search

zeroclutch / f1-fantasy-api

A Node.js API library for the F1 Fantasy API.
https://zeroclutch.github.io/f1-fantasy-api/
15 stars 0 forks source link

Receiving CAPTCHA error on authenticated requests #2

Closed zeroclutch closed 2 years ago

zeroclutch commented 2 years ago

When trying to authenticate using the /by-password endpoint, we can receive the following error.

Discouragingly, it does not initially appear that including a valid reese84 cookie fixes this issue. Oddly, this issue has not appeared in Postman while on the same IP. 

'<!DOCTYPE html>\n' +
      '<html>\n' +
      '    <head>\n' +
      '        <noscript>\n' +
      '            <title>Pardon Our Interruption</title>\n' +
      '        </noscript>\n' +
      '\n' +
      '        <meta name="viewport" content="width=1000">\n' +
      '        <meta name="robots" content="noindex, nofollow">\n' +
      '        <meta http-equiv="cache-control" content="no-cache, no-store, must-revalidate">\n' +
      '        <meta http-equiv="pragma" content="no-cache">\n' +
      '        <meta http-equiv="expires" content="0">\n' +
      '\n' +
      '        <style>\n' +
      "            .container { max-width: 800px; margin: auto; font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #7a838c; }\n" +
      '            h1 { color: #2a2d30; font-weight: 500; }\n' +
      '            li { margin: 0 0 10px; }\n' +
      '            a { color: #428bca; }\n' +
      '            a:hover, a:focus { color: #2a6496; }\n' +
      '        </style>\n' +
      '\n' +
      '        <script>\n' +
      '            function showBlockPage() {\n' +
      '                document.title = "Pardon Our Interruption"\n' +
      '                document.getElementsByClassName("container")[0].style.display = "block";\n' +
      '            }\n' +
      '            setTimeout(showBlockPage, 10000);\n' +
      '\n' +
      '            // Language configuration for captcha. See each specific captcha provider for which\n' +
      '            // languages are supported\n' +
      '            // window.geetestLang = "en";\n' +
      '            // window.recaptchaLang = "en";\n' +
      '        </script>\n' +
      '\n' +
      '        <!-- This head template should be placed before the following script tag that loads the challenge script -->\n' +
      "        <script>window.addEventListener('load', showBlockPage)</script>\n" +
      '        <script type="text/javascript" src="/6657193977244c13" async defer></script>\n' +
      '\n' +
      '    </head>\n' +
      '    <body>\n' +
      '        \n' +
      '\n' +
      '        <div class="container">\n' +
      '            <script>document.getElementsByClassName("container")[0].style.display = "none";</script>\n' +
      '\n' +
      '            <h1>Pardon Our Interruption</h1>\n' +
      '            <p>As you were browsing something about your browser made us think you were a bot. There are a few reasons this might happen:</p>\n' +
      '            <ul>\n' +
      "                <noscript><li>You've disabled JavaScript in your web browser.</li></noscript>\n" +
      "                <li>You're a power user moving through this website with super-human speed.</li>\n" +
      "                <li>You've disabled cookies in your web browser.</li>\n" +
      "                <li>A third-party browser plugin, such as Ghostery or NoScript, is preventing JavaScript from running. Additional information is available in this <a title='Third party browser plugins that block javascript' href='https://help.distilnetworks.com/hc/en-us/articles/212154438-Third-Party-Browser-Plugins-That-Block-JavaScript' target='_blank'>support article</a>.</li>\n" +
      '            </ul>\n' +
      '\n' +
      '            <!-- These paragraphs are displayed depending on if an identify or captcha page is returned  -->\n' +
      '            <p id="identify-msg" style="display: none">To regain access, please make sure that cookies and JavaScript are enabled before reloading the page.</p>\n' +
      '\n' +
      '            <p id="captcha-msg" style="display: none">After completing the CAPTCHA below, you will immediately regain access to the site again.</p>\n' +
      '\n' +
      '            <p id="extraUnblock"><small style="font-size: 8pt">IP</small></p>`\n' +
      '        </div>\n' +
      '    </body>\n' +
      '</html>\n'

Working cURL request:

curl --location --request POST 'https://api.formula1.com/v2/account/subscriber/authenticate/by-password' \
--header 'authority: api.formula1.com' \
--header 'pragma: no-cache' \
--header 'cache-control: no-cache' \
--header 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"' \
--header 'dnt: 1' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'user-agent: RaceControl' \
--header 'content-type: application/json' \
--header 'accept: application/json, text/javascript, */*; q=0.01' \
--header 'apikey: fCUCjWrKPu9ylJwRAv8BpGLEgiAuThx7' \
--header 'sec-ch-ua-platform: "macOS"' \
--header 'origin: https://account.formula1.com' \
--header 'sec-fetch-site: same-site' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-dest: empty' \
--header 'referer: https://account.formula1.com/' \
--header 'accept-language: en-US,en;q=0.9' \
--header 'cookie;' \
--data-raw '{"Login":"example@gmail.com", "Password": "password", "DistributionChannel": "d861e38f-05ea-4063-8776-a7e2b6d885a4"}'

It's unclear why the JS request doesn't work as consistently as Postman.

zeroclutch commented 2 years ago

This issue should be resolved with 03d57bd. It's yet unclear if making valid requests will lead to a consistent avoidance of CAPTCHAs. If so, it's highly unlikely that is intended by PlayOn.

zeroclutch commented 2 years ago

c2302002 checks each request for a "Set-Cookie" header and automatically adds it to the next request's cookie. This has allowed us to make multiple consecutive successful requests and maintain a session. This issue should be solved.