Skip to content

fix: wrap unavailable CAA Bloks login endpoint#2728

Merged
subzeroid merged 2 commits into
masterfrom
fix/caa-login-endpoint-404
Jul 10, 2026
Merged

fix: wrap unavailable CAA Bloks login endpoint#2728
subzeroid merged 2 commits into
masterfrom
fix/caa-login-endpoint-404

Conversation

@subzeroid

@subzeroid subzeroid commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Summary

  • Align CAA/Bloks login text input IDs with the current app flow (<6 chars>:81 / <6 chars>:82) so send_login_request no longer returns the null-payload 404 for the helper payload.
  • Wrap unavailable CAA/Bloks login endpoint failures during the BadPassword fallback as TwoFactorRequired instead of leaking low-level ClientNotFoundError.
  • Preserve the original exception chain and stop before Bloks 2FA verification when the CAA context cannot be obtained.
  • Add regression coverage for both the updated CAA payload shape and the 404 + field_exception + Payload returned is null fallback path reported in [BUG] #2725.

Context

Refs #2725.

Fresh v434 login HAR metadata shows successful CAA login flows use username_text_input_id=<6 chars>:81 and password_text_input_id=<6 chars>:82. Live probes on this branch confirm the old helper payload returned ClientNotFoundError/404, while the updated payload returns status=ok for com.bloks.www.bloks.caa.login.async.send_login_request.

The PR still keeps the defensive wrapper because Instagram can return the same null-payload 404 for unsupported account/session states. Full automatic completion of every flagged-account CAA flow still depends on getting a real account state that returns two_step_verification_context.

Live Account Smoke

  • Parsed the freshest local account file (09-06-26_02-29-01-f516aec435b10cb570b50db0ce002097.txt) without printing credentials: 500 full rows with parseable session/auth and UUIDs.
  • Checked 10 fresh candidates; 2 saved-session accounts were usable.
  • On usable saved sessions, account_info() and user_info_by_username_v1("instagram") passed.
  • PR-specific live probe with synthetic username/fake password:
    • old helper payload reproduced the CAA null-payload 404;
    • updated helper payload returned status=ok on both default client settings and saved account settings;
    • the fallback path wraps a live CAA ClientNotFoundError as TwoFactorRequired.

Pre-Landing Review

No issues found.

Design Review

No frontend files changed; design review skipped.

Eval Results

No prompt-related files changed; evals skipped.

Plan Completion

No plan file detected.

Test plan

  • Live saved-session smoke on local test accounts
  • Live CAA helper route probe with synthetic username/fake password
  • .venv/bin/python -m ruff check .
  • .venv/bin/python -m ruff format --check .
  • .venv/bin/python -m pytest tests/regression/test_auth_story.py::AuthAndStoryRegressionTestCase::test_login_bad_password_without_context_wraps_unavailable_caa_bloks_endpoint -q
  • .venv/bin/python -m pytest tests/regression/test_bloks.py::BloksRegressionTestCase::test_bloks_caa_login_send_request_uses_current_payload -q
  • .venv/bin/python -m pytest tests/regression/test_auth_story.py tests/regression/test_bloks.py -q
  • .venv/bin/python -m pytest tests/regression -q (661 passed, 3 skipped)

@subzeroid subzeroid mentioned this pull request Jul 10, 2026
@subzeroid subzeroid merged commit 3341f65 into master Jul 10, 2026
12 checks passed
@subzeroid subzeroid deleted the fix/caa-login-endpoint-404 branch July 10, 2026 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant