I like your enhancements to my script. I've adopted it and sent you a PR with some fixes.

akhepcat commented 2 years ago

@akhepcat - I like your enhancements to my script. I've adopted it and sent you a PR with some fixes.

Already adopted with one cleanup. :-) Thanks!

I've got some other ideas, but calling dbus from python is outside my wheelhouse. For now. Time to do some research, i guess!

jaymzh commented 2 years ago

I've got some other ideas, but calling dbus from python is outside my wheelhouse. For now.

You might want pystemd - my former coworkers maintain it. There's also a straight dbus library.

akhepcat commented 2 years ago

I've got some other ideas, but calling dbus from python is outside my wheelhouse. For now.

You might want pystemd - my former coworkers maintain it. There's also a straight dbus library.

I think i've got the first pass of what I want it to do at startup but i don't have enough skill to use the dbus interface to actually make the changes in the config file while things are running.

https://raw.githubusercontent.com/akhepcat/Miscellaneous/master/pidgin-fb-login-2fa-v2.py is where i'm working on the next-gen version.

DMJC commented 7 months ago

I've forked this on github and redone the build system using Meson, if someone can assist me with libpurple we should be able to get facebook 2fa working in pretty short order. I've been working on getting bitlebee's facebook api code integrated into the codebase.

jaymzh commented 7 months ago

@DMJC - NICE!

Can you make a PR against this repo from your fork, then people can collaborate on it? @dequis offered to give input/guidance to anyone working on it, he just doesn't have the bandwidth to do the work himself.

DMJC commented 7 months ago

I'm going to need assistance/guidance on how they want to integrate this. I kind of took a flamethrower to the repo. Ripped out all of the .hg stuff and wiped out the auto-tools/automake config.. I'm assuming they will probably want to ingest my meson.build script and incrementally remove/clean up?