From 609c432e682012056f713ad2bf33f429efc9dafa Mon Sep 17 00:00:00 2001
From: Ivan Habunek <ivan@habunek.com>
Date: Fri, 29 Dec 2017 11:52:00 +0100
Subject: [PATCH] Remove login_2fa command

It was a hacky way to log with 2fa without using a browser, but did not
work on half the instances. login_browser now exists and should be used
instead.
---
 CHANGELOG.md     |  1 +
 README.rst       |  5 ++--
 toot/commands.py | 67 ------------------------------------------------
 toot/console.py  |  8 +-----
 4 files changed, 4 insertions(+), 77 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e65c879..582aeb0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ Changelog
 
 * **Dropped support for Python 2** because it's a pain to support and was
   causing bugs with handling unicode.
+* Remove hacky `login_2fa` command, use `login_browser` instead
 
 **0.15.1 (2017-12-12)**
 
diff --git a/README.rst b/README.rst
index 390687e..516194a 100644
--- a/README.rst
+++ b/README.rst
@@ -79,9 +79,8 @@ Running ``toot <command> -h`` shows the documentation for the given command.
     toot - a Mastodon CLI client
 
     Authentication:
-      toot login           Log into a Mastodon instance, does NOT support two factor authentication
+      toot login           Log in from the console, does NOT support two factor authentication
       toot login_browser   Log in using your browser, supports regular and two factor authentication
-      toot login_2fa       Log in using two factor authentication in the console (hacky, experimental)
       toot logout          Log out, delete stored access keys
       toot auth            Show stored credentials
 
@@ -90,7 +89,7 @@ Running ``toot <command> -h`` shows the documentation for the given command.
       toot whois           Display account details
       toot search          Search for users or hashtags
       toot timeline        Show recent items in your public timeline
-      toot curses          An experimental timeline app.
+      toot curses          An experimental timeline app (doesn't work on Windows)
 
     Post:
       toot post            Post a status text to your timeline
diff --git a/toot/commands.py b/toot/commands.py
index 19b4135..5608f54 100644
--- a/toot/commands.py
+++ b/toot/commands.py
@@ -1,7 +1,5 @@
 # -*- coding: utf-8 -*-
 
-import json
-import requests
 import webbrowser
 
 from bs4 import BeautifulSoup
@@ -72,57 +70,6 @@ def login_interactive(app, email=None):
     return create_user(app, email, response['access_token'])
 
 
-def two_factor_login_interactive(app):
-    """Hacky implementation of two factor authentication"""
-
-    print_out("Log in to {}".format(app.instance))
-    email = input('Email: ')
-    password = getpass('Password: ')
-
-    sign_in_url = app.base_url + '/auth/sign_in'
-
-    session = requests.Session()
-
-    # Fetch sign in form
-    response = session.get(sign_in_url)
-    response.raise_for_status()
-
-    soup = BeautifulSoup(response.content, "html.parser")
-    form = soup.find('form')
-    inputs = form.find_all('input')
-
-    data = {i.attrs.get('name'): i.attrs.get('value') for i in inputs}
-    data['user[email]'] = email
-    data['user[password]'] = password
-
-    # Submit form, get 2FA entry form
-    response = session.post(sign_in_url, data)
-    response.raise_for_status()
-
-    soup = BeautifulSoup(response.content, "html.parser")
-    form = soup.find('form')
-    inputs = form.find_all('input')
-
-    data = {i.attrs.get('name'): i.attrs.get('value') for i in inputs}
-    data['user[otp_attempt]'] = input("2FA Token: ")
-
-    # Submit token
-    response = session.post(sign_in_url, data)
-    response.raise_for_status()
-
-    # Extract access token from response
-    soup = BeautifulSoup(response.content, "html.parser")
-    initial_state = soup.find('script', id='initial-state')
-
-    if not initial_state:
-        raise ConsoleError("Login failed: Invalid 2FA token?")
-
-    data = json.loads(initial_state.get_text())
-    access_token = data['meta']['access_token']
-
-    return create_user(app, email, access_token)
-
-
 def _print_timeline(item):
     def wrap_text(text, width):
         wrapper = TextWrapper(width=width, break_long_words=False, break_on_hyphens=False)
@@ -209,20 +156,6 @@ def login(app, user, args):
     print_out("<green>✓ Successfully logged in.</green>")
 
 
-def login_2fa(app, user, args):
-    print_out()
-    print_out("<yellow>Two factor authentication is experimental.</yellow>")
-    print_out("<yellow>If you have problems logging in, please open an issue:</yellow>")
-    print_out("<yellow>https://github.com/ihabunek/toot/issues</yellow>")
-    print_out()
-
-    app = create_app_interactive()
-    two_factor_login_interactive(app)
-
-    print_out()
-    print_out("<green>✓ Successfully logged in.</green>")
-
-
 BROWSER_LOGIN_EXPLANATION = """
 This authentication method requires you to log into your Mastodon instance
 in your browser, where you will be asked to authorize <yellow>toot</yellow> to access
diff --git a/toot/console.py b/toot/console.py
index 1ae8232..0a6317a 100644
--- a/toot/console.py
+++ b/toot/console.py
@@ -54,7 +54,7 @@ email_arg = (["-e", "--email"], {
 AUTH_COMMANDS = [
     Command(
         name="login",
-        description="Log into a Mastodon instance, does NOT support two factor authentication",
+        description="Log in from the console, does NOT support two factor authentication",
         arguments=[instance_arg, email_arg],
         require_auth=False,
     ),
@@ -64,12 +64,6 @@ AUTH_COMMANDS = [
         arguments=[instance_arg, email_arg],
         require_auth=False,
     ),
-    Command(
-        name="login_2fa",
-        description="Log in using two factor authentication in the console (hacky, experimental)",
-        arguments=[],
-        require_auth=False,
-    ),
     Command(
         name="logout",
         description="Log out, delete stored access keys",