Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication persistence (bug?) #1005

Closed
sdebruyn opened this issue Nov 26, 2024 · 2 comments
Closed

Authentication persistence (bug?) #1005

sdebruyn opened this issue Nov 26, 2024 · 2 comments

Comments

@sdebruyn
Copy link

It would be very useful if icloudpd could persist authentication tokens and sessions. I would like to be able to restart the process without having to provide password and/or MFA authentication every time.

I am using Docker and I can persist the password by mounting /root/.local/share/python_keyring/keyring_pass.cfg into a volume. For others reading this, it should be noted that this is not more secure than just putting your Apple ID password in plain text in your Docker config as this contains a base64 encoded string with your password.

But then after persisting my password, I still have to enter my MFA code every time, even though the one I entered previously is probably still valid.

Ideally I would like to persist neither of those 2 (persisting the MFA isn't useful anyway since it's only valid for 30 seconds) but instead just persist a token/session somewhere which can be used to communicate to iCloud without asking me for my credentials.

I thought this is what --cookie-directory would do, but that doesn't work. My cookies are properly stored in that folder, but icloudpd is still asking me to re-authenticate every time I start up a container with that folder mounted.

@boredazfcuk
Copy link
Contributor

This is exactly what --cookie-directory does. Must be a permissions/config error somewhere.

@sdebruyn
Copy link
Author

After mounting both the keyring dir and the cookies to a volume, it seems to work. Without the mounted keyring, it asks for a password. This is my Docker setup now:

version: "3.8"
services:
  icloudpd-sam:
    image: icloudpd/icloudpd:latest
    container_name: icloudpd_sam
    network_mode: bridge
    environment:
      - TZ=Europe/Brussels
    volumes:
      - /volume1/icloudpd/sam:/data
      - cookies:/cookies
      - keyring:/root/.local/share/python_keyring
    command:
      - icloudpd
      - --cookie-directory
      - /cookies
      - --directory
      - /data
      - --username
      - REDACTED
      - --watch-with-interval
      - "600"
      - --set-exif-datetime
      - --delete-after-download
      - --no-progress-bar
      - --password-provider
      - keyring
      - --password-provider
      - webui
      - --mfa-provider
      - webui
    ports:
      - 38080:8080
    restart: on-failure
  icloudpd-sam-notifier:
    image: icloudpd/icloudpd:latest
    container_name: icloudpd_sam_notifier
    network_mode: bridge
    environment:
      - TZ=Europe/Brussels
    volumes:
      - cookies:/cookies
      - keyring:/root/.local/share/python_keyring
    command:
      - icloudpd
      - --cookie-directory
      - /cookies
      - --username
      - REDACTED
      - --auth-only
      - --smtp-username
      - REDACTED
      - --smtp-password
      - REDACTED
      - --smtp-host
      - REDACTED
      - --notification-email
      - REDACTED
      - --notification-email-from
      - REDACTED
      - --no-progress-bar
      - --password-provider
      - keyring
networks: {}
volumes:
  keyring: null
  cookies: null

The second container shuts down right away but I have a cronjob that does docker-compose -f path-to-compose.yaml up -d icloudpd-sam-notifier every day so that I get an email when the tokens expire.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants