How does the bot can check the user's privacy settings? - telegram

For the bot to work, it is necessary that the user is allowed to forward messages. How to check it?
I am using aiogram.

Related

Firebase not sending emails?

I can't get Firebase to send verification emails, anyone with the same issue?
I've created an account, enabled Email/Password, and added users.
However, when I go to the Users tab in Authentication, chooses a user and presses Reset password, Firebase tells me, that the email is send, however I never receive it?
I've tried with multiple different emails (gmail, hotmail etc) and looked through spam etc, however I never receive the email. What am I doing wrong? Some setting somewhere I need to tick-off? Rookie question, I know, but frustrating. Thanks!!
I get the same problem with an user, he didn't receive any email with his work email address from Firebase magic link authentication.
I'm still using Firebase as provider but I think to integrate with sendgrid soon.

Telegram Bot sometimes requires User Authentication

When I access to my telegram-bot, after some time, it requires user authentication with the text:
"Stand by...
Hi there!
Before We Can Continue We Need To Verify That You're a REAL User"
When this message appears it seems session is closed, and the user can't receive Bot notifications, until user authenticates.
I can't understand why this authentication is required if I am storing each user telegram_id.
Your bot token might have exposed on git.
You need to change the token.
Instead of hard coding it in the code, pass it as an environment variable.
Just had the same issue!
I guess, someone scraped my bot-token from public repository and tried to steal my account. NEVER leave your bot-token in public rep!!!
Detailed description for others to find this thread:
Bot sent, what it was programmed to do and then
"Hi There!
Before We Can Continue We Need To Verify That You're A REAL User"
Telegram sent me login code -> I entered it (yeah, I'm dumb)
Bot printed
"Please reply with your 2FA (Two Factor Authentication / Two Step Verification) code"
then
"Timeout has been reached , pleaase try again."
(I like the pleAAse part, where you understand it was totally fake)
Telegram said it was
Device: Android
Location: Bulgaria (IP = 185.95.157.122)
I discovered what was wrong!
Lev Vasilyev answer made me think if somebody was able to get my bot_token. So, I changed it. And, the authentication message no longer appeared.
It´s important to get into telegram allowed devices, and delete not authorized accesses.
My bot has ""Stand by... Hi there! Before We Can Continue We Need To Verify That You're a REAL User" too.
When I proceed and send authentication code and sms from Telegram was received I had been authorized as Samsung Galaxy s20 5g from Seychelles ip adress which was not mine... This was very strange. If anybody had that experience please post your answer too. Maybe somebody had stolen my bot ...Sorry if my English not very correct and nice. I hope you understand.
I had the same problem, changed the Token and resolved the problem. I needed set the webhook again to work.
All replies are correct:
your token has been stolen and used by hackers, once you enter your credentials - you will see unknown sessions in your telegram.
Change token via BotFather and do not publish it in public places.
If you have already put your cred's to the telegram bot - you need to change the password immediatelly.

Is it possible for a telegram bot that is an “admin” of a channel to make a user of a channel an admin?

I have a telegram bot that asks a channel user a certain set of questions. Based on these answers, I would like that user to automatically become the admin of the telegram channel. Is that possible?
Yes.
Bots can promote users using the method promoteChatMember. You can also select which privilege the user should have.
Use this method to promote or demote a user in a supergroup or a
channel. The bot must be an administrator in the chat for this to work
and must have the appropriate admin rights. Pass False for all boolean
parameters to demote a user. Returns True on success.
Check the documentation to find all the details for its usage.

How to force an (inline) Telegram bot ask for location permission again?

I have a telegram bot setup with /setinlinegeo which asks users for permission to get gps location. It works but telegram only asks for this permission once and keep this answer forever. If a user decides to change his/her mind and want to stop (or allow) the bot's get-location, he/she can't find the option to disable/enable it. On backend (server-side), I also don't have anyway to force the bot to ask again or flush the users previous permission.
So instead of creating a new inline bot, what can I do to solve this issue?
Reference about Telegram inline bots with location based-results: https://core.telegram.org/bots/inline#location-based-results
You can reset the user setting by Disable and Re-Enable inline location request via #BotFather
/setinlinegeo via #BotFather
Choose your bot
Click Disable button
/setinlinegeo via #BotFather again
Choose your bot
Click Enable button
Telegram will prompt user for location permission again.

Web service to check existence of email?

I have my little web application, with simple registration strategy - provide email and password and you are done.
Recently bot's starting to attack my application, registering big number of users from non existent emails using the same passwords.
I want to prevent that. My idea is to extend login verification, but check the existance of email address. Do you know any web services (prefereably WCF) that could do that?
This is definitely not the way to solve this problem. Try one of these
Allow user to enter only username and send auto-generated password to their email.
Send a verification link to the user email and approve him/her only after verification
This has been discussed on How to check if an email address exists without sending an email? . Basically there are ways verify email addresses, but in practice none of them is reliable. However, you can still check via SMTP, and if the server denies the existence of the expected user, send him an email with a verification link anyway. This does not prevent spammers from setting up fake servers that acknowledge the existence of any user, of using other peoples email addresses, but it's probably the closest you can get to your initial requirement of having no verification email.
I would recommend you to update your registration form. Try to use something tricky for bots. For example, post the form via AJAX with JSON object wrapper.
Try a service like: http://elasticemail.com/
You can use the api to check if the email was delivered. There is also a 'bouce list' you can check.

Resources