twrecked · twrecked · Oct 7, 2022 · Oct 7, 2022
diff --git a/changelog b/changelog
@@ -1,4 +1,7 @@
 0.8.0b2: Better shutdown of threads.
+  Allow ciphers to be set to SSL defaults.
+  Try to parse all email parts looking for the authentication code.
+  Open mailbox read only, stops the wrong emails getting marked as read.
 0.8.0b1: Fix yahoo imap support.
   Fix creation of ArloSnapshot objects.
 

diff --git a/pyaarlo/cfg.py b/pyaarlo/cfg.py
@@ -246,3 +246,7 @@ def no_unicode_squash(self):
     @property
     def use_mqtt(self):
         return self._kw.get("backend", "mqtt") == "mqtt"
+
+    @property
+    def default_ciphers(self):
+        return self._kw.get("default_ciphers", False)
diff --git a/pyaarlo/tfa.py b/pyaarlo/tfa.py
@@ -2,6 +2,7 @@
 import imaplib
 import re
 import time
+import ssl
 
 import requests
 
@@ -47,14 +48,22 @@ def start(self):
             self.stop()
 
         try:
-            self._imap = imaplib.IMAP4_SSL(self._arlo.cfg.tfa_host, port=self._arlo.cfg.tfa_port)
+            # allow default ciphers to be specified
+            if self._arlo.cfg.default_ciphers:
+                ctx = ssl.create_default_context()
+                ctx.set_ciphers('DEFAULT')
+                self._arlo.debug(f"imap is using DEFAULT ciphers")
+            else:
+                ctx = None
+
+            self._imap = imaplib.IMAP4_SSL(self._arlo.cfg.tfa_host, port=self._arlo.cfg.tfa_port, ssl_context=ctx)
             res, status = self._imap.login(
                 self._arlo.cfg.tfa_username, self._arlo.cfg.tfa_password
             )
             if res.lower() != "ok":
                 self._arlo.debug("imap login failed")
                 return False
-            res, status = self._imap.select()
+            res, status = self._imap.select(mailbox='INBOX', readonly=True)
             if res.lower() != "ok":
                 self._arlo.debug("imap select failed")
                 return False
@@ -107,12 +116,13 @@ def get(self):
                     if msg_id in old_ids:
                         continue
 
-                    # new message. look for HTML part and look code code in it
+                    # New message. Look at all the parts and try to grab the code, if we catch an exception
+                    # just move onto the next part.
                     self._arlo.debug("2fa-imap: new-msg={}".format(msg_id))
                     res, msg = self._imap.fetch(msg_id, "(BODY[TEXT])")
                     if isinstance(msg[0][1], bytes):
                         for part in email.message_from_bytes(msg[0][1]).walk():
-                            if part.get_content_type() == "text/plain":
+                            try:
                                 for line in part.get_payload(decode=True).splitlines():
                                     # match code in email, this might need some work if the email changes
                                     code = re.match(r"^\W*(\d{6})\W*$", line.decode())
@@ -121,6 +131,8 @@ def get(self):
                                             "2fa-imap: code={}".format(code.group(1))
                                         )
                                         return code.group(1)
+                            except:
+                                self._arlo.debug("trying next part")
 
                 # update old so we don't keep trying new
                 self._old_ids = self._new_ids