Not authenticated when getting profile

[alxwrd]

Summary

When making a request to get a players profile, the request is rejected with Not permitted: not authenticated.

If I make a request to /api/papi-client/stats/cod/v1/title/mw/platform/uno/gamer/<username>/profile/type/wz in the browser, the request returns successfully.

The profiles I'm attempting to fetch are my own, and people on my friends list.

Potentially related: #43. I've raised this because it's a different endpoint. If it's the same issue, this can be closed.

Reproduction Steps

import asyncio
import json

import callofduty


async def main():
    client = await callofduty.Login("username", "password")

    player = await client.GetPlayer(callofduty.Platform.Activision, "username")

    profile = await player.profile(callofduty.Title.ModernWarfare, callofduty.Mode.Warzone)

    print(f"{profile['type']}")


asyncio.get_event_loop().run_until_complete(main())

Actual Results

Traceback (most recent call last):
  File "/mnt/c/Users/Alex/repos/statman/test.py", line 20, in <module>
    asyncio.get_event_loop().run_until_complete(main())
  File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
    return future.result()
  File "/mnt/c/Users/Alex/repos/statman/test.py", line 15, in main
    profile = await player.profile(callofduty.Title.ModernWarfare, callofduty.Mode.Warzone)
  File "/home/alex/.cache/pypoetry/virtualenvs/statman-OzLc5na7-py3.9/lib/python3.9/site-packages/callofduty/player.py", line 62, in profile
    return await self._client.GetPlayerProfile(
  File "/home/alex/.cache/pypoetry/virtualenvs/statman-OzLc5na7-py3.9/lib/python3.9/site-packages/callofduty/client.py", line 595, in GetPlayerProfile
    await self.http.GetPlayerProfile(
  File "/home/alex/.cache/pypoetry/virtualenvs/statman-OzLc5na7-py3.9/lib/python3.9/site-packages/callofduty/http.py", line 219, in GetPlayerProfile
    return await self.Send(
  File "/home/alex/.cache/pypoetry/virtualenvs/statman-OzLc5na7-py3.9/lib/python3.9/site-packages/callofduty/http.py", line 113, in Send
    raise HTTPException(res.status_code, data)
callofduty.errors.HTTPException: HTTP 200 - Not permitted: not authenticated

Checklist

• I have searched the open Issues for duplicates
• I have shown the entire traceback, if possible
• I have removed my token from display, if visible

System Information

Version: 1.2.2
Python: 3.9

[repslet]

Same here.

[HerrPedrotti]

Same here

[alecaserez]

Same here

[kreed1224]

Same here

[ionelmc]

It would appear that the login parts are actually failing (the {'gameAccountLinked': False, 'success': False, 'error': 'recaptcha', 'token': 'Recaptcha failed.'} response is not handled in the code at all). Seems to be a new thing in the api.

[alecaserez]

Has anyone found a solution to this bug?

[EdoardoPedrotti]

Hi @EthanC I just wanted to ask you if you think you will be able to work on this, I don't know if you are still actively working on this library and if we can expect a solution in the next days.
Let me know if there is something I can do to help you. I don't know how you usually inspect the requests that the app or the game makes, but maybe you can share you workflow and I can help with this.
Thanks

[EdoardoPedrotti]

@EthanC any update?

[conorspicer]

The equivalent NodeJS package has resolved the same issue by adding cookie support to the login: Lierrmm/Node-CallOfDuty#69

[alxwrd]

Just checked through the fix for Node-CallOfDuty. Their fix involves using puppeteer to start a web browser and perform a login via the /do_login endpoint. They then copy the cookies out of the browser session, and use them in their API session.

The project has a discord server, and the maintainer posted a WIP logon flow for the dev branch, which invloves just using the page in puppeteer to log in:

Image

There was also a brief conversation the summarised the issue:

Conversation

Caedrius: Sorry for the ping mate @ Liam, hope you're doing well. I need your expertise. Have you by any chance seen this before?

{
    "gameAccountLinked": false,
    "success": false,
    "error": "recaptcha",
    "token": "Recaptcha failed."
}

This is returned on every login attempt we make with our API accounts. No problem logging in through https://profile.callofduty.com/ :PepeThinking:.

Liam: yes, old method is broken

Caedrius: Ah, that explains. Have you been able to fix the wrapper?

Liam: I have a dev build on npm but it isnt perfect

Caedrius: Then I'll peek there.

Liam: it uses puppeteer
so not ideal

Caedrius: Alright, I'll check it out. We'll see what our developers make of it. Our stack is in Java so hopefully more options.
Why do you have to use puppeteer?

Liam: because normal http methods does not get the correct cookies
they detect an actual browser session

Caedrius: Ah that's sucky. Going to be fun to deal with.

---

So, from the work on the Node projects, it seems that:

• The endpoint /cod/mapp/login is no longer working, and nothing has surfaced regarding a fix.
• The current solution involves either automating the log in using a browser (above image), or using the browser to fetch the cookies and POSTing to /do_login (ref).
• Trying a programmatic request to do_login hangs, and fails with a httpx.ReadTimeout error.

@ionelmc You were discussing the login request getting stuck in the Node-CallOfDuty discord, did you get any further?

[Tustin]

/cod/mapp/login expects a g-recaptcha-response field when logging in now, which is why the standard login is failing. You will probably need to do something like the above comment says, or you could parse out the captcha key from the login form and have one of those captcha solvers get you a response code for the request.

[ionelmc]

@alxwrd I was talking about the tarpit behavior they have on the login (that's why they use puppeteer - there's some js in the login page that disables the tarpit).

Anyway, the solution is to just skip the login completely and just use the session cookies. It's a hassle but it works as long as you don't let the session expire. I don't know if there's any ip pinning on the session.

[EthanC]

Release v1.3.0 allows authentication using an Activision Single Sign-On (SSO) cookie value.

Simply provide the sso keyword argument to callofduty.Login(), omitting the email and password credentials. Assistance in obtaining an SSO cookie value will not be provided.

Authorization using an email and password is not publicly available at this time. The aforementioned SSO method is to be used until further notice.

[dev-johnlopez]

Does anyone know how to get the SSO cookie?