From e9eaa10a651d6b2256c7a680b36d9a216ec8d54f Mon Sep 17 00:00:00 2001
From: iowk <gj3bp6123@gmail.com>
Date: Thu, 24 Oct 2024 17:24:20 +0800
Subject: [PATCH] test: fix tests for new Apple SIRP auth flow

---
 tests/test_authentication.py                  | 24 ++-----
 tests/vcr_cassettes/2fa_flow_invalid_code.yml | 62 ++++++++++++++++---
 tests/vcr_cassettes/2fa_flow_valid_code.yml   | 58 ++++++++++++++---
 tests/vcr_cassettes/2sa_flow_invalid_code.yml | 60 +++++++++++++++---
 tests/vcr_cassettes/2sa_flow_valid_code.yml   | 60 +++++++++++++++---
 tests/vcr_cassettes/auth_requires_2fa.yml     | 60 +++++++++++++++---
 tests/vcr_cassettes/failed_auth.yml           | 58 ++++++++++++++---
 7 files changed, 315 insertions(+), 67 deletions(-)

diff --git a/tests/test_authentication.py b/tests/test_authentication.py
index 3ed60c304..b109059d9 100644
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@@ -1,5 +1,6 @@
 import inspect
 import os
+import shutil
 from typing import NamedTuple
 from unittest import TestCase
 
@@ -126,28 +127,11 @@ def test_2fa_required(self) -> None:
     def test_successful_token_validation(self) -> None:
         base_dir = os.path.join(self.fixtures_path, inspect.stack()[0][3])
         cookie_dir = os.path.join(base_dir, "cookie")
+        cookie_master_path = os.path.join(self.root_path, "cookie")
 
-        for dir in [base_dir, cookie_dir]:
-            recreate_path(dir)
+        recreate_path(base_dir)
 
-        # We need to create a session file first before we test the auth token validation
-        with vcr.use_cassette(os.path.join(self.vcr_path, "2sa_flow_valid_code.yml")):
-            runner = CliRunner(env={"CLIENT_ID": "DE309E26-942E-11E8-92F5-14109FE0B321"})
-            result = runner.invoke(
-                main,
-                [
-                    "--username",
-                    "jdoe@gmail.com",
-                    "--password",
-                    "password1",
-                    "--no-progress-bar",
-                    "--cookie-directory",
-                    cookie_dir,
-                    "--auth-only",
-                ],
-                input="0\n654321\n",
-            )
-            assert result.exit_code == 0
+        shutil.copytree(cookie_master_path, cookie_dir)
 
         with vcr.use_cassette(os.path.join(self.vcr_path, "successful_auth.yml")):
             runner = CliRunner(env={"CLIENT_ID": "DE309E26-942E-11E8-92F5-14109FE0B321"})
diff --git a/tests/vcr_cassettes/2fa_flow_invalid_code.yml b/tests/vcr_cassettes/2fa_flow_invalid_code.yml
index 655e7017c..1a8e93c89 100644
--- a/tests/vcr_cassettes/2fa_flow_invalid_code.yml
+++ b/tests/vcr_cassettes/2fa_flow_invalid_code.yml
@@ -1,12 +1,11 @@
 interactions:
 - request:
-    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "password": "password1",
-      "rememberMe": true, "trustTokens": []}'
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "protocols": ["s2k", "s2k_fo"]}'
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
       Connection: ['keep-alive']
-      Content-Length: ['111']
+      Content-Length: ['98']
       Content-Type: ['application/json']
       Origin: ['https://www.icloud.com']
       Referer: ['https://www.icloud.com/']
@@ -20,16 +19,62 @@ interactions:
       X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
       X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
     method: POST
-    uri: https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true
+    uri: https://idmsa.apple.com/appleauth/auth/signin/init
   response:
-    body:
-      string: !!python/unicode '{}'
+    body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
     headers:
       Cache-Control:
       - 'no-cache'
       - 'no-store'
       Connection: ['keep-alive']
       Content-Type: ['text/html;charset=UTF-8']
+      Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
+      Pragma: ['no-cache']
+      Referrer-Policy: ['origin']
+      Server: ['Apple']
+      Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
+      Transfer-Encoding: ['chunked']
+      X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
+      X-BuildVersion: ['R4_1']
+      X-Content-Type-Options: ['nosniff']
+      X-FRAME-OPTIONS: ['DENY']
+      X-XSS-Protection: ['1; mode=block']
+      content-length: ['23705']
+      scnt: ['scnt-1234567890']
+      vary: ['accept-encoding']
+    status:
+      code: 200
+      message: ''
+- request:
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "rememberMe": true, "trustTokens": []}'
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: ['keep-alive']
+      Content-Length: ['98']
+      Content-Type: ['application/json']
+      Origin: ['https://www.icloud.com']
+      Referer: ['https://www.icloud.com/']
+      User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
+      X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+      X-Apple-OAuth-Client-Type: ['firstPartyAuth']
+      X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
+      X-Apple-OAuth-Require-Grant-Code: ['true']
+      X-Apple-OAuth-Response-Mode: ['web_message']
+      X-Apple-OAuth-Response-Type: ['code']
+      X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
+      X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+    method: POST
+    uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
+  response:
+    body:
+      string: !!python/unicode '{"auth_type":"hsa2"}'
+    headers:
+      Cache-Control:
+      - 'no-cache'
+      - 'no-store'
+      Connection: ['keep-alive']
+      Content-Type: ['application/json;charset=UTF-8']
       Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
       Location: ['/auth']
       Pragma: ['no-cache']
@@ -39,7 +84,6 @@ interactions:
       Transfer-Encoding: ['chunked']
       X-Apple-Auth-Attributes: ['123456789abcdefg']
       X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
-      X-Apple-I-Rscd: ['409']
       X-Apple-ID-Account-Country: ['USA']
       X-Apple-ID-Session-Id: ['sess-1234567890']
       X-Apple-Session-Token: ['token-1234567890']
@@ -75,13 +119,13 @@ interactions:
     uri: https://idmsa.apple.com/appleauth/auth
   response:
     body:
-      string: <script type="application/json" class="boot_args">{"direct":{"scriptSk7Url":"https://appleid.cdn-apple.com/appleauth/static/module-assets/home-45556079a0eee434f5ce.js","scriptUrl":"https://appleid.cdn-apple.com/appleauth/static/jsj/1720813638/widget/auth/hsa2.js","module":"widget/auth/components/hsa2/hsa2","isReact":true,"authUserType":"hsa2","hasTrustedDevices":true,"twoSV":{"supportedPushModes":["voice","sms"],"phoneNumberVerification":{"trustedPhoneNumbers":[{"numberWithDialCode":"+1 (•••) •••-••81","pushMode":"sms","obfuscatedNumber":"(•••) •••-••81","lastTwoDigits":"81","id":1}],"securityCode":{"length":6,"tooManyCodesSent":false,"tooManyCodesValidated":false,"securityCodeLocked":false,"securityCodeCooldown":false},"authenticationType":"hsa2","recoveryUrl":"https://iforgot.apple.com/phone/add?prs_account_nm=dummy%40dummy.com\u0026autoSubmitAccount=true\u0026appId=142","cantUsePhoneNumberUrl":"https://iforgot.apple.com/iforgot/phone/add?context=cantuse\u0026prs_account_nm=dummy%40dummy.com\u0026autoSubmitAccount=true\u0026appId=142","recoveryWebUrl":"https://iforgot.apple.com/password/verify/appleid?prs_account_nm=dummy%40dummy.com\u0026autoSubmitAccount=true\u0026appId=142","repairPhoneNumberUrl":"https://gsa.apple.com/appleid/account/manage/repair/verify/phone","repairPhoneNumberWebUrl":"https://appleid.apple.com/widget/account/repair?#!repair","aboutTwoFactorAuthenticationUrl":"https://support.apple.com/kb/HT204921","autoVerified":false,"showAutoVerificationUI":false,"supportsCustodianRecovery":false,"hideSendSMSCodeOption":false,"supervisedChangePasswordFlow":false,"supportsRecovery":true,"trustedPhoneNumber":{"numberWithDialCode":"+1 (•••) •••-••81","pushMode":"sms","obfuscatedNumber":"(•••) •••-••81","lastTwoDigits":"81","id":1},"hsa2Account":true,"restrictedAccount":false,"managedAccount":false},"authFactors":["robocall","sms","generatedcode"],"source_returnurl":"https://idmsa.apple.com/","sourceAppId":1159},"referrerQuery":"","urlContext":"/appleauth","tag":"\u003Chsa2 class=\u0027auth-v1\u0027 suppress-iforgot=\"{suppressIforgot}\" skip-trust-browser-step=\"{skipTrustBrowserStep}\"\u003E\u003C/hsa2\u003E","authType":"hsa2","authInitialRoute":"auth/verify/phone","appleIDUrl":"https://appleid.apple.com"},"additional":{"canRoute2sv":true}}</script>
+      string: !!python/unicode '<script type="application/json" class="boot_args">{"direct":{"scriptSk7Url":"https://appleid.cdn-apple.com/appleauth/static/module-assets/home-45556079a0eee434f5ce.js","scriptUrl":"https://appleid.cdn-apple.com/appleauth/static/jsj/1720813638/widget/auth/hsa2.js","module":"widget/auth/components/hsa2/hsa2","isReact":true,"authUserType":"hsa2","hasTrustedDevices":true,"twoSV":{"supportedPushModes":["voice","sms"],"phoneNumberVerification":{"trustedPhoneNumbers":[{"numberWithDialCode":"+1 (•••) •••-••81","pushMode":"sms","obfuscatedNumber":"(\u2022\u2022\u2022) \u2022\u2022\u2022-\u2022\u202281","lastTwoDigits":"81","id":1}],"securityCode":{"length":6,"tooManyCodesSent":false,"tooManyCodesValidated":false,"securityCodeLocked":false,"securityCodeCooldown":false},"authenticationType":"hsa2","recoveryUrl":"https://iforgot.apple.com/phone/add?prs_account_nm=dummy%40dummy.com\u0026autoSubmitAccount=true\u0026appId=142","cantUsePhoneNumberUrl":"https://iforgot.apple.com/iforgot/phone/add?context=cantuse\u0026prs_account_nm=dummy%40dummy.com\u0026autoSubmitAccount=true\u0026appId=142","recoveryWebUrl":"https://iforgot.apple.com/password/verify/appleid?prs_account_nm=dummy%40dummy.com\u0026autoSubmitAccount=true\u0026appId=142","repairPhoneNumberUrl":"https://gsa.apple.com/appleid/account/manage/repair/verify/phone","repairPhoneNumberWebUrl":"https://appleid.apple.com/widget/account/repair?#!repair","aboutTwoFactorAuthenticationUrl":"https://support.apple.com/kb/HT204921","autoVerified":false,"showAutoVerificationUI":false,"supportsCustodianRecovery":false,"hideSendSMSCodeOption":false,"supervisedChangePasswordFlow":false,"supportsRecovery":true,"trustedPhoneNumber":{"numberWithDialCode":"+1 (•••) •••-••81","pushMode":"sms","obfuscatedNumber":"(•••) •••-••81","lastTwoDigits":"81","id":1},"hsa2Account":true,"restrictedAccount":false,"managedAccount":false},"authFactors":["robocall","sms","generatedcode"],"source_returnurl":"https://idmsa.apple.com/","sourceAppId":1159},"referrerQuery":"","urlContext":"/appleauth","tag":"\u003Chsa2 class=\u0027auth-v1\u0027 suppress-iforgot=\"{suppressIforgot}\" skip-trust-browser-step=\"{skipTrustBrowserStep}\"\u003E\u003C/hsa2\u003E","authType":"hsa2","authInitialRoute":"auth/verify/phone","appleIDUrl":"https://appleid.apple.com"},"additional":{"canRoute2sv":true}}</script>'
     headers:
       Access-Control-Allow-Credentials: ['true']
       Access-Control-Allow-Origin: ['https://www.icloud.com']
       Cache-Control: ['no-cache, no-store, private']
       Connection: ['keep-alive']
-      Content-Type: ['application/json; charset=UTF-8']
+      Content-Type: ['text/html; charset=UTF-8']
       Date: ['Fri, 15 Dec 2023 09:54:34 GMT']
       Server: ['AppleHttpServer/2f080fc0']
       Strict-Transport-Security: ['max-age=31536000; includeSubDomains']
diff --git a/tests/vcr_cassettes/2fa_flow_valid_code.yml b/tests/vcr_cassettes/2fa_flow_valid_code.yml
index edced70f3..b45da58bb 100644
--- a/tests/vcr_cassettes/2fa_flow_valid_code.yml
+++ b/tests/vcr_cassettes/2fa_flow_valid_code.yml
@@ -1,12 +1,11 @@
 interactions:
 - request:
-    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "password": "password1",
-      "rememberMe": true, "trustTokens": []}'
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "protocols": ["s2k", "s2k_fo"]}'
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
       Connection: ['keep-alive']
-      Content-Length: ['111']
+      Content-Length: ['98']
       Content-Type: ['application/json']
       Origin: ['https://www.icloud.com']
       Referer: ['https://www.icloud.com/']
@@ -20,16 +19,62 @@ interactions:
       X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
       X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
     method: POST
-    uri: https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true
+    uri: https://idmsa.apple.com/appleauth/auth/signin/init
   response:
-    body:
-      string: !!python/unicode '{}'
+    body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
     headers:
       Cache-Control:
       - 'no-cache'
       - 'no-store'
       Connection: ['keep-alive']
       Content-Type: ['text/html;charset=UTF-8']
+      Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
+      Pragma: ['no-cache']
+      Referrer-Policy: ['origin']
+      Server: ['Apple']
+      Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
+      Transfer-Encoding: ['chunked']
+      X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
+      X-BuildVersion: ['R4_1']
+      X-Content-Type-Options: ['nosniff']
+      X-FRAME-OPTIONS: ['DENY']
+      X-XSS-Protection: ['1; mode=block']
+      content-length: ['23705']
+      scnt: ['scnt-1234567890']
+      vary: ['accept-encoding']
+    status:
+      code: 200
+      message: ''
+- request:
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "rememberMe": true, "trustTokens": []}'
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: ['keep-alive']
+      Content-Length: ['98']
+      Content-Type: ['application/json']
+      Origin: ['https://www.icloud.com']
+      Referer: ['https://www.icloud.com/']
+      User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
+      X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+      X-Apple-OAuth-Client-Type: ['firstPartyAuth']
+      X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
+      X-Apple-OAuth-Require-Grant-Code: ['true']
+      X-Apple-OAuth-Response-Mode: ['web_message']
+      X-Apple-OAuth-Response-Type: ['code']
+      X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
+      X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+    method: POST
+    uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
+  response:
+    body:
+      string: !!python/unicode '{"auth_type":"hsa2"}'
+    headers:
+      Cache-Control:
+      - 'no-cache'
+      - 'no-store'
+      Connection: ['keep-alive']
+      Content-Type: ['application/json;charset=UTF-8']
       Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
       Location: ['/auth']
       Pragma: ['no-cache']
@@ -39,7 +84,6 @@ interactions:
       Transfer-Encoding: ['chunked']
       X-Apple-Auth-Attributes: ['123456789abcdefg']
       X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
-      X-Apple-I-Rscd: ['409']
       X-Apple-ID-Account-Country: ['USA']
       X-Apple-ID-Session-Id: ['sess-1234567890']
       X-Apple-Session-Token: ['token-1234567890']
diff --git a/tests/vcr_cassettes/2sa_flow_invalid_code.yml b/tests/vcr_cassettes/2sa_flow_invalid_code.yml
index b444dce67..e870aff07 100644
--- a/tests/vcr_cassettes/2sa_flow_invalid_code.yml
+++ b/tests/vcr_cassettes/2sa_flow_invalid_code.yml
@@ -1,12 +1,11 @@
 interactions:
 - request:
-    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "password": "password1",
-      "rememberMe": true, "trustTokens": []}'
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "protocols": ["s2k", "s2k_fo"]}'
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
       Connection: ['keep-alive']
-      Content-Length: ['111']
+      Content-Length: ['98']
       Content-Type: ['application/json']
       Origin: ['https://www.icloud.com']
       Referer: ['https://www.icloud.com/']
@@ -20,16 +19,62 @@ interactions:
       X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
       X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
     method: POST
-    uri: https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true
+    uri: https://idmsa.apple.com/appleauth/auth/signin/init
   response:
-    body:
-      string: !!python/unicode '{}'
+    body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
     headers:
       Cache-Control:
       - 'no-cache'
       - 'no-store'
       Connection: ['keep-alive']
       Content-Type: ['text/html;charset=UTF-8']
+      Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
+      Pragma: ['no-cache']
+      Referrer-Policy: ['origin']
+      Server: ['Apple']
+      Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
+      Transfer-Encoding: ['chunked']
+      X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
+      X-BuildVersion: ['R4_1']
+      X-Content-Type-Options: ['nosniff']
+      X-FRAME-OPTIONS: ['DENY']
+      X-XSS-Protection: ['1; mode=block']
+      content-length: ['23705']
+      scnt: ['scnt-1234567890']
+      vary: ['accept-encoding']
+    status:
+      code: 200
+      message: ''
+- request:
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "rememberMe": true, "trustTokens": []}'
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: ['keep-alive']
+      Content-Length: ['98']
+      Content-Type: ['application/json']
+      Origin: ['https://www.icloud.com']
+      Referer: ['https://www.icloud.com/']
+      User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
+      X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+      X-Apple-OAuth-Client-Type: ['firstPartyAuth']
+      X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
+      X-Apple-OAuth-Require-Grant-Code: ['true']
+      X-Apple-OAuth-Response-Mode: ['web_message']
+      X-Apple-OAuth-Response-Type: ['code']
+      X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
+      X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+    method: POST
+    uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
+  response:
+    body:
+      string: !!python/unicode '{"auth_type":"hsa2"}'
+    headers:
+      Cache-Control:
+      - 'no-cache'
+      - 'no-store'
+      Connection: ['keep-alive']
+      Content-Type: ['application/json;charset=UTF-8']
       Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
       Location: ['/auth']
       Pragma: ['no-cache']
@@ -39,12 +84,11 @@ interactions:
       Transfer-Encoding: ['chunked']
       X-Apple-Auth-Attributes: ['123456789abcdefg']
       X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
-      X-Apple-I-Rscd: ['409']
       X-Apple-ID-Account-Country: ['USA']
       X-Apple-ID-Session-Id: ['sess-1234567890']
       X-Apple-Session-Token: ['token-1234567890']
       X-Apple-TwoSV-Trust-Eligible: ['true']
-      X-BuildVersion: ['R3_2']
+      X-BuildVersion: ['R4_1']
       content-length: ['23705']
       scnt: ['scnt-1234567890']
       vary: ['accept-encoding']
diff --git a/tests/vcr_cassettes/2sa_flow_valid_code.yml b/tests/vcr_cassettes/2sa_flow_valid_code.yml
index e32af9649..fae63cb98 100644
--- a/tests/vcr_cassettes/2sa_flow_valid_code.yml
+++ b/tests/vcr_cassettes/2sa_flow_valid_code.yml
@@ -1,12 +1,11 @@
 interactions:
 - request:
-    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "password": "password1",
-      "rememberMe": true, "trustTokens": []}'
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "protocols": ["s2k", "s2k_fo"]}'
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
       Connection: ['keep-alive']
-      Content-Length: ['111']
+      Content-Length: ['98']
       Content-Type: ['application/json']
       Origin: ['https://www.icloud.com']
       Referer: ['https://www.icloud.com/']
@@ -20,16 +19,62 @@ interactions:
       X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
       X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
     method: POST
-    uri: https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true
+    uri: https://idmsa.apple.com/appleauth/auth/signin/init
   response:
-    body:
-      string: !!python/unicode '{}'
+    body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
     headers:
       Cache-Control:
       - 'no-cache'
       - 'no-store'
       Connection: ['keep-alive']
       Content-Type: ['text/html;charset=UTF-8']
+      Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
+      Pragma: ['no-cache']
+      Referrer-Policy: ['origin']
+      Server: ['Apple']
+      Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
+      Transfer-Encoding: ['chunked']
+      X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
+      X-BuildVersion: ['R4_1']
+      X-Content-Type-Options: ['nosniff']
+      X-FRAME-OPTIONS: ['DENY']
+      X-XSS-Protection: ['1; mode=block']
+      content-length: ['23705']
+      scnt: ['scnt-1234567890']
+      vary: ['accept-encoding']
+    status:
+      code: 200
+      message: ''
+- request:
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "rememberMe": true, "trustTokens": []}'
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: ['keep-alive']
+      Content-Length: ['98']
+      Content-Type: ['application/json']
+      Origin: ['https://www.icloud.com']
+      Referer: ['https://www.icloud.com/']
+      User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
+      X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+      X-Apple-OAuth-Client-Type: ['firstPartyAuth']
+      X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
+      X-Apple-OAuth-Require-Grant-Code: ['true']
+      X-Apple-OAuth-Response-Mode: ['web_message']
+      X-Apple-OAuth-Response-Type: ['code']
+      X-Apple-OAuth-State: ['DE309E26-942E-11E8-92F5-14109FE0B321']
+      X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+    method: POST
+    uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
+  response:
+    body:
+      string: !!python/unicode '{"auth_type":"hsa2"}'
+    headers:
+      Cache-Control:
+      - 'no-cache'
+      - 'no-store'
+      Connection: ['keep-alive']
+      Content-Type: ['application/json;charset=UTF-8']
       Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
       Location: ['/auth']
       Pragma: ['no-cache']
@@ -39,12 +84,11 @@ interactions:
       Transfer-Encoding: ['chunked']
       X-Apple-Auth-Attributes: ['123456789abcdefg']
       X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
-      X-Apple-I-Rscd: ['409']
       X-Apple-ID-Account-Country: ['USA']
       X-Apple-ID-Session-Id: ['sess-1234567890']
       X-Apple-Session-Token: ['token-1234567890']
       X-Apple-TwoSV-Trust-Eligible: ['true']
-      X-BuildVersion: ['R3_2']
+      X-BuildVersion: ['R4_1']
       content-length: ['23705']
       scnt: ['scnt-1234567890']
       vary: ['accept-encoding']
diff --git a/tests/vcr_cassettes/auth_requires_2fa.yml b/tests/vcr_cassettes/auth_requires_2fa.yml
index fa49803d2..ca5b31079 100644
--- a/tests/vcr_cassettes/auth_requires_2fa.yml
+++ b/tests/vcr_cassettes/auth_requires_2fa.yml
@@ -1,12 +1,11 @@
 interactions:
 - request:
-    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "password": "password1",
-      "rememberMe": true, "trustTokens": []}'
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "protocols": ["s2k", "s2k_fo"]}'
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
       Connection: ['keep-alive']
-      Content-Length: ['111']
+      Content-Length: ['98']
       Content-Type: ['application/json']
       Origin: ['https://www.icloud.com']
       Referer: ['https://www.icloud.com/']
@@ -20,16 +19,62 @@ interactions:
       X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
       X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
     method: POST
-    uri: https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true
+    uri: https://idmsa.apple.com/appleauth/auth/signin/init
   response:
-    body:
-      string: !!python/unicode '{}'
+    body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
     headers:
       Cache-Control:
       - 'no-cache'
       - 'no-store'
       Connection: ['keep-alive']
       Content-Type: ['text/html;charset=UTF-8']
+      Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
+      Pragma: ['no-cache']
+      Referrer-Policy: ['origin']
+      Server: ['Apple']
+      Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
+      Transfer-Encoding: ['chunked']
+      X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
+      X-BuildVersion: ['R4_1']
+      X-Content-Type-Options: ['nosniff']
+      X-FRAME-OPTIONS: ['DENY']
+      X-XSS-Protection: ['1; mode=block']
+      content-length: ['23705']
+      scnt: ['scnt-1234567890']
+      vary: ['accept-encoding']
+    status:
+      code: 200
+      message: ''
+- request:
+    body: !!python/unicode '{"accountName": "jdoe@gmail.com", "rememberMe": true, "trustTokens": []}'
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: ['keep-alive']
+      Content-Length: ['98']
+      Content-Type: ['application/json']
+      Origin: ['https://www.icloud.com']
+      Referer: ['https://www.icloud.com/']
+      User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
+      X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+      X-Apple-OAuth-Client-Type: ['firstPartyAuth']
+      X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
+      X-Apple-OAuth-Require-Grant-Code: ['true']
+      X-Apple-OAuth-Response-Mode: ['web_message']
+      X-Apple-OAuth-Response-Type: ['code']
+      X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
+      X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+    method: POST
+    uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
+  response:
+    body:
+      string: !!python/unicode '{"auth_type":"hsa2"}'
+    headers:
+      Cache-Control:
+      - 'no-cache'
+      - 'no-store'
+      Connection: ['keep-alive']
+      Content-Type: ['application/json;charset=UTF-8']
       Date: ['Wed, 13 Dec 2023 05:06:31 GMT']
       Location: ['/auth']
       Pragma: ['no-cache']
@@ -39,12 +84,11 @@ interactions:
       Transfer-Encoding: ['chunked']
       X-Apple-Auth-Attributes: ['123456789abcdefg']
       X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
-      X-Apple-I-Rscd: ['409']
       X-Apple-ID-Account-Country: ['USA']
       X-Apple-ID-Session-Id: ['sess-1234567890']
       X-Apple-Session-Token: ['token-1234567890']
       X-Apple-TwoSV-Trust-Eligible: ['true']
-      X-BuildVersion: ['R3_2']
+      X-BuildVersion: ['R4_1']
       content-length: ['23705']
       scnt: ['scnt-1234567890']
       vary: ['accept-encoding']
diff --git a/tests/vcr_cassettes/failed_auth.yml b/tests/vcr_cassettes/failed_auth.yml
index 6fba324fb..597e163e7 100644
--- a/tests/vcr_cassettes/failed_auth.yml
+++ b/tests/vcr_cassettes/failed_auth.yml
@@ -1,7 +1,6 @@
 interactions:
 - request:
-    body: !!python/unicode '{"accountName": "bad_username", "password": "bad_password", "rememberMe":
-      true, "trustTokens": []}'
+    body: !!python/unicode '{"accountName": "bad_username", "protocols": ["s2k", "s2k_fo"]}'
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
@@ -20,10 +19,9 @@ interactions:
       X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
       X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
     method: POST
-    uri: https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true
+    uri: https://idmsa.apple.com/appleauth/auth/signin/init
   response:
-    body:
-      string: !!python/unicode '{}'
+    body: {string: '{"iteration":20064,"salt":"UUN/abcdefghijklmnopqr==","protocol":"s2k","version":1,"b":"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd==","c":"d-123-456789ab-cdef-0123-4567-89abcdef0123:MSA"}'}
     headers:
       Cache-Control:
       - 'no-cache'
@@ -37,7 +35,6 @@ interactions:
       Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
       Transfer-Encoding: ['chunked']
       X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
-      X-Apple-I-Rscd: ['401']
       X-BuildVersion: ['R4_1']
       X-Content-Type-Options: ['nosniff']
       X-FRAME-OPTIONS: ['DENY']
@@ -48,4 +45,51 @@ interactions:
     status:
       code: 200
       message: ''
-version: 1
+- request:
+    body: !!python/unicode '{"accountName": "bad_username", "rememberMe": true, "trustTokens": []}'
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: ['keep-alive']
+      Content-Length: ['98']
+      Content-Type: ['application/json']
+      Origin: ['https://www.icloud.com']
+      Referer: ['https://www.icloud.com/']
+      User-Agent: ['Opera/9.52 (X11; Linux i686; U; en)']
+      X-Apple-OAuth-Client-Id: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+      X-Apple-OAuth-Client-Type: ['firstPartyAuth']
+      X-Apple-OAuth-Redirect-URI: ['https://www.icloud.com']
+      X-Apple-OAuth-Require-Grant-Code: ['true']
+      X-Apple-OAuth-Response-Mode: ['web_message']
+      X-Apple-OAuth-Response-Type: ['code']
+      X-Apple-OAuth-State: ['EC5646DE-9423-11E8-BF21-14109FE0B321']
+      X-Apple-Widget-Key: ['d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d']
+    method: POST
+    uri: https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=true
+  response:
+    body:
+      string: !!python/unicode '{"serviceErrors": [{"code":"-20101","message":"Enter the email or phone number and password for your Apple Account.","suppressDismissal":false}]}'
+    headers:
+      Cache-Control:
+      - 'no-cache'
+      - 'no-store'
+      Connection: ['keep-alive']
+      Content-Type: ['application/json;charset=UTF-8']
+      Date: ['Fri, 15 Dec 2023 17:28:03 GMT']
+      Pragma: ['no-cache']
+      Referrer-Policy: ['origin']
+      Server: ['Apple']
+      Strict-Transport-Security: ['max-age=31536000; includeSubDomains; preload']
+      Transfer-Encoding: ['chunked']
+      X-Apple-I-Request-ID: ['12345678-1234-1234-1234-123456789012']
+      X-BuildVersion: ['R4_1']
+      X-Content-Type-Options: ['nosniff']
+      X-FRAME-OPTIONS: ['DENY']
+      X-XSS-Protection: ['1; mode=block']
+      content-length: ['23705']
+      scnt: ['scnt-1234567890']
+      vary: ['accept-encoding']
+    status:
+      code: 401
+      message: ''
+version: 1
\ No newline at end of file