Garmin again

[gerpsych]

Hi I think the garmin login is broken again. I can't get in though I know my email and password are correct. I have also tried using username as opposed to email - no joy

[duncaninnes]

Yup - noticed same issue this morning. Been uploading daily for a few months, last 2 days are missing. No error on screen. Have tried using both my username and e-mail as authentication options. Both failing.

Is there any way to see the connection logs?

[kochka]

The problem is also that for the moment I can't compile the application anymore with new Google requirements (target of framework ver 26 minimum). So it's difficult to check what's happen and I do not have a lot of free time. Help would be appreciated on this.

[duncaninnes]

My WeightLogger directory has a .FIT file for 12, 12, 13, and 16 April. Matching the dates where I entered new data and an upload took place successfully.

Missing are the .FIT files for 17 & 18th April. Don't know if this helps narrow it down at all.

[gerpsych]

Thanks for the info. Sorry but I don't have the skills to help in this. Good luck.

Cheers

Alan

Sent from Nine

---

From: kochka notifications@github.com Sent: Thursday, 18 April 2019 15:36 To: kochka/WeightLogger Cc: gerpsych; Author Subject: Re: [kochka/WeightLogger] Garmin again (#39)

The problem is also that for the moment I can't compile the application anymore with new Google requirements (target of framework ver 26 minimum). So it's difficult to check what's happen and I do not have a lot of free time. Help would be appreciated on this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[petehobo]

I had a bit of a dig, but I'm no Android developer.

In GarminConnect.signin(), String responseAsString = EntityUtils.toString(entity1); retrieves an HTML page with <div id="status" class="error">An unexpected error has occurred.</div> and no ticket number.

Looks like Garmin has added a CSRF (Cross-Site Request Forgery) check in the login form. A PHP project seems to have the same problem (https://github.com/dawguk/php-garmin-connect/issues/31). Looking at the main connect login page there's a field called _csrf. Don't know enough about CSRF to know how easy it'll be to get a valid value for that.

[GTruss]

For what it's worth, in my debugging session, the code is looking for the ticket number from the SSO login response (in getTicketIdFromResponse). The exception is thrown when it can't find the "ticket = " value.

Using Postman to send a POST request to the SSO link, passing in my Garmin Connect credentials, I'm not seeing a Ticket value returned in the response. It appears to be just an HTML response. I'm not familiar with the login process, so I'm not sure if that's correct or not. I wonder if they removed it in the latest update.

Anyway, will keep digging to see if I can find a solution.

[petehobo]

I've submitted a pull request, which seems to do the trick on my phone. Since I only just installed Android Studio, though, I had to update the build (not part of the pull request, as I didn't want to break anything for @kochka), so I guess there could be incompatibility. I can't see why there would be problems, I'm just saying do your own tests before relying on my change. Hope it helps.

[kochka]

Thanks all ! Petehobo, I'll check your PR tomorrow but the problem is I need to compile the app with an API target 26 because it's required now by Play Store to submit new versions and I've some compilation issues. I'm not an Android dev either, I've done this app for testing purpose long time ago, but I'll try again tomorrow !

[kochka]

Seems I made it works with API 27... Will try your PR asap

[kochka]

I've just deployed a new version (2.3.0) including the fix. Thanks !

[GTruss]

Works great! Thanks for update!

[gerpsych]

Thanks it works fine, you are a star

Cheers

Alan

Sent from Mail for Windows 10

From: kochka Sent: 23 April 2019 17:55 To: kochka/WeightLogger Cc: gerpsych; Author Subject: Re: [kochka/WeightLogger] Garmin again (#39)

I've just deployed a new version (2.3.0) including the fix. Thanks ! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[petehobo]

Good to see the fix worked. Thanks again for the app @kochka - does just what I need

[DaveWilcock]

@petehobo any chance I could get a tldr version of the fix that you applied, or a link to the PR? Hope I can do the same with my php package...

[petehobo]

@dawguk No sweat. The PR's here, but in summary, you need to grab the content of the login form, and pull out the value of the hidden _csrf field. Then when you log in by submitting the form, pass the value in (again as _csrf) with your existing username/password/embed parameters.

The only other thing is to make sure you set the 'Referer' header to the URL of the login form when you submit - since the server's checking for cross-site request forgeries, it needs to know you got the _csrf from it.

Good luck - hope your code is using the same process...

[DaveWilcock]

@petehobo Thanks - the referer stuff would have had me stumped - your PR was invaluable, as I used it as the basis for the fix. All resolved now ;)

[petehobo]

@dawguk glad to hear it. Happy to help