Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Не работает авторизация по номеру телефона #24

Open
90amper opened this issue Oct 8, 2024 · 2 comments
Open

Не работает авторизация по номеру телефона #24

90amper opened this issue Oct 8, 2024 · 2 comments
Labels
help wanted Extra attention is needed

Comments

@90amper
Copy link

90amper commented Oct 8, 2024

Похоже, что ввели какую-то дополнительную проверку. Запрашивается код нормально, но при отправке всегда http 400. В том числе напрямую через api клиент, т.е. проблема не в приложении. Кто-нибудь может свежую версию приложухи прослушать?)
@moleus moleus added the help wanted Extra attention is needed label Oct 9, 2024
@twocolors
Copy link

twocolors commented Nov 24, 2024
edited
Loading

https://gitlab.com/newbit/rootAVD

GET /auth/v2/login/89991234567 HTTP/1.1
User-Agent: Google sdkgphonex86 | Android 11 | erth | 8.18.0 (81800010) |  | null | 99d9b19a-5f89-417e-a6d8-ef11d7d79a1c | null
Host: myhome.proptech.ru
Connection: Keep-Alive
Accept-Encoding: gzip
traceparent: 00-a087a420d08b36325b6b83e6ae4adb9a-67abfa73b2964c93-01
content-length: 0

HTTP/1.1 300 Multiple Choices
Server: nginx
Date: Sun, 24 Nov 2024 16:50:58 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Allownewaddress: true
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
X-VARITI-CCR: 4225056:105
Set-Cookie: rerf=AAAAAGdDWXJ1nJwnBIg+Ag==; expires=Tue, 24-Dec-24 16:50:58 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Set-Cookie: ipp_uid=1732467058308/nc9HQp8jDQuor9Zf/P1LKhYtnELgWHjWQNr4B3A==; Expires=Tue, 31 Dec 2040 23:59:59 GMT; Path=/
Connection: keep-alive
Keep-Alive: timeout=60

99
[{"operatorId":{operator-Id},"subscriberId":{subscriber-Id},"accountId":"{account-Id}","placeId":{place-Id},"address":"***","profileId":null}]
0

!!!

POST /auth/v2/confirmation/89991234567 HTTP/1.1
User-Agent: Google sdkgphonex86 | Android 11 | erth | 8.18.0 (81800010) |  | null | 99d9b19a-5f89-417e-a6d8-ef11d7d79a1c | null
Content-Type: application/json; charset=UTF-8
Content-Length: 136
Host: myhome.proptech.ru
Connection: Keep-Alive
Accept-Encoding: gzip
traceparent: 00-d08a3df6041a672b105daf781c81457c-5fecab004768f304-01

{"operatorId":{operator-Id},"accountId":"{account-Id}","address":"***","subscriberId":"{subscriber-Id}","placeId":{place-Id}}

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Nov 2024 16:52:35 GMT
Content-Length: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
X-VARITI-CCR: 4235658:11
Set-Cookie: rerf=AAAAAGdDWdO5KwJZBFgrAg==; expires=Tue, 24-Dec-24 16:52:35 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Set-Cookie: ipp_uid=1732467154032/iHwb12XVh3UtopWg/yNbQ7ZJ69GzD0mbb3u9HXQ==; Expires=Tue, 31 Dec 2040 23:59:59 GMT; Path=/
Connection: keep-alive
Keep-Alive: timeout=60

!!!

POST /auth/v3/auth/89991234567/confirmation HTTP/1.1
User-Agent: Google sdkgphonex86 | Android 11 | erth | 8.18.0 (81800010) |  | null | 99d9b19a-5f89-417e-a6d8-ef11d7d79a1c | null
Content-Type: application/json; charset=UTF-8
Content-Length: 127
Host: myhome.proptech.ru
Connection: Keep-Alive
Accept-Encoding: gzip
traceparent: 00-eba6985e8e86bff68669570070e04d2f-853ba78eafbb370a-01

{"operatorId":{operator-Id},"login":"89991234567","accountId":"{account-Id}","confirm1":"7890","confirm2":"7890","subscriberId":"{subscriber-Id}"}

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 24 Nov 2024 16:53:18 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: DENY
X-VARITI-CCR: 4236321:12
Set-Cookie: rerf=AAAAAGdDWf6/igJfBHDxAg==; expires=Tue, 24-Dec-24 16:53:18 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Set-Cookie: ipp_uid=1732467195969/2AvLBrJsvbwxoxLU/0Vj3O0oijdOoWz2EKgquZA==; Expires=Tue, 31 Dec 2040 23:59:59 GMT; Path=/
Connection: keep-alive
Keep-Alive: timeout=60

e0
{"operatorId":{operator-Id},"operatorName":"Magadan(005)","tokenType":"Bearer","accessToken":"****","expiresIn":null,"refreshToken":"*****-26e9162a-2bda-5f93-e063-****","refreshExpiresIn":null}
0

а еще для истории следующие запросы теперь UA формируется

User-Agent: Google sdkgphonex86 | Android 11 | erth | 8.18.0 (81800010) | {accountId} | {operatorId} | {installationId} | {places}

@moleus
Copy link
Owner

moleus commented Dec 20, 2024

@twocolors спасибо за дамп запросов аутентификации! Изменилась версия апи подтверждения токена:

/auth/v3/auth/89991234567/confirmation

добавились новые поля

{"operatorId":{operator-Id},"login":"89991234567","accountId":"{account-Id}","confirm1":"7890","confirm2":"7890","subscriberId":"{subscriber-Id}"}

старую, скорее всего, отключили.

Набросал новую реализацию, не тестировал - #29
Попробуйте с этой сборки пройти флоу с подтверждением номера. Тег образа devel-v3-phone-number-auth-api

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@twocolors @90amper @moleus