Unable to login using 2-factor authentication

[shpoont]

# geeknote login
Login: [email protected]
Password:
Two-Factor Authentication Code: 123456
  > : Allow Access...Traceback (most recent call last):
  File "/Users/shpoont/.pyenv/versions/2.7.10/lib/python2.7/site-packages/geeknote/geeknote.py", line 1393, in main
    User().login(**ARGS)
  File "/Users/shpoont/.pyenv/versions/2.7.10/lib/python2.7/site-packages/geeknote/geeknote.py", line 40, in wrapper
    return func(*args, **kwargs)
  File "/Users/shpoont/.pyenv/versions/2.7.10/lib/python2.7/site-packages/geeknote/geeknote.py", line 583, in login
    if self.getEvernote().auth():
  File "/Users/shpoont/.pyenv/versions/2.7.10/lib/python2.7/site-packages/geeknote/geeknote.py", line 201, in auth
    self.authToken = GNA.getToken()
  File "/Users/shpoont/.pyenv/versions/2.7.10/lib/python2.7/site-packages/geeknote/oauth.py", line 185, in getToken
    self.allowAccess()
  File "/Users/shpoont/.pyenv/versions/2.7.10/lib/python2.7/site-packages/geeknote/oauth.py", line 294, in allowAccess
    token = "&" + urlencode({ 'csrfBusterToken': tree.xpath("//input[@name='csrfBusterToken']/@value")[0]}) + "&" + urlencode({ 'csrfBusterToken': tree.xpath("//input[@name='csrfBusterToken']/@value")[1]})
IndexError: list index out of range

[shpoont]

Tried both latest version from master and 2.0.12

[jeffkowalski]

Yes, @shpoont , you are correct.
There is another page being returned when the code currently expects a response containing the csrfBusterToken. That page is relatively new, and certainly newer than the oauth code here in geeknote.
If you set DEBUG = True in [geeknote/config.py:61], you can see it returned, just before execution that produces the error you referenced above.

The page that gets returned is apparently another step in the authorization process that will ask the user for the duration of the permission one grants to geeknote.

(note that I've replaced some sensitive strings in the html below with placeholders)

<!DOCTYPE html>
<html>

  <head><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
    <meta name="en:locale" content="en" />
    <meta charset="utf-8" />

    <meta name="viewport" content="initial-scale=1" />
    <link rel="Shortcut Icon" href="/favicon.ico" type="image/x-icon" />

    <title>Allow Account Access</title>

    <!-- Google Analytics -->
    <script type="text/javascript">
      (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
      (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
      m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
      })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

      window.ga('create', 'UA-285778-5',
      'auto', {});
      window.ga('require', 'displayfeatures');

      /* <![CDATA[ */
      window.ga('set', 'dimension34', '/OAuth.action');
      window.ga('set', 'location', 'https://www.evernote.com/OAuth.action');
      /* ]]> */
    </script>
    <!-- End Google Analytics -->


    <script type="text/javascript">
      window.ga('send', 'pageview', '/OAuth.action');
    </script>
    <!--[if lt IE 9]>
      <script src="/redesign/global/js/html5shiv.js"></script>
    <![endif]-->
    <link rel="stylesheet" href="/ro/.../892611230.css"/>
    <link rel="stylesheet" href="/ro/.../1810847241.css"/>
  </head>

  <body class="wrapper-small">
    <script type="text/javascript">
      (function(a,b,c,d){
      a='//tags.tiqcdn.com/utag/evernote/evernote-web/prod/utag.js';
      b=document;c='script';d=b.createElement(c);d.src=a;
      d.type='text/java'+c;d.async=true;
      a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a)
      })();
    </script>
    <div class="logo-bar public-layout">
      <div class="inner-header-div">
        <div class="left">
          <a href="https://evernote.com/" class="evernote-logo">https://evernote.com/</a></div>
        <div id="double-brand"></div>
      </div>
    </div>
    <div id="container-boundingbox" class="wrapper-small">
      <div id="container" class="wrapper-small">
        <div class="main">
          <div class="page-header">
            <h1>Sign in to authorize Geeknote</h1>
          </div>
          <div class="login-form">
            <form method="post" name="login_form" action="/OAuth.action" id="login_form">
              <ol>
                <li>
                  <label>Email address or username</label>
                  <input maxlength="64" name="username"
                         id="username" type="text" class="text TextInput" />
                  <script type="text/javascript">
                    setTimeout(function(){try{var z=document.getElementById('username');z.focus();z.select();}catch(e){}},1);
                  </script>
                  <div id="username_errors" class="form_errors"></div>
                </li>
                <li class="CanBePulledDown" id="passwordRow">
                  <label>Password</label>
                  <input maxlength="64" name="password"
                         id="password" type="password" class="text TextInput" />
                </li>
                <li class="CanBePulledDown" id="responseMessageRow">
                  <div id="responseMessage" class="PullableText"></div>
                </li>
              </ol>
              <input name="targetUrl" type="hidden"
                     value="/OAuth.action?oauth_token=CONSUMER_KEY.X.Y.Z" />
              <div class="CanBePulledDown PulledIntoView" id="submitDiv">
                <input type="hidden" name="evaluateUsername" id="eventToTrigger" />
                <input name="loginButton" id="loginButton" type="submit"
                       class="Btn Btn_emph" value="Sign in" />
                <input name="cancelLogin" id="cancelLogin" type="submit"
                       class="Btn Btn_deemph" value="Cancel" />
              </div>
              <div class="CanBePulledDown" id="forgotPasswordDiv">
                <a href="/RForgotPassword.action" target="_top"
                   class="password"> Reset your password?</a>
              </div>
              <input name="oauth_token" type="hidden"
                     value="CONSUMER_KEY.X.Y.Z" />
              <input name="oauth_callback" type="hidden" value="" />
              <input name="embed" type="hidden" value="false" />
              <input type="hidden" name="analyticsLoginOrigin" value="other" />
              <input type="hidden" name="clipperFlow" value="false" />
              <input type="hidden" name="showSwitchService" value="true" />
              <input type="hidden" name="usernameImmutable" value="false" />
              <input type="hidden" name="targetUrl"
                     value="/OAuth.action?oauth_token=CONSUMER_KEY.X.Y.Z" />
              <div style="display: none;">
                <input type="hidden" name="_sourcePage" value="(hashed string)" />
                <input type="hidden" name="__fp" value="(hashed string)" />
              </div>
            </form>
          </div>
          <div class="clear"></div>

          <span class="oauth-switch">
            <form method="post" action="/Registration.action" id="switchForm">
              <a id="switchLink" style="cursor: pointer;">Create a new account</a>
              <input type="hidden" name="analyticsLoginOrigin" value="other" />
              <input type="hidden" name="clipperFlow" value="false" />
              <input type="hidden" name="showSwitchService" value="true" />
              <input type="hidden" name="usernameImmutable" value="false" />
              <input type="hidden" name="targetUrl"
                     value="/OAuth.action?oauth_token=CONSUMER_KEY.X.Y.Z" />
              <div style="display: none;">
                <input type="hidden" name="_sourcePage" value="(hashed string)" />
                <input type="hidden" name="__fp" value="(hashed string)" />
              </div>
            </form>
          </span>
          <div class="clear"></div>
        </div>

        <div class="footer wrapper-small">
          <a href="https://evernote.com/tos/" class="footer-entry"
             target="_blank">Terms of Service</a>
          <a href="https://evernote.com/privacy/" class="footer-entry"
             target="_blank">Privacy Policy</a>
          <span class="footer-entry last">
            Copyright 2017 Evernote Corporation. All rights reserved.
          </span>
        </div>
      </div>
    </div>
    <script type="text/javascript" src="/ro/.../-1941456497.js"></script>
    <script type="text/javascript">window.__EVERNOTE_ACTIONBEAN__ =
      {"oauthState":"(large state string here)",
      "usePasswordAuth":false,
      "evaluationMessage":null,
      "analyticsLoginOrigin":"other",
      "suggestedNotebookName":"Geeknote",
      "showForgotPasswordLink":true,
      "appName":"Geeknote",
      "existingSession":null,
      "durationOptions":[31536000000,2592000000,604800000,86400000],
      "showTerms":false,
      "oauthRedirect":"https://www.evernote.com/Login.action?oauthLogin",
      "showRememberMe":false,
      "openIdScopesGoogle":"openid email profile",
      "oauthClientId":"(numbers).apps.googleusercontent.com",
      "businessShardId":null,
      "slotSuffix":"",
      "slotPrefix":"",
      "currentUserId":null,
      "userPrivilege":null,
      "userServiceLevel":null,
      "websocketUrl":"wss://ws.www.evernote.com/shard/null/id",
      "headerJson":{},
      "endpoints":{
        "businessServiceUrl":null,
        "noteStoreUrlForBusiness":null,
        "noteStoreUrlForBusinessAdmin":null,
        "userStoreUrlForBusiness":null,
        "utilityUrlForBusiness":null,
        "userStoreUrl":null,
        "utilityUrl":null,
        "messageStoreUrl":null,
        "noteStoreUrl":null},
      "thriftEndpointBuilderConfig":{
        "communicationEngineUrlSuffix":"/communicationengine",
        "businessServiceUrlSuffix":"/edam/business",
        "utilityStoreUrlSuffix":"/utility",
        "messageStoreUrlSuffix":"/messagestore",
        "noteStoreUrlSuffix":"/notestore",
        "userStoreUrlSuffix":"/edam/user",
        "shardUrlPrefix":"https://www.evernote.com/shard/"},
      "userShardId":null,
      "userIdentityIds":[],
      "oauthError":null};
    </script>
    <script type="text/javascript">require(['es6'], function() {}); </script>
    <script type="text/javascript">
      define("actionBean", [], function() {return window.__EVERNOTE_ACTIONBEAN__;});
    </script>
    <script type="text/javascript" src="/redesign/global/js/i18n/i18nMessages.js?version=50644"></script>
    <script type="text/javascript" src="/ro/.../2077279582.js"></script>
    <!--[if !IE]><!--><script>if (/*@cc_on!@*/false) document.documentElement.className += ' ie10';</script><!--<![endif]-->
  </body>
</html>

[jeffkowalski]

Out of curiosity, does the same error occur for you with two-factor authentication on and with it off?

[dyoun]

i was having the same error until i disabled 2 factor authentication which allowed me to login successfully.

[jeffkowalski]

@dyoun thanks for adding that information. If you login with 2FA disabled, can you turn it on and use the cached token? In other words, if you logout of geeknote, disable 2FA at evernote, login to geeknote, turn 2FA back on at evernote, and then try to geeknote again, does it work?

[dyoun]

@jeffkowalski cached token still works after re-enabling 2FA. let me know if any more details are needed.

[hatmatter]

Wonder if switching to using an Evernote application password would be a more reliable authentication method.

[arkenoi]

Tried app password, did not work at all :-(

[ebdavison]

cannot login for me here either with 2FA turned on as in the original posting error message.
@jeffkowalski Can this be fixed without having to disable 2FA? Seems like an insecure workaround.

[stefanoric]

I could login disabling 2FA.