Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add token param to authorize #21

Merged
merged 7 commits into from
Nov 12, 2023
Merged

add token param to authorize #21

merged 7 commits into from
Nov 12, 2023

Conversation

CalvinChanCan
Copy link
Contributor

This PR may be a bit more opinionated so feel free to ignore. For my use case, I'd like to be able to provide an auth token as a string rather than using the pickled session file. Personally, I think the developer should pickle the session file outside of this project. But to maintain that compatibility while allowing for using an auth token string, this PR does the following:

  • Sets the auth token in the headers while instantiating. This allows the client to authorize without needing to call login() (assuming the token is valid).
  • Remove cookies variables. The auth token is the only requirement to authorize the client.
  • Fixes the issue when saving the session file if the session directory does not exist by checking and creating the session directory.

I appreciate any feedback. Thanks!

hammem
hammem reviewed Nov 8, 2023
View reviewed changes
Copy link
Owner

@hammem hammem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting this up! I get the use-case here and it makes sense. Wondering if, instead of changing how the existing *_session() stuff works, we add a token property to this class and put logic in the set_token() method to handle setup.

We'd still allow for passing the token in the constructor, to make instantiation clean/easy for those opting not to have the class persist the entirety of the session.

Put in API terms:

  • Add token to the constructor
  • Add a token property and corresponding ``set_token()`
  • Refactor the class to use the new property for token handling
  • Leave the *_session() stuff as is, aside from using the new property internally

This should provide the flexibility you seek, which makes sense, while also providing a place to handle persistence of other things down the road (e.g. caching).

On the removal of the cookie jar from the persistence, oddly, I think Monarch used to have a cookie for it to recognize the device and avoid re-prompting for an MFA token. But, looking at it lately, there's nothing in the jar! Torn on removing it, in case they decide to change things...

monarchmoney/monarchmoney.py Outdated
def __init__(self, session_file: str = SESSION_FILE, timeout: int = 10) -> None:
self._cookies = None
def __init__(
self, session_file: str = SESSION_FILE, timeout: int = 10, token: str = None
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

token: Optional[str] = None

monarchmoney/monarchmoney.py
@@ -14,11 +14,12 @@
AUTH_HEADER_KEY = "authorization"
CSRF_KEY = "csrftoken"
ERRORS_KEY = "error_code"
SESSION_FILE = ".mm/mm_session.pickle"
SESSION_DIR = ".mm"
SESSION_FILE = f"{SESSION_DIR}/mm_session.pickle"
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good call!

@CalvinChanCan
Copy link
Contributor Author

Thanks @hammem for the feedback.

I've made the suggested changes. As for avoiding the re-prompting for an MFA token, I've added a way to generate the TOTP if the MFA secret key is provided. Hopefully that would mean we wouldn't need cookies if we can now bypass the MFA prompt. I've added where to find the MFA secret in the README.

@hammem hammem self-assigned this Nov 9, 2023
@hammem hammem merged commit c5e585c into hammem:main Nov 12, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hammem hammem hammem left review comments

Assignees

@hammem hammem

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@CalvinChanCan @hammem