fix: add 2fa key error checking

custom_components/alexa_media/.translations/en.json

@@ -1,44 +1,38 @@
 {
   "config": {
-    "abort": {
-      "forgot_password": "The Forgot Password page was detected. This normally is the result of too may failed logins. Amazon may require action before a relogin can be attempted.",
-      "login_failed": "Alexa Media Player failed to login.",
-      "reauth_successful": "Alexa Media Player successfully reauthenticated."
-    },
     "error": {
       "connection_error": "Error connecting; check network and retry",
       "identifier_exists": "Email for Alexa URL already registered",
       "invalid_credentials": "Invalid credentials",
-      "unknown_error": "Unknown error, please report log info"
+      "2fa_key_invalid": "Invalid Built-In 2FA key",
+      "unknown_error": "Unknown error, please enable advanced debugging and report log info"
     },
     "step": {
-      "action_required": {
-        "description": "**{email} - alexa.{url}**  \nAmazon will send a push notification per the below message. Please completely respond before continuing.  \n{message}",
-        "title": "Alexa Media Player - Action Required"
-      },
-      "authselect": {
+      "user": {
         "data": {
-          "authselectoption": "OTP method"
+          "password": "Password",
+          "email": "Email Address",
+          "securitycode": "2FA Code (recommended to avoid login issues)",
+          "otp_secret": "Built-in 2FA App Key (automatically generate 2FA Codes)",
+          "url": "Amazon region domain (e.g., amazon.co.uk)",
+          "include_devices": "Included device (comma separated)",
+          "exclude_devices": "Excluded device (comma separated)",
+          "debug": "Advanced debugging",
+          "scan_interval": "Seconds between scans",
+          "cookies_txt": "Cookies.txt data"
         },
-        "description": "**{email} - alexa.{url}**  \n{message}",
-        "title": "Alexa Media Player - One Time Password"
+        "description": "Please enter your [information](https://github.com/custom-components/alexa_media_player/wiki/Configuration#integrations-page). **[Cookie import](https://github.com/custom-components/alexa_media_player/wiki/Configuration#cookie-import) may be easiest!**   \n**WARNING: Amazon incorrectly reports 'Enter a valid email or mobile number' when [2FA Code is required](https://github.com/custom-components/alexa_media_player/wiki/Configuration#enable-two-factor-authentication-for-your-amazon-account).**  \n>{message}",
+        "title": "Alexa Media Player - Configuration"
       },
       "captcha": {
         "data": {
-          "captcha": "Captcha",
           "password": "Password",
-          "securitycode": "2FA Code (recommended to avoid login issues)"
+          "securitycode": "2FA Code (recommended to avoid login issues)",
+          "captcha": "Captcha"
         },
         "description": "**{email} - alexa.{url}**  \n{message}  \n {captcha_image}",
         "title": "Alexa Media Player - Captcha"
       },
-      "claimspicker": {
-        "data": {
-          "authselectoption": "Verification method"
-        },
-        "description": "**{email} - alexa.{url}**  \nPlease select verification method by number. (e.g., `0` or `1`)  \n{message}",
-        "title": "Alexa Media Player - Verification Method"
-      },
       "totp_register": {
         "data": {
           "registered": "OTP from the Built-in 2FA App Key confirmed successfully."
@@ -53,22 +47,29 @@
         "description": "**{email} - alexa.{url}**  \nEnter the One Time Password (OTP).  \n{message}",
         "title": "Alexa Media Player - Two Factor Authentication"
       },
-      "user": {
+      "authselect": {
         "data": {
-          "cookies_txt": "Cookies.txt data",
-          "debug": "Advanced debugging",
-          "email": "Email Address",
-          "exclude_devices": "Excluded device (comma separated)",
-          "include_devices": "Included device (comma separated)",
-          "otp_secret": "Built-in 2FA App Key (automatically generate 2FA Codes)",
-          "password": "Password",
-          "scan_interval": "Seconds between scans",
-          "securitycode": "2FA Code (recommended to avoid login issues)",
-          "url": "Amazon region domain (e.g., amazon.co.uk)"
+          "authselectoption": "OTP method"
         },
-        "description": "Please enter your [information](https://github.com/custom-components/alexa_media_player/wiki/Configuration#integrations-page). **[Cookie import](https://github.com/custom-components/alexa_media_player/wiki/Configuration#cookie-import) may be easiest!**   \n**WARNING: Amazon incorrectly reports 'Enter a valid email or mobile number' when [2FA Code is required](https://github.com/custom-components/alexa_media_player/wiki/Configuration#enable-two-factor-authentication-for-your-amazon-account).**  \n>{message}",
-        "title": "Alexa Media Player - Configuration"
+        "description": "**{email} - alexa.{url}**  \n{message}",
+        "title": "Alexa Media Player - One Time Password"
+      },
+      "claimspicker": {
+        "data": {
+          "authselectoption": "Verification method"
+        },
+        "description": "**{email} - alexa.{url}**  \nPlease select verification method by number. (e.g., `0` or `1`)  \n{message}",
+        "title": "Alexa Media Player - Verification Method"
+      },
+      "action_required": {
+        "description": "**{email} - alexa.{url}**  \nAmazon will send a push notification per the below message. Please completely respond before continuing.  \n{message}",
+        "title": "Alexa Media Player - Action Required"
       }
+    },
+    "abort": {
+      "forgot_password": "The Forgot Password page was detected. This normally is the result of too may failed logins. Amazon may require action before a relogin can be attempted.",
+      "login_failed": "Alexa Media Player failed to login.",
+      "reauth_successful": "Alexa Media Player successfully reauthenticated."
     }
   },
   "options": {

custom_components/alexa_media/config_flow.py

@@ -16,7 +16,13 @@
 from typing import Any, Optional, Text
 import re
 
-from alexapy import AlexaLogin, AlexapyConnectionError, hide_email, obfuscate
+from alexapy import (
+    AlexaLogin,
+    AlexapyConnectionError,
+    AlexapyPyotpInvalidKey,
+    hide_email,
+    obfuscate,
+)
 from homeassistant import config_entries
 from homeassistant.const import (
     CONF_EMAIL,
@@ -201,18 +207,25 @@ async def async_step_user(self, user_input=None):
                 not self.config.get("reauth")
                 and user_input
                 and user_input.get(CONF_OTPSECRET)
+                and user_input.get(CONF_OTPSECRET).replace(" ", "")
             ):
-                _LOGGER.debug("Generating OTP from %s", self.login.get_totp_token())
-
+                otp: Text = self.login.get_totp_token()
+                if otp:
+                    _LOGGER.debug("Generating OTP from %s", otp)
+                    return self.async_show_form(
+                        step_id="totp_register",
+                        data_schema=vol.Schema(self.totp_register),
+                        errors={},
+                        description_placeholders={
+                            "email": self.login.email,
+                            "url": self.login.url,
+                            "message": otp,
+                        },
+                    )
                 return self.async_show_form(
-                    step_id="totp_register",
-                    data_schema=vol.Schema(self.totp_register),
-                    errors={},
-                    description_placeholders={
-                        "email": self.login.email,
-                        "url": self.login.url,
-                        "message": self.login.get_totp_token(),
-                    },
+                    step_id="user",
+                    errors={"base": "2fa_key_invalid"},
+                    description_placeholders={"message": ""},
                 )
             await self.login.login(
                 cookies=await self.login.load_cookie(
@@ -228,6 +241,13 @@ async def async_step_user(self, user_input=None):
                 errors={"base": "connection_error"},
                 description_placeholders={"message": ""},
             )
+        except AlexapyPyotpInvalidKey:
+            self.automatic_steps = 0
+            return self.async_show_form(
+                step_id="user",
+                errors={"base": "2fa_key_invalid"},
+                description_placeholders={"message": ""},
+            )
         except BaseException as ex:
             _LOGGER.warning("Unknown error: %s", ex)
             if self.config[CONF_DEBUG]:
@@ -536,8 +556,12 @@ def _save_user_input_to_config(self, user_input=None) -> None:
             self.config[CONF_SECURITYCODE] = self.securitycode
         elif CONF_SECURITYCODE in self.config:
             self.config.pop(CONF_SECURITYCODE)
-        if user_input.get(CONF_OTPSECRET):
+        if user_input.get(CONF_OTPSECRET) and user_input.get(CONF_OTPSECRET).replace(
+            " ", ""
+        ):
             self.config[CONF_OTPSECRET] = user_input[CONF_OTPSECRET].replace(" ", "")
+        elif CONF_OTPSECRET in self.config:
+            self.config.pop(CONF_OTPSECRET)
         if CONF_EMAIL in user_input:
             self.config[CONF_EMAIL] = user_input[CONF_EMAIL]
         if CONF_PASSWORD in user_input:

custom_components/alexa_media/strings.json

@@ -4,7 +4,8 @@
       "connection_error": "Error connecting; check network and retry",
       "identifier_exists": "Email for Alexa URL already registered",
       "invalid_credentials": "Invalid credentials",
-      "unknown_error": "Unknown error, please report log info"
+      "2fa_key_invalid": "Invalid Built-In 2FA key",
+      "unknown_error": "Unknown error, please enable advanced debugging and report log info"
     },
     "step": {
       "user": {