LightZirconite/Microsoft-Rewards-Script
1
0
Fork 0
mirror of https://github.com/TheNetsky/Microsoft-Rewards-Script.git synced 2026-01-19 14:33:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

v3 init

Browse Source 
Based of v3.0.0b10.
This commit is contained in:
TheNetsky
2025-12-11 16:16:32 +01:00
parent 7b4b20ab4e
commit 2c4d85f732
58 changed files with 11062 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

509
src/browser/auth/Login.ts Normal file
View File

@@ -0,0 +1,509 @@
import type { Page } from 'patchright'
import type { MicrosoftRewardsBot } from '../../index'
import { saveSessionData } from '../../util/Load'
// Methods
import { MobileAccessLogin } from './methods/MobileAccessLogin'
import { EmailLogin } from './methods/EmailLogin'
import { PasswordlessLogin } from './methods/PasswordlessLogin'
import { TotpLogin } from './methods/Totp2FALogin'
type LoginState =
| 'EMAIL_INPUT'
| 'PASSWORD_INPUT'
| 'SIGN_IN_ANOTHER_WAY'
| 'PASSKEY_ERROR'
| 'PASSKEY_VIDEO'
| 'KMSI_PROMPT'
| 'LOGGED_IN'
| 'ACCOUNT_LOCKED'
| 'ERROR_ALERT'
| '2FA_TOTP'
| 'LOGIN_PASSWORDLESS'
| 'GET_A_CODE'
| 'UNKNOWN'
| 'CHROMEWEBDATA_ERROR'
export class Login {
emailLogin: EmailLogin
passwordlessLogin: PasswordlessLogin
totp2FALogin: TotpLogin
constructor(private bot: MicrosoftRewardsBot) {
this.emailLogin = new EmailLogin(this.bot)
this.passwordlessLogin = new PasswordlessLogin(this.bot)
this.totp2FALogin = new TotpLogin(this.bot)
}
private readonly primaryButtonSelector = 'button[data-testid="primaryButton"]'
private readonly secondaryButtonSelector = 'button[data-testid="secondaryButton"]'
async login(page: Page, email: string, password: string, totpSecret?: string) {
try {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Starting login process')
await page.goto('https://www.bing.com/rewards/dashboard', { waitUntil: 'domcontentloaded' }).catch(() => {})
await this.bot.utils.wait(2000)
await this.bot.browser.utils.reloadBadPage(page)
await this.bot.browser.utils.disableFido(page)
const maxIterations = 25
let iteration = 0
let previousState: LoginState = 'UNKNOWN'
let sameStateCount = 0
while (iteration < maxIterations) {
if (page.isClosed()) throw new Error('Page closed unexpectedly')
iteration++
this.bot.logger.debug(this.bot.isMobile, 'LOGIN', `State check iteration ${iteration}/${maxIterations}`)
const state = await this.detectCurrentState(page)
this.bot.logger.debug(this.bot.isMobile, 'LOGIN', `Current state: ${state}`)
if (state !== previousState && previousState !== 'UNKNOWN') {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', `State transition: ${previousState}${state}`)
}
if (state === previousState && state !== 'LOGGED_IN' && state !== 'UNKNOWN') {
sameStateCount++
if (sameStateCount >= 4) {
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN',
`Stuck in state "${state}" for 4 loops. Refreshing page...`
)
await page.reload({ waitUntil: 'domcontentloaded' })
await this.bot.utils.wait(3000)
sameStateCount = 0
previousState = 'UNKNOWN'
continue
}
} else {
sameStateCount = 0
}
previousState = state
if (state === 'LOGGED_IN') {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Successfully logged in')
break
}
const shouldContinue = await this.handleState(state, page, email, password, totpSecret)
if (!shouldContinue) {
throw new Error(`Login failed or aborted at state: ${state}`)
}
await this.bot.utils.wait(1000)
}
if (iteration >= maxIterations) {
throw new Error('Login timeout: exceeded maximum iterations')
}
await this.finalizeLogin(page, email)
} catch (error) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN',
`An error occurred: ${error instanceof Error ? error.message : String(error)}`
)
throw error
}
}
private async detectCurrentState(page: Page): Promise<LoginState> {
// Make sure we settled before getting a URL
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
const url = new URL(page.url())
this.bot.logger.debug(this.bot.isMobile, 'DETECT-CURRENT-STATE', `Current URL: ${url}`)
if (url.hostname === 'chromewebdata') {
this.bot.logger.warn(this.bot.isMobile, 'DETECT-CURRENT-STATE', 'Detected chromewebdata error page')
return 'CHROMEWEBDATA_ERROR'
}
const isLocked = await page
.waitForSelector('#serviceAbuseLandingTitle', { state: 'visible', timeout: 200 })
.then(() => true)
.catch(() => false)
if (isLocked) {
return 'ACCOUNT_LOCKED'
}
// If instantly loading rewards dash, logged in
if (url.hostname === 'rewards.bing.com') {
return 'LOGGED_IN'
}
// If account dash, logged in
if (url.hostname === 'account.microsoft.com') {
return 'LOGGED_IN'
}
const check = async (selector: string, state: LoginState): Promise<LoginState | null> => {
return page
.waitForSelector(selector, { state: 'visible', timeout: 200 })
.then(visible => (visible ? state : null))
.catch(() => null)
}
const results = await Promise.all([
check('div[role="alert"]', 'ERROR_ALERT'),
check('[data-testid="passwordEntry"]', 'PASSWORD_INPUT'),
check('input#usernameEntry', 'EMAIL_INPUT'),
check('[data-testid="kmsiVideo"]', 'KMSI_PROMPT'),
check('[data-testid="biometricVideo"]', 'PASSKEY_VIDEO'),
check('[data-testid="registrationImg"]', 'PASSKEY_ERROR'),
check('[data-testid="tile"]:has(svg path[d*="M11.78 10.22a.75.75"])', 'SIGN_IN_ANOTHER_WAY'),
check('[data-testid="deviceShieldCheckmarkVideo"]', 'LOGIN_PASSWORDLESS'),
check('input[name="otc"]', '2FA_TOTP'),
check('form[name="OneTimeCodeViewForm"]', '2FA_TOTP')
])
// Get a code
const identityBanner = await page
.waitForSelector('[data-testid="identityBanner"]', { state: 'visible', timeout: 200 })
.then(() => true)
.catch(() => false)
const primaryButton = await page
.waitForSelector(this.primaryButtonSelector, { state: 'visible', timeout: 200 })
.then(() => true)
.catch(() => false)
const passwordEntry = await page
.waitForSelector('[data-testid="passwordEntry"]', { state: 'visible', timeout: 200 })
.then(() => true)
.catch(() => false)
if (identityBanner && primaryButton && !passwordEntry && !results.includes('2FA_TOTP')) {
results.push('GET_A_CODE') // Lower prio
}
// Final
let foundStates = results.filter((s): s is LoginState => s !== null)
if (foundStates.length === 0) return 'UNKNOWN'
if (foundStates.includes('ERROR_ALERT')) {
if (url.hostname !== 'login.live.com') {
// Remove ERROR_ALERT if not on login.live.com
foundStates = foundStates.filter(s => s !== 'ERROR_ALERT')
}
if (foundStates.includes('2FA_TOTP')) {
// Don't throw on TOTP if expired code is entered
foundStates = foundStates.filter(s => s !== 'ERROR_ALERT')
}
// On login.live.com, keep it
return 'ERROR_ALERT'
}
if (foundStates.includes('ERROR_ALERT')) return 'ERROR_ALERT'
if (foundStates.includes('ACCOUNT_LOCKED')) return 'ACCOUNT_LOCKED'
if (foundStates.includes('PASSKEY_VIDEO')) return 'PASSKEY_VIDEO'
if (foundStates.includes('PASSKEY_ERROR')) return 'PASSKEY_ERROR'
if (foundStates.includes('KMSI_PROMPT')) return 'KMSI_PROMPT'
if (foundStates.includes('PASSWORD_INPUT')) return 'PASSWORD_INPUT'
if (foundStates.includes('EMAIL_INPUT')) return 'EMAIL_INPUT'
if (foundStates.includes('SIGN_IN_ANOTHER_WAY')) return 'SIGN_IN_ANOTHER_WAY'
if (foundStates.includes('LOGIN_PASSWORDLESS')) return 'LOGIN_PASSWORDLESS'
if (foundStates.includes('2FA_TOTP')) return '2FA_TOTP'
const mainState = foundStates[0] as LoginState
return mainState
}
private async handleState(
state: LoginState,
page: Page,
email: string,
password: string,
totpSecret?: string
): Promise<boolean> {
switch (state) {
case 'ACCOUNT_LOCKED': {
const msg = 'This account has been locked! Remove from config and restart!'
this.bot.logger.error(this.bot.isMobile, 'CHECK-LOCKED', msg)
throw new Error(msg)
}
case 'ERROR_ALERT': {
const alertEl = page.locator('div[role="alert"]')
const errorMsg = await alertEl.innerText().catch(() => 'Unknown Error')
this.bot.logger.error(this.bot.isMobile, 'LOGIN', `Account error: ${errorMsg}`)
throw new Error(`Microsoft login error message: ${errorMsg}`)
}
case 'LOGGED_IN':
return true
case 'EMAIL_INPUT': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Entering email')
await this.emailLogin.enterEmail(page, email)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'PASSWORD_INPUT': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Entering password')
await this.emailLogin.enterPassword(page, password)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'GET_A_CODE': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Attempting to bypass "Get code"')
// Select sign in other way
await this.bot.browser.utils.ghostClick(page, '[data-testid="viewFooter"] span[role="button"]')
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'CHROMEWEBDATA_ERROR': {
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN',
'chromewebdata error page detected, attempting to recover to Rewards home'
)
// Try go to Rewards dashboard
try {
await page
.goto(this.bot.config.baseURL, {
waitUntil: 'domcontentloaded',
timeout: 10000
})
.catch(() => {})
await this.bot.utils.wait(3000)
return true
} catch {
// If even that fails, fall back to login.live.com
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN',
'Failed to navigate to baseURL from chromewebdata, retrying login.live.com'
)
await page
.goto('https://login.live.com/', {
waitUntil: 'domcontentloaded',
timeout: 10000
})
.catch(() => {})
await this.bot.utils.wait(3000)
return true
}
}
case '2FA_TOTP': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'TOTP 2FA required')
await this.totp2FALogin.handle(page, totpSecret)
return true
}
case 'SIGN_IN_ANOTHER_WAY': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Selecting "Use my password"')
const passwordOption = '[data-testid="tile"]:has(svg path[d*="M11.78 10.22a.75.75"])'
await this.bot.browser.utils.ghostClick(page, passwordOption)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'KMSI_PROMPT': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Accepting KMSI prompt')
await this.bot.browser.utils.ghostClick(page, this.primaryButtonSelector)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'PASSKEY_VIDEO':
case 'PASSKEY_ERROR': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Skipping Passkey prompt')
await this.bot.browser.utils.ghostClick(page, this.secondaryButtonSelector)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'LOGIN_PASSWORDLESS': {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Handling passwordless authentication')
await this.passwordlessLogin.handle(page)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
return true
}
case 'UNKNOWN': {
const url = new URL(page.url())
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN',
`Unknown state at host:${url.hostname} path:${url.pathname}. Waiting...`
)
return true
}
default:
return true
}
}
private async finalizeLogin(page: Page, email: string) {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Finalizing login')
await page.goto(this.bot.config.baseURL, { waitUntil: 'networkidle', timeout: 10000 }).catch(() => {})
const loginRewardsSuccess = new URL(page.url()).hostname === 'rewards.bing.com'
if (loginRewardsSuccess) {
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Logged into Microsoft Rewards successfully')
} else {
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN',
'Could not verify Rewards Dashboard. Assuming login valid anyway.'
)
}
await this.verifyBingSession(page)
await this.getRewardsSession(page)
const browser = page.context()
const cookies = await browser.cookies()
await saveSessionData(this.bot.config.sessionPath, cookies, email, this.bot.isMobile)
this.bot.logger.info(this.bot.isMobile, 'LOGIN', 'Login completed! Session saved!')
}
async verifyBingSession(page: Page) {
const url =
'https://www.bing.com/fd/auth/signin?action=interactive&provider=windows_live_id&return_url=https%3A%2F%2Fwww.bing.com%2F'
const loopMax = 5
this.bot.logger.info(this.bot.isMobile, 'LOGIN-BING', 'Verifying Bing session')
try {
await page.goto(url, { waitUntil: 'networkidle', timeout: 10000 }).catch(() => {})
for (let i = 0; i < loopMax; i++) {
if (page.isClosed()) break
// Rare error state
const state = await this.detectCurrentState(page)
if (state === 'PASSKEY_ERROR') {
this.bot.logger.debug(
this.bot.isMobile,
'LOGIN-BING',
'Verification landed on Passkey error state! Trying to dismiss.'
)
await this.bot.browser.utils.ghostClick(page, this.secondaryButtonSelector)
}
const u = new URL(page.url())
const atBingHome = u.hostname === 'www.bing.com' && u.pathname === '/'
if (atBingHome) {
await this.bot.browser.utils.tryDismissAllMessages(page).catch(() => {})
const signedIn = await page
.waitForSelector('#id_n', { timeout: 3000 })
.then(() => true)
.catch(() => false)
if (signedIn || this.bot.isMobile) {
this.bot.logger.info(this.bot.isMobile, 'LOGIN-BING', 'Bing session established')
return
}
}
await this.bot.utils.wait(1000)
}
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN-BING',
'Could not confirm Bing session after retries; continuing'
)
} catch (error) {
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN-BING',
`Bing verification error: ${error instanceof Error ? error.message : String(error)}`
)
}
}
private async getRewardsSession(page: Page) {
const loopMax = 5
this.bot.logger.info(this.bot.isMobile, 'GET-REQUEST-TOKEN', 'Fetching request token')
try {
await page
.goto(`${this.bot.config.baseURL}?_=${Date.now()}`, { waitUntil: 'networkidle', timeout: 10000 })
.catch(() => {})
for (let i = 0; i < loopMax; i++) {
if (page.isClosed()) break
this.bot.logger.debug(
this.bot.isMobile,
'GET-REWARD-SESSION',
`Loop ${i + 1}/${loopMax} | URL=${page.url()}`
)
const u = new URL(page.url())
const atRewardHome = u.hostname === 'rewards.bing.com' && u.pathname === '/'
if (atRewardHome) {
await this.bot.browser.utils.tryDismissAllMessages(page)
const html = await page.content()
const $ = await this.bot.browser.utils.loadInCheerio(html)
const token =
$('input[name="__RequestVerificationToken"]').attr('value') ??
$('meta[name="__RequestVerificationToken"]').attr('content') ??
null
if (token) {
this.bot.requestToken = token
this.bot.logger.info(this.bot.isMobile, 'GET-REQUEST-TOKEN', 'Request token has been set!')
this.bot.logger.debug(
this.bot.isMobile,
'GET-REWARD-SESSION',
`Token extracted: ${token.substring(0, 10)}...`
)
return
}
this.bot.logger.debug(this.bot.isMobile, 'GET-REWARD-SESSION', 'Token NOT found on page')
}
await this.bot.utils.wait(1000)
}
this.bot.logger.warn(
this.bot.isMobile,
'GET-REQUEST-TOKEN',
'No RequestVerificationToken found — some activities may not work'
)
} catch (error) {
throw this.bot.logger.error(
this.bot.isMobile,
'GET-REQUEST-TOKEN',
`Reward session error: ${error instanceof Error ? error.message : String(error)}`
)
}
}
async getAppAccessToken(page: Page, email: string) {
return await new MobileAccessLogin(this.bot, page).get(email)
}
}

86
src/browser/auth/methods/EmailLogin.ts Normal file
View File

@@ -0,0 +1,86 @@
import type { Page } from 'patchright'
import type { MicrosoftRewardsBot } from '../../../index'
export class EmailLogin {
private submitButton = 'button[type="submit"]'
constructor(private bot: MicrosoftRewardsBot) {}
async enterEmail(page: Page, email: string): Promise<'ok' | 'error'> {
try {
const emailInputSelector = 'input[type="email"]'
const emailField = await page
.waitForSelector(emailInputSelector, { state: 'visible', timeout: 1000 })
.catch(() => {})
if (!emailField) {
this.bot.logger.warn(this.bot.isMobile, 'LOGIN-ENTER-EMAIL', 'Email field not found')
return 'error'
}
await this.bot.utils.wait(1000)
const prefilledEmail = await page
.waitForSelector('#userDisplayName', { state: 'visible', timeout: 1000 })
.catch(() => {})
if (!prefilledEmail) {
await page.fill(emailInputSelector, '').catch(() => {})
await this.bot.utils.wait(500)
await page.fill(emailInputSelector, email).catch(() => {})
await this.bot.utils.wait(1000)
} else {
this.bot.logger.info(this.bot.isMobile, 'LOGIN-ENTER-EMAIL', 'Email prefilled')
}
await page.waitForSelector(this.submitButton, { state: 'visible', timeout: 2000 }).catch(() => {})
await this.bot.browser.utils.ghostClick(page, this.submitButton)
this.bot.logger.info(this.bot.isMobile, 'LOGIN-ENTER-EMAIL', 'Email submitted')
return 'ok'
} catch (error) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-ENTER-EMAIL',
`An error occurred: ${error instanceof Error ? error.message : String(error)}`
)
return 'error'
}
}
async enterPassword(page: Page, password: string): Promise<'ok' | 'needs-2fa' | 'error'> {
try {
const passwordInputSelector = 'input[type="password"]'
const passwordField = await page
.waitForSelector(passwordInputSelector, { state: 'visible', timeout: 1000 })
.catch(() => {})
if (!passwordField) {
this.bot.logger.warn(this.bot.isMobile, 'LOGIN-ENTER-PASSWORD', 'Password field not found')
return 'error'
}
await this.bot.utils.wait(1000)
await page.fill(passwordInputSelector, '').catch(() => {})
await this.bot.utils.wait(500)
await page.fill(passwordInputSelector, password).catch(() => {})
await this.bot.utils.wait(1000)
const submitButton = await page
.waitForSelector(this.submitButton, { state: 'visible', timeout: 2000 })
.catch(() => null)
if (submitButton) {
await this.bot.browser.utils.ghostClick(page, this.submitButton)
this.bot.logger.info(this.bot.isMobile, 'LOGIN-ENTER-PASSWORD', 'Password submitted')
}
return 'ok'
} catch (error) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-ENTER-PASSWORD',
`An error occurred: ${error instanceof Error ? error.message : String(error)}`
)
return 'error'
}
}
}

88
src/browser/auth/methods/MobileAccessLogin.ts Normal file
View File

@@ -0,0 +1,88 @@
import type { Page } from 'patchright'
import { randomBytes } from 'crypto'
import { URLSearchParams } from 'url'
import type { AxiosRequestConfig } from 'axios'
import type { MicrosoftRewardsBot } from '../../../index'
export class MobileAccessLogin {
private clientId = '0000000040170455'
private authUrl = 'https://login.live.com/oauth20_authorize.srf'
private redirectUrl = 'https://login.live.com/oauth20_desktop.srf'
private tokenUrl = 'https://login.microsoftonline.com/consumers/oauth2/v2.0/token'
private scope = 'service::prod.rewardsplatform.microsoft.com::MBI_SSL'
private maxTimeout = 180_000 // 3min
constructor(
private bot: MicrosoftRewardsBot,
private page: Page
) {}
async get(email: string): Promise<string> {
try {
const authorizeUrl = new URL(this.authUrl)
authorizeUrl.searchParams.append('response_type', 'code')
authorizeUrl.searchParams.append('client_id', this.clientId)
authorizeUrl.searchParams.append('redirect_uri', this.redirectUrl)
authorizeUrl.searchParams.append('scope', this.scope)
authorizeUrl.searchParams.append('state', randomBytes(16).toString('hex'))
authorizeUrl.searchParams.append('access_type', 'offline_access')
authorizeUrl.searchParams.append('login_hint', email)
await this.bot.browser.utils.disableFido(this.page)
await this.page.goto(authorizeUrl.href).catch(() => {})
this.bot.logger.info(this.bot.isMobile, 'LOGIN-APP', 'Waiting for mobile OAuth code...')
const start = Date.now()
let code = ''
while (Date.now() - start < this.maxTimeout) {
const url = new URL(this.page.url())
if (url.hostname === 'login.live.com' && url.pathname === '/oauth20_desktop.srf') {
code = url.searchParams.get('code') || ''
if (code) break
}
await this.bot.utils.wait(1000)
}
if (!code) {
this.bot.logger.warn(this.bot.isMobile, 'LOGIN-APP', 'Timed out waiting for OAuth code')
return ''
}
const data = new URLSearchParams()
data.append('grant_type', 'authorization_code')
data.append('client_id', this.clientId)
data.append('code', code)
data.append('redirect_uri', this.redirectUrl)
const request: AxiosRequestConfig = {
url: this.tokenUrl,
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
data: data.toString()
}
const response = await this.bot.axios.request(request)
const token = (response?.data?.access_token as string) ?? ''
if (!token) {
this.bot.logger.warn(this.bot.isMobile, 'LOGIN-APP', 'No access_token in token response')
return ''
}
this.bot.logger.info(this.bot.isMobile, 'LOGIN-APP', 'Mobile access token received')
return token
} catch (error) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-APP',
`MobileAccess error: ${error instanceof Error ? error.message : String(error)}`
)
return ''
} finally {
await this.page.goto(this.bot.config.baseURL, { timeout: 10000 }).catch(() => {})
}
}
}

110
src/browser/auth/methods/PasswordlessLogin.ts Normal file
View File

@@ -0,0 +1,110 @@
import type { Page } from 'patchright'
import type { MicrosoftRewardsBot } from '../../../index'
export class PasswordlessLogin {
private readonly maxAttempts = 60
private readonly numberDisplaySelector = 'div[data-testid="displaySign"]'
private readonly approvalPath = '/ppsecure/post.srf'
constructor(private bot: MicrosoftRewardsBot) {}
private async getDisplayedNumber(page: Page): Promise<string | null> {
try {
const numberElement = await page
.waitForSelector(this.numberDisplaySelector, {
timeout: 5000
})
.catch(() => null)
if (numberElement) {
const number = await numberElement.textContent()
return number?.trim() || null
}
} catch (error) {
this.bot.logger.warn(this.bot.isMobile, 'LOGIN-PASSWORDLESS', 'Could not retrieve displayed number')
}
return null
}
private async waitForApproval(page: Page): Promise<boolean> {
try {
this.bot.logger.info(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
`Waiting for approval... (timeout after ${this.maxAttempts} seconds)`
)
for (let attempt = 1; attempt <= this.maxAttempts; attempt++) {
const currentUrl = new URL(page.url())
if (currentUrl.pathname === this.approvalPath) {
this.bot.logger.info(this.bot.isMobile, 'LOGIN-PASSWORDLESS', 'Approval detected')
return true
}
// Every 5 seconds to show it's still waiting
if (attempt % 5 === 0) {
this.bot.logger.info(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
`Still waiting... (${attempt}/${this.maxAttempts} seconds elapsed)`
)
}
await this.bot.utils.wait(1000)
}
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
`Approval timeout after ${this.maxAttempts} seconds!`
)
return false
} catch (error: any) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
`Approval failed, an error occurred: ${error instanceof Error ? error.message : String(error)}`
)
throw error
}
}
async handle(page: Page): Promise<void> {
try {
this.bot.logger.info(this.bot.isMobile, 'LOGIN-PASSWORDLESS', 'Passwordless authentication requested')
const displayedNumber = await this.getDisplayedNumber(page)
if (displayedNumber) {
this.bot.logger.info(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
`Please approve login and select number: ${displayedNumber}`
)
} else {
this.bot.logger.info(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
'Please approve login on your authenticator app'
)
}
const approved = await this.waitForApproval(page)
if (approved) {
this.bot.logger.info(this.bot.isMobile, 'LOGIN-PASSWORDLESS', 'Login approved successfully')
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
} else {
this.bot.logger.error(this.bot.isMobile, 'LOGIN-PASSWORDLESS', 'Login approval failed or timed out')
throw new Error('Passwordless authentication timeout')
}
} catch (error) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-PASSWORDLESS',
`An error occurred: ${error instanceof Error ? error.message : String(error)}`
)
throw error
}
}
}

163
src/browser/auth/methods/Totp2FALogin.ts Normal file
View File

@@ -0,0 +1,163 @@
import type { Page } from 'patchright'
import * as OTPAuth from 'otpauth'
import readline from 'readline'
import type { MicrosoftRewardsBot } from '../../../index'
export class TotpLogin {
private readonly textInputSelector =
'form[name="OneTimeCodeViewForm"] input[type="text"], input#floatingLabelInput5'
private readonly hiddenInputSelector = 'input[id="otc-confirmation-input"], input[name="otc"]'
private readonly submitButtonSelector = 'button[type="submit"]'
private readonly maxManualSeconds = 60
private readonly maxManualAttempts = 5
constructor(private bot: MicrosoftRewardsBot) {}
private generateTotpCode(secret: string): string {
return new OTPAuth.TOTP({ secret, digits: 6 }).generate()
}
private async promptManualCode(): Promise<string | null> {
return await new Promise(resolve => {
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
})
let resolved = false
const cleanup = (result: string | null) => {
if (resolved) return
resolved = true
clearTimeout(timer)
rl.close()
resolve(result)
}
const timer = setTimeout(() => cleanup(null), this.maxManualSeconds * 1000)
rl.question(`Enter the 6-digit TOTP code (waiting ${this.maxManualSeconds}s): `, answer => {
cleanup(answer.trim())
})
})
}
private async fillCode(page: Page, code: string): Promise<boolean> {
try {
const visibleInput = await page
.waitForSelector(this.textInputSelector, { state: 'visible', timeout: 500 })
.catch(() => null)
if (visibleInput) {
await visibleInput.fill(code)
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'Filled visible TOTP text input')
return true
}
const hiddenInput = await page.$(this.hiddenInputSelector)
if (hiddenInput) {
await hiddenInput.fill(code)
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'Filled hidden TOTP input')
return true
}
this.bot.logger.warn(this.bot.isMobile, 'LOGIN-TOTP', 'No TOTP input field found (visible or hidden)')
return false
} catch (error) {
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN-TOTP',
`Failed to fill TOTP input: ${error instanceof Error ? error.message : String(error)}`
)
return false
}
}
async handle(page: Page, totpSecret?: string): Promise<void> {
try {
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'TOTP 2FA authentication requested')
if (totpSecret) {
const code = this.generateTotpCode(totpSecret)
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'Generated TOTP code from secret')
const filled = await this.fillCode(page, code)
if (!filled) {
this.bot.logger.error(this.bot.isMobile, 'LOGIN-TOTP', 'Unable to locate or fill TOTP input field')
throw new Error('TOTP input field not found')
}
await this.bot.utils.wait(500)
await this.bot.browser.utils.ghostClick(page, this.submitButtonSelector)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'TOTP authentication completed successfully')
return
}
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'No TOTP secret provided, awaiting manual input')
for (let attempt = 1; attempt <= this.maxManualAttempts; attempt++) {
const code = await this.promptManualCode()
if (!code || !/^\d{6}$/.test(code)) {
this.bot.logger.warn(
this.bot.isMobile,
'LOGIN-TOTP',
`Invalid or missing TOTP code (attempt ${attempt}/${this.maxManualAttempts})`
)
if (attempt === this.maxManualAttempts) {
throw new Error('Manual TOTP input failed or timed out')
}
this.bot.logger.info(
this.bot.isMobile,
'LOGIN-TOTP',
'Retrying manual TOTP input due to invalid code'
)
continue
}
const filled = await this.fillCode(page, code)
if (!filled) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-TOTP',
`Unable to locate or fill TOTP input field (attempt ${attempt}/${this.maxManualAttempts})`
)
if (attempt === this.maxManualAttempts) {
throw new Error('TOTP input field not found')
}
this.bot.logger.info(
this.bot.isMobile,
'LOGIN-TOTP',
'Retrying manual TOTP input due to fill failure'
)
continue
}
await this.bot.utils.wait(500)
await this.bot.browser.utils.ghostClick(page, this.submitButtonSelector)
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => {})
this.bot.logger.info(this.bot.isMobile, 'LOGIN-TOTP', 'TOTP authentication completed successfully')
return
}
throw new Error(`Manual TOTP input failed after ${this.maxManualAttempts} attempts`)
} catch (error) {
this.bot.logger.error(
this.bot.isMobile,
'LOGIN-TOTP',
`An error occurred: ${error instanceof Error ? error.message : String(error)}`
)
throw error
}
}
}