Class: Spaceship::Client

Inherits:

Object

• Object
• Spaceship::Client

Defined in:

spaceship/lib/spaceship/client.rb,
spaceship/lib/spaceship/ui.rb,
spaceship/lib/spaceship/portal/ui/select_team.rb,
spaceship/lib/spaceship/two_step_or_factor_client.rb

Overview

rubocop:disable Metrics/ClassLength

Direct Known Subclasses

Spaceship::ConnectAPI::Client, DUClient, PortalClient, TestFlight::Client, TunesClient

Defined Under Namespace

Classes: UserInterface

Constant Summary

PROTOCOL_VERSION =

"QH65B2"

USER_AGENT =

"Spaceship #{Fastlane::VERSION}"

AUTH_TYPES =

["sa", "hsa", "non-sa", "hsa2"]

BasicPreferredInfoError =

legacy support

Spaceship::BasicPreferredInfoError

InvalidUserCredentialsError =

Spaceship::InvalidUserCredentialsError

NoUserCredentialsError =

Spaceship::NoUserCredentialsError

ProgramLicenseAgreementUpdated =

Spaceship::ProgramLicenseAgreementUpdated

InsufficientPermissions =

Spaceship::InsufficientPermissions

UnexpectedResponse =

Spaceship::UnexpectedResponse

AppleTimeoutError =

Spaceship::AppleTimeoutError

UnauthorizedAccessError =

Spaceship::UnauthorizedAccessError

GatewayTimeoutError =

Spaceship::GatewayTimeoutError

InternalServerError =

Spaceship::InternalServerError

BadGatewayError =

Spaceship::BadGatewayError

Request Logger

• #logger ⇒ Object

  The logger in which all requests are logged /tmp/spaceship[pid][“threadid”].log by default.

Helpers

• #csrf_tokens ⇒ Object

  memorize the last csrf tokens from responses.

Instance Attribute Summary

• #client ⇒ Object readonly

  Returns the value of attribute client.

• #provider ⇒ Object

  Returns the value of attribute provider.

• #user ⇒ Object

  The user that is currently logged in.

• #user_email ⇒ Object

  The email of the user that is currently logged in.

Teams + User

• #team_id ⇒ String

  The currently selected Team ID.

• #team_id=(team_id) ⇒ Object

  Set a new team ID which will be used from now on.

• #team_information ⇒ Hash

  Fetches all information of the currently used team.

• #team_name ⇒ String

  Fetches name from currently used team.

• #teams ⇒ Array

  A list of all available teams.

• #user_details_data ⇒ Object

  Fetch the general information of the user, is used by various methods across spaceship Sample return value => [{“contentProvider”=>{“contentProviderId”=>11142800, “name”=>“Felix Krause”, “contentProviderTypes”=>[“Purple Software”], “roles”=>, “lastLogin”=>1468784113000}], “sessionToken”=>“contentProviderId”=>18111111, “expirationDate”=>nil, “ipAddress”=>nil, “permittedActivities”=> [“UserManagementSelf”, “GameCenterTestData”, “AppAddonCreation”], “REPORT”=> [“UserManagementSelf”, “AppAddonCreation”], “VIEW”=> [“TestFlightAppExternalTesterManagement”, … “HelpGeneral”, “HelpApplicationLoader”], “preferredCurrencyCode”=>“EUR”, “preferredCountryCode”=>nil, “countryOfOrigin”=>“AT”, “isLocaleNameReversed”=>false, “feldsparToken”=>nil, “feldsparChannelName”=>nil, “hasPendingFeldsparBindingRequest”=>false, “isLegalUser”=>false, “userId”=>“1771111155”, “firstname”=>“Detlef”, “lastname”=>“Mueller”, “isEmailInvalid”=>false, “hasContractInfo”=>false, “canEditITCUsersAndRoles”=>false, “canViewITCUsersAndRoles”=>true, “canEditIAPUsersAndRoles”=>false, “transporterEnabled”=>false, “contentProviderFeatures”=>[“APP_SILOING”, “PROMO_CODE_REDESIGN”, …], “contentProviderType”=>“Purple Software”, “displayName”=>“Detlef”, “contentProviderId”=>“18742800”, “userFeatures”=>[], “visibility”=>true, “DYCVisibility”=>false, “contentProvider”=>“Felix Krause”, “userName”=>“detlef@krausefx.com”}.

Client Init

• .client_with_authorization_from(another_client) ⇒ Object

  Instantiates a client but with a cookie derived from another client.

• #initialize(cookie: nil, current_team_id: nil) ⇒ Client constructor

  A new instance of Client.

Session Cookie

• #cookie ⇒ String

  Return the session cookie.

• #fastlane_user_dir ⇒ Object

  This is a duplicate method of fastlane_core/fastlane_core.rb#fastlane_user_dir.

• #persistent_cookie_path ⇒ Object

  Returns preferred path for storing cookie for two step verification.

• #store_cookie(path: nil) ⇒ Object

Automatic Paging

• #page_size ⇒ Object

  The page size we want to request, defaults to 500.

• #paging ⇒ Object

  Handles the paging for you…

Login and Team Selection

• .login(user = nil, password = nil) ⇒ Spaceship::Client

  Authenticates with Apple’s web services.

• #fetch_olympus_session ⇒ Object

  Get the ‘itctx` from the new (22nd May 2017) API endpoint “olympus” Update (29th March 2019) olympus migrates to new appstoreconnect API.

• #itc_service_key ⇒ Object
• #login(user = nil, password = nil) ⇒ Spaceship::Client

  Authenticates with Apple’s web services.

• #send_shared_login_request(user, password) ⇒ Object

  This method is used for both the Apple Dev Portal and App Store Connect This will also handle 2 step verification and 2 factor authentication.

Session

• .spaceship_session_env ⇒ Object

  Fetch the session cookie from the environment (if exists).

• #fetch_program_license_agreement_messages ⇒ Object

  Get contract messages from App Store Connect’s “olympus” endpoint.

• #load_session_from_env ⇒ Object
• #load_session_from_file ⇒ Object

Helpers

• #detect_most_common_errors_and_raise_exceptions(body) ⇒ Object
• #parse_response(response, expected_key = nil) ⇒ Object
• #raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2) ⇒ Object

  This also gets called from subclasses.

• #request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block) ⇒ Object
• #with_retry(tries = 5, &_block) ⇒ Object

Class Method Summary

• .hostname ⇒ Object

Instance Method Summary

• #ask_for_2fa_code(text) ⇒ Object

  extracted into its own method for testing.

• #handle_two_factor(response, depth = 0) ⇒ Object
• #handle_two_step(response) ⇒ Object
• #handle_two_step_for_device(device_id) ⇒ Object

  this is extracted into its own method so it can be called multiple times (see end).

• #handle_two_step_or_factor(response) ⇒ Object
• #phone_id_from_masked_number(phone_numbers, masked_number) ⇒ Object
• #phone_id_from_number(phone_numbers, phone_number) ⇒ Object
• #request_two_factor_code_from_phone(phone_id, phone_number, code_length) ⇒ Object

  this is used in two places: after choosing a phone number and when a phone number is set via ENV var.

• #request_two_factor_code_from_phone_choose(phone_numbers, code_length) ⇒ Object
• #store_session ⇒ Object
• #UI ⇒ Object

  Public getter for all UI related code rubocop:disable Style/MethodName.

• #update_request_headers(req) ⇒ Object

  Responsible for setting all required header attributes for the requests to succeed.

Constructor Details

#initialize(cookie: nil, current_team_id: nil) ⇒ Client

Returns a new instance of Client.

# File 'spaceship/lib/spaceship/client.rb', line 196

def initialize(cookie: nil, current_team_id: nil)
  options = {
   request: {
      timeout:       (ENV["SPACESHIP_TIMEOUT"] || 300).to_i,
      open_timeout:  (ENV["SPACESHIP_TIMEOUT"] || 300).to_i
    }
  }
  @current_team_id = current_team_id
  @cookie = cookie || HTTP::CookieJar.new
  @client = Faraday.new(self.class.hostname, options) do |c|
    c.response(:json, content_type: /\bjson$/)
    c.response(:xml, content_type: /\bxml$/)
    c.response(:plist, content_type: /\bplist$/)
    c.use(:cookie_jar, jar: @cookie)
    c.use(FaradayMiddleware::RelsMiddleware)
    c.adapter(Faraday.default_adapter)

    if ENV['SPACESHIP_DEBUG']
      # for debugging only
      # This enables tracking of networking requests using Charles Web Proxy
      c.proxy = "https://127.0.0.1:8888"
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
    elsif ENV["SPACESHIP_PROXY"]
      c.proxy = ENV["SPACESHIP_PROXY"]
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if ENV["SPACESHIP_PROXY_SSL_VERIFY_NONE"]
    end

    if ENV["DEBUG"]
      puts("To run spaceship through a local proxy, use SPACESHIP_DEBUG")
    end
  end
end

Instance Attribute Details

#client ⇒ Object (readonly)

Returns the value of attribute client.

# File 'spaceship/lib/spaceship/client.rb', line 29

def client
  @client
end

#csrf_tokens ⇒ Object

memorize the last csrf tokens from responses

# File 'spaceship/lib/spaceship/client.rb', line 668

def csrf_tokens
  @csrf_tokens
end

#logger ⇒ Object

The logger in which all requests are logged /tmp/spaceship[pid][“threadid”].log by default

# File 'spaceship/lib/spaceship/client.rb', line 39

def logger
  @logger
end

#provider ⇒ Object

Returns the value of attribute provider.

# File 'spaceship/lib/spaceship/client.rb', line 43

def provider
  @provider
end

#user ⇒ Object

The user that is currently logged in

# File 'spaceship/lib/spaceship/client.rb', line 32

def user
  @user
end

#user_email ⇒ Object

The email of the user that is currently logged in

# File 'spaceship/lib/spaceship/client.rb', line 35

def user_email
  @user_email
end

Class Method Details

.client_with_authorization_from(another_client) ⇒ Object

Instantiates a client but with a cookie derived from another client.

HACK: since the ‘@cookie` is not exposed, we use this hacky way of sharing the instance.

# File 'spaceship/lib/spaceship/client.rb', line 192

def self.client_with_authorization_from(another_client)
  self.new(cookie: another_client.instance_variable_get(:@cookie), current_team_id: another_client.team_id)
end

.hostname ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 58

def self.hostname
  raise "You must implement self.hostname"
end

.login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

• user (String) (defaults to: nil) —

  (optional): The username (usually the email address)

• password (String) (defaults to: nil) —

  (optional): The password

Returns:

• (Spaceship::Client) —

  The client the login method was called for

Raises:

• InvalidUserCredentialsError: raised if authentication failed

# File 'spaceship/lib/spaceship/client.rb', line 344

def self.login(user = nil, password = nil)
  instance = self.new
  if instance.login(user, password)
    instance
  else
    raise InvalidUserCredentialsError.new, "Invalid User Credentials"
  end
end

.spaceship_session_env ⇒ Object

Fetch the session cookie from the environment (if exists)

# File 'spaceship/lib/spaceship/client.rb', line 595

def self.spaceship_session_env
  ENV["FASTLANE_SESSION"] || ENV["SPACESHIP_SESSION"]
end

Instance Method Details

#ask_for_2fa_code(text) ⇒ Object

extracted into its own method for testing

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 195

def ask_for_2fa_code(text)
  ask(text)
end

#cookie ⇒ String

Return the session cookie.

Returns:

• (String) —

  the cookie-string in the RFC6265 format: tools.ietf.org/html/rfc6265#section-4.2.1

# File 'spaceship/lib/spaceship/client.rb', line 262

def cookie
  @cookie.map(&:to_s).join(';')
end

#detect_most_common_errors_and_raise_exceptions(body) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 729

def detect_most_common_errors_and_raise_exceptions(body)
  # Check if the failure is due to missing permissions (App Store Connect)
  if body["messages"] && body["messages"]["error"].include?("Forbidden")
    raise_insufficient_permission_error!
  elsif body["messages"] && body["messages"]["error"].include?("insufficient privileges")
    # Passing a specific `caller_location` here to make sure we return the correct method
    # With the default location the error would say that `parse_response` is the caller
    raise_insufficient_permission_error!(caller_location: 3)
  elsif body.to_s.include?("Internal Server Error - Read")
    raise InternalServerError, "Received an internal server error from App Store Connect / Developer Portal, please try again later"
  elsif body.to_s.include?("Gateway Timeout - In read")
    raise GatewayTimeoutError, "Received a gateway timeout error from App Store Connect / Developer Portal, please try again later"
  elsif (body["userString"] || "").include?("Program License Agreement")
    raise ProgramLicenseAgreementUpdated, "#{body['userString']} Please manually log into your Apple Developer account to review and accept the updated agreement."
  end
end

#fastlane_user_dir ⇒ Object

This is a duplicate method of fastlane_core/fastlane_core.rb#fastlane_user_dir

# File 'spaceship/lib/spaceship/client.rb', line 277

def fastlane_user_dir
  path = File.expand_path(File.join(Dir.home, ".fastlane"))
  FileUtils.mkdir_p(path) unless File.directory?(path)
  return path
end

#fetch_olympus_session ⇒ Object

Get the ‘itctx` from the new (22nd May 2017) API endpoint “olympus” Update (29th March 2019) olympus migrates to new appstoreconnect API

# File 'spaceship/lib/spaceship/client.rb', line 517

def fetch_olympus_session
  response = request(:get, "https://appstoreconnect.apple.com/olympus/v1/session")
  body = response.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    user_map = body["user"]
    if user_map
      self.user_email = user_map["emailAddress"]
    end

    provider = body["provider"]
    if provider
      self.provider = Spaceship::Provider.new(provider_hash: provider)
      return true
    end
  end

  return false
end

#fetch_program_license_agreement_messages ⇒ Object

Get contract messages from App Store Connect’s “olympus” endpoint

# File 'spaceship/lib/spaceship/client.rb', line 600

def fetch_program_license_agreement_messages
  all_messages = []

  messages_request = request(:get, "https://appstoreconnect.apple.com/olympus/v1/contractMessages")
  body = messages_request.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    body.map do |messages|
      all_messages.push(messages["message"])
    end
  end

  return all_messages
end

#handle_two_factor(response, depth = 0) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 103

def handle_two_factor(response, depth = 0)
  if depth == 0
    puts("Two-factor Authentication (6 digits code) is enabled for account '#{self.user}'")
    puts("More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915")
    puts("")

    two_factor_url = "https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification"
    puts("If you're running this in a non-interactive session (e.g. server or CI)")
    puts("check out #{two_factor_url}")
  end

  # "verification code" has already be pushed to devices

  security_code = response.body["securityCode"]
  # "securityCode": {
  # 	"length": 6,
  # 	"tooManyCodesSent": false,
  # 	"tooManyCodesValidated": false,
  # 	"securityCodeLocked": false
  # },
  code_length = security_code["length"]

  puts("")
  env_2fa_sms_default_phone_number = ENV["SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER"]

  if env_2fa_sms_default_phone_number
    raise Tunes::Error.new, "Environment variable SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER is set, but empty." if env_2fa_sms_default_phone_number.empty?

    puts("Environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` is set, automatically requesting 2FA token via SMS to that number")
    puts("SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER = #{env_2fa_sms_default_phone_number}")
    puts("")
    phone_number = env_2fa_sms_default_phone_number
    phone_id = phone_id_from_number(response.body["trustedPhoneNumbers"], phone_number)
    code_type = 'phone'
    body = request_two_factor_code_from_phone(phone_id, phone_number, code_length)
  else
    puts("(Input `sms` to escape this prompt and select a trusted phone number to send the code as a text message)")
    puts("")
    puts("(You can also set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automate this)")
    puts("(Read more at: https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship-2fa-sms-default-phone-number)")
    puts("")
    code_type = 'trusteddevice'
    code = ask_for_2fa_code("Please enter the #{code_length} digit code:")
    body = { "securityCode" => { "code" => code.to_s } }.to_json

    # User exited by entering `sms` and wants to choose phone number for SMS
    if code == 'sms'
      code_type = 'phone'
      body = request_two_factor_code_from_phone_choose(response.body["trustedPhoneNumbers"], code_length)
    end
  end

  puts("Requesting session...")

  # Send "verification code" back to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/#{code_type}/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = body
    update_request_headers(req)
  end

  begin
    # we use `Spaceship::TunesClient.new.handle_itc_response`
    # since this might be from the Dev Portal, but for 2 factor
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "service_errors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }],
    #   "hasError": true
    # }

    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      depth += 1
      return handle_two_factor(response, depth)
    end

    raise ex
  end

  store_session

  return true
end

#handle_two_step(response) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 26

def handle_two_step(response)
  if response.body.fetch("securityCode", {})["tooManyCodesLock"].to_s.length > 0
    raise Tunes::Error.new, "Too many verification codes have been sent. Enter the last code you received, use one of your devices, or try again later."
  end

  puts("Two-step Verification (4 digits code) is enabled for account '#{self.user}'")
  puts("More information about Two-step Verification: https://support.apple.com/en-us/HT204152")
  puts("")

  puts("Please select a trusted device to verify your identity")
  available = response.body["trustedDevices"].collect do |current|
    "#{current['name']}\t#{current['modelName'] || 'SMS'}\t(#{current['id']})"
  end
  result = choose(*available)

  device_id = result.match(/.*\t.*\t\((.*)\)/)[1]
  handle_two_step_for_device(device_id)
end

#handle_two_step_for_device(device_id) ⇒ Object

this is extracted into its own method so it can be called multiple times (see end)

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 46

def handle_two_step_for_device(device_id)
  # Request token to device
  r = request(:put) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    update_request_headers(req)
  end

  # we use `Spaceship::TunesClient.new.handle_itc_response`
  # since this might be from the Dev Portal, but for 2 step
  Spaceship::TunesClient.new.handle_itc_response(r.body)

  puts("Successfully requested notification")
  code = ask("Please enter the 4 digit code: ")
  puts("Requesting session...")

  # Send token to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = { "code" => code.to_s }.to_json
    update_request_headers(req)
  end

  begin
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "securityCode": {
    #     "code": "1234"
    #   },
    #   "securityCodeLocked": false,
    #   "recoveryKeyLocked": false,
    #   "recoveryKeySupported": true,
    #   "manageTrustedDevicesLinkName": "appleid.apple.com",
    #   "suppressResend": false,
    #   "authType": "hsa",
    #   "accountLocked": false,
    #   "validationErrors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }]
    # }
    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      return handle_two_step_for_device(device_id)
    end

    raise ex
  end

  store_session

  return true
end

#handle_two_step_or_factor(response) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 6

def handle_two_step_or_factor(response)
  # extract `x-apple-id-session-id` and `scnt` from response, to be used by `update_request_headers`
  @x_apple_id_session_id = response["x-apple-id-session-id"]
  @scnt = response["scnt"]

  # get authentication options
  r = request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth")
    update_request_headers(req)
  end

  if r.body.kind_of?(Hash) && r.body["trustedDevices"].kind_of?(Array)
    handle_two_step(r)
  elsif r.body.kind_of?(Hash) && r.body["trustedPhoneNumbers"].kind_of?(Array) && r.body["trustedPhoneNumbers"].first.kind_of?(Hash)
    handle_two_factor(r)
  else
    raise "Although response from Apple indicated activated Two-step Verification or Two-factor Authentication, spaceship didn't know how to handle this response: #{r.body}"
  end
end

#itc_service_key ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 537

def itc_service_key
  return @service_key if @service_key

  # Check if we have a local cache of the key
  itc_service_key_path = "/tmp/spaceship_itc_service_key.txt"
  return File.read(itc_service_key_path) if File.exist?(itc_service_key_path)

  # Fixes issue https://github.com/fastlane/fastlane/issues/13281
  # Even though we are using https://appstoreconnect.apple.com, the service key needs to still use a
  # hostname through itunesconnect.apple.com
  response = request(:get, "https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com")
  @service_key = response.body["authServiceKey"].to_s

  raise "Service key is empty" if @service_key.length == 0

  # Cache the key locally
  File.write(itc_service_key_path, @service_key)

  return @service_key
rescue => ex
  puts(ex.to_s)
  raise AppleTimeoutError.new, "Could not receive latest API key from App Store Connect, this might be a server issue."
end

#load_session_from_env ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 574

def load_session_from_env
  return if self.class.spaceship_session_env.to_s.length == 0
  puts("Loading session from environment variable") if Spaceship::Globals.verbose?

  file = Tempfile.new('cookie.yml')
  file.write(self.class.spaceship_session_env.gsub("\\n", "\n"))
  file.close

  begin
    @cookie.load(file.path)
  rescue => ex
    puts("Error loading session from environment")
    puts("Make sure to pass the session in a valid format")
    raise ex
  ensure
    file.unlink
  end
end

#load_session_from_file ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 565

def load_session_from_file
  if File.exist?(persistent_cookie_path)
    puts("Loading session from '#{persistent_cookie_path}'") if Spaceship::Globals.verbose?
    @cookie.load(persistent_cookie_path)
    return true
  end
  return false
end

#login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

• user (String) (defaults to: nil) —

  (optional): The username (usually the email address)

• password (String) (defaults to: nil) —

  (optional): The password

Returns:

• (Spaceship::Client) —

  The client the login method was called for

Raises:

• InvalidUserCredentialsError: raised if authentication failed

# File 'spaceship/lib/spaceship/client.rb', line 366

def login(user = nil, password = nil)
  if user.to_s.empty? || password.to_s.empty?
    require 'credentials_manager/account_manager'

    puts("Reading keychain entry, because either user or password were empty") if Spaceship::Globals.verbose?

    keychain_entry = CredentialsManager::AccountManager.new(user: user, password: password)
    user ||= keychain_entry.user
    password = keychain_entry.password
  end

  if user.to_s.strip.empty? || password.to_s.strip.empty?
    raise NoUserCredentialsError.new, "No login data provided"
  end

  self.user = user
  @password = password
  begin
    do_login(user, password) # calls `send_login_request` in sub class (which then will redirect back here to `send_shared_login_request`, below)
  rescue InvalidUserCredentialsError => ex
    raise ex unless keychain_entry

    if keychain_entry.invalid_credentials
      login(user)
    else
      raise ex
    end
  end
end

#page_size ⇒ Object

The page size we want to request, defaults to 500

# File 'spaceship/lib/spaceship/client.rb', line 306

def page_size
  @page_size ||= 500
end

#paging ⇒ Object

Handles the paging for you… for free Just pass a block and use the parameter as page number

# File 'spaceship/lib/spaceship/client.rb', line 312

def paging
  page = 0
  results = []
  loop do
    page += 1
    current = yield(page)

    results += current

    break if (current || []).count < page_size # no more results
  end

  return results
end

#parse_response(response, expected_key = nil) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 694

def parse_response(response, expected_key = nil)
  if response.body
    # If we have an `expected_key`, select that from response.body Hash
    # Else, don't.

    # the returned error message and info, is html encoded ->  "issued" -> make this readable ->  "issued"
    response.body["userString"] = CGI.unescapeHTML(response.body["userString"]) if response.body["userString"]
    response.body["resultString"] = CGI.unescapeHTML(response.body["resultString"]) if response.body["resultString"]

    content = expected_key ? response.body[expected_key] : response.body
  end

  # if content (filled with whole body or just expected_key) is missing
  if content.nil?
    detect_most_common_errors_and_raise_exceptions(response.body) if response.body
    raise UnexpectedResponse, response.body
  # else if it is a hash and `resultString` includes `NotAllowed`
  elsif content.kind_of?(Hash) && (content["resultString"] || "").include?("NotAllowed")
    # example content when doing a Developer Portal action with not enough permission
    # => {"responseId"=>"e5013d83-c5cb-4ba0-bb62-734a8d56007f",
    #    "resultCode"=>1200,
    #    "resultString"=>"webservice.certificate.downloadNotAllowed",
    #    "userString"=>"You are not permitted to download this certificate.",
    #    "creationTimestamp"=>"2017-01-26T22:44:13Z",
    #    "protocolVersion"=>"QH65B2",
    #    "userLocale"=>"en_US",
    #    "requestUrl"=>"https://developer.apple.com/services-account/QH65B2/account/ios/certificate/downloadCertificateContent.action",
    #    "httpCode"=>200}
    raise_insufficient_permission_error!(additional_error_string: content["userString"])
  else
    store_csrf_tokens(response)
    content
  end
end

#persistent_cookie_path ⇒ Object

Returns preferred path for storing cookie for two step verification.

# File 'spaceship/lib/spaceship/client.rb', line 285

def persistent_cookie_path
  if ENV["SPACESHIP_COOKIE_PATH"]
    path = File.expand_path(File.join(ENV["SPACESHIP_COOKIE_PATH"], "spaceship", self.user, "cookie"))
  else
    [File.join(self.fastlane_user_dir, "spaceship"), "~/.spaceship", "/var/tmp/spaceship", "#{Dir.tmpdir}/spaceship"].each do |dir|
      dir_parts = File.split(dir)
      if directory_accessible?(File.expand_path(dir_parts.first))
        path = File.expand_path(File.join(dir, self.user, "cookie"))
        break
      end
    end
  end

  return path
end

#phone_id_from_masked_number(phone_numbers, masked_number) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 238

def phone_id_from_masked_number(phone_numbers, masked_number)
  phone_numbers.each do |phone|
    return phone['id'] if phone['numberWithDialCode'] == masked_number
  end
end

#phone_id_from_number(phone_numbers, phone_number) ⇒ Object

Raises:

• (Tunes::Error.new)

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 199

def phone_id_from_number(phone_numbers, phone_number)
  characters_to_remove_from_phone_numbers = ' \-()"'

  # start with e.g. +49 162 1234585 or +1-123-456-7866
  phone_number = phone_number.tr(characters_to_remove_from_phone_numbers, '')
  # cleaned: +491621234585 or +11234567866

  phone_numbers.each do |phone|
    # rubocop:disable Style/AsciiComments
    # start with: +49 •••• •••••85 or +1 (•••) •••-••66
    number_with_dialcode_masked = phone['numberWithDialCode'].tr(characters_to_remove_from_phone_numbers, '')
    # cleaned: +49•••••••••85 or +1••••••••66
    # rubocop:enable Style/AsciiComments

    maskings_count = number_with_dialcode_masked.count('•') # => 9 or 8
    pattern = /^([0-9+]{2,4})([•]{#{maskings_count}})([0-9]{2})$/
    # following regex: range from maskings_count-2 because sometimes the masked number has 1 or 2 dots more than the actual number
    # e.g. https://github.com/fastlane/fastlane/issues/14969
    replacement = "\\1([0-9]{#{maskings_count - 2},#{maskings_count}})\\3"
    number_with_dialcode_regex_part = number_with_dialcode_masked.gsub(pattern, replacement)
    # => +49([0-9]{8,9})85 or +1([0-9]{7,8})66

    backslash = '\\'
    number_with_dialcode_regex_part = backslash + number_with_dialcode_regex_part
    number_with_dialcode_regex = /^#{number_with_dialcode_regex_part}$/
    # => /^\+49([0-9]{8})85$/ or /^\+1([0-9]{7,8})66$/

    return phone['id'] if phone_number =~ number_with_dialcode_regex
    # +491621234585 matches /^\+49([0-9]{8})85$/
  end

  # Handle case of phone_number not existing in phone_numbers because ENV var is wrong or matcher is broken
  raise Tunes::Error.new, %(
Could not find a matching phone number to #{phone_number} in #{phone_numbers}.
Make sure your environment variable is set to the correct phone number.
If it is, please open an issue at https://github.com/fastlane/fastlane/issues/new and include this output so we can fix our matcher. Thanks.
)
end

#raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2) ⇒ Object

This also gets called from subclasses

Raises:

• (InsufficientPermissions)

# File 'spaceship/lib/spaceship/client.rb', line 747

def raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2)
  # get the method name of the request that failed
  # `block in` is used very often for requests when surrounded for paging or retrying blocks
  # The ! is part of some methods when they modify or delete a resource, so we don't want to show it
  # Using `sub` instead of `delete` as we don't want to allow multiple matches
  calling_method_name = caller_locations(caller_location, 2).first.label.sub("block in", "").delete("!").strip

  # calling the computed property self.team_id can get us into an exception handling loop
  team_id = @current_team_id ? "(Team ID #{@current_team_id}) " : ""

  error_message = "User #{self.user} #{team_id}doesn't have enough permission for the following action: #{calling_method_name}"
  error_message += " (#{additional_error_string})" if additional_error_string.to_s.length > 0
  raise InsufficientPermissions, error_message
end

#request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 672

def request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block)
  headers.merge!(csrf_tokens)
  headers['User-Agent'] = USER_AGENT

  # Before encoding the parameters, log them
  log_request(method, url_or_path, params, headers, &block)

  # form-encode the params only if there are params, and the block is not supplied.
  # this is so that certain requests can be made using the block for more control
  if method == :post && params && !block_given?
    params, headers = encode_params(params, headers)
  end

  response = if auto_paginate
               send_request_auto_paginate(method, url_or_path, params, headers, &block)
             else
               send_request(method, url_or_path, params, headers, &block)
             end

  return response
end

#request_two_factor_code_from_phone(phone_id, phone_number, code_length) ⇒ Object

this is used in two places: after choosing a phone number and when a phone number is set via ENV var

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 257

def request_two_factor_code_from_phone(phone_id, phone_number, code_length)
  # Request code
  r = request(:put) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/phone")
    req.headers['Content-Type'] = 'application/json'
    req.body = { "phoneNumber" => { "id" => phone_id }, "mode" => "sms" }.to_json
    update_request_headers(req)
  end

  # we use `Spaceship::TunesClient.new.handle_itc_response`
  # since this might be from the Dev Portal, but for 2 step
  Spaceship::TunesClient.new.handle_itc_response(r.body)

  puts("Successfully requested text message to #{phone_number}")

  code = ask_for_2fa_code("Please enter the #{code_length} digit code you received at #{phone_number}:")

  return { "securityCode" => { "code" => code.to_s }, "phoneNumber" => { "id" => phone_id }, "mode" => "sms" }.to_json
end

#request_two_factor_code_from_phone_choose(phone_numbers, code_length) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 244

def request_two_factor_code_from_phone_choose(phone_numbers, code_length)
  puts("Please select a trusted phone number to send code to:")

  available = phone_numbers.collect do |current|
    current['numberWithDialCode']
  end
  chosen = choose(*available)
  phone_id = phone_id_from_masked_number(phone_numbers, chosen)

  request_two_factor_code_from_phone(phone_id, chosen, code_length)
end

#send_shared_login_request(user, password) ⇒ Object

This method is used for both the Apple Dev Portal and App Store Connect This will also handle 2 step verification and 2 factor authentication

It is called in ‘send_login_request` of sub classes (which the method `login`, above, transferred over to via `do_login`)

# File 'spaceship/lib/spaceship/client.rb', line 400

def send_shared_login_request(user, password)
  # Check if we have a cached/valid session
  #
  # Background:
  # December 4th 2017 Apple introduced a rate limit - which is of course fine by itself -
  # but unfortunately also rate limits successful logins. If you call multiple tools in a
  # lane (e.g. call match 5 times), this would lock you out of the account for a while.
  # By loading existing sessions and checking if they're valid, we're sending less login requests.
  # More context on why this change was necessary https://github.com/fastlane/fastlane/pull/11108
  #
  # If there was a successful manual login before, we have a session on disk
  if load_session_from_file
    # Check if the session is still valid here
    begin
      # We use the olympus session to determine if the old session is still valid
      # As this will raise an exception if the old session has expired
      # If the old session is still valid, we don't have to do anything else in this method
      # that's why we return true
      return true if fetch_olympus_session
    rescue
      # If the `fetch_olympus_session` method raises an exception
      # we'll land here, and therefore continue doing a full login process
      # This happens if the session we loaded from the cache isn't valid any more
      # which is common, as the session automatically invalidates after x hours (we don't know x)
      # In this case we don't actually care about the exact exception, and why it was failing
      # because either way, we'll have to do a fresh login, where we do the actual error handling
      puts("Available session is not valid any more. Continuing with normal login.")
    end
  end
  #
  # The user can pass the session via environment variable (Mainly used in CI environments)
  if load_session_from_env
    # see above
    begin
      # see above
      return true if fetch_olympus_session
    rescue
      puts("Session loaded from environment variable is not valid. Continuing with normal login.")
      # see above
    end
  end
  #
  # After this point, we sure have no valid session any more and have to create a new one
  #

  data = {
    accountName: user,
    password: password,
    rememberMe: true
  }

  begin
    # The below workaround is only needed for 2 step verified machines
    # Due to escaping of cookie values we have a little workaround here
    # By default the cookie jar would generate the following header
    #   DES5c148...=HSARM.......xaA/O69Ws/CHfQ==SRVT
    # However we need the following
    #   DES5c148...="HSARM.......xaA/O69Ws/CHfQ==SRVT"
    # There is no way to get the cookie jar value with " around the value
    # so we manually modify the cookie (only this one) to be properly escaped
    # Afterwards we pass this value manually as a header
    # It's not enough to just modify @cookie, it needs to be done after self.cookie
    # as a string operation
    important_cookie = @cookie.store.entries.find { |a| a.name.include?("DES") }
    if important_cookie
      modified_cookie = self.cookie # returns a string of all cookies
      unescaped_important_cookie = "#{important_cookie.name}=#{important_cookie.value}"
      escaped_important_cookie = "#{important_cookie.name}=\"#{important_cookie.value}\""
      modified_cookie.gsub!(unescaped_important_cookie, escaped_important_cookie)
    end

    response = request(:post) do |req|
      req.url("https://idmsa.apple.com/appleauth/auth/signin")
      req.body = data.to_json
      req.headers['Content-Type'] = 'application/json'
      req.headers['X-Requested-With'] = 'XMLHttpRequest'
      req.headers['X-Apple-Widget-Key'] = self.itc_service_key
      req.headers['Accept'] = 'application/json, text/javascript'
      req.headers["Cookie"] = modified_cookie if modified_cookie
    end
  rescue UnauthorizedAccessError
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  end

  # Now we know if the login is successful or if we need to do 2 factor

  case response.status
  when 403
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  when 200
    fetch_olympus_session
    return response
  when 409
    # 2 step/factor is enabled for this account, first handle that
    handle_two_step_or_factor(response)
    # and then get the olympus session
    fetch_olympus_session
    return true
  else
    if (response.body || "").include?('invalid="true"')
      # User Credentials are wrong
      raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
    elsif response.status == 412 && AUTH_TYPES.include?(response.body["authType"])
      # Need to acknowledge Apple ID and Privacy statement - https://github.com/fastlane/fastlane/issues/12577
      # Looking for status of 412 might be enough but might be safer to keep looking only at what is being reported
      raise AppleIDAndPrivacyAcknowledgementNeeded.new, "Need to acknowledge to Apple's Apple ID and Privacy statement. Please manually log into https://appleid.apple.com (or https://appstoreconnect.apple.com) to acknowledge the statement."
    elsif (response['Set-Cookie'] || "").include?("itctx")
      raise "Looks like your Apple ID is not enabled for App Store Connect, make sure to be able to login online"
    else
      info = [response.body, response['Set-Cookie']]
      raise Tunes::Error.new, info.join("\n")
    end
  end
end

#store_cookie(path: nil) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 266

def store_cookie(path: nil)
  path ||= persistent_cookie_path
  FileUtils.mkdir_p(File.expand_path("..", path))

  # really important to specify the session to true
  # otherwise myacinfo and more won't be stored
  @cookie.save(path, :yaml, session: true)
  return File.read(path)
end

#store_session ⇒ Object

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 277

def store_session
  # If the request was successful, r.body is actually nil
  # The previous request will fail if the user isn't on a team
  # on App Store Connect, but it still works, so we're good

  # Tell iTC that we are trustworthy (obviously)
  # This will update our local cookies to something new
  # They probably have a longer time to live than the other poor cookies
  # Changed Keys
  # - myacinfo
  # - DES5c148586dfd451e55afb0175f62418f91
  # We actually only care about the DES value

  request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/2sv/trust")
    update_request_headers(req)
  end
  # This request will fail if the user isn't added to a team on iTC
  # However we don't really care, this request will still return the
  # correct DES... cookie

  self.store_cookie
end

#team_id ⇒ String

Returns The currently selected Team ID.

Returns:

• (String) —

  The currently selected Team ID

# File 'spaceship/lib/spaceship/client.rb', line 127

def team_id
  return @current_team_id if @current_team_id

  if teams.count > 1
    puts("The current user is in #{teams.count} teams. Pass a team ID or call `select_team` to choose a team. Using the first one for now.")
  end
  @current_team_id ||= teams[0]['contentProvider']['contentProviderId']
end

#team_id=(team_id) ⇒ Object

Set a new team ID which will be used from now on

# File 'spaceship/lib/spaceship/client.rb', line 137

def team_id=(team_id)
  # First, we verify the team actually exists, because otherwise iTC would return the
  # following confusing error message
  #
  #     invalid content provider id
  #
  available_teams = teams.collect do |team|
    {
      team_id: (team["contentProvider"] || {})["contentProviderId"],
      team_name: (team["contentProvider"] || {})["name"]
    }
  end

  result = available_teams.find do |available_team|
    team_id.to_s == available_team[:team_id].to_s
  end

  unless result
    error_string = "Could not set team ID to '#{team_id}', only found the following available teams:\n\n#{available_teams.map { |team| "- #{team[:team_id]} (#{team[:team_name]})" }.join("\n")}\n"
    raise Tunes::Error.new, error_string
  end

  response = request(:post) do |req|
    req.url("ra/v1/session/webSession")
    req.body = {
      contentProviderId: team_id,
      dsId: user_detail_data.ds_id # https://github.com/fastlane/fastlane/issues/6711
    }.to_json
    req.headers['Content-Type'] = 'application/json'
  end

  handle_itc_response(response.body)

  @current_team_id = team_id
end

#team_information ⇒ Hash

Returns Fetches all information of the currently used team.

Returns:

• (Hash) —

  Fetches all information of the currently used team

# File 'spaceship/lib/spaceship/client.rb', line 174

def team_information
  teams.find do |t|
    t['teamId'] == team_id
  end
end

#team_name ⇒ String

Returns Fetches name from currently used team.

Returns:

• (String) —

  Fetches name from currently used team

# File 'spaceship/lib/spaceship/client.rb', line 181

def team_name
  (team_information || {})['name']
end

#teams ⇒ Array

Returns A list of all available teams.

Returns:

• (Array) —

  A list of all available teams

# File 'spaceship/lib/spaceship/client.rb', line 67

def teams
  user_details_data['associatedAccounts'].sort_by do |team|
    [
      team['contentProvider']['name'],
      team['contentProvider']['contentProviderId']
    ]
  end
end

#UI ⇒ Object

Public getter for all UI related code rubocop:disable Style/MethodName

# File 'spaceship/lib/spaceship/ui.rb', line 22

def UI
  UserInterface.new(self)
end

#update_request_headers(req) ⇒ Object

Responsible for setting all required header attributes for the requests to succeed

# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 303

def update_request_headers(req)
  req.headers["X-Apple-Id-Session-Id"] = @x_apple_id_session_id
  req.headers["X-Apple-Widget-Key"] = self.itc_service_key
  req.headers["Accept"] = "application/json"
  req.headers["scnt"] = @scnt
end

#user_details_data ⇒ Object

Fetch the general information of the user, is used by various methods across spaceship Sample return value

>

 [{"contentProvider"=>{"contentProviderId"=>11142800, "name"=>"Felix Krause", "contentProviderTypes"=>["Purple Software"], "roles"=>["Developer"], "lastLogin"=>1468784113000}],
"sessionToken"=>"contentProviderId"=>18111111, "expirationDate"=>nil, "ipAddress"=>nil,
"permittedActivities"=>
    ["UserManagementSelf",
    "GameCenterTestData",
    "AppAddonCreation"],
  "REPORT"=>
   ["UserManagementSelf",
    "AppAddonCreation"],
  "VIEW"=>
   ["TestFlightAppExternalTesterManagement",
    ...
    "HelpGeneral",
    "HelpApplicationLoader"],
"preferredCurrencyCode"=>"EUR",
"preferredCountryCode"=>nil,
"countryOfOrigin"=>"AT",
"isLocaleNameReversed"=>false,
"feldsparToken"=>nil,
"feldsparChannelName"=>nil,
"hasPendingFeldsparBindingRequest"=>false,
"isLegalUser"=>false,
"userId"=>"1771111155",
"firstname"=>"Detlef",
"lastname"=>"Mueller",
"isEmailInvalid"=>false,
"hasContractInfo"=>false,
"canEditITCUsersAndRoles"=>false,
"canViewITCUsersAndRoles"=>true,
"canEditIAPUsersAndRoles"=>false,
"transporterEnabled"=>false,
"contentProviderFeatures"=>["APP_SILOING", "PROMO_CODE_REDESIGN", ...],
"contentProviderType"=>"Purple Software",
"displayName"=>"Detlef",
"contentProviderId"=>"18742800",
"userFeatures"=>[],
"visibility"=>true,
"DYCVisibility"=>false,
"contentProvider"=>"Felix Krause",
"userName"=>"detlef@krausefx.com"}

# File 'spaceship/lib/spaceship/client.rb', line 120

def user_details_data
  return @_cached_user_details if @_cached_user_details
  r = request(:get, '/WebObjects/iTunesConnect.woa/ra/user/detail')
  @_cached_user_details = parse_response(r, 'data')
end

#with_retry(tries = 5, &_block) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 619

def with_retry(tries = 5, &_block)
  return yield
rescue \
    Faraday::ConnectionFailed,
    Faraday::TimeoutError,
    BadGatewayError,
    AppleTimeoutError,
    GatewayTimeoutError => ex
  tries -= 1
  unless tries.zero?
    msg = "Timeout received: '#{ex.class}', '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue \
    Faraday::ParsingError, # <h2>Internal Server Error</h2> with content type json
    InternalServerError => ex
  tries -= 1
  unless tries.zero?
    msg = "Internal Server Error received: '#{ex.class}', '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue UnauthorizedAccessError => ex
  if @loggedin && !(tries -= 1).zero?
    msg = "Auth error received: '#{ex.class}', '#{ex.message}'. Login in again then retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    if self.class.spaceship_session_env.to_s.length > 0
      raise UnauthorizedAccessError.new, "Authentication error, you passed an invalid session using the environment variable FASTLANE_SESSION or SPACESHIP_SESSION"
    end

    do_login(self.user, @password)
    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
end