From 4b0a1c2abbedbcbd780075e08f5262de0ebc1e89 Mon Sep 17 00:00:00 2001 From: iowk Date: Tue, 3 Dec 2024 11:35:34 +0800 Subject: [PATCH] fix: failed to login non-2FA account for the first attempt --- CHANGELOG.md | 1 + src/pyicloud_ipd/base.py | 32 ++++++++-------------------- tests/vcr_cassettes/auth_non_2fa.yml | 2 ++ 3 files changed, 12 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d249b2b5c..cfac079d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Unreleased +- fix: failed to login non-2FA account for the first attempt [#1012](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/1012) - fix: log more information for authentication error [#1010](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/1010) - feature: add support for XMP files with `--xmp-sidecar` parameter [#448](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/448), [#102](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/102), [#789](https://github.com/icloud-photos-downloader/icloud_photos_downloader/issues/789) diff --git a/src/pyicloud_ipd/base.py b/src/pyicloud_ipd/base.py index 38369a11a..f429291d7 100644 --- a/src/pyicloud_ipd/base.py +++ b/src/pyicloud_ipd/base.py @@ -194,13 +194,6 @@ def authenticate(self, force_refresh:bool=False, service:Optional[Any]=None) -> LOGGER.debug("Authenticating as %s", self.user["accountName"]) headers = self._get_auth_headers() - scnt = self.session_data.get("scnt") - if scnt: - headers["scnt"] = scnt - - session_id = self.session_data.get("session_id") - if session_id: - headers["X-Apple-ID-Session-Id"] = session_id class SrpPassword(): # srp uses the encoded password at process_challenge(), thus set_encrypt_info() should be called before that @@ -271,6 +264,7 @@ def encode(self) -> bytes: pass elif response.status_code == 412: # non 2FA account returns 412 "precondition no met" + headers = self._get_auth_headers() response = self.session.post( "%s/repair/complete" % self.AUTH_ENDPOINT, data=json.dumps({}), @@ -359,6 +353,14 @@ def _get_auth_headers(self, overrides: Optional[Dict[str, str]]=None) -> Dict[st "X-Apple-OAuth-State": self.client_id, "X-Apple-Widget-Key": "d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d", } + scnt = self.session_data.get("scnt") + if scnt: + headers["scnt"] = scnt + + session_id = self.session_data.get("session_id") + if session_id: + headers["X-Apple-ID-Session-Id"] = session_id + if overrides: headers.update(overrides) return headers @@ -514,14 +516,6 @@ def validate_2fa_code(self, code:str) -> bool: headers = self._get_auth_headers({"Accept": "application/json"}) - scnt = self.session_data.get("scnt") - if scnt: - headers["scnt"] = scnt - - session_id = self.session_data.get("session_id") - if session_id: - headers["X-Apple-ID-Session-Id"] = session_id - try: self.session.post( "%s/verify/trusteddevice/securitycode" % self.AUTH_ENDPOINT, @@ -544,14 +538,6 @@ def trust_session(self) -> bool: """Request session trust to avoid user log in going forward.""" headers = self._get_auth_headers() - scnt = self.session_data.get("scnt") - if scnt: - headers["scnt"] = scnt - - session_id = self.session_data.get("session_id") - if session_id: - headers["X-Apple-ID-Session-Id"] = session_id - try: self.session.get( f"{self.AUTH_ENDPOINT}/2sv/trust", diff --git a/tests/vcr_cassettes/auth_non_2fa.yml b/tests/vcr_cassettes/auth_non_2fa.yml index d56a48c4d..35a356c67 100644 --- a/tests/vcr_cassettes/auth_non_2fa.yml +++ b/tests/vcr_cassettes/auth_non_2fa.yml @@ -114,6 +114,8 @@ interactions: X-Apple-OAuth-Response-Type: ['code'] X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321'] X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d'] + scnt: ['scnt-1234567890'] + X-Apple-ID-Session-Id: ['sess-1234567890'] method: POST uri: https://idmsa.apple.com/appleauth/auth/repair/complete response: