automating MFA authentication

[RobertAgee]

Checklist

• Added tests for changed code.
• Updated documentation for changed code.
• I've added a news fragment of my changes with the name,
  "{ISSUE_NUM}.{feature|bugfix|doc|removal|misc}""

Related Issue

#300 - fixes need for 0auth refreshing by self-authenticating on each login

Description

Utilizes PyOTP library to provide MFA code automatically to RH. User can pass 16-digit QR generation code (obtainable from RH app) to SessionManager as a 'mfa' parameter. However, user still retains the ability to manually validate if desired.

Docstring is updated and newsfragment added. Basic testing added to validate **sample_user.

[adithyabsk]

Thank you for the contribution @RobertAgee! I made some slight changes and merged

[Kurry]

This pull request was quite confusing. mfa argument is actually mfa_secret_key, but once I could get that through https://github.com/scito/extract_otp_secrets, I was able to login in.

from pyzbar.pyzbar import decode
from PIL import Image

# load the image to PIL, if you took a screenshot of your exported account
image = Image.open('data/otp.jpg')

# decode the image
decoded_objects = decode(image)

# print decoded data
for obj in decoded_objects:
    print("Type:", obj.type)
    print("Data:", obj.data.decode("utf-8"))

Then run and make sure you replace the data in the example_export.txt with the "Data:" output from above:

git clone https://github.com/scito/extract_otp_secrets.git
cd extract_otp_secrets
pip install --user -r requirements.txt
python src/extract_otp_secrets.py example_export.txt

That will output something like this:

Name:    Robinhood 
Secret:  16-digit QR generation code
Type:    totp

Then you can log in like this:

from pyrh import Robinhood
rh = Robinhood(username='youremail@address.com', password='yourpassword', mfa='16-digit QR generation code')

@RobertAgee Thank you for the pull request, though. Great work.

[RobertAgee]

Hi Kurry, the 16 digit qr code is provided already by robinhood and there is no need to convert the qr image to the 16 digit code. The code along with other credentials can be stored as environment variables or a config file, and imported as parameters for the login. In the future, if you have questions, it's better to submit an issue asking for clarification.

[Kurry]

Hi Kurry, the 16 digit qr code is provided already by robinhood and there is no need to convert the qr image to the 16 digit code. The code along with other credentials can be stored as environment variables or a config file, and imported as parameters for the login. In the future, if you have questions, it's better to submit an issue asking for clarification.

Interesting. How do you get the 16 digit QR code from Robinhood?

[Kurry]

Hi Kurry, the 16 digit qr code is provided already by robinhood and there is no need to convert the qr image to the 16 digit code. The code along with other credentials can be stored as environment variables or a config file, and imported as parameters for the login. In the future, if you have questions, it's better to submit an issue asking for clarification.

Interesting. How do you get the 16 digit QR code from Robinhood?

Oh I see, nvm I see it in the application. Good to know lol