Reddit authentication plus MFA

This one is from the tutorial, you can log in on Reddit, MFA is supported, and two functions are included, to get the nickname, and the unread messages:

(setv _base_url "https://www.reddit.com/")

(setv username (Variable "username"))
(setv password (Variable "password"))
(setv mfa_code (Prompt "MFA"))
(setv csrf_token
      (Html
        :name "csrf_token"
        :tag "input"
        :attributes
        {:name "csrf_token"
         :value "^[0-9a-f]{40}$"
         :type "hidden"}
        :extract "value"))

(setv access_token
      (Regex
        :name "access_token"
        :regex "\"accessToken\":\"([^\"]+)\""))

(setv session_id (Cookie "session"))
(setv reddit_session (Cookie "reddit_session"))

(setv nickname
      (Regex
        :name "nickname"
        :regex "href=\"/user/([^\"]+)"))



(setv initialization
      (Flow
        :name "initialization"
        :request (Request
                   :method "GET"
                   :path "login/")
        :outputs [csrf_token session_id]
        :operations [(Http
                       :status 502
                       :action
                       (Error "Connection failed"))
                     (Print session_id csrf_token)
                     (Print.headers ["Connection" "Pragma" "Server"])
                     (Print.cookies)
                     (NextStage "login")]))

(setv login
      (Flow
        :name "login"
        :request (Request
                   :method "POST"
                   :path "login"
                   :cookies [session_id]
                   :data
                   {"password" password
                    "username" username
                    "csrf_token" csrf_token
                    "otp" ""
                    "dest" _base_url})
        :outputs [session_id reddit_session]
        :operations [(Print session_id reddit_session)
                     (Http
                       :status 200
                       :action
                       (Grep
                         :regex "TWO_FA_REQUIRED"
                         :action
                         [(Print "Multi-factor authentication enabled")
                          (NextStage "multi_factor")]
                         :otherwise
                         (NextStage "get_access_token"))
                       :otherwise
                       (Error "Login error"))]))

(setv multi_factor
      (Flow
        :name "multi_factor"
        :request (Request
                   :method "POST"
                   :path "login"
                   :cookies [session_id]
                   :data
                   {"password" password
                    "username" username
                    "csrf_token" csrf_token
                    "otp" mfa_code
                    "dest" _base_url})
        :outputs [reddit_session]
        :operations [(Print reddit_session csrf_token)
                     (Http
                       :status 200
                       :action
                       (NextStage "get_access_token"))
                     (Http
                       :status 400
                       :action
                       (Grep
                         :regex "WRONG_OTP"
                         :action
                         (NextStage "initialization")
                         :otherwise
                         [(Print "Bad CSRF")
                          (NextStage "initialization")]))]))



(setv get_access_token
      (Flow
        :name "get_access_token"
        :request (Request
                   :method "GET"
                   :path "/"
                   :cookies [reddit_session])
        :outputs [access_token]
        :operations [(Print access_token)]))


(setv get_unread_messages
      (Flow
        :name "get_unread_messages"
        :request (Request
                   :method "GET"
                   :headers [(Header.bearerauth access_token)
                             (Header "User-Agent" "Mozilla 5.0")]
                   :url "https://s.reddit.com/api/v1/sendbird/unread_message_count")
        :operations [(Print.body)]))

(setv get_nickname
      (Flow
        :name "get_nickname"
        :request (Request
                   :method "GET"
                   :cookies [session_id reddit_session]
                   :path "/")
        :outputs [nickname]
        :operations [(Print nickname)]))


(setv _authentication
      [initialization
       login
       multi_factor
       get_access_token])

(setv _functions [get_unread_messages
                  get_nickname])


Reddit’s bug bounty program can be found on HackerOne