search

raphaelm / python-fints

Pure-python FinTS (formerly known as HBCI) implementation
https://pypi.python.org/pypi/fints
GNU Lesser General Public License v3.0
324 stars 78 forks source link

Postbank BestSign Login #89

Open michaelgreyskull opened 5 years ago

michaelgreyskull commented 5 years ago

Hello,

thank you for your great software! :) Since Postbank has established new ways of authentication, I wanted to ask if someone already managed to do a login with python-fints using the BestSign authentication mechanism.

When you do the usual initializiation like f = FinTS3PinTanClient(BLZ, PostbankID, password, 'https://hbci.postbank.de/banking/hbci.do') and afterwards call f.get_sepa_accounts() there is this (new) error:

Dialog response: 9050 - Teilweise fehlerhaft. Dialog response: 9999 - Dialog bereits geschlossen. Dialog response: 9800 - Dialog ungueltig/unbekannt.

Usually a login attempt triggers the BestSign app to authorize the login but in this case, I only get the error messages. Probably I have misconfigured (or not yet configured) something. Has anyone connected succesfully using this BestSign method, yet?

Thanks to you!

raphaelm commented 5 years ago

Has anyone connected succesfully using this BestSign method, yet?

I don't think so. I don't know enough about BestSign to decide if this is a duplicate to #72, though

michaelgreyskull commented 5 years ago

Thank you for your fast response!

It's not exactly a duplicate (that's why I opened up this issue specifically for BestSign) but definitely related as this method has been introduced due to PSD2. I hope they do not shut down the FinTS interface completely. I will contact Postbank and keep you updated.

jahir commented 5 years ago

I don't think so. I don't know enough about BestSign to decide if this is a duplicate to #72, though

Related to #72 because of PSD2 I think, but BestSign is conceptually different to usual TAN methods: You get a push message on your smartphone that prompts you to permit the request (which you must confirm with a password or your fingerprint), so there is no TAN to enter and send back via FinTS. I have no clue how (or even if) the server notifies the client that the transaction was confirmed, though. But as I'm still able to use MobileTAN, this is currently no big issue (for me).

With your current psd2 branch it looks like this (TAN mechanism is default, i.e. 920 = BestSign):

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 251, in __enter__
    self._standing_dialog.__enter__()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 37, in __enter__
    self.init()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 74, in init
    segments.append(self.client._get_tan_segment(segments[0], '4'))
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1156, in _get_tan_segment
    seg.tan_medium_name = self.selected_tan_medium.tan_medium_name
AttributeError: 'NoneType' object has no attribute 'tan_medium_name'

When set to 930 (MobileTAN), the results are as expected:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 250, in __enter__
    self._standing_dialog = self._get_dialog()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 269, in _get_dialog
    self._ensure_system_id()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1111, in _ensure_system_id
    HKSYN3(SynchronizationMode.NEW_SYSTEM_ID),
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 80, in init
    retval = self.send(*segments, internal_send=True)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 141, in send
    self.client.process_response_message(self, response, internal_send=internal_send)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 241, in process_response_message
    self._process_response(dialog, segment, response)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1267, in _process_response
    raise FinTSSCARequiredError("This operation requires strong customer authentication.")
fints.exceptions.FinTSSCARequiredError: This operation requires strong customer authentication.
j-ittner commented 5 years ago

Actually I think this is related. BestSign can act as a TAN generator - in that case the BestSign app on the smartphone displays a 6-character TAN after successful authentication, which the user can then manually enter into the application that requested authentication.