Maybe make phone/email work in provisioning API login

mauigpapi/http/login.py

@@ -47,11 +47,10 @@ class LoginAPI(BaseAndroidAPI):
             "enc_password": encrypted_password,
             "guid": self.state.device.uuid,
             "phone_id": self.state.device.phone_id,
-            "_csrftoken": self.state.cookies.csrf_token,
             "device_id": self.state.device.id,
-            "adid": "",  # not set on pre-login
+            "adid": self.state.device.adid,
             "google_tokens": "[]",
-            "login_attempt_count": 0,  # TODO maybe cache this somewhere?
+            "login_attempt_count": "0",  # TODO maybe cache this somewhere?
             "country_codes": json.dumps([{"country_code": "1", "source": "default"}]),
             "jazoest": self._jazoest,
         }
@@ -62,7 +61,6 @@ class LoginAPI(BaseAndroidAPI):
     async def one_tap_app_login(self, user_id: str, nonce: str) -> LoginResponse:
         req = {
             "phone_id": self.state.device.phone_id,
-            "_csrftoken": self.state.cookies.csrf_token,
             "user_id": user_id,
             "adid": self.state.device.adid,
             "guid": self.state.device.uuid,
@@ -83,18 +81,20 @@ class LoginAPI(BaseAndroidAPI):
     ) -> LoginResponse:
         req = {
             "verification_code": code,
-            "_csrftoken": self.state.cookies.csrf_token,
             "two_factor_identifier": identifier,
             "username": username,
             "trust_this_device": "1" if trust_device else "0",
             "guid": self.state.device.uuid,
             "device_id": self.state.device.id,
-            "verification_method": "0" if is_totp else "1",
+            "verification_method": "3" if is_totp else "1",
         }
         return await self.std_http_post(
             "/api/v1/accounts/two_factor_login/", data=req, response_type=LoginResponse
         )
 
+    # async def two_factor_trusted_status(self, username: str, identifier: str, polling_nonce: str):
+    #     pass
+
     async def facebook_signup(self, fb_access_token: str) -> FacebookLoginResponse:
         req = {
             "jazoest": self._jazoest,
@@ -116,7 +116,6 @@ class LoginAPI(BaseAndroidAPI):
         req = {
             "guid": self.state.device.uuid,
             "phone_id": self.state.device.phone_id,
-            "_csrftoken": self.state.cookies.csrf_token,
             "device_id": self.state.device.id,
             "_uuid": self.state.device.uuid,
             "one_tap_app_login": one_tap_app_login,

mauigpapi/state/state.py

@@ -42,6 +42,7 @@ class AndroidState(SerializableAttrs):
     challenge: Optional[ChallengeStateResponse] = None
     _challenge_path: Optional[str] = field(default=None, json="challenge_path")
     cookies: Cookies = field(factory=lambda: Cookies())
+    login_2fa_username: Optional[str] = field(default=None, hidden=True)
 
     def __attrs_post_init__(self) -> None:
         if self.application.APP_VERSION_CODE != AndroidApplication().APP_VERSION_CODE:

mauigpapi/types/error.py

@@ -113,7 +113,9 @@ class LoginTwoFactorInfo(SerializableAttrs):
     pending_trusted_notification: bool
     # TODO type
     # sms_not_allowed_reason: Any
+    pk: Optional[int] = None
     phone_verification_settings: Optional[LoginPhoneVerificationSettings] = None
+    trusted_notification_polling_nonce: Optional[str] = None
 
 
 @dataclass

mautrix_instagram/web/provisioning_api.py

@@ -259,7 +259,17 @@ class ProvisioningAPI:
             resp = await api.login(username, password)
         except IGLoginTwoFactorRequiredError as e:
             track(user, "$login_2fa")
-            self.log.debug("%s logged in as %s, but needs 2-factor auth", user.mxid, username)
+            found_username = e.body.two_factor_info.username if e.body.two_factor_info else None
+            if found_username and found_username != username:
+                state.login_2fa_username = found_username
+            else:
+                state.login_2fa_username = None
+            self.log.debug(
+                "%s logged in as %s -> %s, but needs 2-factor auth",
+                user.mxid,
+                username,
+                found_username or "<no username?>",
+            )
             return web.json_response(
                 data={
                     "status": "two-factor",
@@ -348,6 +358,11 @@ class ProvisioningAPI:
 
         api: AndroidAPI = user.command_status["api"]
         state: AndroidState = user.command_status["state"]
+        if state.login_2fa_username and "@" in username or "+" in username:
+            self.log.debug(
+                "Replacing %s with %s in 2FA login request", username, state.login_2fa_username
+            )
+            username = state.login_2fa_username
         track(user, "$login_submit_2fa")
         try:
             resp = await api.two_factor_login(