Class: Spaceship::Client

Inherits:
Object
  • Object
show all
Defined in:
spaceship/lib/spaceship/client.rb,
spaceship/lib/spaceship/ui.rb,
spaceship/lib/spaceship/portal/ui/select_team.rb,
spaceship/lib/spaceship/upgrade_2fa_later_client.rb,
spaceship/lib/spaceship/two_step_or_factor_client.rb

Overview

rubocop:disable Metrics/ClassLength

Defined Under Namespace

Classes: UserInterface

Constant Summary collapse

PROTOCOL_VERSION =
"QH65B2"
USER_AGENT =
"Spaceship #{Fastlane::VERSION}"
AUTH_TYPES =
["sa", "hsa", "non-sa", "hsa2"]
BasicPreferredInfoError =

legacy support

Spaceship::BasicPreferredInfoError
InvalidUserCredentialsError =
Spaceship::InvalidUserCredentialsError
NoUserCredentialsError =
Spaceship::NoUserCredentialsError
ProgramLicenseAgreementUpdated =
Spaceship::ProgramLicenseAgreementUpdated
InsufficientPermissions =
Spaceship::InsufficientPermissions
UnexpectedResponse =
Spaceship::UnexpectedResponse
AppleTimeoutError =
Spaceship::AppleTimeoutError
UnauthorizedAccessError =
Spaceship::UnauthorizedAccessError
GatewayTimeoutError =
Spaceship::GatewayTimeoutError
InternalServerError =
Spaceship::InternalServerError
BadGatewayError =
Spaceship::BadGatewayError
AccessForbiddenError =
Spaceship::AccessForbiddenError
TooManyRequestsError =
Spaceship::TooManyRequestsError

Request Logger collapse

Helpers collapse

Instance Attribute Summary collapse

Teams + User collapse

Client Init collapse

Session Cookie collapse

Automatic Paging collapse

Login and Team Selection collapse

Session collapse

Helpers collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cookie: nil, current_team_id: nil, csrf_tokens: nil, timeout: nil) ⇒ Client

Returns a new instance of Client.



203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
# File 'spaceship/lib/spaceship/client.rb', line 203

def initialize(cookie: nil, current_team_id: nil, csrf_tokens: nil, timeout: nil)
  options = {
   request: {
      timeout:       (ENV["SPACESHIP_TIMEOUT"] || timeout || 300).to_i,
      open_timeout:  (ENV["SPACESHIP_TIMEOUT"] || timeout || 300).to_i
    }
  }
  @current_team_id = current_team_id
  @csrf_tokens = csrf_tokens
  @cookie = cookie || HTTP::CookieJar.new

  @client = Faraday.new(self.class.hostname, options) do |c|
    c.response(:json, content_type: /\bjson$/)
    c.response(:plist, content_type: /\bplist$/)
    c.use(:cookie_jar, jar: @cookie)
    c.use(FaradayMiddleware::RelsMiddleware)
    c.use(Spaceship::StatsMiddleware)
    c.adapter(Faraday.default_adapter)

    if ENV['SPACESHIP_DEBUG']
      # for debugging only
      # This enables tracking of networking requests using Charles Web Proxy
      c.proxy = "https://127.0.0.1:8888"
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
    elsif ENV["SPACESHIP_PROXY"]
      c.proxy = ENV["SPACESHIP_PROXY"]
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if ENV["SPACESHIP_PROXY_SSL_VERIFY_NONE"]
    end

    if ENV["DEBUG"]
      puts("To run spaceship through a local proxy, use SPACESHIP_DEBUG")
    end
  end
end

Instance Attribute Details

#clientObject (readonly)

Returns the value of attribute client.



31
32
33
# File 'spaceship/lib/spaceship/client.rb', line 31

def client
  @client
end

#csrf_tokensObject

memorize the last csrf tokens from responses



706
707
708
# File 'spaceship/lib/spaceship/client.rb', line 706

def csrf_tokens
  @csrf_tokens
end

#loggerObject

The logger in which all requests are logged /tmp/spaceship[pid][“threadid”].log by default



41
42
43
# File 'spaceship/lib/spaceship/client.rb', line 41

def logger
  @logger
end

#providerObject

Returns the value of attribute provider.



45
46
47
# File 'spaceship/lib/spaceship/client.rb', line 45

def provider
  @provider
end

#userObject

The user that is currently logged in



34
35
36
# File 'spaceship/lib/spaceship/client.rb', line 34

def user
  @user
end

#user_emailObject

The email of the user that is currently logged in



37
38
39
# File 'spaceship/lib/spaceship/client.rb', line 37

def user_email
  @user_email
end

Class Method Details

.client_with_authorization_from(another_client) ⇒ Object

Instantiates a client but with a cookie derived from another client.

HACK: since the ‘@cookie` is not exposed, we use this hacky way of sharing the instance.



199
200
201
# File 'spaceship/lib/spaceship/client.rb', line 199

def self.client_with_authorization_from(another_client)
  self.new(cookie: another_client.instance_variable_get(:@cookie), current_team_id: another_client.team_id)
end

.hostnameObject



62
63
64
# File 'spaceship/lib/spaceship/client.rb', line 62

def self.hostname
  raise "You must implement self.hostname"
end

.login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

  • user (String) (defaults to: nil)

    (optional): The username (usually the email address)

  • password (String) (defaults to: nil)

    (optional): The password

Returns:

Raises:

  • InvalidUserCredentialsError: raised if authentication failed



353
354
355
356
357
358
359
360
# File 'spaceship/lib/spaceship/client.rb', line 353

def self.(user = nil, password = nil)
  instance = self.new
  if instance.(user, password)
    instance
  else
    raise InvalidUserCredentialsError.new, "Invalid User Credentials"
  end
end

.spaceship_session_envObject

Fetch the session cookie from the environment (if exists)



621
622
623
# File 'spaceship/lib/spaceship/client.rb', line 621

def self.spaceship_session_env
  ENV["FASTLANE_SESSION"] || ENV["SPACESHIP_SESSION"]
end

Instance Method Details

#ask_for_2fa_code(text) ⇒ Object

extracted into its own method for testing



227
228
229
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 227

def ask_for_2fa_code(text)
  ask(text)
end

#choose_phone_number(opts) ⇒ Object

extracted into its own method for testing



232
233
234
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 232

def choose_phone_number(opts)
  choose(*opts)
end

Return the session cookie.

Returns:



271
272
273
# File 'spaceship/lib/spaceship/client.rb', line 271

def cookie
  @cookie.map(&:to_s).join(';')
end

#detect_most_common_errors_and_raise_exceptions(body) ⇒ Object



767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
# File 'spaceship/lib/spaceship/client.rb', line 767

def detect_most_common_errors_and_raise_exceptions(body)
  # Check if the failure is due to missing permissions (App Store Connect)
  if body["messages"] && body["messages"]["error"].include?("Forbidden")
    raise_insufficient_permission_error!
  elsif body["messages"] && body["messages"]["error"].include?("insufficient privileges")
    # Passing a specific `caller_location` here to make sure we return the correct method
    # With the default location the error would say that `parse_response` is the caller
    raise_insufficient_permission_error!(caller_location: 3)
  elsif body.to_s.include?("Internal Server Error - Read")
    raise InternalServerError, "Received an internal server error from App Store Connect / Developer Portal, please try again later"
  elsif body.to_s.include?("Gateway Timeout - In read")
    raise GatewayTimeoutError, "Received a gateway timeout error from App Store Connect / Developer Portal, please try again later"
  elsif (body["userString"] || "").include?("Program License Agreement")
    raise ProgramLicenseAgreementUpdated, "#{body['userString']} Please manually log into your Apple Developer account to review and accept the updated agreement."
  end
end

#fastlane_user_dirObject

This is a duplicate method of fastlane_core/fastlane_core.rb#fastlane_user_dir



286
287
288
289
290
# File 'spaceship/lib/spaceship/client.rb', line 286

def fastlane_user_dir
  path = File.expand_path(File.join(Dir.home, ".fastlane"))
  FileUtils.mkdir_p(path) unless File.directory?(path)
  return path
end

#fetch_olympus_sessionObject

Get the ‘itctx` from the new (22nd May 2017) API endpoint “olympus” Update (29th March 2019) olympus migrates to new appstoreconnect API



538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
# File 'spaceship/lib/spaceship/client.rb', line 538

def fetch_olympus_session
  response = request(:get, "https://appstoreconnect.apple.com/olympus/v1/session")
  body = response.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    user_map = body["user"]
    if user_map
      self.user_email = user_map["emailAddress"]
    end

    provider = body["provider"]
    if provider
      self.provider = Spaceship::Provider.new(provider_hash: provider)
      return true
    end
  end

  return false
end

#fetch_program_license_agreement_messagesObject

Get contract messages from App Store Connect’s “olympus” endpoint



626
627
628
629
630
631
632
633
634
635
636
637
638
639
# File 'spaceship/lib/spaceship/client.rb', line 626

def fetch_program_license_agreement_messages
  all_messages = []

  messages_request = request(:get, "https://appstoreconnect.apple.com/olympus/v1/contractMessages")
  body = messages_request.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    body.map do |messages|
      all_messages.push(messages["message"])
    end
  end

  return all_messages
end

#handle_two_factor(response, depth = 0) ⇒ Object



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 104

def handle_two_factor(response, depth = 0)
  if depth == 0
    puts("Two-factor Authentication (6 digits code) is enabled for account '#{self.user}'")
    puts("More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915")
    puts("")

    two_factor_url = "https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification"
    puts("If you're running this in a non-interactive session (e.g. server or CI)")
    puts("check out #{two_factor_url}")
  end

  # "verification code" has already be pushed to devices

  security_code = response.body["securityCode"]
  # "securityCode": {
  # 	"length": 6,
  # 	"tooManyCodesSent": false,
  # 	"tooManyCodesValidated": false,
  # 	"securityCodeLocked": false
  # },
  code_length = security_code["length"]

  puts("")
  env_2fa_sms_default_phone_number = ENV["SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER"]

  if env_2fa_sms_default_phone_number
    raise Tunes::Error.new, "Environment variable SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER is set, but empty." if env_2fa_sms_default_phone_number.empty?

    puts("Environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` is set, automatically requesting 2FA token via SMS to that number")
    puts("SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER = #{env_2fa_sms_default_phone_number}")
    puts("")

    phone_number = env_2fa_sms_default_phone_number
    phone_id = phone_id_from_number(response.body["trustedPhoneNumbers"], phone_number)
    push_mode = push_mode_from_number(response.body["trustedPhoneNumbers"], phone_number)
    # don't request sms if no trusted devices and env default is the only trusted number,
    # code was automatically sent
    should_request_code = !sms_automatically_sent(response)
    code_type = 'phone'
    body = request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode, should_request_code)
  elsif sms_automatically_sent(response) # sms fallback, code was automatically sent
    fallback_number = response.body["trustedPhoneNumbers"].first
    phone_number = fallback_number["numberWithDialCode"]
    phone_id = fallback_number["id"]
    push_mode = fallback_number['pushMode']

    code_type = 'phone'
    body = request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode, false)
  elsif sms_fallback(response) # sms fallback but code wasn't sent bec > 1 phone number
    code_type = 'phone'
    body = request_two_factor_code_from_phone_choose(response.body["trustedPhoneNumbers"], code_length)
  else
    puts("(Input `sms` to escape this prompt and select a trusted phone number to send the code as a text message)")
    puts("")
    puts("(You can also set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automate this)")
    puts("(Read more at: https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship_2fa_sms_default_phone_number)")
    puts("")

    code = ask_for_2fa_code("Please enter the #{code_length} digit code:")
    code_type = 'trusteddevice'
    body = { "securityCode" => { "code" => code.to_s } }.to_json

    # User exited by entering `sms` and wants to choose phone number for SMS
    if code == 'sms'
      code_type = 'phone'
      body = request_two_factor_code_from_phone_choose(response.body["trustedPhoneNumbers"], code_length)
    end
  end

  puts("Requesting session...")

  # Send "verification code" back to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/#{code_type}/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = body
    update_request_headers(req)
  end

  begin
    # we use `Spaceship::TunesClient.new.handle_itc_response`
    # since this might be from the Dev Portal, but for 2 factor
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "service_errors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }],
    #   "hasError": true
    # }

    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      depth += 1
      return handle_two_factor(response, depth)
    end

    raise ex
  end

  store_session

  return true
end

#handle_two_step(response) ⇒ Object



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 27

def handle_two_step(response)
  if response.body.fetch("securityCode", {})["tooManyCodesLock"].to_s.length > 0
    raise Tunes::Error.new, "Too many verification codes have been sent. Enter the last code you received, use one of your devices, or try again later."
  end

  puts("Two-step Verification (4 digits code) is enabled for account '#{self.user}'")
  puts("More information about Two-step Verification: https://support.apple.com/en-us/HT204152")
  puts("")

  puts("Please select a trusted device to verify your identity")
  available = response.body["trustedDevices"].collect do |current|
    "#{current['name']}\t#{current['modelName'] || 'SMS'}\t(#{current['id']})"
  end
  result = choose(*available)

  device_id = result.match(/.*\t.*\t\((.*)\)/)[1]
  handle_two_step_for_device(device_id)
end

#handle_two_step_for_device(device_id) ⇒ Object

this is extracted into its own method so it can be called multiple times (see end)



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 47

def handle_two_step_for_device(device_id)
  # Request token to device
  r = request(:put) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    update_request_headers(req)
  end

  # we use `Spaceship::TunesClient.new.handle_itc_response`
  # since this might be from the Dev Portal, but for 2 step
  Spaceship::TunesClient.new.handle_itc_response(r.body)

  puts("Successfully requested notification")
  code = ask("Please enter the 4 digit code: ")
  puts("Requesting session...")

  # Send token to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = { "code" => code.to_s }.to_json
    update_request_headers(req)
  end

  begin
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "securityCode": {
    #     "code": "1234"
    #   },
    #   "securityCodeLocked": false,
    #   "recoveryKeyLocked": false,
    #   "recoveryKeySupported": true,
    #   "manageTrustedDevicesLinkName": "appleid.apple.com",
    #   "suppressResend": false,
    #   "authType": "hsa",
    #   "accountLocked": false,
    #   "validationErrors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }]
    # }
    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      return handle_two_step_for_device(device_id)
    end

    raise ex
  end

  store_session

  return true
end

#handle_two_step_or_factor(response) ⇒ Object



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 6

def handle_two_step_or_factor(response)
  raise "2FA can only be performed in interactive mode" if ENV["SPACESHIP_ONLY_ALLOW_INTERACTIVE_2FA"] == "true" && ENV["FASTLANE_IS_INTERACTIVE"] == "false"
  # extract `x-apple-id-session-id` and `scnt` from response, to be used by `update_request_headers`
  @x_apple_id_session_id = response["x-apple-id-session-id"]
  @scnt = response["scnt"]

  # get authentication options
  r = request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth")
    update_request_headers(req)
  end

  if r.body.kind_of?(Hash) && r.body["trustedDevices"].kind_of?(Array)
    handle_two_step(r)
  elsif r.body.kind_of?(Hash) && r.body["trustedPhoneNumbers"].kind_of?(Array) && r.body["trustedPhoneNumbers"].first.kind_of?(Hash)
    handle_two_factor(r)
  else
    raise "Although response from Apple indicated activated Two-step Verification or Two-factor Authentication, spaceship didn't know how to handle this response: #{r.body}"
  end
end

#itc_service_keyObject



558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
# File 'spaceship/lib/spaceship/client.rb', line 558

def itc_service_key
  return @service_key if @service_key

  # Check if we have a local cache of the key
  itc_service_key_path = "/tmp/spaceship_itc_service_key.txt"
  return File.read(itc_service_key_path) if File.exist?(itc_service_key_path)

  # Fixes issue https://github.com/fastlane/fastlane/issues/13281
  # Even though we are using https://appstoreconnect.apple.com, the service key needs to still use a
  # hostname through itunesconnect.apple.com
  response = request(:get, "https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com")
  @service_key = response.body["authServiceKey"].to_s

  raise "Service key is empty" if @service_key.length == 0

  # Cache the key locally
  File.write(itc_service_key_path, @service_key)

  return @service_key
rescue => ex
  puts(ex.to_s)
  raise AppleTimeoutError.new, "Could not receive latest API key from App Store Connect, this might be a server issue."
end

#load_session_from_envObject



600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
# File 'spaceship/lib/spaceship/client.rb', line 600

def load_session_from_env
  return if self.class.spaceship_session_env.to_s.length == 0
  puts("Loading session from environment variable") if Spaceship::Globals.verbose?

  file = Tempfile.new('cookie.yml')
  file.write(self.class.spaceship_session_env.gsub("\\n", "\n"))
  file.close

  begin
    @cookie.load(file.path)
  rescue => ex
    puts("Error loading session from environment")
    puts("Make sure to pass the session in a valid format")
    raise ex
  ensure
    file.unlink
  end
end

#load_session_from_fileObject



586
587
588
589
590
591
592
593
594
595
596
597
598
# File 'spaceship/lib/spaceship/client.rb', line 586

def load_session_from_file
  begin
    if File.exist?(persistent_cookie_path)
      puts("Loading session from '#{persistent_cookie_path}'") if Spaceship::Globals.verbose?
      @cookie.load(persistent_cookie_path)
      return true
    end
  rescue => ex
    puts(ex.to_s)
    puts("Continuing with normal login.")
  end
  return false
end

#login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

  • user (String) (defaults to: nil)

    (optional): The username (usually the email address)

  • password (String) (defaults to: nil)

    (optional): The password

Returns:

Raises:

  • InvalidUserCredentialsError: raised if authentication failed



375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
# File 'spaceship/lib/spaceship/client.rb', line 375

def (user = nil, password = nil)
  if user.to_s.empty? || password.to_s.empty?
    require 'credentials_manager/account_manager'

    puts("Reading keychain entry, because either user or password were empty") if Spaceship::Globals.verbose?

    keychain_entry = CredentialsManager::AccountManager.new(user: user, password: password)
    user ||= keychain_entry.user
    password = keychain_entry.password
  end

  if user.to_s.strip.empty? || password.to_s.strip.empty?
    raise NoUserCredentialsError.new, "No login data provided"
  end

  self.user = user
  @password = password
  begin
    (user, password) # calls `send_login_request` in sub class (which then will redirect back here to `send_shared_login_request`, below)
  rescue InvalidUserCredentialsError => ex
    raise ex unless keychain_entry

    if keychain_entry.invalid_credentials
      (user)
    else
      raise ex
    end
  end
end

#match_phone_to_masked_phone(phone_number, masked_number) ⇒ Object



258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 258

def match_phone_to_masked_phone(phone_number, masked_number)
  characters_to_remove_from_phone_numbers = ' \-()"'

  # start with e.g. +49 162 1234585 or +1-123-456-7866
  phone_number = phone_number.tr(characters_to_remove_from_phone_numbers, '')
  # cleaned: +491621234585 or +11234567866

  # rubocop:disable Style/AsciiComments
  # start with: +49 •••• •••••85 or +1 (•••) •••-••66
  number_with_dialcode_masked = masked_number.tr(characters_to_remove_from_phone_numbers, '')
  # cleaned: +49•••••••••85 or +1••••••••66
  # rubocop:enable Style/AsciiComments

  maskings_count = number_with_dialcode_masked.count('') # => 9 or 8
  pattern = /^([0-9+]{2,4})([•]{#{maskings_count}})([0-9]{2})$/
  # following regex: range from maskings_count-2 because sometimes the masked number has 1 or 2 dots more than the actual number
  # e.g. https://github.com/fastlane/fastlane/issues/14969
  replacement = "\\1([0-9]{#{maskings_count - 2},#{maskings_count}})\\3"
  number_with_dialcode_regex_part = number_with_dialcode_masked.gsub(pattern, replacement)
  # => +49([0-9]{8,9})85 or +1([0-9]{7,8})66

  backslash = '\\'
  number_with_dialcode_regex_part = backslash + number_with_dialcode_regex_part
  number_with_dialcode_regex = /^#{number_with_dialcode_regex_part}$/
  # => /^\+49([0-9]{8})85$/ or /^\+1([0-9]{7,8})66$/

  return phone_number =~ number_with_dialcode_regex
  # +491621234585 matches /^\+49([0-9]{8})85$/
end

#page_sizeObject

The page size we want to request, defaults to 500



315
316
317
# File 'spaceship/lib/spaceship/client.rb', line 315

def page_size
  @page_size ||= 500
end

#pagingObject

Handles the paging for you… for free Just pass a block and use the parameter as page number



321
322
323
324
325
326
327
328
329
330
331
332
333
334
# File 'spaceship/lib/spaceship/client.rb', line 321

def paging
  page = 0
  results = []
  loop do
    page += 1
    current = yield(page)

    results += current

    break if (current || []).count < page_size # no more results
  end

  return results
end

#parse_response(response, expected_key = nil) ⇒ Object



732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
# File 'spaceship/lib/spaceship/client.rb', line 732

def parse_response(response, expected_key = nil)
  if response.body
    # If we have an `expected_key`, select that from response.body Hash
    # Else, don't.

    # the returned error message and info, is html encoded ->  &quot;issued&quot; -> make this readable ->  "issued"
    response.body["userString"] = CGI.unescapeHTML(response.body["userString"]) if response.body["userString"]
    response.body["resultString"] = CGI.unescapeHTML(response.body["resultString"]) if response.body["resultString"]

    content = expected_key ? response.body[expected_key] : response.body
  end

  # if content (filled with whole body or just expected_key) is missing
  if content.nil?
    detect_most_common_errors_and_raise_exceptions(response.body) if response.body
    raise UnexpectedResponse, response.body
  # else if it is a hash and `resultString` includes `NotAllowed`
  elsif content.kind_of?(Hash) && (content["resultString"] || "").include?("NotAllowed")
    # example content when doing a Developer Portal action with not enough permission
    # => {"responseId"=>"e5013d83-c5cb-4ba0-bb62-734a8d56007f",
    #    "resultCode"=>1200,
    #    "resultString"=>"webservice.certificate.downloadNotAllowed",
    #    "userString"=>"You are not permitted to download this certificate.",
    #    "creationTimestamp"=>"2017-01-26T22:44:13Z",
    #    "protocolVersion"=>"QH65B2",
    #    "userLocale"=>"en_US",
    #    "requestUrl"=>"https://developer.apple.com/services-account/QH65B2/account/ios/certificate/downloadCertificateContent.action",
    #    "httpCode"=>200}
    raise_insufficient_permission_error!(additional_error_string: content["userString"])
  else
    store_csrf_tokens(response)
    content
  end
end

Returns preferred path for storing cookie for two step verification.



294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
# File 'spaceship/lib/spaceship/client.rb', line 294

def persistent_cookie_path
  if ENV["SPACESHIP_COOKIE_PATH"]
    path = File.expand_path(File.join(ENV["SPACESHIP_COOKIE_PATH"], "spaceship", self.user, "cookie"))
  else
    [File.join(self.fastlane_user_dir, "spaceship"), "~/.spaceship", "/var/tmp/spaceship", "#{Dir.tmpdir}/spaceship"].each do |dir|
      dir_parts = File.split(dir)
      if directory_accessible?(File.expand_path(dir_parts.first))
        path = File.expand_path(File.join(dir, self.user, "cookie"))
        break
      end
    end
  end

  return path
end

#phone_id_from_masked_number(phone_numbers, masked_number) ⇒ Object



288
289
290
291
292
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 288

def phone_id_from_masked_number(phone_numbers, masked_number)
  phone_numbers.each do |phone|
    return phone['id'] if phone['numberWithDialCode'] == masked_number
  end
end

#phone_id_from_number(phone_numbers, phone_number) ⇒ Object

Raises:



236
237
238
239
240
241
242
243
244
245
246
247
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 236

def phone_id_from_number(phone_numbers, phone_number)
  phone_numbers.each do |phone|
    return phone['id'] if match_phone_to_masked_phone(phone_number, phone['numberWithDialCode'])
  end

  # Handle case of phone_number not existing in phone_numbers because ENV var is wrong or matcher is broken
  raise Tunes::Error.new, %(
Could not find a matching phone number to #{phone_number} in #{phone_numbers}.
Make sure your environment variable is set to the correct phone number.
If it is, please open an issue at https://github.com/fastlane/fastlane/issues/new and include this output so we can fix our matcher. Thanks.
)
end

#push_mode_from_masked_number(phone_numbers, masked_number) ⇒ Object



294
295
296
297
298
299
300
301
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 294

def push_mode_from_masked_number(phone_numbers, masked_number)
  phone_numbers.each do |phone|
    return phone['pushMode'] if phone['numberWithDialCode'] == masked_number
  end

  # If no pushMode was supplied, assume sms
  return "sms"
end

#push_mode_from_number(phone_numbers, phone_number) ⇒ Object



249
250
251
252
253
254
255
256
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 249

def push_mode_from_number(phone_numbers, phone_number)
  phone_numbers.each do |phone|
    return phone['pushMode'] if match_phone_to_masked_phone(phone_number, phone['numberWithDialCode'])
  end

  # If no pushMode was supplied, assume sms
  return "sms"
end

#raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2) ⇒ Object

This also gets called from subclasses



785
786
787
788
789
790
791
792
793
794
795
796
797
798
# File 'spaceship/lib/spaceship/client.rb', line 785

def raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2)
  # get the method name of the request that failed
  # `block in` is used very often for requests when surrounded for paging or retrying blocks
  # The ! is part of some methods when they modify or delete a resource, so we don't want to show it
  # Using `sub` instead of `delete` as we don't want to allow multiple matches
  calling_method_name = caller_locations(caller_location, 2).first.label.sub("block in", "").delete("!").strip

  # calling the computed property self.team_id can get us into an exception handling loop
  team_id = @current_team_id ? "(Team ID #{@current_team_id}) " : ""

  error_message = "User #{self.user} #{team_id}doesn't have enough permission for the following action: #{calling_method_name}"
  error_message += " (#{additional_error_string})" if additional_error_string.to_s.length > 0
  raise InsufficientPermissions, error_message
end

#request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block) ⇒ Object



710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
# File 'spaceship/lib/spaceship/client.rb', line 710

def request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block)
  headers.merge!(csrf_tokens)
  headers['User-Agent'] = USER_AGENT

  # Before encoding the parameters, log them
  log_request(method, url_or_path, params, headers, &block)

  # form-encode the params only if there are params, and the block is not supplied.
  # this is so that certain requests can be made using the block for more control
  if method == :post && params && !block_given?
    params, headers = encode_params(params, headers)
  end

  response = if auto_paginate
               send_request_auto_paginate(method, url_or_path, params, headers, &block)
             else
               send_request(method, url_or_path, params, headers, &block)
             end

  return response
end

#request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode = "sms", should_request_code = true) ⇒ Object

this is used in two places: after choosing a phone number and when a phone number is set via ENV var



317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 317

def request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode = "sms", should_request_code = true)
  if should_request_code
    # Request code
    r = request(:put) do |req|
      req.url("https://idmsa.apple.com/appleauth/auth/verify/phone")
      req.headers['Content-Type'] = 'application/json'
      req.body = { "phoneNumber" => { "id" => phone_id }, "mode" => push_mode }.to_json
      update_request_headers(req)
    end

    # we use `Spaceship::TunesClient.new.handle_itc_response`
    # since this might be from the Dev Portal, but for 2 step
    Spaceship::TunesClient.new.handle_itc_response(r.body)

    puts("Successfully requested text message to #{phone_number}")
  end

  code = ask_for_2fa_code("Please enter the #{code_length} digit code you received at #{phone_number}:")

  return { "securityCode" => { "code" => code.to_s }, "phoneNumber" => { "id" => phone_id }, "mode" => push_mode }.to_json
end

#request_two_factor_code_from_phone_choose(phone_numbers, code_length) ⇒ Object



303
304
305
306
307
308
309
310
311
312
313
314
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 303

def request_two_factor_code_from_phone_choose(phone_numbers, code_length)
  puts("Please select a trusted phone number to send code to:")

  available = phone_numbers.collect do |current|
    current['numberWithDialCode']
  end
  chosen = choose_phone_number(available)
  phone_id = phone_id_from_masked_number(phone_numbers, chosen)
  push_mode = push_mode_from_masked_number(phone_numbers, chosen)

  request_two_factor_code_from_phone(phone_id, chosen, code_length, push_mode)
end

#send_shared_login_request(user, password) ⇒ Object

This method is used for both the Apple Dev Portal and App Store Connect This will also handle 2 step verification and 2 factor authentication

It is called in ‘send_login_request` of sub classes (which the method `login`, above, transferred over to via `do_login`) rubocop:disable Metrics/PerceivedComplexity



410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
# File 'spaceship/lib/spaceship/client.rb', line 410

def (user, password)
  # Check if we have a cached/valid session
  #
  # Background:
  # December 4th 2017 Apple introduced a rate limit - which is of course fine by itself -
  # but unfortunately also rate limits successful logins. If you call multiple tools in a
  # lane (e.g. call match 5 times), this would lock you out of the account for a while.
  # By loading existing sessions and checking if they're valid, we're sending less login requests.
  # More context on why this change was necessary https://github.com/fastlane/fastlane/pull/11108
  #
  # If there was a successful manual login before, we have a session on disk
  if load_session_from_file
    # Check if the session is still valid here
    begin
      # We use the olympus session to determine if the old session is still valid
      # As this will raise an exception if the old session has expired
      # If the old session is still valid, we don't have to do anything else in this method
      # that's why we return true
      return true if fetch_olympus_session
    rescue
      # If the `fetch_olympus_session` method raises an exception
      # we'll land here, and therefore continue doing a full login process
      # This happens if the session we loaded from the cache isn't valid any more
      # which is common, as the session automatically invalidates after x hours (we don't know x)
      # In this case we don't actually care about the exact exception, and why it was failing
      # because either way, we'll have to do a fresh login, where we do the actual error handling
      puts("Available session is not valid any more. Continuing with normal login.")
    end
  end
  #
  # The user can pass the session via environment variable (Mainly used in CI environments)
  if load_session_from_env
    # see above
    begin
      # see above
      return true if fetch_olympus_session
    rescue
      puts("Session loaded from environment variable is not valid. Continuing with normal login.")
      # see above
    end
  end
  #
  # After this point, we sure have no valid session any more and have to create a new one
  #

  data = {
    accountName: user,
    password: password,
    rememberMe: true
  }

  begin
    # The below workaround is only needed for 2 step verified machines
    # Due to escaping of cookie values we have a little workaround here
    # By default the cookie jar would generate the following header
    #   DES5c148...=HSARM.......xaA/O69Ws/CHfQ==SRVT
    # However we need the following
    #   DES5c148...="HSARM.......xaA/O69Ws/CHfQ==SRVT"
    # There is no way to get the cookie jar value with " around the value
    # so we manually modify the cookie (only this one) to be properly escaped
    # Afterwards we pass this value manually as a header
    # It's not enough to just modify @cookie, it needs to be done after self.cookie
    # as a string operation
    important_cookie = @cookie.store.entries.find { |a| a.name.include?("DES") }
    if important_cookie
      modified_cookie = self.cookie # returns a string of all cookies
      unescaped_important_cookie = "#{important_cookie.name}=#{important_cookie.value}"
      escaped_important_cookie = "#{important_cookie.name}=\"#{important_cookie.value}\""
      modified_cookie.gsub!(unescaped_important_cookie, escaped_important_cookie)
    end

    response = request(:post) do |req|
      req.url("https://idmsa.apple.com/appleauth/auth/signin")
      req.body = data.to_json
      req.headers['Content-Type'] = 'application/json'
      req.headers['X-Requested-With'] = 'XMLHttpRequest'
      req.headers['X-Apple-Widget-Key'] = self.itc_service_key
      req.headers['Accept'] = 'application/json, text/javascript'
      req.headers["Cookie"] = modified_cookie if modified_cookie
    end
  rescue UnauthorizedAccessError
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  end

  # Now we know if the login is successful or if we need to do 2 factor

  case response.status
  when 403
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  when 200
    fetch_olympus_session
    return response
  when 409
    # 2 step/factor is enabled for this account, first handle that
    handle_two_step_or_factor(response)
    # and then get the olympus session
    fetch_olympus_session
    return true
  else
    if (response.body || "").include?('invalid="true"')
      # User Credentials are wrong
      raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
    elsif response.status == 412 && AUTH_TYPES.include?(response.body["authType"])

      if try_upgrade_2fa_later(response)
        store_cookie
        fetch_olympus_session
        return true
      end

      # Need to acknowledge Apple ID and Privacy statement - https://github.com/fastlane/fastlane/issues/12577
      # Looking for status of 412 might be enough but might be safer to keep looking only at what is being reported
      raise AppleIDAndPrivacyAcknowledgementNeeded.new, "Need to acknowledge to Apple's Apple ID and Privacy statement. " \
                                                        "Please manually log into https://appleid.apple.com (or https://appstoreconnect.apple.com) to acknowledge the statement. " \
                                                        "Your account might also be asked to upgrade to 2FA. " \
                                                        "Set SPACESHIP_SKIP_2FA_UPGRADE=1 for fastlane to automaticaly bypass 2FA upgrade if possible."
    elsif (response['Set-Cookie'] || "").include?("itctx")
      raise "Looks like your Apple ID is not enabled for App Store Connect, make sure to be able to login online"
    else
      info = [response.body, response['Set-Cookie']]
      raise Tunes::Error.new, info.join("\n")
    end
  end
end

#sms_automatically_sent(response) ⇒ Object

see ‘sms_fallback` + account has only one trusted number for receiving an sms



222
223
224
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 222

def sms_automatically_sent(response)
  (response.body["trustedPhoneNumbers"] || []).count == 1 && sms_fallback(response)
end

#sms_fallback(response) ⇒ Object

Account is not signed into any devices that can display a verification code



217
218
219
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 217

def sms_fallback(response)
  response.body["noTrustedDevices"]
end


275
276
277
278
279
280
281
282
283
# File 'spaceship/lib/spaceship/client.rb', line 275

def store_cookie(path: nil)
  path ||= persistent_cookie_path
  FileUtils.mkdir_p(File.expand_path("..", path))

  # really important to specify the session to true
  # otherwise myacinfo and more won't be stored
  @cookie.save(path, :yaml, session: true)
  return File.read(path)
end

#store_sessionObject



339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 339

def store_session
  # If the request was successful, r.body is actually nil
  # The previous request will fail if the user isn't on a team
  # on App Store Connect, but it still works, so we're good

  # Tell iTC that we are trustworthy (obviously)
  # This will update our local cookies to something new
  # They probably have a longer time to live than the other poor cookies
  # Changed Keys
  # - myacinfo
  # - DES5c148586dfd451e55afb0175f62418f91
  # We actually only care about the DES value

  request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/2sv/trust")
    update_request_headers(req)
  end
  # This request will fail if the user isn't added to a team on iTC
  # However we don't really care, this request will still return the
  # correct DES... cookie

  self.store_cookie
end

#team_idString

Returns The currently selected Team ID.

Returns:

  • (String)

    The currently selected Team ID



131
132
133
134
135
136
137
138
# File 'spaceship/lib/spaceship/client.rb', line 131

def team_id
  return @current_team_id if @current_team_id

  if teams.count > 1
    puts("The current user is in #{teams.count} teams. Pass a team ID or call `select_team` to choose a team. Using the first one for now.")
  end
  @current_team_id ||= user_details_data['sessionToken']['contentProviderId']
end

#team_id=(team_id) ⇒ Object

Set a new team ID which will be used from now on



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# File 'spaceship/lib/spaceship/client.rb', line 141

def team_id=(team_id)
  # First, we verify the team actually exists, because otherwise iTC would return the
  # following confusing error message
  #
  #     invalid content provider id
  #
  available_teams = teams.collect do |team|
    {
      team_id: (team["contentProvider"] || {})["contentProviderId"],
      team_name: (team["contentProvider"] || {})["name"]
    }
  end

  result = available_teams.find do |available_team|
    team_id.to_s == available_team[:team_id].to_s
  end

  unless result
    error_string = "Could not set team ID to '#{team_id}', only found the following available teams:\n\n#{available_teams.map { |team| "- #{team[:team_id]} (#{team[:team_name]})" }.join("\n")}\n"
    raise Tunes::Error.new, error_string
  end

  response = request(:post) do |req|
    req.url("ra/v1/session/webSession")
    req.body = {
      contentProviderId: team_id,
      dsId: user_detail_data.ds_id # https://github.com/fastlane/fastlane/issues/6711
    }.to_json
    req.headers['Content-Type'] = 'application/json'
  end

  handle_itc_response(response.body)

  # clear user_details_data cache, as session switch will have changed sessionToken attribute
  @_cached_user_details = nil

  @current_team_id = team_id
end

#team_informationHash

Returns Fetches all information of the currently used team.

Returns:

  • (Hash)

    Fetches all information of the currently used team



181
182
183
184
185
# File 'spaceship/lib/spaceship/client.rb', line 181

def team_information
  teams.find do |t|
    t['teamId'] == team_id
  end
end

#team_nameString

Returns Fetches name from currently used team.

Returns:

  • (String)

    Fetches name from currently used team



188
189
190
# File 'spaceship/lib/spaceship/client.rb', line 188

def team_name
  (team_information || {})['name']
end

#teamsArray

Returns A list of all available teams.

Returns:

  • (Array)

    A list of all available teams



71
72
73
74
75
76
77
78
# File 'spaceship/lib/spaceship/client.rb', line 71

def teams
  user_details_data['associatedAccounts'].sort_by do |team|
    [
      team['contentProvider']['name'],
      team['contentProvider']['contentProviderId']
    ]
  end
end

#try_upgrade_2fa_later(response) ⇒ Object



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'spaceship/lib/spaceship/upgrade_2fa_later_client.rb', line 6

def try_upgrade_2fa_later(response)
  if ENV['SPACESHIP_SKIP_2FA_UPGRADE'].nil?
    return false
  end

  puts("This account is being prompted to upgrade to 2FA")
  puts("Attempting to automatically bypass the upgrade until a later date")
  puts("To disable this, remove SPACESHIP_SKIP_2FA_UPGRADE=1 environment variable")

  # Get URL that requests a repair and gets the widget key
  widget_key_location = response.headers['location']
  uri    = URI.parse(widget_key_location)
  params = CGI.parse(uri.query)

  widget_key = params.dig('widgetKey', 0)
  if widget_key.nil?
    STDERR.puts("Couldn't find widgetKey to continue with requests")
    return false
  end

  # Step 1 - Request repair
  response_repair = request(:get) do |req|
    req.url(widget_key_location)
  end

  # Step 2 - Request repair options
  response_repair_options = request(:get) do |req|
    req.url("https://appleid.apple.com/account/manage/repair/options")

    req.headers['scnt'] = response_repair.headers['scnt']
    req.headers['X-Apple-Id-Session-Id'] = response.headers['X-Apple-Id-Session-Id']
    req.headers['X-Apple-Session-Token'] = response.headers['X-Apple-Repair-Session-Token']

    req.headers['X-Apple-Skip-Repair-Attributes'] = '[]'
    req.headers['X-Apple-Widget-Key'] = widget_key

    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['Accept'] = 'application/json, text/javascript'
  end

  # Step 3 - Request setup later
  request(:get) do |req|
    req.url("https://appleid.apple.com/account/security/upgrade/setuplater")

    req.headers['scnt'] = response_repair_options.headers['scnt']
    req.headers['X-Apple-Id-Session-Id'] = response.headers['X-Apple-Id-Session-Id']
    req.headers['X-Apple-Session-Token'] = response_repair_options.headers['x-apple-session-token']
    req.headers['X-Apple-Skip-Repair-Attributes'] = '[]'
    req.headers['X-Apple-Widget-Key'] = widget_key

    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['Accept'] = 'application/json, text/javascript'
  end

  # Step 4 - Post complete
  response_repair_complete = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/repair/complete")

    req.body = ''
    req.headers['scnt'] = response.headers['scnt']
    req.headers['X-Apple-Id-Session-Id'] = response.headers['X-Apple-Id-Session-Id']
    req.headers['X-Apple-Repair-Session-Token'] = response_repair_options.headers['X-Apple-Session-Token']

    req.headers['X-Apple-Widget-Key'] = widget_key

    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['Accept'] = 'application/json;charset=utf-8'
  end

  if response_repair_complete.status == 204
    return true
  else
    STDERR.puts("Failed with status code of #{response_repair_complete.status}")
    return false
  end
rescue => error
  STDERR.puts(error.backtrace)
  STDERR.puts("Failed to bypass 2FA upgrade")
  STDERR.puts("To disable this from trying again, set SPACESHIP_SKIP_UPGRADE_2FA_LATER=1")
  return false
end

#UIObject

Public getter for all UI related code rubocop:disable Naming/MethodName



22
23
24
# File 'spaceship/lib/spaceship/ui.rb', line 22

def UI
  UserInterface.new(self)
end

#update_request_headers(req) ⇒ Object

Responsible for setting all required header attributes for the requests to succeed



365
366
367
368
369
370
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 365

def update_request_headers(req)
  req.headers["X-Apple-Id-Session-Id"] = @x_apple_id_session_id
  req.headers["X-Apple-Widget-Key"] = self.itc_service_key
  req.headers["Accept"] = "application/json"
  req.headers["scnt"] = @scnt
end

#user_details_dataObject

Fetch the general information of the user, is used by various methods across spaceship Sample return value

>
 [{"contentProvider"=>{"contentProviderId"=>11142800, "name"=>"Felix Krause", "contentProviderTypes"=>["Purple Software"], "roles"=>["Developer"], "lastLogin"=>1468784113000}],
"sessionToken"=>"contentProviderId"=>18111111, "expirationDate"=>nil, "ipAddress"=>nil,
"permittedActivities"=>
    ["UserManagementSelf",
    "GameCenterTestData",
    "AppAddonCreation"],
  "REPORT"=>
   ["UserManagementSelf",
    "AppAddonCreation"],
  "VIEW"=>
   ["TestFlightAppExternalTesterManagement",
    ...
    "HelpGeneral",
    "HelpApplicationLoader"],
"preferredCurrencyCode"=>"EUR",
"preferredCountryCode"=>nil,
"countryOfOrigin"=>"AT",
"isLocaleNameReversed"=>false,
"feldsparToken"=>nil,
"feldsparChannelName"=>nil,
"hasPendingFeldsparBindingRequest"=>false,
"isLegalUser"=>false,
"userId"=>"1771111155",
"firstname"=>"Detlef",
"lastname"=>"Mueller",
"isEmailInvalid"=>false,
"hasContractInfo"=>false,
"canEditITCUsersAndRoles"=>false,
"canViewITCUsersAndRoles"=>true,
"canEditIAPUsersAndRoles"=>false,
"transporterEnabled"=>false,
"contentProviderFeatures"=>["APP_SILOING", "PROMO_CODE_REDESIGN", ...],
"contentProviderType"=>"Purple Software",
"displayName"=>"Detlef",
"contentProviderId"=>"18742800",
"userFeatures"=>[],
"visibility"=>true,
"DYCVisibility"=>false,
"contentProvider"=>"Felix Krause",
"userName"=>"[email protected]"}



124
125
126
127
128
# File 'spaceship/lib/spaceship/client.rb', line 124

def user_details_data
  return @_cached_user_details if @_cached_user_details
  r = request(:get, '/WebObjects/iTunesConnect.woa/ra/user/detail')
  @_cached_user_details = parse_response(r, 'data')
end

#with_retry(tries = 5, &_block) ⇒ Object



645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
# File 'spaceship/lib/spaceship/client.rb', line 645

def with_retry(tries = 5, &_block)
  return yield
rescue \
    Faraday::ConnectionFailed,
    Faraday::TimeoutError,
    BadGatewayError,
    AppleTimeoutError,
    GatewayTimeoutError,
    AccessForbiddenError => ex
  tries -= 1
  unless tries.zero?
    msg = "Timeout received: '#{ex.class}', '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue TooManyRequestsError => ex
  tries -= 1
  unless tries.zero?
    msg = "Timeout received: '#{ex.class}', '#{ex.message}'. Retrying after #{ex.retry_after} seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(ex.retry_after) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue \
    Faraday::ParsingError, # <h2>Internal Server Error</h2> with content type json
    InternalServerError => ex
  tries -= 1
  unless tries.zero?
    msg = "Internal Server Error received: '#{ex.class}', '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue UnauthorizedAccessError => ex
  if @loggedin && !(tries -= 1).zero?
    msg = "Auth error received: '#{ex.class}', '#{ex.message}'. Login in again then retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    if self.class.spaceship_session_env.to_s.length > 0
      raise UnauthorizedAccessError.new, "Authentication error, you passed an invalid session using the environment variable FASTLANE_SESSION or SPACESHIP_SESSION"
    end

    (self.user, @password)
    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
end