These are chat archives for IndySockets/Indy

25th
Sep 2018
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 18:53
@rlebeau when I try to connect on GMail I receive this error:
[Debugger Exception Notification]

Project Postman raised exception class 'EIdReplyPOP3Error' with message:
Web login required: https://support.google.com/mail/answer/78754

 In file 'Protocols\IdReplyPOP3.pas' at line 337

[Ignore this exception type]

[Break] [Continue]
There is not 2-steps
Remy Lebeau
@rlebeau
Sep 25 2018 19:03
@mdbs99 That is an error message from Gmail itself. It means that you are trying to login to Gmail's POP3 server using your normal password in an unsecure manner. Gmail needs to authorize your PC to access its POP3 server using that password. The error tells you to login to Gmail via HTTP first, so it can authorize your PC, and then you should be able to login to POP3 from the same PC. But this is not necessary if you enable 2-factor authentication in Gmail. In that case, you only need to generate an App-Specific password in your GMail settings, and then you can use that password with TIdPOP3 instead of your normal Gmail password, and that works fine. This is related to Gmail's security model, it is not specific to Indy (though the reason this affects Indy is because Indy does not yet implement OAuth authentication (see IndySockets/Indy#192), which Gmail prefers)
Kudzu
@czhower
Sep 25 2018 19:04
Seems what you need to know is in your own post:
https://support.google.com/mail/answer/78754
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:06
@czhower of course I've already read that - but my user/passwd is Ok (I can login using browser)
@rlebeau I did the login using "Chrome anonymous windows" - maybe this is not enough
Another thing is: I have a lot accounts. How can I know which account has or no 2-factor?
Remy Lebeau
@rlebeau
Sep 25 2018 19:11
@mdbs99 Why anonymous? In any case, if that doesn't work, you have only 2 choices, both of which are stated in that URL Gmail mentions in the error message: 1) enable 2-factor authentication in your Gmail settings, and then use an App-Specific password with Indy; or 2) enable "Less Secure Apps" in your Gmail settings.
@mdbs99 you will have to login to each account via a Web browser and check their settings.
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:12

Why anonymous?

Because it's not my account, but only a test - I won't have access for the real accounts - this will be a system that will use those accounts

Remy Lebeau
@rlebeau
Sep 25 2018 19:13
@mdbs99 well, then you only have 1 choice - let the user provide your app with the necessaary userid/password, and then require the user to pre-configure Gmail accordingly.
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:13

enable "Less Secure Apps" in your Gmail settings.

I have tried that one - using anonymous... - and didn't work

Remy Lebeau
@rlebeau
Sep 25 2018 19:14
@mdbs99 you can't use an anonymous login with "Less Secure Apps" (well, you can't use an anonymous login, period. This is not FTP, afterall), you still need a real userid/password for that
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:15
No no... I meant Chrome anonymous browser... but with real user/passwd, of course
Kudzu
@czhower
Sep 25 2018 19:15
@mdbs99 That link provides far more than "check your user name and password". It contains explicit info why even that may fail.
Remy Lebeau
@rlebeau
Sep 25 2018 19:16
@mdbs99 FYI, in the case where you need to login via HTTP to authorize the PC when 2-factor auth is not enabled, are you using https://accounts.google.com/DisplayUnlockCaptcha, as mentioned in the error's URL (as well as this doc - https://support.google.com/accounts/answer/6009563 )?
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:16
@czhower Ok, however I have a LOT of accounts - it's not my personal account
Kudzu
@czhower
Sep 25 2018 19:16
gmail with pop3 and SMTP is a royal PITA, even often with mail clients such as Thunderbird etc.
Remy Lebeau
@rlebeau
Sep 25 2018 19:17
@czhower these issues would affect IMAP, too
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:19

FYI, in the case where you need to login via HTTP to authorize the PC when 2-factor auth is not enabled, are you using

@rlebeau ok but I need "a system" to solve, not only try and solve this test account - do you understand? Because I have a lot of accounts so, I cannot do this steps in each one

Maybe the 2-step could be the best way - still thinking
Kudzu
@czhower
Sep 25 2018 19:20
yes, any non web access.
google is doing this for security reasons, but basically also wants people to use the web interface. Its very biased towards that.
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:21
Yeah, I agree
Remy Lebeau
@rlebeau
Sep 25 2018 19:23
@mdbs99 I already told you what you need to do on your end - just take a userid/password as input from the user of an account. It is the user's responsibility, not yours, to make sure what they enter actually works. That is outside your app's scope. Whether they use the real password with "Less Secure Apps" enabled, or use a App-Specific Password with 2-factor enabled, that is on their end, not yours
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:25
But App-Specific Password with 2-factor needs something outside the system, as I understand - a random number, for example, that the user should type... right?
My problem is that system do not have UI - it's like a batch process: I will connect in each account, download the mails, do a lot of process and parsers, etc
Think in that accounts as tickets or issues - users complain send emails for those accounts and this system will parse all those emails... running in a server, not user computer
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:31
So @rlebeau I guess "App-Specific Password with 2-factor " doesn't fit on that case, right?
Remy Lebeau
@rlebeau
Sep 25 2018 19:39
@mdbs99 the account owner logs in to their Gmail account, enables 2-factor, and has Gmail generate a password, then your app can use that password instead of the real password. That is it, nothing else changes in your system. You still need a valid userid/password to login to a Gmail account, the only question is WHICH password you use. Without using OAuth, this is the next best option for security, and it works fine with Indy, I use it all the time with my own Gmail account.
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 19:42
I have a 2-factor to use Github - I need to type a random number using another app... I thought that it was like that but you're saying that will be just a "new password"
OK, I will take a look in that 2-factor now to see how it works.
Remy Lebeau
@rlebeau
Sep 25 2018 19:44
@mdbs99 you are thinking of 2-step verification codes issued during each individual login, which are one-time-use codes typically sent to you via email or SMS, or generated via a code generator app on your mobile device. Using an App-Specific password is completely different from that.
Marcos Douglas B. Santos
@mdbs99
Sep 25 2018 22:54
@rlebeau yes, you were completely right - a 16bit password - it worked... THANKS