pixivpy: HTTP 403

Recently started to occur with the .login() function

pixivpy3.utils.PixivError: [ERROR] auth() failed! check username and password.
HTTP 403. . .

After that, All this html thing

The account credentials are correct. The account has not been banned, i tried with a new one, it doesn’t work either

I hope this is not a silly mistake on my part

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 21 (10 by maintainers)

Commits related to this issue

Most upvoted comments

The cloudscraper thing still works for me 🤷, but the underlying issue seems to be the user-agent string because changing this line https://github.com/upbit/pixivpy/blob/bcceffc7e1ba73be300ceb339b59b0e84290dae3/pixivpy3/api.py#L83

to

            'User-Agent': 'foo',

(i.e. just any random string) consistently fixes it as well for me.

Good job! I will test whether this method is stable as soon as possible.

Release 3.5.10, please upgrade: pip install PixivPy==3.5.10

The cloudscraper thing still works for me 🤷, but the underlying issue seems to be the user-agent string because changing this line https://github.com/upbit/pixivpy/blob/bcceffc7e1ba73be300ceb339b59b0e84290dae3/pixivpy3/api.py#L83 to

            'User-Agent': 'foo',

(i.e. just any random string) consistently fixes it as well for me.

I tried the original code, and I did not trigger 403 (in Guangdong Telecom environment and Hong Kong proxy server). I can only guess that CloudFare may not restrict low-frequency access.

I just pushed a test version, can anyone who met 403 help verify whether it works?

Upgrade to 3.5.10(test env) pip install -i https://test.pypi.org/simple/ PixivPy OR pull master changes 9798741 to local

因为无法触发限制,有同学可以帮忙验证下这个改动是否稳定吗?可以用pip install -i https://test.pypi.org/simple/ PixivPy升级到3.5.10再试下

The test version has resolved the 403 problem on my side.

Changing this line: https://github.com/upbit/pixivpy/blob/bcceffc7e1ba73be300ceb339b59b0e84290dae3/pixivpy3/api.py#L29 to

self.requests = cloudscraper.create_scraper()

from the cloudscraper module seems to “fix” it for me fwiw

I Pulled Master changes to local, it fixes the error 403.

@remiliacn Can this version fix your problem? I did not use a random User-Agent, just changed the version number.

无法在本地复现403问题,功能完全正常,返回值就是正常的json;登陆后其他操作也没有问题

另外说到客户端,重新测试了一下 iOS客户端使用accounts.pixiv.net进行登陆,带recaptcha,登陆和回调链接为下面的两个:

https://accounts.pixiv.net/login...
https://app-api.pixiv.net/web/v1/users/auth/pixiv/start?code_challenge=....&code_challenge_method=S256&client=pixiv-ios

Android客户端解包v5.0.219以后也有了类似的验证方式,另外貌似删除了oauth.secure.pixiv.net接口(没有找到相关内容)

/* compiled from: PixivOAuthLoginService.kt */
public static final class C6770c<T, R> implements C5711g<T, R> {
...
    public final /* synthetic */ Object apply(Object obj) {
        C6787a aVar = (C6787a) obj;
        C9228j.m23839b(aVar, "it");
        return this.f22320a.f22316b.f23930b + "/web/v1/login?code_challenge=" + aVar.f22357a + "&code_challenge_method=S256&client=pixiv-android";
    }
}

作为参考,原本的请求参数部分和PixivOAuthResponse好像都做了修改

/* new v5.0.219 */
C6042s<R> c = a.f22285a.mo25627a(bVar.f26842a, bVar2.f22358a, authorizationCode.f22354a, "authorization_code", bVar.f26843b, "MOBrBDS8blbauoSck0ZfDbtuzpyT", "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj", true).mo24530c(new C6746a.C6749c(a));
C6042s<C7130e> mo25627a(@C9694y String str, @C9672c(mo29288a = "code_verifier") String str2, @C9672c(mo29288a = "code") String str3, @C9672c(mo29288a = "grant_type") String str4, @C9672c(mo29288a = "redirect_uri") String str5, @C9672c(mo29288a = "client_id") String str6, @C9672c(mo29288a = "client_secret") String str7, @C9672c(mo29288a = "include_policy") boolean z);

/* old v5.0.156 */
PixivOAuthResponse b = C4402h.m13992a().mo21264b("MOBrBDS8blbauoSck0ZfDbtuzpyT", "lsACyCD94FhDUtGTXi3QzcFE2uU1hqtDaKeqrdwj", "password", str2, password, C3841g.m12695a(), true, true);
PixivOAuthResponse mo21264b(@C6444c(mo24824a = "client_id") String str, @C6444c(mo24824a = "client_secret") String str2, @C6444c(mo24824a = "grant_type") String str3, @C6444c(mo24824a = "username") String str4, @C6444c(mo24824a = "password") String str5, @C6444c(mo24824a = "device_token") String str6, @C6444c(mo24824a = "get_secure_url") boolean z, @C6444c(mo24824a = "include_policy") boolean z2);

有可能更换了登陆API或者修改了实现方式?(才疏学浅,看得比较粗略