Cleanup TR login handling, remove app login code and add a method to obtain the AWS WAF token using playwright

[RealCLanger]

This PR improves TR log in handling, fixes a few bugs and removes the app login.

In detail:

• The app login coding is removed since it seems that it has been broken for a while and nobody found a way to make it work again, as per App Login Broken #250 and Remove app login method #274. web login is the (only) way to go. This will also remove the dependency to ecdsa, as requested in replace ecdsa with cryptography #249
• handling of resuming existing web sessions was cleaned up
• AWS WAF token is only generated and sent during web log in. It seems it is not needed for resumed sessions.
• An issue with webgl.json has been fixed which came due to an addition of the license information
• some logging/output was improved

[RealCLanger]

@Felixoid would you mind having a look?

[Felixoid]

Pretty straightforward changes with improved code. Some minor points to highlight 👍

[deggers]

Tested PR #327 locally on macOS.

Good news: it improved things enough that I got past the old webgl / Expecting value: line 1 column 1 (char 0) failure and reached the 4-digit code prompt. I was able to log in successfully once.

Bad news: repeated attempts were still unstable:

• 429 Client Error on POST https://api.traderepublic.com/api/v1/auth/web/login
• later also 405 Client Error: Not Allowed on the same endpoint

I also verified that at one point only ~/.pytr/credentials existed and no cookie file was being reused, so this does not seem to be a broken resumed session.

So PR #327 definitely helps, but for me login is still not reliably reproducible.

[MedAzizKhayati]

Tested on windows, even though "AWS WAF token obtained", but always getting 405 Client Error: Not Allowed for url.

[MedAzizKhayati]

I tried to fix the issue myself and it worked reliably, consider using "playwright" just open a real browser session and extract cookies (incl. aws waf token) then close the browser, use it for the login and it worked reliably for me.

[RealCLanger]

I added code to use playwright for obtaining the aws waf cookie. It works for me. Please try and test.

I took parts of the suggestion from @gtom06 here: #319 (comment)

[juliuslotter]

Works for me, nice! (Previously I also had #330 )

[morremeyer]

Ran

uvx playwright install chromium 

because it failed with

playwright._impl._errors.Error: BrowserType.launch: Executable doesn't exist at /Users/morre/Library/Caches/ms-playwright/chromium_headless_shell-1208/chrome-headless-shell-mac-arm64/chrome-headless-shell
╔════════════════════════════════════════════════════════════╗
║ Looks like Playwright was just installed or updated.       ║
║ Please run the following command to download new browsers: ║
║                                                            ║
║     playwright install                                     ║
║                                                            ║
║ <3 Playwright Team                                         ║
╚════════════════════════════════════════════════════════════╝

before doing so.

Then ran

uvx --from git+https://github.com/pytr-org/pytr@16e7e06a86c5dedd1fa94059b8ca56ca9c937df1 pytr dl_docs --last_days 21 --dump-raw-data ~/Downloads/pytr-download

which failed with

16:39:55 Using credentials from file /Users/morre/.pytr/credentials. Phone: <redacted>********, PIN: ****
16:39:55 Trying to resume websession...
16:39:55 Resuming websession failed.
16:39:55 Initiating web login...
16:39:55 Retrieving AWS WAF token using Playwright...
Enter the code you received to your mobile app as a notification.
Enter nothing if you want to receive the (same) code as SMS. (Countdown: 31)
Code: <redacted>
16:40:13 Logged in.
Traceback (most recent call last):
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/bin/pytr", line 12, in <module>
    sys.exit(main())
             ~~~~^^
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/lib/python3.14/site-packages/pytr/main.py", line 477, in main
    login(
    ~~~~~^
        phone_no=args.phone_no,
        ^^^^^^^^^^^^^^^^^^^^^^^
    ...<2 lines>...
        waf_token=args.waf_token,
        ^^^^^^^^^^^^^^^^^^^^^^^^^
    ),
    ^
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/lib/python3.14/site-packages/pytr/account.py", line 82, in login
    log.debug(get_settings(tr))
              ~~~~~~~~~~~~^^^^
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/lib/python3.14/site-packages/pytr/account.py", line 13, in get_settings
    formatted_json = json.dumps(tr.settings(), indent=2)
                                ~~~~~~~~~~~^^
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/lib/python3.14/site-packages/pytr/api.py", line 778, in settings
    r = self._web_request("/api/v2/auth/account")
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/lib/python3.14/site-packages/pytr/api.py", line 281, in _web_request
    r.raise_for_status()
    ~~~~~~~~~~~~~~~~~~^^
  File "/Users/morre/.cache/uv/archive-v0/zmU-B4_yNy3j2KUzhY8wi/lib/python3.14/site-packages/requests/models.py", line 1028, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error:  for url: https://api.traderepublic.com/api/v1/auth/web/session

[RealCLanger]

@morremeyer does it still happen after you clean the cookies* files in ~/.pytr ?

[morremeyer]

No, that fixed it. Thank you!

[G-Ultimatee]

That works! The only thing is that I get a yellow line "no subfolder mapping for ......(stockname) Sparplan ausgeführt".
But is downloading the file anyway in "abrechnungen" folder.