Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extra parameter needed not in documentation? #21

Open
thewithz opened this issue Feb 20, 2017 · 43 comments
Open

Extra parameter needed not in documentation? #21

thewithz opened this issue Feb 20, 2017 · 43 comments
Labels

Comments

@thewithz
Copy link

thewithz commented Feb 20, 2017

When using method auth.userLogin I am getting an error code 4 URL_PARAM_MISSING_PARTNER_ID. The documentation says that you only need 5 parameters, the method name, the login type, username, password, and partnerAuthToken. But when I send
{ "loginType" : "user", "username" : "uname", "password" : "passwd", "partnerAuthToken" : "token"} to http://tuner.pandora.com/services/json/?method=auth.userLogin it still says I am missing a parameter.

I've tried to send to http://tuner.pandora.com/services/json/?method=auth.userLogin&partnerId=id as well but this also fails.

@PromyLOPh
Copy link
Owner

PromyLOPh commented Feb 20, 2017 via email

@thewithz
Copy link
Author

thewithz commented Feb 21, 2017

I'm a bit confused because in this instance, isn't the auth_token url parameter the same as the partnerAuthToken you send via the json? Or are they different? I'm sending to https://tuner.pandora.com/services/json/?method=auth.userLogin&auth_token=token&partner_id=id now and it is returning an error code 0.

EDIT: Never mind, I see now why I need auth_token however I'm still baffled as to why I am receiving an error code 0.

EDIT 2: leaving partner_id blank gives an error code 1010. So that part is working normally.

@PromyLOPh
Copy link
Owner

PromyLOPh commented Feb 21, 2017 via email

@thewithz
Copy link
Author

Ok I understand what I'm doing wrong now. Sorry for the confusion!

@thewithz
Copy link
Author

I'm sorry to bother you again, but this is just unbelievably frustrating. I keep receiving error code 0 when trying to log in as a user. I am sending this json:
{ "syncTime": 1872069792, "password": "*********", "loginType": "user", "partnerAuthToken": "token", "username": "*****@gmail.com" } where syncTime is the (current time of partner log in minus the decrypted time) plus current time of user log in
my URL is this https://tuner.pandora.com/services/json/?method=auth.userLogin&auth_token=TOKEN&partner_id=ID

@brunoescalona-zz
Copy link

Hi!
I am having the same issue that you. I don't know who to obtain the auth_token parameter for the url. Is it the same as the partner authentification token?

@PromyLOPh
Copy link
Owner

PromyLOPh commented Feb 22, 2017 via email

@brunoescalona-zz
Copy link

@PromyLOPh Thank you for the response.
@thewithz are you still having the same issue with the syncTime? Could you give me an example to calculate that parameter? (I have no idea how to decrypt the time obtained from Pandora).

@thewithz
Copy link
Author

thewithz commented Feb 22, 2017

@brunoescalona I used something called Blowfish to decrypt the sync time. What language are you using?

@PromyLOPh I'm writing an API wrapper in Java, because there is none yet, and I want to interface it with another Java project I am working on. I encrypted the JSON post body with the partner password listed in the API doc. Was there a different encryption I am supposed to be using?

@brunoescalona-zz
Copy link

@thewithz right now I am not using any language. I want to implement it in Node.js but at the moment I am trying to obtain as much info as I can. At the moment I am using POST request by hand with POSTMAN tool, but I am not able to obtain any results. Just the partner authentication.
In the login request I get the 0 error code. I am stucked right now.

@PromyLOPh
Copy link
Owner

PromyLOPh commented Feb 22, 2017 via email

@thewithz
Copy link
Author

Just to clarify in case I'm getting this wrong, am I supposed to encrypt the final json or each key value pair individually

@PromyLOPh
Copy link
Owner

PromyLOPh commented Feb 23, 2017 via email

@brunoescalona-zz
Copy link

@thewithz Hi, How do you get the syncTime decoded exactly? I am using blowfish with the partner password as key but I can't get a time. I am using blowfish.

@thewithz
Copy link
Author

thewithz commented Mar 8, 2017

@brunoescalona at first I got it working, but now two weeks later I am receiving error code 13s on any command i try to run. I think it might have something to do with the fact that Pandora's website got updated... I don't want to show you code that doesn't work.

@brunoescalona-zz
Copy link

@thewithz ok! but I would like just to know how did you do the decoding stuff I was trying to obtain something valid but I just get incoherent data and numbers....

@FireController1847
Copy link
Contributor

FireController1847 commented Apr 2, 2017

@brunoescalona I'm trying to do the same and create a Node.js API. Have you gotten past the Code 0 error? If so, how did you fix it? If you have Discord I'd love to talk to you about it! Add me, FireController1847#3577

@brunoescalona-zz
Copy link

@FireController1847 sorry for my delay.
No at the moment I have stopped that project but I am still stucked in that point. I can obtain the partner login but I am not able to decode properly the syncTime.

@FireController1847
Copy link
Contributor

@brunoescalona Aww, alright.

@brunoescalona-zz
Copy link

@FireController1847 here I have all the code I did for the partner authentication but I could not do the login. Just it is usefull for you....
pandora node.js
If you can decode the syncTime or make some advance just let me know please :)

@FireController1847
Copy link
Contributor

@brunoescalona I was able to decode syncTime using the blowfish module you were talking about. Maybe you were having issues for it? Even with syncTime, I couldn't get past the Code 0 error on Postman.

@PromyLOPh
Copy link
Owner

PromyLOPh commented Apr 4, 2017 via email

@FireController1847
Copy link
Contributor

It's be great if you guys could talk about this on me within Discord. Add me, my name is FireController1847#9085 @PromyLOPh @brunoescalona

@brunoescalona-zz
Copy link

@PromyLOPh Thank you!!!!!! I didn't see the decrypt password and I was using the password itself.
@FireController1847 how are you obtaining the syncTime? Are you using just the decoded syncTime or are you using this formula? Maybe that could solve the problem:

https://6xq.net/pandora-apidoc/json/

Synchonized time. Calculation: current time + (time of Partner login request – syncTime from Partner login response). This is a protection against replay-attacks.

@FireController1847
Copy link
Contributor

FireController1847 commented Apr 4, 2017

942yk 1
@brunoescalona @PromyLOPh I'm doing exactly what's in the image above. This is the data I am sending. To be honest, I'm probably missing something very obvious.
bq8yu 1

@brunoescalona-zz
Copy link

@thewithz Are you sending the Body encoded? I think in the user login you should send it encoded.

Unless noted otherwise JSON-encoded requests sent by the client within the HTTP POST body are encrypted using Blowfish ECB and converted to hexadecimal notation with lowercase letters.

@brunoescalona-zz
Copy link

My user brunoescalona#0787

@FireController1847
Copy link
Contributor

FireController1847 commented Jul 19, 2017

@thewithz How did you fix that damn Code 0 error?
@brunoescalona I've moved on from the Code 0 error to a... Code 1001? How the hell do you get a code 1001 on a user login?! I loop through the key of every object and encrypt it that way. Then the object ends up being stuff like {"loginType": "EE1EE3EBFD..."}

@brunoescalona-zz
Copy link

@FireController1847 hi I left the project time ago haha. I could not connect so I just leave it at the end.

@FireController1847
Copy link
Contributor

@brunoescalona I keep leaving it but then I keep coming back thinking I'll do it this time.... of course, every time I do it I just receive the same ol' Code 0 error. Until recently, when I figured out something extremely important: We were encrypting incorrectly.

@brunoescalona-zz
Copy link

@FireController1847 why we were encryting incorrectly?

@FireController1847
Copy link
Contributor

@brunoescalona When we had the object, we did not need to stringify it and then encrypt it, but instead we needed to encrypt every value within the object. Here's an example below.

let userLoginInfo = {
  "loginType": "user",
  "username": "XXX@gmail.com",
  "password": "XXXXX",
  // "incluePandoraOneInfo": true,
  // "includeSubscriptionExpiration": true,
  // "returnCapped": true,
  // "includeAdAttributes": true,
  // "includeAdvertiserAttributes": true,
  // "xplatformAdCapable": true,
  "partnerAuthToken": res.partnerAuthToken,
  "syncTime": calcdSyncTime
}

to...

Encrypted User Login Info: {
  "loginType": "EE1EE3EBFD757FCA",
  "username": "XXXX",
  "password": "XXXX",
  "partnerAuthToken": "F64EAFC5B1FA3A2C7388867A53FA787B7596A4F3E34A403BF6A8A942F41E1DFA1A00444A886473BB",
  "syncTime": null
}

@brunoescalona-zz
Copy link

@FireController1847 ok I understand.... so when I have time I will try it again.

@FireController1847
Copy link
Contributor

FireController1847 commented Jul 19, 2017

@brunoescalona I'll be on Discord if you want to chat. FireController1847#9085

@brunoescalona-zz
Copy link

@FireController1847 ok! if I have time I will connect. :) thank you!

@abreksa4
Copy link

Seeing an error 9 with the following request after a successful partner login:

{"loginType":"user","username":"xxxxx@xxxxx.xxx","password":"xxxxxxxx","partnerAuthToken":"xxxxxxxxxxxx","syncTime":0}
array(3) {
  ["auth_token"]=>
  string(34) "xxxxx"
  ["partner_id"]=>
  string(2) "xx"
  ["method"]=>
  string(14) "auth.userLogin"
}

Where partnerAuthToken and auth_token are the value returned from the successful partner login.

Any thoughts? Not sure if 0 is a valid syncTime value, but wouldn't think error 9 would be the response in that case.

@FireController1847
Copy link
Contributor

@abreksa4 SyncTime cannot be 0, it's a built number using Date.now() and something else (for JS). It's been so long, though, that I can't remember. Sorry :(

@abreksa4
Copy link

@FireController1847 No problem, thanks for the pointer. Looks like my application (read: environment) was encrypting/decrypting the data incorrectly. syncTime is no longer zero, but getting a 1002 error now (INVALID_PARTNER_LOGIN) while using the info provided in the docs here for partner credentials, same as the rest of the implementations I've looked at.

Anyone experiencing that? Not really under the scope of this ticket, but figured I'd mention it while I try to work it out.

@PromyLOPh
Copy link
Owner

PromyLOPh commented Dec 27, 2017 via email

@abreksa4
Copy link

abreksa4 commented Dec 27, 2017

@PromyLOPh I'm using the android credentials as well, though I cycled through the rest of the available sets and got the same error, so thinking it's an issue on my end if other projects are using them successfully.

@abreksa4
Copy link

Alright, figured since I got this resolved I'd post the results here.

Turned out to be an issue with PHP 7.2 dropping mcrypt, and the ensuing headaches caused by trying to use openssl instead.

Asked the question on freenode in ##php, and was pointed at http://php.net/manual/en/function.openssl-encrypt.php#121545 within 20 minutes, courtesy of Sammitch.

Used the magic methods included in that comment and now the api calls are working.

Link to the updated php library fork for anyone interested: https://github.com/abreksa4/php-pandora-api

@FireController1847
Copy link
Contributor

@abreksa4 You're saying your PHP library is working. Do you mind talking with me on Discord or Email so I can try and get past the userLogin? I'm still getting Code 0. Add me on Discord FireController1847#3577 or email me at contact@visualfiredev.com, as if you could give me some tips and questions that would be amazing (rather than me trying to decode your PHP library, one of the few languages I understand unlike C, Python, and C# xD)

@FireController1847
Copy link
Contributor

Scratch that on that last comment. I cannot believe it, but I finally got it to work. Thank you everyone who was part of and helped in this thread (even though it's not mine xD)!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants