superdima05/newauth.py

## newauth.py
import requests, json
import urllib.parse
from bs4 import BeautifulSoup

login = ""
password = ""
secondAttempt = "" # Enter your trackID, if you were redirected to verification page.

# For Charles
verify = True
proxies = None
# For Charles

# Dev settings
domain = "https://passport.yandex.com/"
clientID = "c0ebe342af7d48fbbbfcf2d2eedb8f9e"
clientSecret = "ad0a908f0aa341a182a37ecd75bc319e"

clientID2 = "23cabbbdc6cd418abb4b39c32c41195d"
clientSecret2 = "53bc75238f0c4d08a118e51fe9203300"
# Dev settings

uids = {"yandexuid": None, "uniqueuid": None, "theme": "dark", "_ym_isad": "2", "_ym_visorc": "b"}

r = requests.get(domain+"am?app_platform=ios&app_id=ru.yandex.mobile.music", verify = verify, proxies = proxies)
for i in r.cookies:
	uids[i.name] = i.value

soup = BeautifulSoup(r.text, 'html.parser')
c = soup.find_all("form", {"action": domain+"auth"})[0]
csrfToken = c.find_all("input", {"name": "csrf_token"})[0].get('value')

# Step1 Auth (Get track_id)

if secondAttempt == "":
	trackID = None

	r = requests.post(domain+"registration-validations/auth/multi_step/start", verify = verify, proxies = proxies, cookies = uids, data = {"csrf_token": csrfToken, "login": login, "app_id": "ru.yandex.mobile.music", "appId": "ru.yandex.mobile.music", "am_version_name": "6.6.1", "app_platform": "ios", "isAm": True})
	j = json.loads(r.text)

	trackID = j['track_id']
else:
	trackID = secondAttempt

# Step2 Commit password and get Session_id, if password correct

sessionID = None

r = requests.post(domain+"registration-validations/auth/multi_step/commit_password", verify = verify, proxies = proxies, cookies = uids, data = {"csrf_token": csrfToken, "password": password, "track_id": trackID, "retpath": domain+"am/finish?status=ok&from=Login"})
j = json.loads(r.text)

if 'state' in j and j['state'] == "auth_challenge":
	exit("Open "+domain+j['redirect_url'][1:]+" and then try again with this trackID: "+trackID) # Very important note! Don't allow browser to redirect after phone confirmation, because trackID will become invalid.

if j['status'] != "ok":
	exit(j)

for i in r.cookies:
	if i.name == "Session_id":
		sessionID = i.value

# Step3 get access_token by sessionID

headers = {
	"Ya-Client-Host": "yandex.com",
	"Accept-Language": "en-US;q=1",
	"Ya-Client-Cookie": "Session_id="+sessionID+";"
}

data = {
	"client_id": clientID,
	"client_secret": clientSecret,
	"grant_type": "sessionid",
	"host": "yandex.com"
}

url = "https://mobileproxy.passport.yandex.net/1/bundle/oauth/token_by_sessionid?app_id=ru.yandex.mobile.music"

r = requests.post(url, data = data, headers = headers, verify = verify, proxies = proxies)
accessToken = json.loads(r.text)['access_token'] #This access token can't be used in Yandex.Music

# Step4 Exchange unknown accessToken to Yandex.Music access token

data = {
	"access_token": accessToken,
	"client_id": clientID2,
	"client_secret": clientSecret2,
	"grant_type": "x-token"
}

r = requests.post("https://mobileproxy.passport.yandex.net/1/token", data = data)

print(r.text)
	import requests, json
	import urllib.parse
	from bs4 import BeautifulSoup

	login = ""
	password = ""
	secondAttempt = "" # Enter your trackID, if you were redirected to verification page.

	# For Charles
	verify = True
	proxies = None
	# For Charles

	# Dev settings
	domain = "https://passport.yandex.com/"
	clientID = "c0ebe342af7d48fbbbfcf2d2eedb8f9e"
	clientSecret = "ad0a908f0aa341a182a37ecd75bc319e"

	clientID2 = "23cabbbdc6cd418abb4b39c32c41195d"
	clientSecret2 = "53bc75238f0c4d08a118e51fe9203300"
	# Dev settings

	uids = {"yandexuid": None, "uniqueuid": None, "theme": "dark", "_ym_isad": "2", "_ym_visorc": "b"}

	r = requests.get(domain+"am?app_platform=ios&app_id=ru.yandex.mobile.music", verify = verify, proxies = proxies)
	for i in r.cookies:
	uids[i.name] = i.value

	soup = BeautifulSoup(r.text, 'html.parser')
	c = soup.find_all("form", {"action": domain+"auth"})[0]
	csrfToken = c.find_all("input", {"name": "csrf_token"})[0].get('value')

	# Step1 Auth (Get track_id)

	if secondAttempt == "":
	trackID = None

	r = requests.post(domain+"registration-validations/auth/multi_step/start", verify = verify, proxies = proxies, cookies = uids, data = {"csrf_token": csrfToken, "login": login, "app_id": "ru.yandex.mobile.music", "appId": "ru.yandex.mobile.music", "am_version_name": "6.6.1", "app_platform": "ios", "isAm": True})
	j = json.loads(r.text)

	trackID = j['track_id']
	else:
	trackID = secondAttempt

	# Step2 Commit password and get Session_id, if password correct

	sessionID = None

	r = requests.post(domain+"registration-validations/auth/multi_step/commit_password", verify = verify, proxies = proxies, cookies = uids, data = {"csrf_token": csrfToken, "password": password, "track_id": trackID, "retpath": domain+"am/finish?status=ok&from=Login"})
	j = json.loads(r.text)

	if 'state' in j and j['state'] == "auth_challenge":
	exit("Open "+domain+j['redirect_url'][1:]+" and then try again with this trackID: "+trackID) # Very important note! Don't allow browser to redirect after phone confirmation, because trackID will become invalid.

	if j['status'] != "ok":
	exit(j)

	for i in r.cookies:
	if i.name == "Session_id":
	sessionID = i.value

	# Step3 get access_token by sessionID

	headers = {
	"Ya-Client-Host": "yandex.com",
	"Accept-Language": "en-US;q=1",
	"Ya-Client-Cookie": "Session_id="+sessionID+";"
	}

	data = {
	"client_id": clientID,
	"client_secret": clientSecret,
	"grant_type": "sessionid",
	"host": "yandex.com"
	}

	url = "https://mobileproxy.passport.yandex.net/1/bundle/oauth/token_by_sessionid?app_id=ru.yandex.mobile.music"

	r = requests.post(url, data = data, headers = headers, verify = verify, proxies = proxies)
	accessToken = json.loads(r.text)['access_token'] #This access token can't be used in Yandex.Music

	# Step4 Exchange unknown accessToken to Yandex.Music access token

	data = {
	"access_token": accessToken,
	"client_id": clientID2,
	"client_secret": clientSecret2,
	"grant_type": "x-token"
	}

	r = requests.post("https://mobileproxy.passport.yandex.net/1/token", data = data)

	print(r.text)