2FA currently not supported on docker #123
Comments
Disane87
changed the title
|
will 2fa support be added? i am planing using and releasing it on unraid? |
|
In the future I guess yes. But I don't have any idea how to reliable implement this. Additionally it should work more or less unattended or only the with a convenient way to obtain/set the 2fa code |
|
To streamline the process of retrieving one-time passwords (OTPs) for Amazon, I propose adding a variable OTPs are typically valid for 30 seconds, starting at the beginning of each minute and at the 30-second mark. The threshold ensures there is enough time remaining to process the login. #!/bin/bash
# Set the threshold time, below which a new OTP should be fetched
threshold=10
# Function to calculate the remaining time
get_time_remaining() {
# Get the current time in seconds since Unix epoch
current_time=$(date +%s)
# Calculate the number of seconds since Unix epoch modulo 30
echo $((30 - current_time % 30))
}
# Initially fetch the remaining time
time_remaining=$(get_time_remaining)
# Check if the remaining time is below the threshold
if [ $time_remaining -le $threshold ]; then
echo "The remaining validity time is $time_remaining seconds. Waiting for a new OTP..."
# Countdown
while [ $time_remaining -gt 0 ]; do
echo "Waiting: $time_remaining seconds"
sleep 1
time_remaining=$((time_remaining - 1))
done
fi
# Fetch the current OTP after the wait time has elapsed
otp_value=$(/usr/local/bin/op item get "amazon.de" --vault "Private" --otp)
# Recalculate the remaining time
time_remaining=$(get_time_remaining)
echo "Current OTP: $otp_value"
echo "Remaining validity time: $time_remaining seconds" |
|
Wow, that looks interesting. Will digg into that if I got some spare time. @tlwt thank you for this great proposal |
|
How will this work with unattended servers running that approach with OTP? I have an unraid server and that container runs completely off from any personal password/2fa managers. As far as I understand your proposal needs a 2fa manager in access locally. But that isn't the case when you run it like in my use case. If you run it completely on your computers docker I guess the non approach would be better since I could print for the otp, grab that and fill that into the otp field. Any ideas? |
|
This workaround is intended for a local environment and is not suitable for servers. Two-factor authentication (2FA) or multi-factor authentication (MFA) requires you to know, have, or be something. App passwords can sometimes be used as an alternative, but to my knowledge, Amazon.de does not offer app passwords or API access to invoices. In theory, you could store the OTP secret within the app, allowing for on-the-fly generation of OTPs. However, this would defeat the purpose of multi-factor authentication, as both factors would be “knowledge” based and stored in one location. A much better approach, specific to 1Password, is setting up a 1Password Connect server (https://developer.1password.com/docs/connect/get-started/). Please note, I am not a security expert; I am simply sharing my thoughts on the matter. |
|
To further enhance this approach: You can launch the Docker container with an interactive terminal using the amazon_email=$(op item get "amazon.de" --fields email) && \
amazon_password=$(op item get "amazon.de" --fields password) && \
docker run --rm --platform linux/amd64 \
-e DEBUG=true \
-e AMAZON_USER=$amazon_email \
-e AMAZON_PASSWORD=$amazon_password \
-v "$(PWD)/docudigger:/home/node/docudigger" \
-it ghcr.io/disane87/docudigger /bin/bashOnce inside the container, run the following command: docudigger scrape amazon -u $AMAZON_USER -p $AMAZON_PASSWORD --yearFilter=2024 --onlyNewYou'll be prompted for the OTP, which needs to be entered manually. I’ve attempted to automate this using methods like |
Currently 2FA of the scraped pages are not supported. Actually it's detected (i.e. for amazon) but there is no way to set it within a docker container
The text was updated successfully, but these errors were encountered: