API Help: String index out of range: -25

[betapictoris]

Hello, I love the library, but I'm working on a plugin for a Go application (so I can't use it), but using mitmproxy and the code here I'm trying to complete the API requests to login.

I've retrieved a CSRF token, I've been storing the cookies, but, when I go to POST the login route I get the following result:

{"timestamp":1718994821083,"status":500,"error":"Internal Server Error","exception":"java.lang.StringIndexOutOfBoundsException","message":"String index out of range: -25","path":"/sso/signin"}

I am sending SESSION, SameSite, org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE, __cf_bm, __cflb, _cfuvid, ADRUM_BTa, ADRUM_BT1, and __VCAP_ID__ cookies, the only one that it looks like I don't have is cf_clearance (which it also looks like garth isn't using). If it's any help my headers are set to those of the iOS version of the app, but I was using the Android ones for a bit.

Again, thanks for an amazing Python library, and I've been stuck on this problem for a day now, so any help would be greatly appreciated.

[matin]

Happy you like it!

Are you using this same request?

    client.post(
        "sso",
        "/sso/signin",
        params=SIGNIN_PARAMS,
        referrer=True,
        data=dict(
            username=email,
            password=password,
            embed="true",
            _csrf=csrf_token,
        ),
    )

Here's de regex for the CSRF token:

re.compile(r'name="_csrf"\s+value="(.+?)"')

[betapictoris]

Yeah, I've done this, that route is actually where I'm getting that error. I am including the CSRF token as well. In fact, it looks like I'm doing everything that your library is doing, just in Go. Maybe it's an issue with how I'm handling the HTTP requests though....

[matin]

Can you share a link to your code?

Happy to review

[betapictoris]

Thanks for the offer, but I think I found a way around it, considering it's a plugin I should be able to get a GUI (in which case I can just create an iframe of the embed page, then read the URL once the user has completed sign in, this way I wouldn't need to do any 2FA handling either). Again, thanks for making the Python library!