instagram4j / instagram4j

:camera: Instagram private API in Java
Apache License 2.0
915 stars 274 forks source link

Challenge fails on parsing exception #562

Open shawnxman1423 opened 3 years ago

shawnxman1423 commented 3 years ago

Pre-Checklist

I made sure...


Describe the bug

ChallengeRequired response does not contains "challenge_context", this cause IGChallengeUtils.resolveChallenge as challenge_context is marked non-null but is null

It seems like the challenge response is a bit different(?):

"url" -> "https://i.instagram.com/challenge/?next=/api/v1/qe/sync/"
"api_path" -> "/challenge/"
"hide_webview_header" -> {Boolean@15840} true
"lock" -> {Boolean@15840} true
"logout" -> {Boolean@15843} false
"native_flow" -> {Boolean@15840} true
"flow_render_type" -> {Integer@15846} 0

How to reproduce

I am not sure how to make instagram block you and ask for a challenge. (if there is a way, please tell me.)

After you have got yourself challenged (on login), I call wrapAPIException { IGChallengeUtils.resolveChallenge(client, response) { code.replace("\\s".toRegex(), "") } }

which results in challenge_context is marked non-null but is null.

Expected behavior

Challenge will pass

Actual behavior

Challenge fail because of challenge_context is marked non-null but is null.

trace:

2021-01-27 02:12:39.767 11656-11656/*.*.* E/(CoroutineExceptionHandler.kt:111)handleException(): java.lang.NullPointerException: challenge_context is marked non-null but is null
        at com.github.instagram4j.instagram4j.requests.challenge.ChallengeStateGetRequest.<init>(ChallengeStateGetRequest.java:10)
        at com.github.instagram4j.instagram4j.utils.IGChallengeUtils.requestState(IGChallengeUtils.java:28)
        at com.github.instagram4j.instagram4j.utils.IGChallengeUtils.resolveChallenge(IGChallengeUtils.java:63)
        at com.github.instagram4j.instagram4j.utils.IGChallengeUtils.resolveChallenge(IGChallengeUtils.java:97)
jvogit commented 3 years ago

If you may, please set logging level to debug in order to get the request and response bodies for the http requests. Thank you! This appears to be a challenge occurring in a qe sync request. Resolve challenge is intended for challenge response at the login endpoint. I haven't encountered this so logs would be appreciated!

shawnxman1423 commented 3 years ago

I will attach my OkHttp logs on Level.Body. I hope that is what you meant.

I also have trouble parsing the exception back to LoginResponse. it is probably because it fails on QeSync as you said!

OkHttp[shawnxman1423]: --> POST https://i.instagram.com/api/v1/qe/sync/
OkHttp[shawnxman1423]: Content-Length: 17611
OkHttp[shawnxman1423]: Connection: close
OkHttp[shawnxman1423]: Content-Type: application/x-www-form-urlencoded; charset=UTF-8
OkHttp[shawnxman1423]: Accept-Language: en-US
OkHttp[shawnxman1423]: X-IG-Capabilities: 3brTvw==
OkHttp[shawnxman1423]: X-IG-App-ID: 567067343352427
OkHttp[shawnxman1423]: User-Agent: Instagram 171.0.0.29.121 Android (29/10; 280dpi; 720x1411; samsung; SM-A115F; a11q; qcom; ; 171.0.0.29.121)
OkHttp[shawnxman1423]: X-IG-Connection-Type: WIFI
OkHttp[shawnxman1423]: X-Ads-Opt-Out: 0
OkHttp[shawnxman1423]: X-CM-Bandwidth-KBPS: -1.000
OkHttp[shawnxman1423]: X-CM-Latency: -1.000
OkHttp[shawnxman1423]: X-IG-App-Locale: en_US
OkHttp[shawnxman1423]: X-IG-Device-Locale: en_US
OkHttp[shawnxman1423]: X-Pigeon-Session-Id: 92b72ea2-1fcc-4d91-9ee1-5be937f8ca69
OkHttp[shawnxman1423]: X-Pigeon-Rawclienttime: 1611707119309
OkHttp[shawnxman1423]: X-IG-Connection-Speed: 3863kbps
OkHttp[shawnxman1423]: X-IG-Bandwidth-Speed-KBPS: -1.000
OkHttp[shawnxman1423]: X-IG-Bandwidth-TotalBytes-B: 0
OkHttp[shawnxman1423]: X-IG-Bandwidth-TotalTime-MS: 0
OkHttp[shawnxman1423]: X-IG-Extended-CDN-Thumbnail-Cache-Busting-Value: 1000
OkHttp[shawnxman1423]: X-IG-Device-ID: 3ba03f41-78f3-4947-9456-21ff0b063b99
OkHttp[shawnxman1423]: X-IG-Android-ID: android-87f5ee79f1fc92bf
OkHttp[shawnxman1423]: X-FB-HTTP-engine: Liger
OkHttp[shawnxman1423]: 
OkHttp[shawnxman1423]: signed_body=SIGNATURE.%7B%22_csrftoken%22%3A%22eBgrRLx77KrT4xOsuteeHJHubCfQArTj%22%2C%22device_id%22%3A%22android-87f5ee79f1fc92bf%22%2C%22guid%22%3A%223ba03f41-78f3-4947-9456-21ff0b063b99%22%2C%22id%22%3A%223ba03f41-78f3-4947-9456-21ff0b063b99%22%2C%22phone_id%22%3A%2278845c58-f1c7-4a1f-99e8-2f4ca45845a5%22%2C%22experiments%22%3A%22ig_android_shopping_checkout_signaling%2Cig_shopping_checkout_improvements_universe%2Cig_android_mqtt_cookie_auth_memcache_universe%2Cig_android_stories_music_search_typeahead%2Cig_android_delayed_comments%2Cig_android_direct_mutation_manager_media_3%2Cig_android_gif_preview_quality_universe%2Cig_fb_graph_differentiation%2Cig_android_shopping_bag_null_state_v1%2Cig_android_stories_share_extension_video_segmentation%2Cig_android_vc_migrate_to_bluetooth_v2_universe%2Cig_android_direct_reshare_chaining%2Cinstagram_ns_qp_prefetch_universe%2Cig_android_separate_empty_feed_su_universe%2Cig_android_zero_rating_carrier_signal%2Cig_direct_holdout_h1_2019%2Cig_explore_2019_h1_destination_cover%2Cig_android_biz_ranked_requests_universe%2Cig_android_explore_recyclerview_universe%2Cig_android_image_pdq_calculation%2Cig_android_vc_service_crash_fix_universe%2Cig_camera_android_subtle_filter_universe%2Cig_android_direct_add_member_dialog_universe%2Cig_android_viewpoint_stories_public_testing%2Cig_graph_management_h2_2019_universe%2Cig_android_photo_creation_large_width%2Cig_android_save_all%2Cig_android_ttcp_improvements%2Cig_shopping_bag_universe%2Cig_android_quick_promote_universe%2Cig_android_recyclerview_binder_group_enabled_universe%2Cig_android_stories_viewer_tall_android_cap_media_universe%2Cig_android_video_exoplayer_2%2Cig_rn_branded_content_settings_approval_on_select_save%2Cig_android_account_insights_shopping_content_universe%2Cig_android_render_thread_memory_leak_holdout%2Cig_threads_clear_notifications_on_has_seen%2Cig_android_bullying_warning_system_2019h2%2Cig_android_camera_reduce_file_exif_reads%2Cig_android_stories_blacklist%2Cig_payments_billing_address%2Cig_android_fs_new_gallery_hashtag_prompts%2Cig_android_sidecar_segmented_streaming_universe%2Cig_camera_android_gyro_senser_sampling_period_universe%2Cig_android_xposting_feed_to_stories_reshares_universe%2Cig_emoji_render_counter_logging_universe%2Cig_android_flexible_contact_and_category_for_creators%2Cig_android_image_upload_quality_universe%2Cig_android_enable_zero_rating%2Cig_android_direct_leave_from_group_message_requests%2Cig_android_unfollow_reciprocal_universe%2Cig_android_stories_viewer_modal_activity%2Cig_android_publisher_stories_migration%2Cig_android_stories_context_sheets_universe%2Cig_android_stories_vpvd_container_module_fix%2Cinstagram_android_profile_follow_cta_context_feed%2Cig_android_stories_boomerang_v2_universe%2Cig_android_vc_cowatch_universe%2Cig_android_live_qa_viewer_v1_universe%2Cig_shopping_insights_wc_copy_update_android%2Candroid_cameracore_fbaudio_integration_ig_universe%2Cig_android_explore_reel_loading_state%2Cig_android_wellbeing_timeinapp_v1_universe%2Cig_end_of_feed_universe%2Cig_android_mainfeed_generate_prefetch_background%2Cig_android_feed_ads_ppr_universe%2Cig_xposting_mention_reshare_stories%2Cig_android_vc_shareable_moments_universe%2Cig_android_igtv_watch_later%2Cig_android_shopping_product_metadata_on_product_tiles_universe%2Cig_android_video_qp_logger_universe%2Cig_android_frx_highlight_cover_reporting_qe%2Cig_email_sent_list_universe%2Cig_android_stories_video_prefetch_kb%2Cig_inventory_connections%2Cig_android_canvas_cookie_universe%2Cig_android_effect_gallery_post_capture_universe%2Cig_android_video_streaming_upload_universe%2Cig_android_raven_video_segmented_upload_raven_only_universe%2Cig_android_partial_share_sheet%2Cig_android_camera_tti_improvements%2Cig_android_show_self_followers_after_becoming_private_universe%2Cig_camera_android_release_drawing_view_universe%2Cig_android_music_story_fb_crosspost_universe%2Cig_android_payments_growth_promote_payments_in_payments
OkHttp[shawnxman1423]: --> END POST (17611-byte body)
OkHttp[shawnxman1423]: <-- 400 https://i.instagram.com/api/v1/qe/sync/ (1108ms)
OkHttp[shawnxman1423]: content-type: application/json; charset=utf-8
OkHttp[shawnxman1423]: x-instagram-trace-enabled: True
OkHttp[shawnxman1423]: x-instagram-trace-token: ZGM4ODAwZjQ1ZTkyNGZiNTgzY2IzMDIxZGY0MDZhNjF8MmEwMTo3M2MwOjUwMjo3OWYxOjY5N2I6ZTVjODo2YzU3OmZiMGE=
OkHttp[shawnxman1423]: vary: Accept-Language, Cookie
OkHttp[shawnxman1423]: content-language: en
OkHttp[shawnxman1423]: date: Wed, 27 Jan 2021 00:25:21 GMT
OkHttp[shawnxman1423]: strict-transport-security: max-age=31536000
OkHttp[shawnxman1423]: cache-control: private, no-cache, no-store, must-revalidate
OkHttp[shawnxman1423]: pragma: no-cache
OkHttp[shawnxman1423]: expires: Sat, 01 Jan 2000 00:00:00 GMT
OkHttp[shawnxman1423]: x-frame-options: SAMEORIGIN
OkHttp[shawnxman1423]: content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests
OkHttp[shawnxman1423]: cross-origin-embedder-policy-report-only: require-corp;report-to="coep"
OkHttp[shawnxman1423]: report-to: {"group": "coep", "max_age": 86400, "endpoints": [{"url": "/security/coep_report/"}]},{"group": "coop", "max_age": 86400, "endpoints": [{"url": "/security/coop_report/"}]}
OkHttp[shawnxman1423]: origin-trial: AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
OkHttp[shawnxman1423]: cross-origin-opener-policy: same-origin-allow-popups;report-to="coop"
OkHttp[shawnxman1423]: x-content-type-options: nosniff
OkHttp[shawnxman1423]: x-xss-protection: 0
OkHttp[shawnxman1423]: x-aed: 38
OkHttp[shawnxman1423]: access-control-expose-headers: X-IG-Set-WWW-Claim
OkHttp[shawnxman1423]: ig-set-authorization: Bearer IGT:2:eyJkc191c2VyX2lkIjoiNTE2NjcxMzIiLCJzZXNzaW9uaWQiOiI1MTY2NzEzMiUzQXdZekZzSGV5RXFpdE5KJTNBMSIsInNob3VsZF91c2VfaGVhZGVyX292ZXJfY29va2llcyI6dHJ1ZX0=
OkHttp[shawnxman1423]: ig-set-use-auth-header-for-sso: True
OkHttp[shawnxman1423]: ig-set-x-mid: YASrjgABAAGKkpNxMUTnoD-4YyvR
OkHttp[shawnxman1423]: ig-set-ig-u-ig-direct-region-hint: 
OkHttp[shawnxman1423]: ig-set-ig-u-shbid: 3269
OkHttp[shawnxman1423]: ig-set-ig-u-shbts: 1611697303.8817055
OkHttp[shawnxman1423]: ig-set-ig-u-rur: ATN
OkHttp[shawnxman1423]: ig-set-ig-u-ds-user-id: 51667132
OkHttp[shawnxman1423]: set-cookie: rur=ATN; Domain=.instagram.com; HttpOnly; Path=/; Secure
OkHttp[shawnxman1423]: content-length: 264
OkHttp[shawnxman1423]: x-fb-trip-id: 780166575
OkHttp[shawnxman1423]: alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
OkHttp[shawnxman1423]: 
OkHttp[shawnxman1423]: {"message": "challenge_required", "challenge": {"url": "https://i.instagram.com/challenge/?next=/api/v1/qe/sync/", "api_path": "/challenge/", "hide_webview_header": true, "lock": true, "logout": false, "native_flow": true, "flow_render_type": 0}, "status": "fail"}
OkHttp[shawnxman1423]: <-- END HTTP (264-byte body)