QuestionableQuesting/Xenforo 2 Factor Authentication

[TheAkashicTraveller]

Could we get support for 2FA on zenforo logins? As it is I can't download stories from QQ without having to disable 2FA.

[JimmXinu]

If somebody knows how to do that in Python, I'd be interested it hear about it.

[jcotton42]

As an alternative the browser cache feature could be enabled for Xenforo, I just did this for Patreon for the exact reason of not needing to deal with 2FA.

@TheAkashicTraveller do you have any example stories I could use to test with? I'd be willing to look into enabling browser cache for this site.

[TheAkashicTraveller]

@jcotton42 Do you need any particular story? If not here's one.

[JimmXinu]

base_xenforoforum_adapter / base_xenforo2forum_adapter is probably the most complex downloader in FFF.

For just one example, it's common to need several, sometimes 10s, of network requests to get all the threadmarks because there are multiple threadmark lists and the site only loads partial lists and you have to click a '...' link to see more--usually in the middle.

So for browser cache, the user would need to open all the threadmark lists and make sure all of the entries had been viewed. (And as I recall, the site did not hide the same parts of the list when viewed in browser vs in FFF. Not sure what impact that might have.)

Also, XF sites use post URLs that get redirected to URLs of form thread/page#post. The #post part (the anchor) is not part of the URL as far as the caching system is concerned.

I'm not saying it's impossible, but it would need a great deal of testing and a huge amount of clicking. Dealing with 2FA directly might be easier.

[TheAkashicTraveller]

I guess it depends on how the adapter put's in the password normally. On the QQ end you log in like normal and then it takes you to a new page where it asks for the 2fa code, it goes to this url: https://forum.questionablequesting.com/login/two-step?redirect=https%3A%2F%2Fforum.questionablequesting.com%2F&remember=0

[jcotton42]

Ah, I hadn't realized just how complicated the adapter is, supporting 2FA directly may very well be simpler.

Is there some way for an adapter to ask the user for input during the metadata gathering process?

[JimmXinu]

Currently, an adapter can raise FailedToLogin and AdultCheckRequired exceptions, which cli.py and fff_plugin.py catch and then prompt the user for user/pass or 'yes, adult'.

But only when running interactively. CLI can run with --non-interactive Calibre plugin has the 'Background Metadata' option.

A third exception could be added for collecting a two factor code. The adapter would have to recognize the two factor code and skip the user/pass login part.