Unable to store Telegram account when two-step verification is enabled

smswithoutborders / SMSWithoutBorders-App-Android

SWOB relies heavily on the security of the messages it transmits. We accomplish this by using tools like Android Apps which posses well tested tools for security

GNU General Public License v3.0

110 stars 8 forks source link

Unable to store Telegram account when two-step verification is enabled #134

Open PromiseFru opened 1 week ago

PromiseFru commented 1 week ago

The RelaySMS app fails to prompt for the required password when storing a Telegram account with two-step verification enabled. Instead, it repeatedly outputs the following error:

Two-step verification is enabled and a password is required ...

Steps to Reproduce:

Enable two-step verification for your Telegram account.
Attempt to store the account in the RelaySMS app.
Observe that the input field for the password does not appear, and the error message continues to display.

Expected Behavior:

An input field should appear to allow the user to enter their password when two-step verification is enabled on their Telegram account.

sherlockwisdom commented 1 week ago

@PromiseFru When is this prompt made? Does the gRPC return a method to help know the password is required? If yes please share that thanks

PromiseFru commented 1 week ago

@PromiseFru When is this prompt made? Does the gRPC return a method to help know the password is required? If yes please share that thanks

@sherlockwisdom, the prompt occurs at the code exchange level. After exchanging the code for the first time from Telegram, if two-step verification is enabled, the user is prompted for the password they set for two-step verification and the same verification code initially sent.

The publisher provides the password field at the exchange level in the PNBA code function for this purpose. The error message in the return payload contains a message indicating that the password is required, and the success key in the return payload will be False.

https://github.com/smswithoutborders/SMSWithoutBorders-Publisher/blob/main/docs/grpc.md#exchange-pnba-code-and-store-token

sherlockwisdom commented 1 week ago

@PromiseFru Thanks, does the Telegram API provide any means of knowing if account requires a password?

PromiseFru commented 1 week ago

@PromiseFru Thanks, does the Telegram API provide any means of knowing if account requires a password?

No, the Telegram API does not provide a direct way to determine if an account requires a password for two-step verification. You'll only find out at the code exchange level when the user is prompted for the password if two-step verification is enabled.

sherlockwisdom commented 1 week ago

Relying on failure to determine if password is a hack, we should use a 2 step then to solve it. Please let me know when we have one so the apps start integrating

PromiseFru commented 5 days ago

Relying on failure to determine if password is a hack, we should use a 2 step then to solve it. Please let me know when we have one so the apps start integrating

@sherlockwisdom, the publisher now indicates whether 2-step verification is enabled in the ExchangePNBACodeAndStoreResponse through the two_step_verification_enabled field.

https://github.com/smswithoutborders/SMSWithoutBorders-Publisher/blob/main/docs/grpc.md#response-4