Skip to content

fix(aiograpi): generate 6-digit TOTP code instead of submitting raw seed#46

Merged
subzeroid merged 1 commit into
mainfrom
fix/aiograpi-totp-code
Jun 20, 2026
Merged

fix(aiograpi): generate 6-digit TOTP code instead of submitting raw seed#46
subzeroid merged 1 commit into
mainfrom
fix/aiograpi-totp-code

Conversation

@subzeroid

Copy link
Copy Markdown
Owner

Summary

Fixes the aiograpi 2FA login failure reported in #45.

_ensure_logged_in passed the static base32 totp_seed directly into
client.login(verification_code=...). Instagram expects a current 6-digit
TOTP code
, not the secret, so it rejected every attempt with
400 Bad Request: Please check the security code and try again.

The fix derives the live code on the fly via aiograpi's synchronous
totp_generate_code(seed) staticmethod and submits that. Accounts without a
totp_seed still send an empty code, so non-2FA logins are unchanged.

The stale module docstring (which referenced a non-existent totp_seed=
kwarg on login) is corrected to match the actual verification_code path.

Changes

  • insto/backends/aiograpi.py — generate the 6-digit code before login; fix docstring.
  • tests/test_aiograpi_backend_login.py — new tests asserting the generated code (not the raw seed) reaches login, and that no-seed logins send "".

Testing

  • ruff check / ruff format --check — clean
  • mypy insto — clean
  • pytest --cov=insto --cov-fail-under=75 — 914 passed, 82.37% coverage

Closes #45

🤖 Generated with Claude Code

`_ensure_logged_in` passed the static base32 `totp_seed` straight into
`client.login(verification_code=...)`, which Instagram rejects as an
invalid security code (400 Bad Request). Derive the current 6-digit code
on the fly via aiograpi's `totp_generate_code` helper and submit that.
Accounts without 2FA still send an empty code.

Closes #45

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@subzeroid subzeroid merged commit 6914012 into main Jun 20, 2026
3 checks passed
@subzeroid subzeroid deleted the fix/aiograpi-totp-code branch June 20, 2026 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] aiograpi backend submits raw TOTP seed instead of generating 6-digit verification code

1 participant