sebastianstarke-asot / morganstanley-moneymoney

MoneyMoney Extension to read from Morgan Stanley Stockplanconnect
MIT License
2 stars 1 forks source link

Open the extension for other companies #2

Open hanjo opened 3 years ago

hanjo commented 3 years ago

Hi,

I'd like to use this with for accounts at another company and I'm fine to hardcode this myself, but I'm not sure what needs to be changed exactly. I guess it's these three sections

  local account = {
    name = "Amazon Stockplan",
    owner = "Amazon Stockplan Owner",
    accountNumber = "MS-xxxxxx-xx",
    bankCode = "N/A",
    currency = "EUR",
    type = AccountTypePortfolio,
    portfolio = true
  }

This is probably only description, so should be straight forward.

  local step1Content = JSON():set{
    company_id = "1HH", --static for amazon
    device_info = fingerprint,
  }:json()

I assume the company_id is the identifier shown in the URL after login: https://stockplanconnect.morganstanley.com/index.html#/sps/summary/scomp/XXX/summary

  local amazon = {}
  amazon.name="Amazon"
  amazon.securityNumber="906866"
  amazon.isin = "US0231351067"
  amazon.quantity=quantity
  amazon.price=price
  amazon.amount=amount
  amazon.currencyOfPrice = "EUR"
  amazon.purchasePrice = 0
  amazon.currenctOfPurchasePrice = "EUR"

Here I'm lost. How to get the securityNumber and the isin?

Thanks Greetings Hanjo

sebastianstarke-asot commented 3 years ago

Hey! Thanks yes I do not have access to a depot in stockplan for another company, so wasn’t able to take all hard coding out of it.

Account name etc should be possible to populate in the creation dialog when you add your Depot - have not looked into that but should be easy I think, maybe you can check that out?

Regarding security number and isin: this is just following the data structure for stocks supplied here. https://moneymoney-app.com/api/webbanking/ I am not sure if these values can be scraped from the depot overview pages within stock plan. I would not spend too much time though, I think those values should even be optional and just make it nicer.

Regarding obtaining the company ID I remember that I inspected which data the services were passing and found this in the JSON that was sent in one of the calls. If this is part of the URL even easier :)

Hope this helps! Sebastian

Sent from my iPhone

On 17. Jun 2021, at 14:18, hanjo @.***> wrote:

 Hi,

I'd like to use this with for accounts at another company and I'm fine to hardcode this myself, but I'm not sure what needs to be changed exactly. I guess it's these three sections

local account = { name = "Amazon Stockplan", owner = "Amazon Stockplan Owner", accountNumber = "MS-xxxxxx-xx", bankCode = "N/A", currency = "EUR", type = AccountTypePortfolio, portfolio = true } This is probably only description, so should be straight forward.

local step1Content = JSON():set{ company_id = "1HH", --static for amazon device_info = fingerprint, }:json() I assume the company_id is the identifier shown in the URL after login: https://stockplanconnect.morganstanley.com/index.html#/sps/summary/scomp/XXX/summary

local amazon = {} amazon.name="Amazon" amazon.securityNumber="906866" amazon.isin = "US0231351067" amazon.quantity=quantity amazon.price=price amazon.amount=amount amazon.currencyOfPrice = "EUR" amazon.purchasePrice = 0 amazon.currenctOfPurchasePrice = "EUR" Here I'm lost. How to get the securityNumber and the isin?

Thanks Greetings Hanjo

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

hanjo commented 3 years ago

Hi Sebastian,

I tried changing the parameters above to reflect my company, but oddly it doesn't even reach that part of the code. The server fails on the validateLogin part in line 56, which is even before any of the code segments outlined above. The return message per the log is a HTML webpage (not JSON) with title "Error:StockPlan Connect" and a not-at-all helpful error message "There was an error processing your request. / The website that you are trying to access is currently experiencing technical difficulties." in the body.

I tried a little bit of debugging, but my input parameters (username and password) seem to be correct and also the XSRF token seems to be good.

Any idea what could be causing this?

Thanks! Greetings Hanjo

sebastianstarke-asot commented 3 years ago

Hi Hanjo,

yes! I ran into the same issue. They changed something in the Login flow and the script stopped working for me too since a few days back, so this is unrelated to your changes.

I did not have much time but did some light debugging. When I do the login flow via browser and copy the cookies that my browser session has set when calling validateLogin, the script runs successfully after hard coding those cookies. I suspect that the browser flow going through Home -> getEnvURL -> validateLogin adds cookies through local script or calls i have not yet seen. So in the end, going through the browser flow gives me different cookies vs. calling this through the LUA script, and hence the call to validateLogin yields the error you describe below since we fail some server-side cookie validation. Of all the cookies being added in the browser flow I never saw MSSBAUTH and baLogSession appear in my HTTP Respones via LUA, so these might be the culprits but could not verify yet.

Unfortunately I am not a web developer and my knowledge + tooling is only very rudimentary to double check this and go deeper. If you are able to dig around a little bit more I would totally appreciate your help since now my script is broken :(

Thanks, Sebastian

On 23. Jul 2021, at 13:28, hanjo @.***> wrote:

Hi Sebastian,

I tried changing the parameters above to reflect my company, but oddly it doesn't even reach that part of the code. The server fails on the validateLogin part in line 56, which is even before any of the code segments outlined above. The return message per the log is a HTML webpage (not JSON) with title "Error:StockPlan Connect" and a not-at-all helpful error message "There was an error processing your request. / The website that you are trying to access is currently experiencing technical difficulties." in the body.

I tried a little bit of debugging, but my input parameters (username and password) seem to be correct and also the XSRF token seems to be good.

Any idea what could be causing this?

Thanks! Greetings Hanjo

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sebastianstarke-asot/morganstanley-moneymoney/issues/2#issuecomment-885575109, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATTMFX4TY7MTJ6DWD5Q2KGDTZFG4HANCNFSM463RUVSA.