Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Garmin again #39

Closed
gerpsych opened this issue Apr 17, 2019 · 17 comments
Closed

Garmin again #39

gerpsych opened this issue Apr 17, 2019 · 17 comments

Comments

@gerpsych
Copy link

Hi I think the garmin login is broken again. I can't get in though I know my email and password are correct.
I have also tried using username as opposed to email - no joy
@duncaninnes
Copy link

Yup - noticed same issue this morning. Been uploading daily for a few months, last 2 days are missing. No error on screen. Have tried using both my username and e-mail as authentication options. Both failing.

Is there any way to see the connection logs?

@kochka
Copy link
Owner

kochka commented Apr 18, 2019

The problem is also that for the moment I can't compile the application anymore with new Google requirements (target of framework ver 26 minimum).
So it's difficult to check what's happen and I do not have a lot of free time.
Help would be appreciated on this.

@duncaninnes
Copy link

My WeightLogger directory has a .FIT file for 12, 12, 13, and 16 April. Matching the dates where I entered new data and an upload took place successfully.

Missing are the .FIT files for 17 & 18th April. Don't know if this helps narrow it down at all.

@gerpsych
Copy link
Author

gerpsych commented Apr 18, 2019 via email

@petehobo
Copy link
Contributor

I had a bit of a dig, but I'm no Android developer.

In GarminConnect.signin(), String responseAsString = EntityUtils.toString(entity1); retrieves an HTML page with <div id="status" class="error">An unexpected error has occurred.</div> and no ticket number.

Looks like Garmin has added a CSRF (Cross-Site Request Forgery) check in the login form. A PHP project seems to have the same problem (10REM/php-garmin-connect#31). Looking at the main connect login page there's a field called _csrf. Don't know enough about CSRF to know how easy it'll be to get a valid value for that.

@GTruss
Copy link

GTruss commented Apr 21, 2019

For what it's worth, in my debugging session, the code is looking for the ticket number from the SSO login response (in getTicketIdFromResponse). The exception is thrown when it can't find the "ticket = " value.

Using Postman to send a POST request to the SSO link, passing in my Garmin Connect credentials, I'm not seeing a Ticket value returned in the response. It appears to be just an HTML response. I'm not familiar with the login process, so I'm not sure if that's correct or not. I wonder if they removed it in the latest update.

Anyway, will keep digging to see if I can find a solution.

@petehobo petehobo mentioned this issue Apr 22, 2019
Merged
@petehobo
Copy link
Contributor

I've submitted a pull request, which seems to do the trick on my phone. Since I only just installed Android Studio, though, I had to update the build (not part of the pull request, as I didn't want to break anything for @kochka), so I guess there could be incompatibility. I can't see why there would be problems, I'm just saying do your own tests before relying on my change. Hope it helps.

@kochka
Copy link
Owner

kochka commented Apr 22, 2019

Thanks all !
Petehobo, I'll check your PR tomorrow but the problem is I need to compile the app with an API target 26 because it's required now by Play Store to submit new versions and I've some compilation issues.
I'm not an Android dev either, I've done this app for testing purpose long time ago, but I'll try again tomorrow !

@kochka
Copy link
Owner

kochka commented Apr 23, 2019

Seems I made it works with API 27... Will try your PR asap

@kochka
Copy link
Owner

kochka commented Apr 23, 2019

I've just deployed a new version (2.3.0) including the fix. Thanks !

@kochka kochka closed this as completed Apr 23, 2019
@GTruss
Copy link

GTruss commented Apr 23, 2019

Works great! Thanks for update!

@gerpsych
Copy link
Author

gerpsych commented Apr 23, 2019 via email

@petehobo
Copy link
Contributor

Good to see the fix worked. Thanks again for the app @kochka - does just what I need

@DaveWilcock
Copy link

@petehobo any chance I could get a tldr version of the fix that you applied, or a link to the PR? Hope I can do the same with my php package...

@petehobo
Copy link
Contributor

@dawguk No sweat. The PR's here, but in summary, you need to grab the content of the login form, and pull out the value of the hidden _csrf field. Then when you log in by submitting the form, pass the value in (again as _csrf) with your existing username/password/embed parameters.

The only other thing is to make sure you set the 'Referer' header to the URL of the login form when you submit - since the server's checking for cross-site request forgeries, it needs to know you got the _csrf from it.

Good luck - hope your code is using the same process...

@DaveWilcock
Copy link

@petehobo Thanks - the referer stuff would have had me stumped - your PR was invaluable, as I used it as the basis for the fix. All resolved now ;)

@petehobo
Copy link
Contributor

@dawguk glad to hear it. Happy to help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@duncaninnes @kochka @DaveWilcock @petehobo @GTruss @gerpsych