foxt / icloud.js Goto Github PK

Love this repo. But...I've been trying to make it work on headless linux systems without libsecret. Eventually came to the conclusion that just setting saveCredentials to false should work. It didnt! Confused I investigated and found that the javascipt index.js in the build directory is missing the check on saveCredentials. I am a total newb with typescript, so not sure if this is something i've done!!!

try { require("keytar").setPassword("https://idmsa.apple.com", this.options.username, this.options.password); } catch (e) { console.warn("[icloud] Unable to save account credentials:", e); }

The typescript has
try { if (this.options.saveCredentials) require("keytar").setPassword("https://idmsa.apple.com", this.options.username, this.options.password); } catch (e) { console.warn("[icloud] Unable to save account credentials:", e); }

Currently, trying to access iCloud Drive data while having ADP enabled returns

Error: Missing PCS cookies from the request

Looking at the cookies in a web browser, it seems the X-APPLE-WEBAUTH-PCS-Sharing and X-APPLE-WEBAUTH-PCS-Documents are related

Not sure exactly what PCS stands for, possibly Private/Protected Cloud Service?

The iCloud web app sends an empty post request to https://setup.icloud.com/setup/ws/1/requestWebAccessState?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=0a6768e7-9914-416d-9fd2-51b095985663&dsid=12024116479 to check if the user has consented to

ADP disabled:

{"dsid":8363351371,"isWebAccessAllowed":true}

ADP enabled:

{"dsid":12024116479,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":false,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":0}

(ICDRS possibly meaning iCloud Data Recovery Service)

If PCS consent is not granted, iCloud website sends a POST request to https://setup.icloud.com/setup/ws/1/enableDeviceConsentForPCS?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=0a6768e7-9914-416d-9fd2-51b095985663&dsid=12024116479 (with no body), to which the following response is sent

{"isDeviceConsentNotificationSent":true,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":false,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":0}

and a notification is sent to the users iPhone.

The URL https://setup.icloud.com/setup/ws/1/requestWebAccessState?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=0a6768e7-9914-416d-9fd2-51b095985663&dsid=12024116479 is polled with an empty POST.

No consent yet:

{"dsid":12024116479,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":false,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":0}

Consent granted:

{"dsid":12024116479,"isWebAccessAllowed":true,"isDeviceConsentedForPCS":true,"isICDRSDisabled":true,"deviceConsentForPCSExpiry":1674401748101}

The expiry period seems to be 1 hour

When accessing an ADP service, iCloud website, if it knows PCS consent is granted, sends a POST request to
https://setup.icloud.com/setup/ws/1/requestPCS?clientBuildNumber=2306Hotfix38&clientMasteringNumber=2306Hotfix38&clientId=4c1e9a0b-7cba-4c27-a9e3-c6f020fd416e&dsid=12024116479 with {"appName":"iclouddrive","derivedFromUserAction":true} to ensure that PCS cookies are present.

If PCS cookies sent with the request are not valid, but consent is already provided, the following is sent as JSON along with the cookies required

{"isWebAccessAllowed":true,"isDeviceConsentedForPCS":true,"isICDRSDisabled":true,"message":"Cookies attached.","deviceConsentForPCSExpiry":1674400678814,"status":"success"}

If PCS cookies sent with the request is valid, the following is sent

{"isWebAccessAllowed":true,"isDeviceConsentedForPCS":true,"isICDRSDisabled":true,"message":"Cookies already present.","deviceConsentForPCSExpiry":1674400678814,"status":"success"}

Should this be happening? Documentation and example suggests that refresh is called separately. Also refresh is async?

I have only seen this as when I was investigating the reauthentication thing, I found I was seeing extra refreshes

Hello, this library still WIP?
I always get error when i set security code

const iCloud = require('icloudjs').default
const path = require('path')
const prompt = require('prompt')

const icloud = new iCloud({
    username: "my_apple_id",
    password: "my_password",
    saveCredentials: true,
    trustDevice: true,
    dataDirectory: path.resolve('./tmp/')
});

(async() => {
  await icloud.authenticate()

  if (icloud.status === "MfaRequested") {
    const code =  await prompt.get(['2fa code'])
    await icloud.provideMfaCode(code)
  }

  await icloud.awaitReady;
  console.log("Hello, " + icloud.accountInfo.dsInfo.fullName)
})();

PS: also tried enter code without any space

It would be helpful to offer functions that allow to resend the MFA code or send it via different means like the iCloud login does.

I see at least two functions, but there might be more:

1. Resend Code in case it was not received

2. Send code via SMS
   On the iCloud login page this triggers a PUT request to https://idmsa.apple.com/appleauth/auth/verify/phone with body

{
    "mode": "sms",
    "phoneNumber": { 
        "id": 1
    }
}

I would trigger the call myself but it requires a bunch of headers that should be available in the iCloud instance this library creates.

Examples are cool, but we really need proper documentation

I'm not really a fan of https://github.com/TypeStrong/typedoc, but it seems like it's the only real option

I'm probably doing something wrong -:(

I connect successfully, get the findme service, call refresh and all works

I can continue to get the service and call refresh for a few minutes (4-5), however then I get the 'Invalid Json response body' and have to reconnect.

After investigation, it seems that the fetch for the refresh is return an http code of 450 and an empty body.