pretendonetwork / account Goto Github PK

I have a idea but i don't know if that's useful but can we have like a local storage that we can just storage the files in a folder on our computers?
For testing and self hosting would be useful because not many people can get a AWS or want to.

How can you create a user account, without access to a real Wii U?
Basically, I want to create a NNID (or in this case, a PNID?) and login to it through Cemu.

You can Access Private Info of anyones PN Account like: Email Addresses without logging into their account via the api with the
x-nintendo-client-id and x-nintendo-client-secret headers.

If serial number format or deviceID format is incorrect, Nintendo sends 0002:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<errors>
    <error>
        <code>0002</code>
        <message>deviceId format is invalid</message>
    </error>
</errors>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<errors>
    <error>
        <code>0002</code>
        <message>serialNumber format is invalid</message>
    </error>
</errors>

If the client cert is empty/missing, the server always sends 0110 even if the NNID is correct:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<errors>
    <error>
        <code>0110</code>
        <message>Unlinked device</message>
    </error>
</errors>

If the grant type is wrong:

<errors><error><cause>grant_type</cause><code>0004</code><message>Invalid Grant Type</message></error></errors>

If client ID or secret is wrong, or either is missing:

<errors><error><cause>client_id</cause><code>0004</code><message>API application invalid or incorrect application credentials</message></error></errors>

The server not runs. Only generate keys works. Where is the error?

So, I logged into my Pretendo Network ID, and of course, since the NNID app still uses the initial functionality, we cant change our birth date and region, and we're unable to set it on the website, so if possible, we should be able to sort these options out on the website, since it won't be possible on 3DS.

Also, we can't verify our emails via the app because we get a vanilla nintendo error when trying to resend confirmation email.

to behave the exact same as the official servers, you must accept requests regardless of the headers provided (from what i can tell). the only requirement imposed upon requests to this route is that they provide an appropriate client certificate

When linking, the 3DS sends the following as POST https://account.pretendo.cc/v1/api/people/@me/devices/@current/attributes:

<device_attributes>
	<device_attribute>
		<name>uuid_account</name>
		<value>{UUID 1}</value>
	</device_attribute>
	<device_attribute>
		<name>uuid_common</name>
		<value>{UUID 2}</value>
	</device_attribute>
	<device_attribute>
		<name>ctr_nex_account</name>
		<value>{NEX ACC}</value>
	</device_attribute>
	<device_attribute>
		<name>ctr_nex_password</name>
		<value>{NEX PW}</value>
	</device_attribute>
	<device_attribute>
		<name>ctr_nex_environment</name>
		<value>L1</value>
	</device_attribute>
	<device_attribute>
		<name>persistent_id</name>
		<value>00000000</value>
	</device_attribute>
	<device_attribute>
		<name>transferable_id_base</name>
		<value>0000000000000000</value>
	</device_attribute>
	<device_attribute>
		<name>transferable_id_base_common</name>
		<value>0000000000000000</value>
	</device_attribute>
</device_attributes>

Currently, Pretendo sends a 404.

By using the NNIDLT website (https://nnidlt.murilo.eu.org), which uses Nintendo Network's account server endpoint "/v1/api/admin/mapped_ids?input_type=user_id&output_type=pid&input=[NNID]", if you put a NNID that's called "Barack", and then type it as "bar.ack" or "bar-ack", it will still work because it normalizes NNID names, even if "bar.ack" or "bar-ack" doesn't actually exist.

Pretendo's account server doesn't do that. Instead, it returns that the NNID does not exist if you use the examples above on a PNID that exists on the server.

Changing region, timezone, and gender is all one PUT request to https://account.nintendo.net/v1/api/people/@me/:

<person>
	<gender>M</gender>
	<region>1846018048</region>
	<tz_name>Europe/London</tz_name>
</person>

Name field is modified but checksum does not get recalculated

• the response returned if no miis are associated with the pids requested should have an empty body and a status code of 404
• the endpoint should properly handle multiple comma-delimited pids provided in the pids url parameter, instead of hanging
• if at least one pid has an associated mii, the mii data should be returned for those pids and any information about pids without an associated mii should be omitted. the status code should be 200

While using the /v1/api/miis endpoint to fetch user data from the account server, the surprised image (https://pretendo-cdn.b-cdn.net/mii/{PID}/surprised_open_mouth.png) does not exist on the CDN but all the other mii images do exist. This happens with every PNID (as i'm aware of?).

I get an error message saying incorrect password. so I can’t use pretendo network.

If a user has restricted access to their NNID, Nintendo will not allow login on web (and we should do the same)! This is done by PUT https://account.nintendo.net/v1/api/people/@me/:

<person>
	<off_device_flag>Y</off_device_flag>
</person>

Y = allow login off-device
N = no login allowed off-device (this includes app, web, etc)

Marketing is the same:

<person>
	<marketing_flag>Y</marketing_flag>
</person>

but Y = yes, opt-in
and N = no, opt-out

We should use this to add/remove users to our newsletter [if we have one?]

the server well just give me this error when i try to run it

I'm interested in implementing password reset. The below is for a browser-based flow. I have no idea how this could be done from a Wii U console. The website part is here: PretendoNetwork/website#101.

I suggest two new endpoints.

Start flow

A POST endpoint at /v1/passwordreset that accepts a body containing an e-mail address:

{
  "email": "[email protected]",
  "captcha_response": "..." 
}

and if the e-mail is valid and verified, and the captcha checks out, sends an e-mail containing a URL with an access token valid only for the below endpoint for a set time (24 hours?) and one call, and responds 204 No Content. The URL would have to point to a form, and the host and path could possibly be chosen from a pre-approved set using another JSON field in the above body, or be hardcoded in config.

e.g. https://pretendo.network/account/password?access_token=eyJhbGciOiJIUzI1NiIsI... (assuming query parameters aren't logged).

Update password

A PUT endpoint at /v1/password for updating passwords with a 204 No Content response code on success.

{
  "password": "thisisverysecret",
  "password_confirm": "thisisverysecret"
}

I threw this together pretty quickly so there's probably a lot to be desired. I'd be happy to receive any input, suggestions, ideas, etc. that you might have.

As emails may be sent multiple times (such as verification emails being mailed out multiple times), it may be better to have specific email templates. My draft for these [based on Nintendo's] as are follows:

Footer for all emails:

--------------------
NOTE: Please do not reply to this email address.

If you need any support, please contact us at https://support.pretendo.network, or via Discord at https://pretendo.network/discord

This email has been sent to you in English as your Pretendo Network ID is linked to a console with English set as its system language.

(NB: This would obviously need translating to the appropriate language, and if we are to use our own support/ticket system)

Email verification

Subject: [Pretendo Network] Email Address Confirmation

Dear {PNID},

To validate your email address for your Pretendo Network ID, please click the following link:
{LINK}

Alternatively, you can also enter the following confirmation code on your console to complete the registration:
{CODE}

Wii U users:
1) From the user-selection screen of your Wii U, select the user linked with this Pretendo Network ID
2) When "Your email address has not been confirmed yet" is displayed, select Confirmation Code and enter the code displayed above, or select Resend Email if you need a new confirmation code or link

Nintendo 3DS users:
1) From the System Settings, select Pretendo Network ID Settings, then Email Address Verification
2) Select Enter Confirmation Code and enter the code displayed above, or select Resend Email if you require a new confirmation code or link

If you did not register this email address for a Pretendo Network ID, please ignore this email.

Parental Control Registration:

This email has been automatically sent from Pretendo because this email address was registered for Parental Controls.

This email address will be used with the Parental Controls feature on your Nintendo device (serial number: {SERIAL}).

If the PIN or answer to the secret question for Parental Controls has been forgotten, the PIN can be reset by requesting a master key. To do so, select I Forgot when prompted for the PIN in the Parental Controls application, and again when prompted for the answer to the secret question. The master key will be sent to this registered email address.

If you did not register this email address for Parental Controls, please ignore this email.

Parental Controls Key:

This email has been automatically sent from Pretendo following a request to send a master key to this email address.

A master key has been temporarily issued to enable you to reset the Parental Controls feature on your Nintendo device (serial number: {SERIAL}).

Master key: {MASTERKEY}

The master key is valid for a period of 48 hours from the time this email was sent.
Use the master key within 48 hours to reset your PIN for Parental Controls.

If the 48-hour period has expired, repeat the procedure to be issued with a new master key.

We should also create a "thank you for opting into our mailing list" email for if user's select YES on "marketing"

hi,
I made a dumb move and put my nnid as my pnid name, now i cant log in
can i change the name or remove the account?

This is on an actual wii u.

Parental controls can have an email registered for recovery; the first request:
https://account.nintendo.net/v1/api/support/send_confirmation/pin/hello%40billy.wales
NOTE: You do not need an NNID for this - the serial number is sent and used in the email, so I believe that's how it identifies users.

When done, the specified account gets an email:

This email has been automatically sent from Nintendo because this email address was registered for Parental Controls.

This email address will be used with the Parental Controls feature on your Nintendo device (serial number: {SERIAL}).

If the PIN or answer to the secret question for Parental Controls has been forgotten, the PIN can be reset by requesting a master key. To do so, select I Forgot when prompted for the PIN in the Parental Controls application, and again when prompted for the answer to the secret question. The master key will be sent to this registered email address.

If you did not register this email address for Parental Controls, please ignore this email.

--------------------
NOTE: Please do not reply to this email address.

Please contact us by email for any enquiries. Local contact details for Nintendo Customer Support can be found at: contact.nintendo.eu

Nintendo of Europe GmbH, Herriotstr. 4, 60528 Frankfurt am Main, Germany
VAT number: DE132095955. Registered at: Amtsgericht Frankfurt am Main HRB 101840. Geschäftsführer (Managing Director): Koji Miyake

This email has been sent to you in English as your Nintendo Network ID is linked to a console with English set as its system language.

The domain is shown to the user, and you can select to send a key to it if necessary; this is done by GET https://account.nintendo.net/v1/api/support/send_forgotten/pin/{email}/{5-digit PIN} and the serial number is sent in the email:

This email has been automatically sent from Nintendo following a request to send a master key to this email address.

A master key has been temporarily issued to enable you to reset the Parental Controls feature on your Nintendo device (serial number: {SERIAL}).

Master key: {5 DIGIT PIN}

The master key is valid for a period of 48 hours from the time this email was sent.
Use the master key within 48 hours to reset your PIN for Parental Controls.

If the 48-hour period has expired, repeat the procedure to be issued with a new master key.

--------------------
NOTE: Please do not reply to this email address.

Please contact us by email for any enquiries. Local contact details for Nintendo Customer Support can be found at: contact.nintendo.eu

Nintendo of Europe GmbH, Herriotstr. 4, 60528 Frankfurt am Main, Germany
VAT number: DE132095955. Registered at: Amtsgericht Frankfurt am Main HRB 101840. Geschäftsführer (Managing Director): Koji Miyake

This email has been sent to you in English as your Nintendo Network ID is linked to a console with English set as its system language.```

No state needs to be tracked here - simply send VALID NINTENDO 3DS-LINKED PEOPLE (SN! perhaps only SNs we have in our account table and isn't banned?) the email. need to also check if Wii U can do this.

I set up my PNID set the birthday to my birthday and after the account was verified the birthday went to the default birthday

When changing a password, the console checks that the NNID password you provide is correct - if so, it'll PUT to https://account.nintendo.net/v1/api/people/@me/:

<person>
	<password>{PLAINTEXT PASSWORD}</password>
</person>

with HTTP 200 sent.

(NB: should we check if passwords are in known data breaches? i.e. using pwnedpasswords SHA-1 api)

When trying to link a PNID to a console, the server should check PNID, password, AND email - the following HTTP headers are sent:

X-Nintendo-EMAIL: [email protected]
X-Nintendo-Local-Pin-Flag: N

NB: X-Nintendo-Local-Pin-Flag: Y is set if Parental Controls IS enabled.

The email validator code always returns the error that an email domain is not accessible - 3DS and Wii U users therefore always see a warning about their email, even on common domains like gmail.com

https://github.com/PretendoNetwork/account/blob/8c07ae82f90e26424c39b53c9ea73ef7cdaee731/src/services/nnid/routes/support.js#L30C2-L30C15 seems to be where the error is sent from.

The relevant inputs to both resend the confirmation code email (which should change the confirmation code), and entering the confirmation code, do not work. I've purposefully kept my PNID unverified to ensure this is fixed.

Console first requests email: GET https://account.nintendo.net/v1/api/people/@me/emails/

<emails>
	<email>
		<address>[email protected]</address>
		<id>{8-digit ID for email?}</id>
		<parent>N</parent>
		<primary>Y</primary>
		<reachable>Y</reachable>
		<type>DEFAULT</type>
		<updated_by>USER</updated_by>
		<validated>Y</validated>
		<validated_date>2019-07-23T09:23:09</validated_date>
	</email>
</emails>

When the email is changed:
PUT https://account.nintendo.net/v1/api/people/@me/emails/@primary:

<email>
	<address>[email protected]</address>
</email>

Server then sends a HTTP 200; a new verification code should be generated, the email marked as not validated, and then the new email sent out with usual verification constraints.

"<updated_by>" also changes from USER to the user's NNID