Skip to content

Commit

Permalink
add support for non 2fa accounts (icloud-photos-downloader#978)
Browse files Browse the repository at this point in the history
  • Loading branch information
AndreyNikiforov authored Oct 26, 2024
1 parent 0e608f6 commit 3f38f55
Show file tree
Hide file tree
Showing 4 changed files with 234 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

## Unreleased

- fix: accounts without 2fa are supported [#959](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/959)

## 1.24.0 (2024-10-25)

- fix: new AppleID auth with srp [#970](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/970)
Expand Down
7 changes: 7 additions & 0 deletions src/pyicloud_ipd/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,13 @@ def encode(self) -> bytes:
)
if response.status_code == 401:
raise PyiCloudAPIResponseException(response.text, str(response.status_code))
if response.status_code == 412:
# non 2FA account returns 412 "precondition no met"
response = self.session.post(
"%s/repair/complete" % self.AUTH_ENDPOINT,
data=json.dumps({}),
headers=headers,
)
except PyiCloudAPIResponseException as error:
msg = "Invalid email/password combination."
raise PyiCloudFailedLoginException(msg, error) from error
Expand Down
31 changes: 31 additions & 0 deletions tests/test_authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,37 @@ def test_parse_trusted_phone_numbers_payload_invalid_missing_number(self) -> Non
result = parse_trusted_phone_numbers_payload(html)
self.assertEqual(0, len(result), "number of numbers parsed")

def test_non_2fa(self) -> None:
base_dir = os.path.join(self.fixtures_path, inspect.stack()[0][3])
cookie_dir = os.path.join(base_dir, "cookie")

for dir in [base_dir, cookie_dir]:
recreate_path(dir)

with vcr.use_cassette(os.path.join(self.vcr_path, "auth_non_2fa.yml")) as cass:
# To re-record this HTTP request,
# delete ./tests/vcr_cassettes/auth_requires_2fa.yml,
# put your actual credentials in here, run the test,
# and then replace with dummy credentials.
authenticator(
setup_logger(),
"com",
identity,
lp_filename_concatinator,
RawTreatmentPolicy.AS_IS,
FileMatchPolicy.NAME_SIZE_DEDUP_WITH_SUFFIX,
{"test": (constant("dummy"), dummy_password_writter)},
MFAProvider.CONSOLE,
StatusExchange(),
)(
"[email protected]",
cookie_dir,
True,
"EC5646DE-9423-11E8-BF21-14109FE0B321",
)

self.assertTrue(cass.all_played)


class _TrustedDevice(NamedTuple):
id: int
Expand Down
194 changes: 194 additions & 0 deletions tests/vcr_cassettes/auth_non_2fa.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
interactions:
- request:
body: !!python/unicode '{"accountName": "[email protected]", "protocols": ["s2k", "s2k_fo"]}'
headers:
Accept: ['*/*']
Accept-Encoding: ['gzip, deflate']
Connection: ['keep-alive']
Content-Length: ['98']
Content-Type: ['application/json']
Origin: ['https://www.icloud.com']
Referer: ['https://www.icloud.com/']
User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
X-Apple-OAuth-Client-Type: ['firstPartyAuth']
X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
X-Apple-OAuth-Require-Grant-Code: ['true']
X-Apple-OAuth-Response-Mode: ['web_message']
X-Apple-OAuth-Response-Type: ['code']
X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
method: POST
uri: https://idmsa.apple.com/appleauth/auth/signin/init
response:
body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
headers:
Cache-Control:
- 'no-cache'
- 'no-store'
Connection: ['keep-alive']
Content-Type: ['text/html;charset=UTF-8']
Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
Pragma: ['no-cache']
Referrer-Policy: ['origin']
Server: ['Apple']
Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
Transfer-Encoding: ['chunked']
X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
X-BuildVersion: ['R4_1']
X-Content-Type-Options: ['nosniff']
X-FRAME-OPTIONS: ['DENY']
X-XSS-Protection: ['1; mode=block']
content-length: ['23705']
scnt: ['scnt-1234567890']
vary: ['accept-encoding']
status:
code: 200
message: ''
- request:
body: !!python/unicode '{"accountName": "[email protected]", "rememberMe": true, "trustTokens": []}'
headers:
Accept: ['*/*']
Accept-Encoding: ['gzip, deflate']
Connection: ['keep-alive']
Content-Length: ['98']
Content-Type: ['application/json']
Origin: ['https://www.icloud.com']
Referer: ['https://www.icloud.com/']
User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
X-Apple-OAuth-Client-Type: ['firstPartyAuth']
X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
X-Apple-OAuth-Require-Grant-Code: ['true']
X-Apple-OAuth-Response-Mode: ['web_message']
X-Apple-OAuth-Response-Type: ['code']
X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
method: POST
uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
response:
body:
string: !!python/unicode '{"auth_type":"sa"}'
headers:
Cache-Control:
- 'no-cache'
- 'no-store'
Connection: ['keep-alive']
Content-Type: ['application/json;charset=UTF-8']
Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
Location: ['/auth']
Pragma: ['no-cache']
Referrer-Policy: ['origin']
Server: ['Apple']
Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
Transfer-Encoding: ['chunked']
X-Apple-Auth-Attributes: ['123456789abcdefg']
X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
X-Apple-ID-Account-Country: ['USA']
X-Apple-ID-Session-Id: ['sess-1234567890']
X-Apple-Session-Token: ['token-1234567890']
X-Apple-TwoSV-Trust-Eligible: ['true']
X-BuildVersion: ['R4_1']
content-length: ['23705']
scnt: ['scnt-1234567890']
vary: ['accept-encoding']
status:
code: 412
message: ''
- request:
body: !!python/unicode ''
headers:
Accept: ['*/*']
Accept-Encoding: ['gzip, deflate']
Connection: ['keep-alive']
Content-Length: ['98']
Content-Type: ['application/json']
Origin: ['https://www.icloud.com']
Referer: ['https://www.icloud.com/']
User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
X-Apple-OAuth-Client-Type: ['firstPartyAuth']
X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
X-Apple-OAuth-Require-Grant-Code: ['true']
X-Apple-OAuth-Response-Mode: ['web_message']
X-Apple-OAuth-Response-Type: ['code']
X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
method: POST
uri: https://idmsa.apple.com/appleauth/auth/repair/complete
response:
body:
string: !!python/unicode ''
headers:
Cache-Control:
- 'no-cache'
- 'no-store'
Connection: ['keep-alive']
Content-Type: ['application/json;charset=UTF-8']
Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
Location: ['/auth']
Pragma: ['no-cache']
Referrer-Policy: ['origin']
Server: ['Apple']
Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
Transfer-Encoding: ['chunked']
X-Apple-Auth-Attributes: ['123456789abcdefg']
X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
X-Apple-ID-Account-Country: ['USA']
X-Apple-ID-Session-Id: ['sess-1234567890']
X-Apple-Session-Token: ['token-1234567890']
X-Apple-TwoSV-Trust-Eligible: ['true']
X-BuildVersion: ['R4_1']
content-length: ['23705']
scnt: ['scnt-1234567890']
vary: ['accept-encoding']
status:
code: 200
message: ''
- request:
body: !!python/unicode '{"accountCountryCode": "USA", "dsWebAuthToken": "token-1234567890", "extended_login": false, "trustToken": ""}'
headers:
Accept: ['*/*']
Accept-Encoding: ['gzip, deflate']
Connection: ['keep-alive']
Content-Length: ['1157']
Origin: ['https://www.icloud.com']
Referer: ['https://www.icloud.com/']
User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
method: POST
uri: https://setup.icloud.com/setup/ws/1/accountLogin
response:
body:
string: !!python/unicode '{"dsInfo":{"lastName":"Doe","iCDPEnabled":false,"tantorMigrated":false,"dsid":"12345678901","ironcadeMigrated":true,"locale":"en-us_US","brZoneConsolidated":false,"ICDRSCapableDeviceList":"","isManagedAppleID":false,"isCustomDomainsFeatureAvailable":true,"isHideMyEmailFeatureAvailable":true,"ContinueOnDeviceEligibleDeviceInfo":[],"gilligan-invited":true,"appleIdAliases":[],"ubiquityEOLEnabled":true,"isPaidDeveloper":false,"countryCode":"USA","notificationId":"12341234-1234-12341234-1234","primaryEmailVerified":true,"aDsID":"123456-12-12345678-1234-1234-1234-123456789012","locked":false,"ICDRSCapableDeviceCount":0,"hasICloudQualifyingDevice":true,"primaryEmail":"[email protected]","appleIdEntries":[{"isPrimary":true,"type":"EMAIL","value":"[email protected]"}],"gilligan-enabled":true,"isWebAccessAllowed":true,"fullName":"john
Doe","mailFlags":{"isThreadingAvailable":false,"isSearchV2Provisioned":false,"rawBits":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"isCKMail":false,"isMppSupportedInCurrentCountry":true},"languageCode":"en-us","appleId":"[email protected]","analyticsOptInStatus":false,"firstName":"john","iCloudAppleIdAlias":"","notesMigrated":true,"beneficiaryInfo":{"isBeneficiary":false},"hasPaymentInfo":true,"pcsDeleted":false,"appleIdAlias":"","brMigrated":true,"statusCode":2,"familyEligible":true},"hasMinimumDeviceForPhotosWeb":true,"iCDPEnabled":false,"webservices":{"reminders":{"url":"https://p61-remindersws.icloud.com:443","status":"active"},"ckdatabasews":{"pcsRequired":true,"url":"https://p61-ckdatabasews.icloud.com:443","status":"active"},"photosupload":{"pcsRequired":true,"url":"https://p61-uploadphotosws.icloud.com:443","status":"active"},"photos":{"pcsRequired":true,"uploadUrl":"https://p61-uploadphotosws.icloud.com:443","url":"https://p61-photosws.icloud.com:443","status":"active"},"drivews":{"pcsRequired":true,"url":"https://p61-drivews.icloud.com:443","status":"active"},"uploadimagews":{"url":"https://p61-uploadimagews.icloud.com:443","status":"active"},"schoolwork":{},"cksharews":{"url":"https://p61-ckshare.icloud.com:443","status":"active"},"findme":{"url":"https://p61-fmipweb.icloud.com:443","status":"active"},"ckdeviceservice":{"url":"https://p61-ckdevice.icloud.com:443"},"iworkthumbnailws":{"url":"https://p61-iworkthumbnailws.icloud.com:443","status":"active"},"mccgateway":{"url":"https://p61-mccgateway.icloud.com:443","status":"active"},"calendar":{"isMakoAccount":false,"url":"https://p61-calendarws.icloud.com:443","status":"active"},"docws":{"pcsRequired":true,"url":"https://p61-docws.icloud.com:443","status":"active"},"settings":{"url":"https://p61-settingsws.icloud.com:443","status":"active"},"premiummailsettings":{"url":"https://p61-maildomainws.icloud.com:443","status":"active"},"ubiquity":{"url":"https://p61-ubiquityws.icloud.com:443","status":"active"},"keyvalue":{"url":"https://p61-keyvalueservice.icloud.com:443","status":"active"},"mpp":{"url":"https://relay.icloud-mpp.com","status":"active"},"archivews":{"url":"https://p61-archivews.icloud.com:443","status":"active"},"push":{"url":"https://p61-pushws.icloud.com:443","status":"active"},"iwmb":{"url":"https://p61-iwmb.icloud.com:443","status":"active"},"iworkexportws":{"url":"https://p61-iworkexportws.icloud.com:443","status":"active"},"sharedlibrary":{"url":"https://sharedlibrary.icloud.com:443","status":"active"},"geows":{"url":"https://p61-geows.icloud.com:443","status":"active"},"account":{"iCloudEnv":{"shortId":"p","vipSuffix":"prod"},"url":"https://p61-setup.icloud.com:443","status":"active"},"contacts":{"url":"https://p61-contactsws.icloud.com:443","status":"active"},"developerapi":{"url":"https://developer-api.icloud.com:443","status":"active"}},"pcsEnabled":true,"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=#!create","accountLoginUI":"https://idmsa.apple.com/appleauth/auth/signin?widgetKey=","accountLogin":"https://setup.icloud.com/setup/ws/1/accountLogin","accountRepairUI":"https://appleid.apple.com/widget/account/?widgetKey=#!repair","downloadICloudTerms":"https://setup.icloud.com/setup/ws/1/downloadLiteTerms","repairDone":"https://setup.icloud.com/setup/ws/1/repairDone","accountAuthorizeUI":"https://idmsa.apple.com/appleauth/auth/authorize/signin?client_id=","vettingUrlForEmail":"https://id.apple.com/IDMSEmailVetting/vetShareEmail","accountCreate":"https://setup.icloud.com/setup/ws/1/createLiteAccount","getICloudTerms":"https://setup.icloud.com/setup/ws/1/getTerms","vettingUrlForPhone":"https://id.apple.com/IDMSEmailVetting/vetSharePhone"},"accountCreateEnabled":true},"appsOrder":["mail","contacts","calendar","photos","iclouddrive","notes3","reminders","pages","numbers","keynote","newspublisher","find","settings"],"version":2,"isExtendedLogin":true,"pcsServiceIdentitiesIncluded":false,"requestInfo":{"country":"US","timeZone":"EST","region":"NC"},"pcsDeleted":false,"iCloudInfo":{"SafariBookmarksHasMigratedToCloudKit":false},"apps":{"calendar":{},"reminders":{},"keynote":{"isQualifiedForBeta":true},"settings":{"canLaunchWithOneFactor":true},"mail":{},"numbers":{"isQualifiedForBeta":true},"photos":{},"pages":{"isQualifiedForBeta":true},"notes3":{},"find":{"canLaunchWithOneFactor":true},"iclouddrive":{},"newspublisher":{"isHidden":true},"contacts":{}}}'
headers:
Access-Control-Allow-Credentials: ['true']
Access-Control-Allow-Origin: ['https://www.icloud.com']
Cache-Control: ['no-cache, no-store, private']
Connection: ['keep-alive']
Content-Type: ['application/json; charset=UTF-8']
Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
Server: ['AppleHttpServer/78689afb4479']
Set-Cookie:
- 'X-APPLE-UNIQUE-CLIENT-ID="Cw==";Path=/;Domain=.icloud.com;Secure'
- 'X-APPLE-WEBAUTH-LOGIN="v=1:t=Cw==BST_IAAAAAAABLw1234~~";Path=/;Domain=.icloud.com;Secure;HttpOnly'
- 'X-APPLE-WEBAUTH-VALIDATE="v=1:t=Cw==BST_IAAAAAAABLw5678~~";Path=/;Domain=.icloud.com;Secure'
- 'X-APPLE-WEBAUTH-HSA-LOGIN="v=2:t=Cw==BST_IAAAAAAABLw9012~~";Path=/;Domain=.icloud.com;Secure;HttpOnly'
- 'X-APPLE-WEBAUTH-USER="v=1:s=1:d=12345678901";Expires=Fri, 12-Jan-2024 05:06:31
GMT;Path=/;Domain=.icloud.com;Secure;HttpOnly'
- 'X_APPLE_WEB_KB-ONHCNAXFAIPPFDMR5UZVNO6NIMY="v=1:t=Cw==BST_IAAAAAAABLw3456~~";Expires=Sun,
11-Feb-2024 05:06:31 GMT;Path=/;Domain=.icloud.com;Secure;HttpOnly'
- 'X-APPLE-DS-WEB-SESSION-TOKEN="websessiontoken1234567890=";Expires=Fri,
12-Jan-2024 05:06:31 GMT;Path=/;Domain=.icloud.com;Secure;HttpOnly'
Strict-Transport-Security: ['max-age=31536000; includeSubDomains']
X-Apple-Edge-Response-Time: ['501']
X-Apple-Request-UUID: ['12345678-1234-1234-1234-123456789012']
X-Responding-Instance: ['setupservice:33200401:mr55p32ic-qukt01202301:7001:2404B363:5934c9004de5']
access-control-expose-headers: ['X-Apple-Request-UUID,Via']
content-length: ['5758']
via: ['via-123456789012345678901234567890']
x-apple-user-partition: ['32']
status:
code: 200
message: OK
version: 1

0 comments on commit 3f38f55

Please sign in to comment.