stalk-my-friends icon indicating copy to clipboard operation
stalk-my-friends copied to clipboard

Please add support for 2FA

Open bryanrossUK opened this issue 7 years ago • 6 comments

The current code doesn't seem to support two-factor authentication. Apple sends me a code, but there's no way to then authenticate through the app.

I'm not sure I'm smart enough to add it myself, but the following snippets from pyicloud might be useful?

Detecting if 2FA is required

    def requires_2fa(self):
        """ Returns True if two-factor authentication is required."""
        return self.data.get('hsaChallengeRequired', False)

Validating a code provided by the user

    def validate_verification_code(self, device, code):
        """ Verifies a verification code received on a two-factor device"""
        device.update({
            'verificationCode': code,
            'trustBrowser': True
        })
        data = json.dumps(device)

        try:
            request = self.session.post(
                '%s/validateVerificationCode' % self._setup_endpoint,
                params=self.params,
                data=data
            )
        except PyiCloudAPIResponseError as error:
            if error.code == -21669:
                # Wrong verification code
                return False
            raise

        # Re-authenticate, which will both update the 2FA data, and
        # ensure that we save the X-APPLE-WEBAUTH-HSA-TRUST cookie.
        self.authenticate()

        return not self.requires_2fa

bryanrossUK avatar May 12 '17 21:05 bryanrossUK

Should it not be possible to create an app-specific-password through https://appleid.apple.com/ ?

If I enter a generated app-specific-password in config.js I get this error:

marcoroth$ node ./cli.js
/setup/ws/1/login?clientBuildNumber=1P24&clientId=00000000-0000-0000-0000-000000000000
request
instance { error: 1 }
/Users/marcoroth/stalk-my-friends/lib/icloud.js:75
        var dsid = me.instance.dsInfo.dsid;
                                     ^

TypeError: Cannot read property 'dsid' of undefined
    at IncomingMessage.<anonymous> (/Users/marcoroth/stalk-my-friends/lib/icloud.js:75:38)
    at emitNone (events.js:72:20)
    at IncomingMessage.emit (events.js:166:7)
    at endReadableNT (_stream_readable.js:905:12)
    at doNTCallback2 (node.js:441:9)
    at process._tickCallback (node.js:355:17)

marcoroth avatar May 27 '17 11:05 marcoroth

Same issue here. Did you get any further with this?

The response from the iCloud API is clearly expecting the 2FA process to be undertaken:

'1': { reason: 'Missing X-APPLE-WEBAUTH-TOKEN cookie', error: 1 }

I also got the error marcoroth described above when attempting to use an app-specific password.

rmayer avatar Jun 11 '17 20:06 rmayer

I haven't unfortunately; would be great to see this project improved!

bryanrossUK avatar Jun 13 '17 19:06 bryanrossUK

@bryanrossUK @marcoroth @rmayer I got mine working at some point within my script to spoof location. But now I am having trouble with it throwing me an HTTP Error 421: Misdirected Request error

alextechtai avatar Jun 11 '19 17:06 alextechtai

I Accidentally deleted my iCloud from my contacts and cannot get it back for nothing.

CADunnA1 avatar Oct 06 '19 05:10 CADunnA1

Clint Dunn @[email protected]

CADunnA1 avatar Oct 06 '19 05:10 CADunnA1