Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for 2FA accounts using SMS #107

Merged
merged 5 commits into from Oct 14, 2020
Merged

Add support for 2FA accounts using SMS #107

merged 5 commits into from Oct 14, 2020

Conversation

interstateone
Copy link
Contributor

@interstateone interstateone commented Oct 2, 2020
edited

Adds support for 2FA accounts that use SMS instead of trusted devices for delivery. This should close #96, but I'll need to get confirmation with the folks that reported that issue.

There are a couple 2FA flows that are now supported:

  1. 2FA SMS automatically sent because user has a single phone number
  2. 2FA that requires selection from multiple phone numbers before sending an SMS
  3. 2FA automatically displayed on the screen of trusted devices

I'm deliberately not supporting the earlier two-step authentication because upgrading the account to 2FA seems like a reasonable workaround.

Some tests have been added that verify the flow handles different situations correctly, and prints the correct copy to the terminal.

Testing

I've tested this myself with:

  • an account that has no trusted devices added and a single phone number
  • my existing account that has multiple trusted devices added and a single phone number

The latter case was able to validate the selection flow in case 2 above by opting out of the trusted device code by entering sms, although there was only one phone number to choose from.

First, clone this repo if necessary and check out the PR branch:

git clone https://github.com/RobotsAndPencils/xcodes.git
cd xcodes
git checkout -b interstateone-sms-2fa-support master
git pull https://github.com/interstateone/xcodes.git sms-2fa-support

You can test this new behaviour with your own account using a command like:

swift run xcodes update

If you need to change to use a different account than one that was already signed in, you can set the XCODES_USERNAME environment variable first:

XCODES_USERNAME=my_other_apple_id@example.com swift run xcodes update

If you already had a valid session in xcodes then you'll need to reset the cookies, cache, etc. in order to test this flow. You can add the following snippet in main.swift at line 15. (We may want to add a flag for this later, for edge cases or just debug/testing.)

let s = DispatchSemaphore(value: 0)
URLSession.shared.reset {
    print("URLSession has been reset")
    s.signal()
}
s.wait()

With all that said, what I'd expect to happen when you test this is for SMS 2FA to "just work" now. If it doesn't, or if you think some of the instructional copy that's shown during the flow could be improved, please let me know.

The Paw file has been updated to support testing the SMS flow.

In order to make it a bit easier (or at least familiar) to test the AppleAPI code I changed it to use the same Environment struct that XcodesKit does. I'd started out development using OHHTTPStubs but wanted a bit more, and this also allows testing other things like the log output more easily which is useful for validating longer interactions.

Updates to Swift 5.3 and Xcode 12, which allowed transitioning to use SPM resources for test fixtures.

@interstateone interstateone mentioned this pull request Oct 6, 2020
Closed
@interstateone interstateone marked this pull request as ready for review October 8, 2020 03:11
aerickson14
aerickson14 approved these changes Oct 14, 2020
View reviewed changes
Copy link

@aerickson14 aerickson14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested this out with my account that uses SMS and it work well 👍

@interstateone interstateone merged commit c556f48 into XcodesOrg:master Oct 14, 2020
@interstateone interstateone deleted the sms-2fa-support branch October 14, 2020 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aerickson14 aerickson14 aerickson14 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Login with SMS 2FA code fails with "The data couldn’t be read because it is missing"
2 participants
@interstateone @aerickson14