Class: Spaceship::Client

Inherits:
Object
  • Object
show all
Defined in:
spaceship/lib/spaceship/client.rb,
spaceship/lib/spaceship/ui.rb,
spaceship/lib/spaceship/portal/ui/select_team.rb,
spaceship/lib/spaceship/upgrade_2fa_later_client.rb,
spaceship/lib/spaceship/two_step_or_factor_client.rb

Overview

rubocop:disable Metrics/ClassLength

Defined Under Namespace

Classes: UserInterface

Constant Summary collapse

PROTOCOL_VERSION =
"QH65B2"
USER_AGENT =
"Spaceship #{Fastlane::VERSION}"
AUTH_TYPES =
["sa", "hsa", "non-sa", "hsa2"]
BasicPreferredInfoError =

legacy support

Spaceship::BasicPreferredInfoError
InvalidUserCredentialsError =
Spaceship::InvalidUserCredentialsError
NoUserCredentialsError =
Spaceship::NoUserCredentialsError
ProgramLicenseAgreementUpdated =
Spaceship::ProgramLicenseAgreementUpdated
InsufficientPermissions =
Spaceship::InsufficientPermissions
UnexpectedResponse =
Spaceship::UnexpectedResponse
AppleTimeoutError =
Spaceship::AppleTimeoutError
UnauthorizedAccessError =
Spaceship::UnauthorizedAccessError
GatewayTimeoutError =
Spaceship::GatewayTimeoutError
InternalServerError =
Spaceship::InternalServerError
BadGatewayError =
Spaceship::BadGatewayError
AccessForbiddenError =
Spaceship::AccessForbiddenError
TooManyRequestsError =
Spaceship::TooManyRequestsError

Request Logger collapse

Helpers collapse

Instance Attribute Summary collapse

Teams + User collapse

Client Init collapse

Session Cookie collapse

Automatic Paging collapse

Login and Team Selection collapse

Session collapse

Helpers collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cookie: nil, current_team_id: nil, csrf_tokens: nil, timeout: nil) ⇒ Client

Returns a new instance of Client.



203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
# File 'spaceship/lib/spaceship/client.rb', line 203

def initialize(cookie: nil, current_team_id: nil, csrf_tokens: nil, timeout: nil)
  options = {
   request: {
      timeout:       (ENV["SPACESHIP_TIMEOUT"] || timeout || 300).to_i,
      open_timeout:  (ENV["SPACESHIP_TIMEOUT"] || timeout || 300).to_i
    }
  }
  @current_team_id = current_team_id
  @csrf_tokens = csrf_tokens
  @cookie = cookie || HTTP::CookieJar.new

  @client = Faraday.new(self.class.hostname, options) do |c|
    c.response(:json, content_type: /\bjson$/)
    c.response(:plist, content_type: /\bplist$/)
    c.use(:cookie_jar, jar: @cookie)
    c.use(FaradayMiddleware::RelsMiddleware)
    c.use(Spaceship::StatsMiddleware)
    c.adapter(Faraday.default_adapter)

    if ENV['SPACESHIP_DEBUG']
      # for debugging only
      # This enables tracking of networking requests using Charles Web Proxy
      c.proxy = "https://127.0.0.1:8888"
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
    elsif ENV["SPACESHIP_PROXY"]
      c.proxy = ENV["SPACESHIP_PROXY"]
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if ENV["SPACESHIP_PROXY_SSL_VERIFY_NONE"]
    end

    if ENV["DEBUG"]
      puts("To run spaceship through a local proxy, use SPACESHIP_DEBUG")
    end
  end
end

Instance Attribute Details

#additional_headersObject

Returns the value of attribute additional_headers.



45
46
47
# File 'spaceship/lib/spaceship/client.rb', line 45

def additional_headers
  @additional_headers
end

#clientObject (readonly)

Returns the value of attribute client.



32
33
34
# File 'spaceship/lib/spaceship/client.rb', line 32

def client
  @client
end

#csrf_tokensObject

memorize the last csrf tokens from responses



848
849
850
# File 'spaceship/lib/spaceship/client.rb', line 848

def csrf_tokens
  @csrf_tokens
end

#loggerObject

The logger in which all requests are logged /tmp/spaceship[pid][“threadid”].log by default



42
43
44
# File 'spaceship/lib/spaceship/client.rb', line 42

def logger
  @logger
end

#providerObject

Returns the value of attribute provider.



47
48
49
# File 'spaceship/lib/spaceship/client.rb', line 47

def provider
  @provider
end

#userObject

The user that is currently logged in



35
36
37
# File 'spaceship/lib/spaceship/client.rb', line 35

def user
  @user
end

#user_emailObject

The email of the user that is currently logged in



38
39
40
# File 'spaceship/lib/spaceship/client.rb', line 38

def user_email
  @user_email
end

Class Method Details

.client_with_authorization_from(another_client) ⇒ Object

Instantiates a client but with a cookie derived from another client.

HACK: since the ‘@cookie` is not exposed, we use this hacky way of sharing the instance.



199
200
201
# File 'spaceship/lib/spaceship/client.rb', line 199

def self.client_with_authorization_from(another_client)
  self.new(cookie: another_client.instance_variable_get(:@cookie), current_team_id: another_client.team_id)
end

.hostnameObject



64
65
66
# File 'spaceship/lib/spaceship/client.rb', line 64

def self.hostname
  raise "You must implement self.hostname"
end

.login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

  • user (String) (defaults to: nil)

    (optional): The username (usually the email address)

  • password (String) (defaults to: nil)

    (optional): The password

Returns:

Raises:

  • InvalidUserCredentialsError: raised if authentication failed



353
354
355
356
357
358
359
360
# File 'spaceship/lib/spaceship/client.rb', line 353

def self.(user = nil, password = nil)
  instance = self.new
  if instance.(user, password)
    instance
  else
    raise InvalidUserCredentialsError.new, "Invalid User Credentials"
  end
end

.spaceship_session_envObject

Fetch the session cookie from the environment (if exists)



763
764
765
# File 'spaceship/lib/spaceship/client.rb', line 763

def self.spaceship_session_env
  ENV["FASTLANE_SESSION"] || ENV["SPACESHIP_SESSION"]
end

Instance Method Details

#ask_for_2fa_code(text) ⇒ Object

extracted into its own method for testing



235
236
237
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 235

def ask_for_2fa_code(text)
  ask(text)
end

#choose_phone_number(opts) ⇒ Object

extracted into its own method for testing



240
241
242
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 240

def choose_phone_number(opts)
  choose(*opts)
end

Return the session cookie.

Returns:



271
272
273
# File 'spaceship/lib/spaceship/client.rb', line 271

def cookie
  @cookie.map(&:to_s).join(';')
end

#detect_most_common_errors_and_raise_exceptions(body) ⇒ Object



914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
# File 'spaceship/lib/spaceship/client.rb', line 914

def detect_most_common_errors_and_raise_exceptions(body)
  # Check if the failure is due to missing permissions (App Store Connect)
  if body["messages"] && body["messages"]["error"].include?("Forbidden")
    raise_insufficient_permission_error!
  elsif body["messages"] && body["messages"]["error"].include?("insufficient privileges")
    # Passing a specific `caller_location` here to make sure we return the correct method
    # With the default location the error would say that `parse_response` is the caller
    raise_insufficient_permission_error!(caller_location: 3)
  elsif body.to_s.include?("Internal Server Error - Read")
    raise InternalServerError, "Received an internal server error from App Store Connect / Developer Portal, please try again later"
  elsif body.to_s.include?("Gateway Timeout - In read")
    raise GatewayTimeoutError, "Received a gateway timeout error from App Store Connect / Developer Portal, please try again later"
  elsif (body["userString"] || "").include?("Program License Agreement")
    raise ProgramLicenseAgreementUpdated, "#{body['userString']} Please manually log into your Apple Developer account to review and accept the updated agreement."
  end
end

#do_sirp(user, password, modified_cookie) ⇒ Object



453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
# File 'spaceship/lib/spaceship/client.rb', line 453

def do_sirp(user, password, modified_cookie)
  require 'fastlane-sirp'
  require 'base64'

  client = SIRP::Client.new(2048)
  a = client.start_authentication

  data = {
    a: Base64.strict_encode64(to_byte(a)),
    accountName: user,
    protocols: ['s2k', 's2k_fo']
  }

  response = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/signin/init")
    req.body = data.to_json
    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['X-Apple-Widget-Key'] = self.itc_service_key
    req.headers['Accept'] = 'application/json, text/javascript'
    req.headers["Cookie"] = modified_cookie if modified_cookie
  end

  puts("Received SIRP signin init response: #{response.body}") if Spaceship::Globals.verbose?

  body = response.body
  iterations = body["iteration"]
  salt = Base64.strict_decode64(body["salt"])
  b = Base64.strict_decode64(body["b"])
  c = body["c"]

  key_length = 32
  encrypted_password = pbkdf2(password, salt, iterations, key_length)

  m1 = client.process_challenge(
    user,
    to_hex(encrypted_password),
    to_hex(salt),
    to_hex(b),
    is_password_encrypted: true
  )
  m2 = client.H_AMK

  if m1 == false
    puts("Error processing SIRP challenge") if Spaceship::Globals.verbose?
    raise SIRPAuthenticationError
  end

  data = {
    accountName: user,
    c: c,
    m1: Base64.encode64(to_byte(m1)).strip,
    m2: Base64.encode64(to_byte(m2)).strip,
    rememberMe: false
  }

  hashcash = self.fetch_hashcash

  response = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=false")
    req.body = data.to_json
    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['X-Apple-Widget-Key'] = self.itc_service_key
    req.headers['Accept'] = 'application/json, text/javascript'
    req.headers["Cookie"] = modified_cookie if modified_cookie
    req.headers["X-Apple-HC"] = hashcash if hashcash
  end

  puts("Completed SIRP authentication with status of #{response.status}") if Spaceship::Globals.verbose?

  return response
end

#exit_with_session_state(user, has_valid_session) ⇒ Object

This method is used to log if the session is valid or not and then exit It is called when the ‘–check_session` flag is passed



695
696
697
698
# File 'spaceship/lib/spaceship/client.rb', line 695

def exit_with_session_state(user, has_valid_session)
  puts("#{has_valid_session ? 'Valid' : 'No valid'} session found (#{user}). Exiting.")
  exit(has_valid_session)
end

#fastlane_user_dirObject

This is a duplicate method of fastlane_core/fastlane_core.rb#fastlane_user_dir



286
287
288
289
290
# File 'spaceship/lib/spaceship/client.rb', line 286

def fastlane_user_dir
  path = File.expand_path(File.join(Dir.home, ".fastlane"))
  FileUtils.mkdir_p(path) unless File.directory?(path)
  return path
end

#fetch_hashcashObject



656
657
658
659
660
661
662
663
664
665
666
667
668
669
# File 'spaceship/lib/spaceship/client.rb', line 656

def fetch_hashcash
  response = request(:get, "https://idmsa.apple.com/appleauth/auth/signin?widgetKey=#{self.itc_service_key}")
  headers = response.headers

  bits = headers["X-Apple-HC-Bits"]
  challenge = headers["X-Apple-HC-Challenge"]

  if bits.nil? || challenge.nil?
    puts("Unable to find 'X-Apple-HC-Bits' and 'X-Apple-HC-Challenge' to make hashcash")
    return nil
  end

  return Spaceship::Hashcash.make(bits: bits, challenge: challenge)
end

#fetch_olympus_sessionObject

Get the ‘itctx` from the new (22nd May 2017) API endpoint “olympus” Update (29th March 2019) olympus migrates to new appstoreconnect API



673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
# File 'spaceship/lib/spaceship/client.rb', line 673

def fetch_olympus_session
  response = request(:get, "https://appstoreconnect.apple.com/olympus/v1/session")
  body = response.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    user_map = body["user"]
    if user_map
      self.user_email = user_map["emailAddress"]
    end

    provider = body["provider"]
    if provider
      self.provider = Spaceship::Provider.new(provider_hash: provider)
      return true
    end
  end

  return false
end

#fetch_program_license_agreement_messagesObject

Get contract messages from App Store Connect’s “olympus” endpoint



768
769
770
771
772
773
774
775
776
777
778
779
780
781
# File 'spaceship/lib/spaceship/client.rb', line 768

def fetch_program_license_agreement_messages
  all_messages = []

  messages_request = request(:get, "https://appstoreconnect.apple.com/olympus/v1/contractMessages")
  body = messages_request.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    body.map do |messages|
      all_messages.push(messages["message"])
    end
  end

  return all_messages
end

#handle_two_factor(response, depth = 0) ⇒ Object



112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 112

def handle_two_factor(response, depth = 0)
  if depth == 0
    puts("Two-factor Authentication (6 digits code) is enabled for account '#{self.user}'")
    puts("More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915")
    puts("")

    two_factor_url = "https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification"
    puts("If you're running this in a non-interactive session (e.g. server or CI)")
    puts("check out #{two_factor_url}")
  end

  # "verification code" has already be pushed to devices

  security_code = response.body["securityCode"]
  # "securityCode": {
  # 	"length": 6,
  # 	"tooManyCodesSent": false,
  # 	"tooManyCodesValidated": false,
  # 	"securityCodeLocked": false
  # },
  code_length = security_code["length"]

  puts("")
  env_2fa_sms_default_phone_number = ENV["SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER"]

  if env_2fa_sms_default_phone_number
    raise Tunes::Error.new, "Environment variable SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER is set, but empty." if env_2fa_sms_default_phone_number.empty?

    puts("Environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` is set, automatically requesting 2FA token via SMS to that number")
    puts("SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER = #{env_2fa_sms_default_phone_number}")
    puts("")

    phone_number = env_2fa_sms_default_phone_number
    phone_id = phone_id_from_number(response.body["trustedPhoneNumbers"], phone_number)
    push_mode = push_mode_from_number(response.body["trustedPhoneNumbers"], phone_number)
    # don't request sms if no trusted devices and env default is the only trusted number,
    # code was automatically sent
    should_request_code = !sms_automatically_sent(response)
    code_type = 'phone'
    body = request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode, should_request_code)
  elsif sms_automatically_sent(response) # sms fallback, code was automatically sent
    fallback_number = response.body["trustedPhoneNumbers"].first
    phone_number = fallback_number["numberWithDialCode"]
    phone_id = fallback_number["id"]
    push_mode = fallback_number['pushMode']

    code_type = 'phone'
    body = request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode, false)
  elsif sms_fallback(response) # sms fallback but code wasn't sent bec > 1 phone number
    code_type = 'phone'
    body = request_two_factor_code_from_phone_choose(response.body["trustedPhoneNumbers"], code_length)
  else
    puts("(Input `sms` to escape this prompt and select a trusted phone number to send the code as a text message)")
    puts("")
    puts("(You can also set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automate this)")
    puts("(Read more at: https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship_2fa_sms_default_phone_number)")
    puts("")

    code = ask_for_2fa_code("Please enter the #{code_length} digit code:")
    code_type = 'trusteddevice'
    body = { "securityCode" => { "code" => code.to_s } }.to_json

    # User exited by entering `sms` and wants to choose phone number for SMS
    if code.casecmp?("sms")
      code_type = 'phone'
      body = request_two_factor_code_from_phone_choose(response.body["trustedPhoneNumbers"], code_length)
    end
  end

  puts("Requesting session...")

  # Send "verification code" back to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/#{code_type}/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = body
    update_request_headers(req)
  end

  begin
    # we use `Spaceship::TunesClient.new.handle_itc_response`
    # since this might be from the Dev Portal, but for 2 factor
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "service_errors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }],
    #   "hasError": true
    # }

    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      depth += 1
      return handle_two_factor(response, depth)
    end

    raise ex
  end

  store_session

  return true
end

#handle_two_step(response) ⇒ Object



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 27

def handle_two_step(response)
  if response.body.fetch("securityCode", {})["tooManyCodesLock"].to_s.length > 0
    raise Tunes::Error.new, "Too many verification codes have been sent. Enter the last code you received, use one of your devices, or try again later."
  end

  puts("Two-step Verification (4 digits code) is enabled for account '#{self.user}'")
  puts("More information about Two-step Verification: https://support.apple.com/en-us/HT204152")
  puts("")

  puts("Please select a trusted device to verify your identity")
  available = response.body["trustedDevices"].collect do |current|
    "#{current['name']}\t#{current['modelName'] || 'SMS'}\t(#{current['id']})"
  end
  result = choose(*available)

  device_id = result.match(/.*\t.*\t\((.*)\)/)[1]
  handle_two_step_for_device(device_id)
end

#handle_two_step_for_device(device_id) ⇒ Object

this is extracted into its own method so it can be called multiple times (see end)



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 47

def handle_two_step_for_device(device_id)
  # Request token to device
  r = request(:put) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    update_request_headers(req)
  end

  # we use `Spaceship::TunesClient.new.handle_itc_response`
  # since this might be from the Dev Portal, but for 2 step
  Spaceship::TunesClient.new.handle_itc_response(r.body)

  puts("Successfully requested notification")
  code = ask("Please enter the 4 digit code: ")
  puts("Requesting session...")

  # Send token to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/phone/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = {
      "phoneNumber": {
        "id": device_id
      },
      "securityCode": {
        "code" => code.to_s
      },
      "mode": "sms"
    }.to_json
    update_request_headers(req)
  end

  begin
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "securityCode": {
    #     "code": "1234"
    #   },
    #   "securityCodeLocked": false,
    #   "recoveryKeyLocked": false,
    #   "recoveryKeySupported": true,
    #   "manageTrustedDevicesLinkName": "appleid.apple.com",
    #   "suppressResend": false,
    #   "authType": "hsa",
    #   "accountLocked": false,
    #   "validationErrors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }]
    # }
    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      return handle_two_step_for_device(device_id)
    end

    raise ex
  end

  store_session

  return true
end

#handle_two_step_or_factor(response) ⇒ Object



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 6

def handle_two_step_or_factor(response)
  raise "2FA can only be performed in interactive mode" if ENV["SPACESHIP_ONLY_ALLOW_INTERACTIVE_2FA"] == "true" && ENV["FASTLANE_IS_INTERACTIVE"] == "false"
  # extract `x-apple-id-session-id` and `scnt` from response, to be used by `update_request_headers`
  @x_apple_id_session_id = response["x-apple-id-session-id"]
  @scnt = response["scnt"]

  # get authentication options
  r = request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth")
    update_request_headers(req)
  end

  if r.body.kind_of?(Hash) && r.body["trustedDevices"].kind_of?(Array)
    handle_two_step(r)
  elsif r.body.kind_of?(Hash) && r.body["trustedPhoneNumbers"].kind_of?(Array) && r.body["trustedPhoneNumbers"].first.kind_of?(Hash)
    handle_two_factor(r)
  else
    raise "Although response from Apple indicated activated Two-step Verification or Two-factor Authentication, spaceship didn't know how to handle this response: #{r.body}"
  end
end

#has_valid_sessionObject

Check if we have a cached/valid session

Background: December 4th 2017 Apple introduced a rate limit - which is of course fine by itself - but unfortunately also rate limits successful logins. If you call multiple tools in a lane (e.g. call match 5 times), this would lock you out of the account for a while. By loading existing sessions and checking if they’re valid, we’re sending less login requests. More context on why this change was necessary github.com/fastlane/fastlane/pull/11108



415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
# File 'spaceship/lib/spaceship/client.rb', line 415

def has_valid_session
  # If there was a successful manual login before, we have a session on disk
  if load_session_from_file
    # Check if the session is still valid here
    begin
      # We use the olympus session to determine if the old session is still valid
      # As this will raise an exception if the old session has expired
      # If the old session is still valid, we don't have to do anything else in this method
      # that's why we return true
      return true if fetch_olympus_session
    rescue
      # If the `fetch_olympus_session` method raises an exception
      # we'll land here, and therefore continue doing a full login process
      # This happens if the session we loaded from the cache isn't valid any more
      # which is common, as the session automatically invalidates after x hours (we don't know x)
      # In this case we don't actually care about the exact exception, and why it was failing
      # because either way, we'll have to do a fresh login, where we do the actual error handling
      puts("Available session is not valid anymore. Continuing with normal login.")
    end
  end
  #
  # The user can pass the session via environment variable (Mainly used in CI environments)
  if load_session_from_env
    # see above
    begin
      # see above
      return true if fetch_olympus_session
    rescue
      puts("Session loaded from environment variable is not valid. Continuing with normal login.")
      # see above
    end
  end
  #
  # After this point, we sure have no valid session any more and have to create a new one
  #
  return false
end

#itc_service_keyObject



700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
# File 'spaceship/lib/spaceship/client.rb', line 700

def itc_service_key
  return @service_key if @service_key

  # Check if we have a local cache of the key
  itc_service_key_path = "/tmp/spaceship_itc_service_key.txt"
  return File.read(itc_service_key_path) if File.exist?(itc_service_key_path)

  # Fixes issue https://github.com/fastlane/fastlane/issues/13281
  # Even though we are using https://appstoreconnect.apple.com, the service key needs to still use a
  # hostname through itunesconnect.apple.com
  response = request(:get, "https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com")
  @service_key = response.body["authServiceKey"].to_s

  raise "Service key is empty" if @service_key.length == 0

  # Cache the key locally
  File.write(itc_service_key_path, @service_key)

  return @service_key
rescue => ex
  puts(ex.to_s)
  raise AppleTimeoutError.new, "Could not receive latest API key from App Store Connect, this might be a server issue."
end

#load_session_from_envObject



742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
# File 'spaceship/lib/spaceship/client.rb', line 742

def load_session_from_env
  return if self.class.spaceship_session_env.to_s.length == 0
  puts("Loading session from environment variable") if Spaceship::Globals.verbose?

  file = Tempfile.new('cookie.yml')
  file.write(self.class.spaceship_session_env.gsub("\\n", "\n"))
  file.close

  begin
    @cookie.load(file.path)
  rescue => ex
    puts("Error loading session from environment")
    puts("Make sure to pass the session in a valid format")
    raise ex
  ensure
    file.unlink
  end
end

#load_session_from_fileObject



728
729
730
731
732
733
734
735
736
737
738
739
740
# File 'spaceship/lib/spaceship/client.rb', line 728

def load_session_from_file
  begin
    if File.exist?(persistent_cookie_path)
      puts("Loading session from '#{persistent_cookie_path}'") if Spaceship::Globals.verbose?
      @cookie.load(persistent_cookie_path)
      return true
    end
  rescue => ex
    puts(ex.to_s)
    puts("Continuing with normal login.")
  end
  return false
end

#login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

  • user (String) (defaults to: nil)

    (optional): The username (usually the email address)

  • password (String) (defaults to: nil)

    (optional): The password

Returns:

Raises:

  • InvalidUserCredentialsError: raised if authentication failed



375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
# File 'spaceship/lib/spaceship/client.rb', line 375

def (user = nil, password = nil)
  if user.to_s.empty? || password.to_s.empty?
    require 'credentials_manager/account_manager'

    puts("Reading keychain entry, because either user or password were empty") if Spaceship::Globals.verbose?

    keychain_entry = CredentialsManager::AccountManager.new(user: user, password: password)
    user ||= keychain_entry.user
    password = keychain_entry.password(ask_if_missing: !Spaceship::Globals.check_session)
  end

  if user.to_s.strip.empty? || password.to_s.strip.empty?
    exit_with_session_state(user, false) if Spaceship::Globals.check_session
    raise NoUserCredentialsError.new, "No login data provided"
  end

  self.user = user
  @password = password
  begin
    (user, password) # calls `send_login_request` in sub class (which then will redirect back here to `send_shared_login_request`, below)
  rescue InvalidUserCredentialsError => ex
    raise ex unless keychain_entry

    if keychain_entry.invalid_credentials
      (user)
    else
      raise ex
    end
  end
end

#match_phone_to_masked_phone(phone_number, masked_number) ⇒ Object



266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 266

def match_phone_to_masked_phone(phone_number, masked_number)
  characters_to_remove_from_phone_numbers = ' \-()"'

  # start with e.g. +49 162 1234585 or +1-123-456-7866
  phone_number = phone_number.tr(characters_to_remove_from_phone_numbers, '')
  # cleaned: +491621234585 or +11234567866

  # rubocop:disable Style/AsciiComments
  # start with: +49 •••• •••••85 or +1 (•••) •••-••66
  number_with_dialcode_masked = masked_number.tr(characters_to_remove_from_phone_numbers, '')
  # cleaned: +49•••••••••85 or +1••••••••66
  # rubocop:enable Style/AsciiComments

  maskings_count = number_with_dialcode_masked.count('') # => 9 or 8
  pattern = /^([0-9+]{2,4})([•]{#{maskings_count}})([0-9]{2})$/
  # following regex: range from maskings_count-2 because sometimes the masked number has 1 or 2 dots more than the actual number
  # e.g. https://github.com/fastlane/fastlane/issues/14969
  replacement = "\\1([0-9]{#{maskings_count - 2},#{maskings_count}})\\3"
  number_with_dialcode_regex_part = number_with_dialcode_masked.gsub(pattern, replacement)
  # => +49([0-9]{8,9})85 or +1([0-9]{7,8})66

  backslash = '\\'
  number_with_dialcode_regex_part = backslash + number_with_dialcode_regex_part
  number_with_dialcode_regex = /^#{number_with_dialcode_regex_part}$/
  # => /^\+49([0-9]{8})85$/ or /^\+1([0-9]{7,8})66$/

  return phone_number =~ number_with_dialcode_regex
  # +491621234585 matches /^\+49([0-9]{8})85$/
end

#page_sizeObject

The page size we want to request, defaults to 500



315
316
317
# File 'spaceship/lib/spaceship/client.rb', line 315

def page_size
  @page_size ||= 500
end

#pagingObject

Handles the paging for you… for free Just pass a block and use the parameter as page number



321
322
323
324
325
326
327
328
329
330
331
332
333
334
# File 'spaceship/lib/spaceship/client.rb', line 321

def paging
  page = 0
  results = []
  loop do
    page += 1
    current = yield(page)

    results += current

    break if (current || []).count < page_size # no more results
  end

  return results
end

#parse_response(response, expected_key = nil) ⇒ Object



879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
# File 'spaceship/lib/spaceship/client.rb', line 879

def parse_response(response, expected_key = nil)
  if response.body
    # If we have an `expected_key`, select that from response.body Hash
    # Else, don't.

    # the returned error message and info, is html encoded ->  &quot;issued&quot; -> make this readable ->  "issued"
    response.body["userString"] = CGI.unescapeHTML(response.body["userString"]) if response.body["userString"]
    response.body["resultString"] = CGI.unescapeHTML(response.body["resultString"]) if response.body["resultString"]

    content = expected_key ? response.body[expected_key] : response.body
  end

  # if content (filled with whole body or just expected_key) is missing
  if content.nil?
    detect_most_common_errors_and_raise_exceptions(response.body) if response.body
    raise UnexpectedResponse, response.body
  # else if it is a hash and `resultString` includes `NotAllowed`
  elsif content.kind_of?(Hash) && (content["resultString"] || "").include?("NotAllowed")
    # example content when doing a Developer Portal action with not enough permission
    # => {"responseId"=>"e5013d83-c5cb-4ba0-bb62-734a8d56007f",
    #    "resultCode"=>1200,
    #    "resultString"=>"webservice.certificate.downloadNotAllowed",
    #    "userString"=>"You are not permitted to download this certificate.",
    #    "creationTimestamp"=>"2017-01-26T22:44:13Z",
    #    "protocolVersion"=>"QH65B2",
    #    "userLocale"=>"en_US",
    #    "requestUrl"=>"https://developer.apple.com/services-account/QH65B2/account/ios/certificate/downloadCertificateContent.action",
    #    "httpCode"=>200}
    raise_insufficient_permission_error!(additional_error_string: content["userString"])
  else
    store_csrf_tokens(response)
    content
  end
end

#pbkdf2(password, salt, iterations, key_length, digest = OpenSSL::Digest::SHA256.new) ⇒ Object



527
528
529
530
531
# File 'spaceship/lib/spaceship/client.rb', line 527

def pbkdf2(password, salt, iterations, key_length, digest = OpenSSL::Digest::SHA256.new)
  require 'openssl'
  password = OpenSSL::Digest::SHA256.digest(password)
  OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, key_length, digest)
end

#perform_login_method(user, password, modified_cookie) ⇒ Object

rubocop:enable Metrics/PerceivedComplexity



622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
# File 'spaceship/lib/spaceship/client.rb', line 622

def (user, password, modified_cookie)
   = ENV['FASTLANE_USE_LEGACY_PRE_SIRP_AUTH']
  if 
    puts("Starting legacy Apple ID login") if Spaceship::Globals.verbose?

    # Fixes issue https://github.com/fastlane/fastlane/issues/21071
    # On 2023-02-23, Apple added a custom implementation
    # of hashcash to their auth flow
    # hashcash = nil
    hashcash = self.fetch_hashcash

    data = {
      accountName: user,
      password: password,
      rememberMe: true
    }

    return request(:post) do |req|
      req.url("https://idmsa.apple.com/appleauth/auth/signin")
      req.body = data.to_json
      req.headers['Content-Type'] = 'application/json'
      req.headers['X-Requested-With'] = 'XMLHttpRequest'
      req.headers['X-Apple-Widget-Key'] = self.itc_service_key
      req.headers['Accept'] = 'application/json, text/javascript'
      req.headers["Cookie"] = modified_cookie if modified_cookie
      req.headers["X-Apple-HC"] = hashcash if hashcash
    end
  else
    # Fixes issue https://github.com/fastlane/fastlane/issues/26368#issuecomment-2424190032
    puts("Starting SIRP Apple ID login") if Spaceship::Globals.verbose?
    return do_sirp(user, password, modified_cookie)
  end
end

Returns preferred path for storing cookie for two step verification.



294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
# File 'spaceship/lib/spaceship/client.rb', line 294

def persistent_cookie_path
  if ENV["SPACESHIP_COOKIE_PATH"]
    path = File.expand_path(File.join(ENV["SPACESHIP_COOKIE_PATH"], "spaceship", self.user, "cookie"))
  else
    [File.join(self.fastlane_user_dir, "spaceship"), "~/.spaceship", "/var/tmp/spaceship", "#{Dir.tmpdir}/spaceship"].each do |dir|
      dir_parts = File.split(dir)
      if directory_accessible?(File.expand_path(dir_parts.first))
        path = File.expand_path(File.join(dir, self.user, "cookie"))
        break
      end
    end
  end

  return path
end

#phone_id_from_masked_number(phone_numbers, masked_number) ⇒ Object



296
297
298
299
300
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 296

def phone_id_from_masked_number(phone_numbers, masked_number)
  phone_numbers.each do |phone|
    return phone['id'] if phone['numberWithDialCode'] == masked_number
  end
end

#phone_id_from_number(phone_numbers, phone_number) ⇒ Object

Raises:



244
245
246
247
248
249
250
251
252
253
254
255
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 244

def phone_id_from_number(phone_numbers, phone_number)
  phone_numbers.each do |phone|
    return phone['id'] if match_phone_to_masked_phone(phone_number, phone['numberWithDialCode'])
  end

  # Handle case of phone_number not existing in phone_numbers because ENV var is wrong or matcher is broken
  raise Tunes::Error.new, %(
Could not find a matching phone number to #{phone_number} in #{phone_numbers}.
Make sure your environment variable is set to the correct phone number.
If it is, please open an issue at https://github.com/fastlane/fastlane/issues/new and include this output so we can fix our matcher. Thanks.
)
end

#push_mode_from_masked_number(phone_numbers, masked_number) ⇒ Object



302
303
304
305
306
307
308
309
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 302

def push_mode_from_masked_number(phone_numbers, masked_number)
  phone_numbers.each do |phone|
    return phone['pushMode'] if phone['numberWithDialCode'] == masked_number
  end

  # If no pushMode was supplied, assume sms
  return "sms"
end

#push_mode_from_number(phone_numbers, phone_number) ⇒ Object



257
258
259
260
261
262
263
264
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 257

def push_mode_from_number(phone_numbers, phone_number)
  phone_numbers.each do |phone|
    return phone['pushMode'] if match_phone_to_masked_phone(phone_number, phone['numberWithDialCode'])
  end

  # If no pushMode was supplied, assume sms
  return "sms"
end

#raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2) ⇒ Object

This also gets called from subclasses



932
933
934
935
936
937
938
939
940
941
942
943
944
945
# File 'spaceship/lib/spaceship/client.rb', line 932

def raise_insufficient_permission_error!(additional_error_string: nil, caller_location: 2)
  # get the method name of the request that failed
  # `block in` is used very often for requests when surrounded for paging or retrying blocks
  # The ! is part of some methods when they modify or delete a resource, so we don't want to show it
  # Using `sub` instead of `delete` as we don't want to allow multiple matches
  calling_method_name = caller_locations(caller_location, 2).first.label.sub("block in", "").delete("!").strip

  # calling the computed property self.team_id can get us into an exception handling loop
  team_id = @current_team_id ? "(Team ID #{@current_team_id}) " : ""

  error_message = "User #{self.user} #{team_id}doesn't have enough permission for the following action: #{calling_method_name}"
  error_message += " (#{additional_error_string})" if additional_error_string.to_s.length > 0
  raise InsufficientPermissions, error_message
end

#request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block) ⇒ Object



856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
# File 'spaceship/lib/spaceship/client.rb', line 856

def request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block)
  headers.merge!(csrf_tokens)
  headers.merge!(additional_headers)
  headers['User-Agent'] = USER_AGENT

  # Before encoding the parameters, log them
  log_request(method, url_or_path, params, headers, &block)

  # form-encode the params only if there are params, and the block is not supplied.
  # this is so that certain requests can be made using the block for more control
  if method == :post && params && !block_given?
    params, headers = encode_params(params, headers)
  end

  response = if auto_paginate
               send_request_auto_paginate(method, url_or_path, params, headers, &block)
             else
               send_request(method, url_or_path, params, headers, &block)
             end

  return response
end

#request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode = "sms", should_request_code = true) ⇒ Object

this is used in two places: after choosing a phone number and when a phone number is set via ENV var



325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 325

def request_two_factor_code_from_phone(phone_id, phone_number, code_length, push_mode = "sms", should_request_code = true)
  if should_request_code
    # Request code
    r = request(:put) do |req|
      req.url("https://idmsa.apple.com/appleauth/auth/verify/phone")
      req.headers['Content-Type'] = 'application/json'
      req.body = { "phoneNumber" => { "id" => phone_id }, "mode" => push_mode }.to_json
      update_request_headers(req)
    end

    # we use `Spaceship::TunesClient.new.handle_itc_response`
    # since this might be from the Dev Portal, but for 2 step
    Spaceship::TunesClient.new.handle_itc_response(r.body)

    puts("Successfully requested text message to #{phone_number}")
  end

  code = ask_for_2fa_code("Please enter the #{code_length} digit code you received at #{phone_number}:")

  return { "securityCode" => { "code" => code.to_s }, "phoneNumber" => { "id" => phone_id }, "mode" => push_mode }.to_json
end

#request_two_factor_code_from_phone_choose(phone_numbers, code_length) ⇒ Object



311
312
313
314
315
316
317
318
319
320
321
322
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 311

def request_two_factor_code_from_phone_choose(phone_numbers, code_length)
  puts("Please select a trusted phone number to send code to:")

  available = phone_numbers.collect do |current|
    current['numberWithDialCode']
  end
  chosen = choose_phone_number(available)
  phone_id = phone_id_from_masked_number(phone_numbers, chosen)
  push_mode = push_mode_from_masked_number(phone_numbers, chosen)

  request_two_factor_code_from_phone(phone_id, chosen, code_length, push_mode)
end

#send_shared_login_request(user, password) ⇒ Object

This method is used for both the Apple Dev Portal and App Store Connect This will also handle 2 step verification and 2 factor authentication

It is called in ‘send_login_request` of sub classes (which the method `login`, above, transferred over to via `do_login`) rubocop:disable Metrics/PerceivedComplexity



546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
# File 'spaceship/lib/spaceship/client.rb', line 546

def (user, password)
  # Check if the cache or FASTLANE_SESSION is still valid
  has_valid_session = self.has_valid_session

  # Exit if `--check_session` flag was passed
  exit_with_session_state(user, has_valid_session) if Spaceship::Globals.check_session

  # If the session is valid no need to attempt to generate a new one.
  return true if has_valid_session

  begin
    # The below workaround is only needed for 2 step verified machines
    # Due to escaping of cookie values we have a little workaround here
    # By default the cookie jar would generate the following header
    #   DES5c148...=HSARM.......xaA/O69Ws/CHfQ==SRVT
    # However we need the following
    #   DES5c148...="HSARM.......xaA/O69Ws/CHfQ==SRVT"
    # There is no way to get the cookie jar value with " around the value
    # so we manually modify the cookie (only this one) to be properly escaped
    # Afterwards we pass this value manually as a header
    # It's not enough to just modify @cookie, it needs to be done after self.cookie
    # as a string operation
    important_cookie = @cookie.store.entries.find { |a| a.name.include?("DES") }
    if important_cookie
      modified_cookie = self.cookie # returns a string of all cookies
      unescaped_important_cookie = "#{important_cookie.name}=#{important_cookie.value}"
      escaped_important_cookie = "#{important_cookie.name}=\"#{important_cookie.value}\""
      modified_cookie.gsub!(unescaped_important_cookie, escaped_important_cookie)
    end

    response = (user, password, modified_cookie)
  rescue UnauthorizedAccessError
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  end

  # Now we know if the login is successful or if we need to do 2 factor

  case response.status
  when 403
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  when 200
    fetch_olympus_session
    return response
  when 409
    # 2 step/factor is enabled for this account, first handle that
    handle_two_step_or_factor(response)
    # and then get the olympus session
    fetch_olympus_session
    return true
  else
    if (response.body || "").include?('invalid="true"')
      # User Credentials are wrong
      raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
    elsif response.status == 412 && AUTH_TYPES.include?(response.body["authType"])

      if try_upgrade_2fa_later(response)
        store_cookie
        return true
      end

      # Need to acknowledge Apple ID and Privacy statement - https://github.com/fastlane/fastlane/issues/12577
      # Looking for status of 412 might be enough but might be safer to keep looking only at what is being reported
      raise AppleIDAndPrivacyAcknowledgementNeeded.new, "Need to acknowledge to Apple's Apple ID and Privacy statement. " \
                                                        "Please manually log into https://appleid.apple.com (or https://appstoreconnect.apple.com) to acknowledge the statement. " \
                                                        "Your account might also be asked to upgrade to 2FA. " \
                                                        "Set SPACESHIP_SKIP_2FA_UPGRADE=1 for fastlane to automatically bypass 2FA upgrade if possible."
    elsif (response['Set-Cookie'] || "").include?("itctx")
      raise "Looks like your Apple ID is not enabled for App Store Connect, make sure to be able to login online"
    else
      info = [response.body, response['Set-Cookie']]
      raise Tunes::Error.new, info.join("\n")
    end
  end
end

#sms_automatically_sent(response) ⇒ Object

see ‘sms_fallback` + account has only one trusted number for receiving an sms



230
231
232
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 230

def sms_automatically_sent(response)
  (response.body["trustedPhoneNumbers"] || []).count == 1 && sms_fallback(response)
end

#sms_fallback(response) ⇒ Object

Account is not signed into any devices that can display a verification code



225
226
227
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 225

def sms_fallback(response)
  response.body["noTrustedDevices"]
end


275
276
277
278
279
280
281
282
283
# File 'spaceship/lib/spaceship/client.rb', line 275

def store_cookie(path: nil)
  path ||= persistent_cookie_path
  FileUtils.mkdir_p(File.expand_path("..", path))

  # really important to specify the session to true
  # otherwise myacinfo and more won't be stored
  @cookie.save(path, :yaml, session: true)
  return File.read(path)
end

#store_sessionObject



347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 347

def store_session
  # If the request was successful, r.body is actually nil
  # The previous request will fail if the user isn't on a team
  # on App Store Connect, but it still works, so we're good

  # Tell iTC that we are trustworthy (obviously)
  # This will update our local cookies to something new
  # They probably have a longer time to live than the other poor cookies
  # Changed Keys
  # - myacinfo
  # - DES5c148586dfd451e55afb0175f62418f91
  # We actually only care about the DES value

  request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/2sv/trust")
    update_request_headers(req)
  end
  # This request will fail if the user isn't added to a team on iTC
  # However we don't really care, this request will still return the
  # correct DES... cookie

  self.store_cookie
end

#team_idString

Returns The currently selected Team ID.

Returns:

  • (String)

    The currently selected Team ID



133
134
135
136
137
138
139
140
# File 'spaceship/lib/spaceship/client.rb', line 133

def team_id
  return @current_team_id if @current_team_id

  if teams.count > 1
    puts("The current user is in #{teams.count} teams. Pass a team ID or call `select_team` to choose a team. Using the first one for now.")
  end
  @current_team_id ||= user_details_data['provider']['providerId']
end

#team_id=(team_id) ⇒ Object

Set a new team ID which will be used from now on



143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# File 'spaceship/lib/spaceship/client.rb', line 143

def team_id=(team_id)
  # First, we verify the team actually exists, because otherwise iTC would return the
  # following confusing error message
  #
  #     invalid content provider id
  available_teams = teams.collect do |team|
    {
      team_id: team["providerId"],
      public_team_id: team["publicProviderId"],
      team_name: team["name"]
    }
  end

  result = available_teams.find do |available_team|
    team_id.to_s == available_team[:team_id].to_s
  end

  unless result
    error_string = "Could not set team ID to '#{team_id}', only found the following available teams:\n\n#{available_teams.map { |team| "- #{team[:team_id]} (#{team[:team_name]})" }.join("\n")}\n"
    raise Tunes::Error.new, error_string
  end

  response = request(:post) do |req|
    req.url("https://appstoreconnect.apple.com/olympus/v1/session")
    req.body = { "provider": { "providerId": result[:team_id] } }.to_json
    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'olympus-ui'
  end

  handle_itc_response(response.body)

  # clear user_details_data cache, as session switch will have changed sessionToken attribute
  @_cached_user_details = nil

  @current_team_id = team_id
end

#team_informationHash

Returns Fetches all information of the currently used team.

Returns:

  • (Hash)

    Fetches all information of the currently used team



181
182
183
184
185
# File 'spaceship/lib/spaceship/client.rb', line 181

def team_information
  teams.find do |t|
    t['teamId'] == team_id
  end
end

#team_nameString

Returns Fetches name from currently used team.

Returns:

  • (String)

    Fetches name from currently used team



188
189
190
# File 'spaceship/lib/spaceship/client.rb', line 188

def team_name
  (team_information || {})['name']
end

#teamsArray

Returns A list of all available teams.

Returns:

  • (Array)

    A list of all available teams



73
74
75
76
77
78
79
80
# File 'spaceship/lib/spaceship/client.rb', line 73

def teams
  user_details_data['availableProviders'].sort_by do |team|
    [
      team['name'],
      team['providerId']
    ]
  end
end

#to_byte(str) ⇒ Object



537
538
539
# File 'spaceship/lib/spaceship/client.rb', line 537

def to_byte(str)
  [str].pack('H*')
end

#to_hex(str) ⇒ Object



533
534
535
# File 'spaceship/lib/spaceship/client.rb', line 533

def to_hex(str)
  str.unpack1('H*')
end

#try_upgrade_2fa_later(response) ⇒ Object



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'spaceship/lib/spaceship/upgrade_2fa_later_client.rb', line 6

def try_upgrade_2fa_later(response)
  if ENV['SPACESHIP_SKIP_2FA_UPGRADE'].nil?
    return false
  end

  puts("This account is being prompted to upgrade to 2FA")
  puts("Attempting to automatically bypass the upgrade until a later date")
  puts("To disable this, remove SPACESHIP_SKIP_2FA_UPGRADE=1 environment variable")

  # Get URL that requests a repair and gets the widget key
  widget_key_location = response.headers['location']
  uri    = URI.parse(widget_key_location)
  params = CGI.parse(uri.query)

  widget_key = params.dig('widgetKey', 0)
  if widget_key.nil?
    STDERR.puts("Couldn't find widgetKey to continue with requests")
    return false
  end

  # Step 1 - Request repair
  response_repair = request(:get) do |req|
    req.url(widget_key_location)
  end

  # Step 2 - Request repair options
  response_repair_options = request(:get) do |req|
    req.url("https://appleid.apple.com/account/manage/repair/options")

    req.headers['scnt'] = response_repair.headers['scnt']
    req.headers['X-Apple-Id-Session-Id'] = response.headers['X-Apple-Id-Session-Id']
    req.headers['X-Apple-Session-Token'] = response.headers['X-Apple-Repair-Session-Token']

    req.headers['X-Apple-Skip-Repair-Attributes'] = '[]'
    req.headers['X-Apple-Widget-Key'] = widget_key

    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['Accept'] = 'application/json, text/javascript'
  end

  # Step 3 - Request setup later
  request(:get) do |req|
    req.url("https://appleid.apple.com/account/security/upgrade/setuplater")

    req.headers['scnt'] = response_repair_options.headers['scnt']
    req.headers['X-Apple-Id-Session-Id'] = response.headers['X-Apple-Id-Session-Id']
    req.headers['X-Apple-Session-Token'] = response_repair_options.headers['x-apple-session-token']
    req.headers['X-Apple-Skip-Repair-Attributes'] = '[]'
    req.headers['X-Apple-Widget-Key'] = widget_key

    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['Accept'] = 'application/json, text/javascript'
  end

  # Step 4 - Post complete
  response_repair_complete = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/repair/complete")

    req.body = ''
    req.headers['scnt'] = response.headers['scnt']
    req.headers['X-Apple-Id-Session-Id'] = response.headers['X-Apple-Id-Session-Id']
    req.headers['X-Apple-Repair-Session-Token'] = response_repair_options.headers['X-Apple-Session-Token']

    req.headers['X-Apple-Widget-Key'] = widget_key

    req.headers['Content-Type'] = 'application/json'
    req.headers['X-Requested-With'] = 'XMLHttpRequest'
    req.headers['Accept'] = 'application/json;charset=utf-8'
  end

  if response_repair_complete.status == 204
    return true
  else
    STDERR.puts("Failed with status code of #{response_repair_complete.status}")
    return false
  end
rescue => error
  STDERR.puts(error.backtrace)
  STDERR.puts("Failed to bypass 2FA upgrade")
  STDERR.puts("To disable this from trying again, set SPACESHIP_SKIP_UPGRADE_2FA_LATER=1")
  return false
end

#UIObject

Public getter for all UI related code rubocop:disable Naming/MethodName



22
23
24
# File 'spaceship/lib/spaceship/ui.rb', line 22

def UI
  UserInterface.new(self)
end

#update_request_headers(req) ⇒ Object

Responsible for setting all required header attributes for the requests to succeed



373
374
375
376
377
378
# File 'spaceship/lib/spaceship/two_step_or_factor_client.rb', line 373

def update_request_headers(req)
  req.headers["X-Apple-Id-Session-Id"] = @x_apple_id_session_id
  req.headers["X-Apple-Widget-Key"] = self.itc_service_key
  req.headers["Accept"] = "application/json"
  req.headers["scnt"] = @scnt
end

#user_details_dataObject

Fetch the general information of the user, is used by various methods across spaceship Sample return value

>
 [{"contentProvider"=>{"contentProviderId"=>11142800, "name"=>"Felix Krause", "contentProviderTypes"=>["Purple Software"], "roles"=>["Developer"], "lastLogin"=>1468784113000}],
"sessionToken"=>"contentProviderId"=>18111111, "expirationDate"=>nil, "ipAddress"=>nil,
"permittedActivities"=>
    ["UserManagementSelf",
    "GameCenterTestData",
    "AppAddonCreation"],
  "REPORT"=>
   ["UserManagementSelf",
    "AppAddonCreation"],
  "VIEW"=>
   ["TestFlightAppExternalTesterManagement",
    ...
    "HelpGeneral",
    "HelpApplicationLoader"],
"preferredCurrencyCode"=>"EUR",
"preferredCountryCode"=>nil,
"countryOfOrigin"=>"AT",
"isLocaleNameReversed"=>false,
"feldsparToken"=>nil,
"feldsparChannelName"=>nil,
"hasPendingFeldsparBindingRequest"=>false,
"isLegalUser"=>false,
"userId"=>"1771111155",
"firstname"=>"Detlef",
"lastname"=>"Mueller",
"isEmailInvalid"=>false,
"hasContractInfo"=>false,
"canEditITCUsersAndRoles"=>false,
"canViewITCUsersAndRoles"=>true,
"canEditIAPUsersAndRoles"=>false,
"transporterEnabled"=>false,
"contentProviderFeatures"=>["APP_SILOING", "PROMO_CODE_REDESIGN", ...],
"contentProviderType"=>"Purple Software",
"displayName"=>"Detlef",
"contentProviderId"=>"18742800",
"userFeatures"=>[],
"visibility"=>true,
"DYCVisibility"=>false,
"contentProvider"=>"Felix Krause",
"userName"=>"[email protected]"}



126
127
128
129
130
# File 'spaceship/lib/spaceship/client.rb', line 126

def user_details_data
  return @_cached_user_details if @_cached_user_details
  r = request(:get, "https://appstoreconnect.apple.com/olympus/v1/session")
  @_cached_user_details = parse_response(r)
end

#with_retry(tries = 5, &_block) ⇒ Object



787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
# File 'spaceship/lib/spaceship/client.rb', line 787

def with_retry(tries = 5, &_block)
  return yield
rescue \
    Faraday::ConnectionFailed,
    Faraday::TimeoutError,
    BadGatewayError,
    AppleTimeoutError,
    GatewayTimeoutError,
    AccessForbiddenError => ex
  tries -= 1
  unless tries.zero?
    msg = "Timeout received: '#{ex.class}', '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue TooManyRequestsError => ex
  tries -= 1
  unless tries.zero?
    msg = "Timeout received: '#{ex.class}', '#{ex.message}'. Retrying after #{ex.retry_after} seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(ex.retry_after) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue \
    Faraday::ParsingError, # <h2>Internal Server Error</h2> with content type json
    InternalServerError => ex
  tries -= 1
  unless tries.zero?
    msg = "Internal Server Error received: '#{ex.class}', '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue UnauthorizedAccessError => ex
  if @loggedin && !(tries -= 1).zero?
    msg = "Auth error received: '#{ex.class}', '#{ex.message}'. Login in again then retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    if self.class.spaceship_session_env.to_s.length > 0
      raise UnauthorizedAccessError.new, "Authentication error, you passed an invalid session using the environment variable FASTLANE_SESSION or SPACESHIP_SESSION"
    end

    (self.user, @password)
    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
end