search

konomae / lastpass-python

LastPass Python API
https://pypi.python.org/pypi/lastpass-python
MIT License
182 stars 62 forks source link

Lastpass Changed the Login Route #44

Open TillerBurr opened 3 years ago

TillerBurr commented 3 years ago

Lastpass changed so that /login.php returns an empty string/empty response. This is similar to https://github.com/konomae/lastpass-python/issues/40, except now they are not returning a 500 code and it's only /login.php that doesn't work. The endpoint /iterations.php works as expected and /login.php works on the web. I do not know the fix.

mattaudette commented 3 years ago

I've been running into this too and am puzzled at finding a work around.

Did LastPass purposefully shut down login.php for non-enterprise users because they want to charge a premium for API access?

mattiash commented 3 years ago

lastpass-python stopped working for me a number of days ago and exited with the following backtrace:

Traceback (most recent call last):
  File "/srv/lastpass-python/backup-lastpass.py", line 67, in <module>
    main()
  File "/srv/lastpass-python/backup-lastpass.py", line 58, in main
    backup(args.conffile)
  File "/srv/lastpass-python/backup-lastpass.py", line 16, in backup
    vault = lastpass.Vault.open_remote(username, password)
  File "/srv/lastpass-python/lastpass/vault.py", line 11, in open_remote
    blob = cls.fetch_blob(username, password, multifactor_password, client_id)
  File "/srv/lastpass-python/lastpass/vault.py", line 28, in fetch_blob
    session = fetcher.login(username, password, multifactor_password, client_id)
  File "/srv/lastpass-python/lastpass/fetcher.py", line 28, in login
    return request_login(username, password, key_iteration_count, multifactor_password, client_id)
  File "/srv/lastpass-python/lastpass/fetcher.py", line 102, in request_login
    raise login_error(parsed_response)
lastpass.exceptions.InvalidResponseError: None

I assume that this is the problem discussed in this issue. After some googling, I found the following issue in lastpass-cli: https://github.com/lastpass/lastpass-cli/issues/604

According to that issue, there is a problem with the number of iterations used in PBKDF2. After reading through that issue I followed the instructions for changing the number of iterations on my lastpass account to 100100. After doing that, lastpass-python started working again on my account.

brendanlong commented 3 years ago

The code-level fix (as far as I can tell) is to either change your iterations.php call to use a GET request (although some people reported that this fix didn't work for them), or get your iteration count from login.php like this: https://github.com/lastpass/lastpass-cli/pull/605

mattaudette commented 3 years ago

@mattiash Thanks so much! Advanced settings and setting iterations in Lastpass to the recommended 100100 resolved my issue. It was set to 5000, which I'm not sure if that's a change LogMeIn did or what happened there?

Anyways, I super appreciate your help! I hope that helps others too - https://github.com/lastpass/lastpass-cli/issues/604