-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add token param to authorize #21
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for putting this up! I get the use-case here and it makes sense. Wondering if, instead of changing how the existing *_session()
stuff works, we add a token
property to this class and put logic in the set_token()
method to handle setup.
We'd still allow for passing the token in the constructor, to make instantiation clean/easy for those opting not to have the class persist the entirety of the session.
Put in API terms:
- Add
token
to the constructor - Add a
token
property and corresponding ``set_token()` - Refactor the class to use the new property for token handling
- Leave the
*_session()
stuff as is, aside from using the new property internally
This should provide the flexibility you seek, which makes sense, while also providing a place to handle persistence of other things down the road (e.g. caching).
On the removal of the cookie jar from the persistence, oddly, I think Monarch used to have a cookie for it to recognize the device and avoid re-prompting for an MFA token. But, looking at it lately, there's nothing in the jar! Torn on removing it, in case they decide to change things...
monarchmoney/monarchmoney.py
Outdated
def __init__(self, session_file: str = SESSION_FILE, timeout: int = 10) -> None: | ||
self._cookies = None | ||
def __init__( | ||
self, session_file: str = SESSION_FILE, timeout: int = 10, token: str = None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
token: Optional[str] = None
@@ -14,11 +14,12 @@ | |||
AUTH_HEADER_KEY = "authorization" | |||
CSRF_KEY = "csrftoken" | |||
ERRORS_KEY = "error_code" | |||
SESSION_FILE = ".mm/mm_session.pickle" | |||
SESSION_DIR = ".mm" | |||
SESSION_FILE = f"{SESSION_DIR}/mm_session.pickle" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good call!
Thanks @hammem for the feedback. I've made the suggested changes. As for avoiding the re-prompting for an MFA token, I've added a way to generate the TOTP if the MFA secret key is provided. Hopefully that would mean we wouldn't need cookies if we can now bypass the MFA prompt. I've added where to find the MFA secret in the README. |
This PR may be a bit more opinionated so feel free to ignore. For my use case, I'd like to be able to provide an auth token as a string rather than using the pickled session file. Personally, I think the developer should pickle the session file outside of this project. But to maintain that compatibility while allowing for using an auth token string, this PR does the following:
I appreciate any feedback. Thanks!