Two-step authentication is an older security method used for
accounts without an Apple device, or who are unable to upgrade
to iOS 9 or OS X El Capitan.
https://support.apple.com/en-us/HT204152
If the account has two-factor authentication enabled, we can still
fall back to the end-points for two-step authentication, as we do
not support 2FA yet.
Issue #102
LoadError would only be raised if the cookiejar didn't contain the
expected magic header. But a pickeled jar would potentially contain
data that raised a UnicodeDecodeError, so we need account for both.
This solves an issue where we would end up with an empty list of
time zones, throwing an exception as a result.
It also resolves to the user's actual Olson time zone name,
instead of the first of all the possible time zone names that
match the current time zone of the user.
The two helper methods are no longer needed, as we can now use
get_localzone() directly.
It's automatically taken care of by the requests module based on
the URL, and explicitly setting it on the globally shared session
object results in other services (such as the calendar service)
breaking when used after the reminders service in the same session.
Unfortunately log filters only apply to each logger, not to its
children, so we have to make sure the http child loggers has the
same password filter as the root base filter.
If the response's content-type is not one of the two json mimetypes
iCloud will send us we need to return early, not try to parse the
error messsage out of an invalid json object.
For added safety we wrap the JSON decoding in a try/except, so that
malformed JSON data will not result in an exception from that part
of the code (though it will likely still raise at a later point when
the JSON data is parsed in service logic).
Fixes#71
When 2FA is enabled in iCloud most iCloud services are unavailable
without first going through the 2FA handshake. We now have API to
initiate the 2FA, which can be used by more advanced API clients.
The built in command line 'icloud' application has not been updated,
as listing and managing devices though Find my iPhone is one of the
services that do not require 2FA.
Fixes issue #66.
Allows easier debugging of failing API calls. We filter out iCloud
password so that debug logs can be attached to bug reports, etc.
Errors are raised as PyiCloudAPIResponseError with a reason and
code property, in addition to being logged, which allows them to
be handled by client code, or will at least give a clearer idea
about the issue than e.g. opaque key errors when trying to access
non existent properties of the JSON response.
Squashed commit of the following:
commit 0eb23aa87c264152716933e03827f040742e6d70
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Feb 20 14:21:48 2016 -0800
Updating readme to reflect updated flow.
commit 840268e2db6093b5cb573c6a3e71204bf5b08b48
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Feb 20 14:18:39 2016 -0800
Dropping python 2.6 support workaround.
commit 9dcbd460482c2925bda490be2be884a2a2526062
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Feb 20 14:18:00 2016 -0800
Adding additional behavior at @torarnv's request.
commit 6c711bb12beea7c792b5d386203373423b6e56e2
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Jan 23 15:08:29 2016 -0800
Workaround for obsolete versions of Python 2.
commit b0765b7b6bf9974348061043da9a110c6bd7d985
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Jan 23 14:56:53 2016 -0800
Style changes to avoid line length overage.
commit 4decc576432ef23edae01b9621f2689b4f3c6c84
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Jan 23 14:01:27 2016 -0800
Adding documentation; also adding --delete-from-keyring command-line option.
commit a6b0224e93a8bc9159cf06ba5792a384f7fbb060
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Jan 23 13:44:09 2016 -0800
Adding functionality allowing authentication using iCloud passwords stored in the system keychain.
Adds the following new command-line options:
* `--password-interactive`: Allows you to specify your password
interactively rather than typing it into the command-line.
* `--store-in-keychain`: Allows you to store the password in use in the
system keychain.
If no password is specified when instantiating `PyiCloudService` or when
using the command-line utility (via either `--password-interactive` or
`--password`), the system keychain will be queried for a stored
password, and an exception will be raised if one was not found.
commit 4ba03fb02d51673dfb7183dde49ab4c0bec4afb3
Author: Adam Coddington <me@adamcoddington.net>
Date: Sat Jan 23 13:43:39 2016 -0800
Removing unused imports.
There's no need to validate before authenticating, as we don't log
in with extended_login=True, which means there are no persisted
login cookies besides the one ensuring we only get a single e-mail.
The id that refresh_validate used to generate is also not needed,
as authentication with just the username and password works fine,
and is what the icloud.com webapp also does.
Finally, we can skip the second validate after authentication as
the dsInfo/dsid is available through the response we get from the
authentication.
Instead of trying to look for a specific cookie to save, discarding all
others, and persisting the cookies manually using pickle, we build on
the functionality of cookielib, which already has functionality to save
and load cookiejars. The request library is documented to work with any
subclass of cookielib.CookieJar.
This ensures that we only save persistent cookies (which includes the
X-APPLE-WEB-KB cookie), and skip session cookies, which should make the
code more future proof in case Apple adds more persistent cookies.
This also fixes#44, which was still occurring because we were
persisting the cookies of the request, not the session, and when
logging in with a persisted cookie the resulting request did not
have the X-APPLE-WEB-KB set, so we ended up overwriting the cookie
file with one that didn't contain any X-APPLE-WEB-KB cookie anymore.
