Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

An idea to support 2FA (Two factor authentication) for Android users

See original GitHub issue

Okay so I was going to hack in a text message 2FA like here, however it would be nice to have this natively supported so I looked into android / google’s web messages system messages.google.com/web, and it looks like we could do this not so difficultly by using the chrome driver to load up messages.google.com/web , save the screenshot and output the file location to the user to open, then they would use their phone to “pair” the device (IBeam) with the QR code. This would keep working for quite some time through many logins, each new login attempt will trigger an sms code and the webdriver would load conversations and get the latest one automatically.

My pseudo code would be

 if element exists 2fa:
     if device not paired:
         driver.get(web sms url) driver.save_screenshot
         output log filepath
         wait for pair
         set device paired true
     else
         driver.get(web sms url)
         traverse conversation list, look for "your authentication code"
    set form 2fa = code

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:17 (15 by maintainers)

Top GitHub Comments

1reaction

gmcmickencommented, Feb 16, 2021

They broke it, I’ve been running it today with the fixes, so far so good!

1reaction

Voyzcommented, Feb 15, 2021

Wow @gmcmicken that’s a fantastic contribution! 👏🙌 I greatly appreciate your time you put into developing and submitting this, it puts us all on the right path to solving the 2FA problem.

I’d totally introduce the changes you proposed, although I feel it would be useful to nonetheless abstract the way the 2FA code is being provided. So that everything between lines 201 and 234 in your PR would be abstracted in some way that other users could override with their own method - should they for instance use the method described in #8 using twilio - as well as for potential alternatives natively supported in IBeam in the future.

Making this a passed parameter would ease testing and overriding this method, eg:

def authenticate_gateway(driver_path, account, password, key: str = None, base_url: str = None, accessor_2fa : callable = None) -> bool:
    ...
    if two_factor_el and accessor_2fa is not None:
        code_2fa = accessor_2fa()
        two_factor_el[0].send_keys( code_2fa )

Then we’d define the accessor you propose as ibeam/accessors_2fa/google_msg_accessor.py:

def google_msg_2fa_accessor():
    _LOGGER.debug(f'2FA in use: Loading messages.google.com/web')
    driver_2fa = new_chrome_driver(driver_path)
    ...
    return re.search( r'(\d+)', sms_list_el[0].text ).group(1)

Then we’d call it like this:

import google_msg_accessor
_ACCESSOR_2FA = os.environ.get('IBEAM_ACCESSOR_2FA', 'Two-factor Authentication accessor you want to use.')
...
if _ACCESSOR_2FA  == 'google_msg':
    accessor_2fa = google_msg_accessor.google_msg_2fa_accessor
elif _ACCESSOR_2FA == 'some_other_type':
    accessor_2fa = some_other_accessor.some_other_2fa_accessor
else:
    accessor_2fa = None

authenticate_gateway(self.driver_path, 
    self.account, 
    self.password, 
    self.key, 
    self.base_url, 
    accessor_2fa)

Something along these lines, although I’m just hypothesising here - we could figure out how to make using other some_other_2fa_accessor more reasonable too. What do you recon?

In either case, once again thanks for your input - very useful! 😊