[twitter] fix login with username & password

It is no longer possible to get an 'authenticity_token' from Twitter's Javascript-free login form, which got disabled few days ago. Generating a random 16 byte hex string client-side and sending that as a cookie alongside the regular login form works just as well.
4 years ago · b656b829db
parent d1903589a5
commit b656b829db
3 changed files with 17 additions and 16 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,7 @@
 # Changelog

+## Unreleased
+
 ## 1.16.1 - 2020-12-27
 ### Additions
 - [instagram] add `include` option ([#1180](https://github.com/mikf/gallery-dl/issues/1180))
--- a/gallery_dl/extractor/twitter.py
+++ b/gallery_dl/extractor/twitter.py
@ -239,30 +239,29 @@ class TwitterExtractor(Extractor):
    def _login_impl(self, username, password):
        self.log.info("Logging in as %s", username)

-        url = "https://mobile.twitter.com/i/nojs_router"
-        params = {"path": "/login"}
-        headers = {"Referer": self.root + "/", "Origin": self.root}
-        page = self.request(
-            url, method="POST", params=params, headers=headers, data={}).text
+        token = util.generate_csrf_token()
+        self.session.cookies.clear()
+        self.request(self.root + "/login")

-        pos = page.index('name="authenticity_token"')
-        token = text.extract(page, 'value="', '"', pos)[0]
-
-        url = "https://mobile.twitter.com/sessions"
+        url = self.root + "/sessions"
+        cookies = {
+            "_mb_tk": token,
+        }
        data = {
+            "redirect_after_login"      : "/",
+            "remember_me"               : "1",
            "authenticity_token"        : token,
+            "wfa"                       : "1",
+            "ui_metrics"                : "{}",
            "session[username_or_email]": username,
            "session[password]"         : password,
-            "remember_me"               : "1",
-            "wfa"                       : "1",
-            "commit"                    : "+Log+in+",
-            "ui_metrics"                : "",
        }
-        response = self.request(url, method="POST", data=data)
+        response = self.request(
+            url, method="POST", cookies=cookies, data=data)
+
        cookies = {
            cookie.name: cookie.value
            for cookie in self.session.cookies
-            if cookie.domain == self.cookiedomain
        }

        if "/error" in response.url or "auth_token" not in cookies:
--- a/gallery_dl/version.py
+++ b/gallery_dl/version.py
@ -6,4 +6,4 @@
 # it under the terms of the GNU General Public License version 2 as
 # published by the Free Software Foundation.

-__version__ = "1.16.1"
+__version__ = "1.16.2-dev"