Class: Spaceship::Client

Inherits:

Object

• Object
• Spaceship::Client

Defined in:

spaceship/lib/spaceship/client.rb,
spaceship/lib/spaceship/ui.rb,
spaceship/lib/spaceship/two_step_client.rb,
spaceship/lib/spaceship/portal/ui/select_team.rb

Overview

rubocop:disable Metrics/ClassLength

Direct Known Subclasses

DUClient, PortalClient, TestFlight::Client, TunesClient

Defined Under Namespace

Classes: UserInterface

Constant Summary

PROTOCOL_VERSION =

"QH65B2"

USER_AGENT =

"Spaceship #{Fastlane::VERSION}"

BasicPreferredInfoError =

legacy support

Spaceship::BasicPreferredInfoError

InvalidUserCredentialsError =

Spaceship::InvalidUserCredentialsError

NoUserCredentialsError =

Spaceship::NoUserCredentialsError

ProgramLicenseAgreementUpdated =

Spaceship::ProgramLicenseAgreementUpdated

InsufficientPermissions =

Spaceship::InsufficientPermissions

UnexpectedResponse =

Spaceship::UnexpectedResponse

AppleTimeoutError =

Spaceship::AppleTimeoutError

UnauthorizedAccessError =

Spaceship::UnauthorizedAccessError

InternalServerError =

Spaceship::InternalServerError

Helpers

• #csrf_tokens ⇒ Object

  memorize the last csrf tokens from responses.

Instance Attribute Summary

• #available_providers ⇒ Object

  Returns the value of attribute available_providers.

• #client ⇒ Object readonly

  Returns the value of attribute client.

• #logger ⇒ Object

  The logger in which all requests are logged /tmp/spaceship[time]_.log by default.

• #provider ⇒ Object

  Returns the value of attribute provider.

• #user ⇒ Object

  The user that is currently logged in.

• #user_email ⇒ Object

  The email of the user that is currently logged in.

Automatic Paging

• #page_size ⇒ Object

  The page size we want to request, defaults to 500.

• #paging ⇒ Object

  Handles the paging for you…

Login and Team Selection

• #fetch_olympus_session ⇒ Object

  Get the ‘itctx` from the new (22nd May 2017) API endpoint “olympus”.

• #itc_service_key ⇒ Object
• #login(user = nil, password = nil) ⇒ Spaceship::Client

  Authenticates with Apple’s web services.

• #send_shared_login_request(user, password) ⇒ Object

  This method is used for both the Apple Dev Portal and iTunes Connect This will also handle 2 step verification.

Helpers

• #detect_most_common_errors_and_raise_exceptions(body) ⇒ Object
• #parse_response(response, expected_key = nil) ⇒ Object
• #raise_insuffient_permission_error!(additional_error_string: nil, caller_location: 2) ⇒ Object

  This also gets called from subclasses.

• #request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block) ⇒ Object
• #with_retry(tries = 5, &_block) ⇒ Object

Class Method Summary

• .client_with_authorization_from(another_client) ⇒ Object

  Instantiates a client but with a cookie derived from another client.

• .hostname ⇒ Object
• .login(user = nil, password = nil) ⇒ Spaceship::Client

  Authenticates with Apple’s web services.

• .spaceship_session_env ⇒ Object

  Fetch the session cookie from the environment (if exists).

Instance Method Summary

• #cookie ⇒ String

  Return the session cookie.

• #fastlane_user_dir ⇒ Object

  This is a duplicate method of fastlane_core/fastlane_core.rb#fastlane_user_dir.

• #handle_two_factor(response) ⇒ Object
• #handle_two_step(response) ⇒ Object
• #initialize(cookie: nil, current_team_id: nil) ⇒ Client constructor

  A new instance of Client.

• #load_session_from_env ⇒ Object
• #load_session_from_file ⇒ Object

  Only needed for 2 step.

• #persistent_cookie_path ⇒ Object

  Returns preferred path for storing cookie for two step verification.

• #select_device(r, device_id) ⇒ Object
• #store_cookie(path: nil) ⇒ Object
• #store_session ⇒ Object
• #team_id ⇒ String

  The currently selected Team ID.

• #team_id=(team_id) ⇒ Object

  Set a new team ID which will be used from now on.

• #team_information ⇒ Hash

  Fetches all information of the currently used team.

• #teams ⇒ Array

  A list of all available teams.

• #UI ⇒ Object

  Public getter for all UI related code rubocop:disable Style/MethodName.

• #update_request_headers(req) ⇒ Object

  Responsible for setting all required header attributes for the requests to succeed.

• #user_details_data ⇒ Object

  Fetch the general information of the user, is used by various methods across spaceship Sample return value => [{“contentProvider”=>{“contentProviderId”=>11142800, “name”=>“Felix Krause”, “contentProviderTypes”=>[“Purple Software”], “roles”=>, “lastLogin”=>1468784113000}], “sessionToken”=>“contentProviderId”=>18111111, “expirationDate”=>nil, “ipAddress”=>nil, “permittedActivities”=> [“UserManagementSelf”, “GameCenterTestData”, “AppAddonCreation”], “REPORT”=> [“UserManagementSelf”, “AppAddonCreation”], “VIEW”=> [“TestFlightAppExternalTesterManagement”, … “HelpGeneral”, “HelpApplicationLoader”], “preferredCurrencyCode”=>“EUR”, “preferredCountryCode”=>nil, “countryOfOrigin”=>“AT”, “isLocaleNameReversed”=>false, “feldsparToken”=>nil, “feldsparChannelName”=>nil, “hasPendingFeldsparBindingRequest”=>false, “isLegalUser”=>false, “userId”=>“1771111155”, “firstname”=>“Detlef”, “lastname”=>“Mueller”, “isEmailInvalid”=>false, “hasContractInfo”=>false, “canEditITCUsersAndRoles”=>false, “canViewITCUsersAndRoles”=>true, “canEditIAPUsersAndRoles”=>false, “transporterEnabled”=>false, “contentProviderFeatures”=>[“APP_SILOING”, “PROMO_CODE_REDESIGN”, …], “contentProviderType”=>“Purple Software”, “displayName”=>“Detlef”, “contentProviderId”=>“18742800”, “userFeatures”=>[], “visibility”=>true, “DYCVisibility”=>false, “contentProvider”=>“Felix Krause”, “userName”=>“detlef@krausefx.com”}.

Constructor Details

#initialize(cookie: nil, current_team_id: nil) ⇒ Client

Returns a new instance of Client.

# File 'spaceship/lib/spaceship/client.rb', line 203

def initialize(cookie: nil, current_team_id: nil)
  options = {
   request: {
      timeout:       (ENV["SPACESHIP_TIMEOUT"] || 300).to_i,
      open_timeout:  (ENV["SPACESHIP_TIMEOUT"] || 300).to_i
    }
  }
  @current_team_id = current_team_id
  @cookie = cookie || HTTP::CookieJar.new
  @client = Faraday.new(self.class.hostname, options) do |c|
    c.response(:json, content_type: /\bjson$/)
    c.response(:xml, content_type: /\bxml$/)
    c.response(:plist, content_type: /\bplist$/)
    c.use(:cookie_jar, jar: @cookie)
    c.use(FaradayMiddleware::RelsMiddleware)
    c.adapter(Faraday.default_adapter)

    if ENV['SPACESHIP_DEBUG']
      # for debugging only
      # This enables tracking of networking requests using Charles Web Proxy
      c.proxy("https://127.0.0.1:8888")
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
    elsif ENV["SPACESHIP_PROXY"]
      c.proxy(ENV["SPACESHIP_PROXY"])
      c.ssl[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if ENV["SPACESHIP_PROXY_SSL_VERIFY_NONE"]
    end

    if ENV["DEBUG"]
      puts("To run _spaceship_ through a local proxy, use SPACESHIP_DEBUG")
    end
  end
end

Instance Attribute Details

#available_providers ⇒ Object

Returns the value of attribute available_providers.

# File 'spaceship/lib/spaceship/client.rb', line 43

def available_providers
  @available_providers
end

#client ⇒ Object (readonly)

Returns the value of attribute client.

# File 'spaceship/lib/spaceship/client.rb', line 27

def client
  @client
end

#csrf_tokens ⇒ Object

memorize the last csrf tokens from responses

# File 'spaceship/lib/spaceship/client.rb', line 554

def csrf_tokens
  @csrf_tokens
end

#logger ⇒ Object

The logger in which all requests are logged /tmp/spaceship[time]_.log by default

# File 'spaceship/lib/spaceship/client.rb', line 37

def logger
  @logger
end

#provider ⇒ Object

Returns the value of attribute provider.

# File 'spaceship/lib/spaceship/client.rb', line 41

def provider
  @provider
end

#user ⇒ Object

The user that is currently logged in

# File 'spaceship/lib/spaceship/client.rb', line 30

def user
  @user
end

#user_email ⇒ Object

The email of the user that is currently logged in

# File 'spaceship/lib/spaceship/client.rb', line 33

def user_email
  @user_email
end

Class Method Details

.client_with_authorization_from(another_client) ⇒ Object

Instantiates a client but with a cookie derived from another client.

HACK: since the ‘@cookie` is not exposed, we use this hacky way of sharing the instance.

# File 'spaceship/lib/spaceship/client.rb', line 199

def self.client_with_authorization_from(another_client)
  self.new(cookie: another_client.instance_variable_get(:@cookie), current_team_id: another_client.team_id)
end

.hostname ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 78

def self.hostname
  raise "You must implement self.hostname"
end

.login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

• user (String) (defaults to: nil) —

  (optional): The username (usually the email address)

• password (String) (defaults to: nil) —

  (optional): The password

Returns:

• (Spaceship::Client) —

  The client the login method was called for

Raises:

• InvalidUserCredentialsError: raised if authentication failed

# File 'spaceship/lib/spaceship/client.rb', line 69

def self.login(user = nil, password = nil)
  instance = self.new
  if instance.login(user, password)
    instance
  else
    raise InvalidUserCredentialsError.new, "Invalid User Credentials"
  end
end

.spaceship_session_env ⇒ Object

Fetch the session cookie from the environment (if exists)

# File 'spaceship/lib/spaceship/two_step_client.rb', line 119

def self.spaceship_session_env
  ENV["FASTLANE_SESSION"] || ENV["SPACESHIP_SESSION"]
end

Instance Method Details

#cookie ⇒ String

Return the session cookie.

Returns:

• (String) —

  the cookie-string in the RFC6265 format: tools.ietf.org/html/rfc6265#section-4.2.1

# File 'spaceship/lib/spaceship/client.rb', line 260

def cookie
  @cookie.map(&:to_s).join(';')
end

#detect_most_common_errors_and_raise_exceptions(body) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 614

def detect_most_common_errors_and_raise_exceptions(body)
  # Check if the failure is due to missing permissions (iTunes Connect)
  if body["messages"] && body["messages"]["error"].include?("Forbidden")
    raise_insuffient_permission_error!
  elsif body["messages"] && body["messages"]["error"].include?("insufficient privileges")
    # Passing a specific `caller_location` here to make sure we return the correct method
    # With the default location the error would say that `parse_response` is the caller
    raise_insuffient_permission_error!(caller_location: 3)
  elsif body.to_s.include?("Internal Server Error - Read")
    raise InternalServerError, "Received an internal server error from iTunes Connect / Developer Portal, please try again later"
  elsif (body["resultString"] || "").include?("Program License Agreement")
    raise ProgramLicenseAgreementUpdated, "#{body['userString']} Please manually log into your Apple Developer account to review and accept the updated agreement."
  end
end

#fastlane_user_dir ⇒ Object

This is a duplicate method of fastlane_core/fastlane_core.rb#fastlane_user_dir

# File 'spaceship/lib/spaceship/client.rb', line 275

def fastlane_user_dir
  path = File.expand_path(File.join(Dir.home, ".fastlane"))
  FileUtils.mkdir_p(path) unless File.directory?(path)
  return path
end

#fetch_olympus_session ⇒ Object

Get the ‘itctx` from the new (22nd May 2017) API endpoint “olympus”

# File 'spaceship/lib/spaceship/client.rb', line 475

def fetch_olympus_session
  response = request(:get, "https://olympus.itunes.apple.com/v1/session")
  body = response.body
  if body
    body = JSON.parse(body) if body.kind_of?(String)
    user_map = body["user"]
    if user_map
      self.user_email = user_map["emailAddress"]
    end

    provider = body["provider"]
    self.provider = Spaceship::Provider.new(provider_hash: provider) unless provider.nil?

    available_providers_list = body["availableProviders"].compact

    self.available_providers = available_providers_list.map do |provider_hash|
      Spaceship::Provider.new(provider_hash: provider_hash)
    end
  end
end

#handle_two_factor(response) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_client.rb', line 49

def handle_two_factor(response)
  two_factor_url = "https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification"
  puts("Two Factor Authentication for account '#{self.user}' is enabled")

  if !File.exist?(persistent_cookie_path) && self.class.spaceship_session_env.to_s.length.zero?
    puts("If you're running this in a non-interactive session (e.g. server or CI)")
    puts("check out #{two_factor_url}")
  else
    # If the cookie is set but still required, the cookie is expired
    puts("Your session cookie has been expired.")
  end

  security_code = response.body["securityCode"]
  # {"length"=>6,
  #  "tooManyCodesSent"=>false,
  #  "tooManyCodesValidated"=>false,
  #  "securityCodeLocked"=>false}
  code_length = security_code["length"]
  code = ask("Please enter the #{code_length} digit code: ")
  puts("Requesting session...")

  # Send securityCode back to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/trusteddevice/securitycode")
    req.headers['Content-Type'] = 'application/json'
    req.body = { "securityCode" => { "code" => code.to_s } }.to_json

    update_request_headers(req)
  end

  # we use `Spaceship::TunesClient.new.handle_itc_response`
  # since this might be from the Dev Portal, but for 2 step
  Spaceship::TunesClient.new.handle_itc_response(r.body)

  store_session

  return true
end

#handle_two_step(response) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_client.rb', line 9

def handle_two_step(response)
  @x_apple_id_session_id = response["x-apple-id-session-id"]
  @scnt = response["scnt"]

  r = request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth")
    update_request_headers(req)
  end

  if r.body.kind_of?(Hash) && r.body["trustedDevices"].kind_of?(Array)
    if r.body.fetch("securityCode", {})["tooManyCodesLock"].to_s.length > 0
      raise Tunes::Error.new, "Too many verification codes have been sent. Enter the last code you received, use one of your devices, or try again later."
    end

    old_client = (begin
                    Tunes::RecoveryDevice.client
                  rescue
                    nil # since client might be nil, which raises an exception
                  end)
    Tunes::RecoveryDevice.client = self # temporary set it as it's required by the factory method
    devices = r.body["trustedDevices"].collect do |current|
      Tunes::RecoveryDevice.factory(current)
    end
    Tunes::RecoveryDevice.client = old_client

    puts("Two Step Verification for account '#{self.user}' is enabled")
    puts("Please select a device to verify your identity")
    available = devices.collect do |c|
      "#{c.name}\t#{c.model_name || 'SMS'}\t(#{c.device_id})"
    end
    result = choose(*available)
    device_id = result.match(/.*\t.*\t\((.*)\)/)[1]
    select_device(r, device_id)
  elsif r.body.kind_of?(Hash) && r.body["trustedPhoneNumbers"].kind_of?(Array) && r.body["trustedPhoneNumbers"].first.kind_of?(Hash)
    handle_two_factor(r)
  else
    raise "Invalid 2 step response #{r.body}"
  end
end

#itc_service_key ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 496

def itc_service_key
  return @service_key if @service_key

  # Check if we have a local cache of the key
  itc_service_key_path = "/tmp/spaceship_itc_service_key.txt"
  return File.read(itc_service_key_path) if File.exist?(itc_service_key_path)

  response = request(:get, "https://olympus.itunes.apple.com/v1/app/config?hostname=itunesconnect.apple.com")
  @service_key = response.body["authServiceKey"].to_s

  raise "Service key is empty" if @service_key.length == 0

  # Cache the key locally
  File.write(itc_service_key_path, @service_key)

  return @service_key
rescue => ex
  puts(ex.to_s)
  raise AppleTimeoutError.new, "Could not receive latest API key from iTunes Connect, this might be a server issue."
end

#load_session_from_env ⇒ Object

# File 'spaceship/lib/spaceship/two_step_client.rb', line 98

def load_session_from_env
  return if self.class.spaceship_session_env.to_s.length == 0
  puts("Loading session from environment variable") if Spaceship::Globals.verbose?

  file = Tempfile.new('cookie.yml')
  file.write(self.class.spaceship_session_env.gsub("\\n", "\n"))
  file.close

  begin
    @cookie.load(file.path)
  rescue => ex
    puts("Error loading session from environment")
    puts("Make sure to pass the session in a valid format")
    raise ex
  ensure
    file.unlink
  end
end

#load_session_from_file ⇒ Object

Only needed for 2 step

# File 'spaceship/lib/spaceship/two_step_client.rb', line 89

def load_session_from_file
  if File.exist?(persistent_cookie_path)
    puts("Loading session from '#{persistent_cookie_path}'") if Spaceship::Globals.verbose?
    @cookie.load(persistent_cookie_path)
    return true
  end
  return false
end

#login(user = nil, password = nil) ⇒ Spaceship::Client

Authenticates with Apple’s web services. This method has to be called once to generate a valid session. The session will automatically be used from then on.

This method will automatically use the username from the Appfile (if available) and fetch the password from the Keychain (if available)

Parameters:

• user (String) (defaults to: nil) —

  (optional): The username (usually the email address)

• password (String) (defaults to: nil) —

  (optional): The password

Returns:

• (Spaceship::Client) —

  The client the login method was called for

Raises:

• InvalidUserCredentialsError: raised if authentication failed

# File 'spaceship/lib/spaceship/client.rb', line 342

def login(user = nil, password = nil)
  if user.to_s.empty? || password.to_s.empty?
    require 'credentials_manager/account_manager'

    keychain_entry = CredentialsManager::AccountManager.new(user: user, password: password)
    user ||= keychain_entry.user
    password = keychain_entry.password
  end

  if user.to_s.strip.empty? || password.to_s.strip.empty?
    raise NoUserCredentialsError.new, "No login data provided"
  end

  self.user = user
  @password = password
  begin
    do_login(user, password)
  rescue InvalidUserCredentialsError => ex
    raise ex unless keychain_entry

    if keychain_entry.invalid_credentials
      login(user)
    else
      raise ex
    end
  end
end

#page_size ⇒ Object

The page size we want to request, defaults to 500

# File 'spaceship/lib/spaceship/client.rb', line 304

def page_size
  @page_size ||= 500
end

#paging ⇒ Object

Handles the paging for you… for free Just pass a block and use the parameter as page number

# File 'spaceship/lib/spaceship/client.rb', line 310

def paging
  page = 0
  results = []
  loop do
    page += 1
    current = yield(page)

    results += current

    break if (current || []).count < page_size # no more results
  end

  return results
end

#parse_response(response, expected_key = nil) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 582

def parse_response(response, expected_key = nil)
  if response.body
    # If we have an `expected_key`, select that from response.body Hash
    # Else, don't.

    # the returned error message and info, is html encoded ->  "issued" -> make this readable ->  "issued"
    response.body["userString"] = CGI.unescapeHTML(response.body["userString"]) if response.body["userString"]
    response.body["resultString"] = CGI.unescapeHTML(response.body["resultString"]) if response.body["resultString"]

    content = expected_key ? response.body[expected_key] : response.body
  end
  if content.nil?
    detect_most_common_errors_and_raise_exceptions(response.body) if response.body
    raise UnexpectedResponse, response.body
  elsif content.kind_of?(Hash) && (content["resultString"] || "").include?("NotAllowed")
    # example content when doing a Developer Portal action with not enough permission
    # => {"responseId"=>"e5013d83-c5cb-4ba0-bb62-734a8d56007f",
    #    "resultCode"=>1200,
    #    "resultString"=>"webservice.certificate.downloadNotAllowed",
    #    "userString"=>"You are not permitted to download this certificate.",
    #    "creationTimestamp"=>"2017-01-26T22:44:13Z",
    #    "protocolVersion"=>"QH65B2",
    #    "userLocale"=>"en_US",
    #    "requestUrl"=>"https://developer.apple.com/services-account/QH65B2/account/ios/certificate/downloadCertificateContent.action",
    #    "httpCode"=>200}
    raise_insuffient_permission_error!(additional_error_string: content["userString"])
  else
    store_csrf_tokens(response)
    content
  end
end

#persistent_cookie_path ⇒ Object

Returns preferred path for storing cookie for two step verification.

# File 'spaceship/lib/spaceship/client.rb', line 283

def persistent_cookie_path
  if ENV["SPACESHIP_COOKIE_PATH"]
    path = File.expand_path(File.join(ENV["SPACESHIP_COOKIE_PATH"], "spaceship", self.user, "cookie"))
  else
    [File.join(self.fastlane_user_dir, "spaceship"), "~/.spaceship", "/var/tmp/spaceship", "#{Dir.tmpdir}/spaceship"].each do |dir|
      dir_parts = File.split(dir)
      if directory_accessible?(File.expand_path(dir_parts.first))
        path = File.expand_path(File.join(dir, self.user, "cookie"))
        break
      end
    end
  end

  return path
end

#raise_insuffient_permission_error!(additional_error_string: nil, caller_location: 2) ⇒ Object

This also gets called from subclasses

Raises:

• (InsufficientPermissions)

# File 'spaceship/lib/spaceship/client.rb', line 630

def raise_insuffient_permission_error!(additional_error_string: nil, caller_location: 2)
  # get the method name of the request that failed
  # `block in` is used very often for requests when surrounded for paging or retrying blocks
  # The ! is part of some methods when they modify or delete a resource, so we don't want to show it
  # Using `sub` instead of `delete` as we don't want to allow multiple matches
  calling_method_name = caller_locations(caller_location, 2).first.label.sub("block in", "").delete("!").strip

  # calling the computed property self.team_id can get us into an exception handling loop
  team_id = @current_team_id ? "(Team ID #{@current_team_id}) " : ""

  error_message = "User #{self.user} #{team_id}doesn't have enough permission for the following action: #{calling_method_name}"
  error_message += " (#{additional_error_string})" if additional_error_string.to_s.length > 0
  raise InsufficientPermissions, error_message
end

#request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 558

def request(method, url_or_path = nil, params = nil, headers = {}, auto_paginate = false, &block)
  headers.merge!(csrf_tokens)
  headers['User-Agent'] = USER_AGENT

  # Before encoding the parameters, log them
  log_request(method, url_or_path, params)

  # form-encode the params only if there are params, and the block is not supplied.
  # this is so that certain requests can be made using the block for more control
  if method == :post && params && !block_given?
    params, headers = encode_params(params, headers)
  end

  response = if auto_paginate
               send_request_auto_paginate(method, url_or_path, params, headers, &block)
             else
               send_request(method, url_or_path, params, headers, &block)
             end

  log_response(method, url_or_path, response)

  return response
end

#select_device(r, device_id) ⇒ Object

# File 'spaceship/lib/spaceship/two_step_client.rb', line 123

def select_device(r, device_id)
  # Request Token
  r = request(:put) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    update_request_headers(req)
  end

  # we use `Spaceship::TunesClient.new.handle_itc_response`
  # since this might be from the Dev Portal, but for 2 step
  Spaceship::TunesClient.new.handle_itc_response(r.body)

  puts("Successfully requested notification")
  code = ask("Please enter the 4 digit code: ")
  puts("Requesting session...")

  # Send token back to server to get a valid session
  r = request(:post) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/verify/device/#{device_id}/securitycode")
    req.body = { "code" => code.to_s }.to_json
    req.headers['Content-Type'] = 'application/json'

    update_request_headers(req)
  end

  begin
    Spaceship::TunesClient.new.handle_itc_response(r.body) # this will fail if the code is invalid
  rescue => ex
    # If the code was entered wrong
    # {
    #   "securityCode": {
    #     "code": "1234"
    #   },
    #   "securityCodeLocked": false,
    #   "recoveryKeyLocked": false,
    #   "recoveryKeySupported": true,
    #   "manageTrustedDevicesLinkName": "appleid.apple.com",
    #   "suppressResend": false,
    #   "authType": "hsa",
    #   "accountLocked": false,
    #   "validationErrors": [{
    #     "code": "-21669",
    #     "title": "Incorrect Verification Code",
    #     "message": "Incorrect verification code."
    #   }]
    # }
    if ex.to_s.include?("verification code") # to have a nicer output
      puts("Error: Incorrect verification code")
      return select_device(r, device_id)
    end

    raise ex
  end

  store_session

  return true
end

#send_shared_login_request(user, password) ⇒ Object

This method is used for both the Apple Dev Portal and iTunes Connect This will also handle 2 step verification

# File 'spaceship/lib/spaceship/client.rb', line 372

def send_shared_login_request(user, password)
  # Check if we have a cached/valid session here
  # Fixes
  #   - https://github.com/fastlane/fastlane/issues/10812
  #   - https://github.com/fastlane/fastlane/issues/10793
  #
  # Before 4th December 2017 we didn't load existing session from the disk
  # but changed it, because Apple introduced a rate limit, which is fine by itself
  # but unfortunately it also rate limits successful logins, meaning if you call multiple
  # tools in a lane (e.g. call match 5 times), this would mean it locks you out of the account
  # for a while.
  # By loading existing sessions and checking if they're valid, we're sending less login requests
  # More context on why this change was necessary https://github.com/fastlane/fastlane/pull/11108
  #
  if load_session_from_file
    # Check if the session is still valid here
    begin
      # We use the olympus session to determine if the old session is still valid
      # As this will raise an exception if the old session has expired
      # If the old session is still valid, we don't have to do anything else in this method
      # that's why we return true
      return true if fetch_olympus_session.count > 0
    rescue
      # If the `fetch_olympus_session` method raises an exception
      # we'll land here, and therefore continue doing a full login process
      # This happens if the session we loaded from the cache isn't valid any more
      # which is common, as the session automatically invalidates after x hours (we don't know x)
      # In this case we don't actually care about the exact exception, and why it was failing
      # because either way, we'll have to do a fresh login, where we do the actual error handling
    end
  end

  # If this is a CI, the user can pass the session via environment variable
  # This is used for 2FA related sessions
  load_session_from_env

  data = {
    accountName: user,
    password: password,
    rememberMe: true
  }

  begin
    # The below workaround is only needed for 2 step verified machines
    # Due to escaping of cookie values we have a little workaround here
    # By default the cookie jar would generate the following header
    #   DES5c148...=HSARM.......xaA/O69Ws/CHfQ==SRVT
    # However we need the following
    #   DES5c148...="HSARM.......xaA/O69Ws/CHfQ==SRVT"
    # There is no way to get the cookie jar value with " around the value
    # so we manually modify the cookie (only this one) to be properly escaped
    # Afterwards we pass this value manually as a header
    # It's not enough to just modify @cookie, it needs to be done after self.cookie
    # as a string operation
    important_cookie = @cookie.store.entries.find { |a| a.name.include?("DES") }
    if important_cookie
      modified_cookie = self.cookie # returns a string of all cookies
      unescaped_important_cookie = "#{important_cookie.name}=#{important_cookie.value}"
      escaped_important_cookie = "#{important_cookie.name}=\"#{important_cookie.value}\""
      modified_cookie.gsub!(unescaped_important_cookie, escaped_important_cookie)
    end

    response = request(:post) do |req|
      req.url("https://idmsa.apple.com/appleauth/auth/signin")
      req.body = data.to_json
      req.headers['Content-Type'] = 'application/json'
      req.headers['X-Requested-With'] = 'XMLHttpRequest'
      req.headers['X-Apple-Widget-Key'] = self.itc_service_key
      req.headers['Accept'] = 'application/json, text/javascript'
      req.headers["Cookie"] = modified_cookie if modified_cookie
    end
  rescue UnauthorizedAccessError
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  end

  # Now we know if the login is successful or if we need to do 2 factor

  case response.status
  when 403
    raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
  when 200
    fetch_olympus_session
    return response
  when 409
    # 2 factor is enabled for this account, first handle that
    # and then get the olympus session
    handle_two_step(response)
    fetch_olympus_session
    return true
  else
    if (response.body || "").include?('invalid="true"')
      # User Credentials are wrong
      raise InvalidUserCredentialsError.new, "Invalid username and password combination. Used '#{user}' as the username."
    elsif (response['Set-Cookie'] || "").include?("itctx")
      raise "Looks like your Apple ID is not enabled for iTunes Connect, make sure to be able to login online"
    else
      info = [response.body, response['Set-Cookie']]
      raise Tunes::Error.new, info.join("\n")
    end
  end
end

#store_cookie(path: nil) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 264

def store_cookie(path: nil)
  path ||= persistent_cookie_path
  FileUtils.mkdir_p(File.expand_path("..", path))

  # really important to specify the session to true
  # otherwise myacinfo and more won't be stored
  @cookie.save(path, :yaml, session: true)
  return File.read(path)
end

#store_session ⇒ Object

# File 'spaceship/lib/spaceship/two_step_client.rb', line 181

def store_session
  # If the request was successful, r.body is actually nil
  # The previous request will fail if the user isn't on a team
  # on iTunes Connect, but it still works, so we're good

  # Tell iTC that we are trustworthy (obviously)
  # This will update our local cookies to something new
  # They probably have a longer time to live than the other poor cookies
  # Changed Keys
  # - myacinfo
  # - DES5c148586dfd451e55afb0175f62418f91
  # We actually only care about the DES value

  request(:get) do |req|
    req.url("https://idmsa.apple.com/appleauth/auth/2sv/trust")

    update_request_headers(req)
  end
  # This request will fail if the user isn't added to a team on iTC
  # However we don't really care, this request will still return the
  # correct DES... cookie

  self.store_cookie
end

#team_id ⇒ String

Returns The currently selected Team ID.

Returns:

• (String) —

  The currently selected Team ID

# File 'spaceship/lib/spaceship/client.rb', line 143

def team_id
  return @current_team_id if @current_team_id

  if teams.count > 1
    puts("The current user is in #{teams.count} teams. Pass a team ID or call `select_team` to choose a team. Using the first one for now.")
  end
  @current_team_id ||= teams[0]['contentProvider']['contentProviderId']
end

#team_id=(team_id) ⇒ Object

Set a new team ID which will be used from now on

# File 'spaceship/lib/spaceship/client.rb', line 153

def team_id=(team_id)
  # First, we verify the team actually exists, because otherwise iTC would return the
  # following confusing error message
  #
  #     invalid content provider id
  #
  available_teams = teams.collect do |team|
    {
      team_id: (team["contentProvider"] || {})["contentProviderId"],
      team_name: (team["contentProvider"] || {})["name"]
    }
  end

  result = available_teams.find do |available_team|
    team_id.to_s == available_team[:team_id].to_s
  end

  unless result
    error_string = "Could not set team ID to '#{team_id}', only found the following available teams:\n\n#{available_teams.map { |team| "- #{team[:team_id]} (#{team[:team_name]})" }.join("\n")}\n"
    raise Tunes::Error.new, error_string
  end

  response = request(:post) do |req|
    req.url("ra/v1/session/webSession")
    req.body = {
      contentProviderId: team_id,
      dsId: user_detail_data.ds_id # https://github.com/fastlane/fastlane/issues/6711
    }.to_json
    req.headers['Content-Type'] = 'application/json'
  end

  handle_itc_response(response.body)

  @current_team_id = team_id
end

#team_information ⇒ Hash

Returns Fetches all information of the currently used team.

Returns:

• (Hash) —

  Fetches all information of the currently used team

# File 'spaceship/lib/spaceship/client.rb', line 190

def team_information
  teams.find do |t|
    t['teamId'] == team_id
  end
end

#teams ⇒ Array

Returns A list of all available teams.

Returns:

• (Array) —

  A list of all available teams

# File 'spaceship/lib/spaceship/client.rb', line 83

def teams
  user_details_data['associatedAccounts'].sort_by do |team|
    [
      team['contentProvider']['name'],
      team['contentProvider']['contentProviderId']
    ]
  end
end

#UI ⇒ Object

Public getter for all UI related code rubocop:disable Style/MethodName

# File 'spaceship/lib/spaceship/ui.rb', line 22

def UI
  UserInterface.new(self)
end

#update_request_headers(req) ⇒ Object

Responsible for setting all required header attributes for the requests to succeed

# File 'spaceship/lib/spaceship/two_step_client.rb', line 208

def update_request_headers(req)
  req.headers["X-Apple-Id-Session-Id"] = @x_apple_id_session_id
  req.headers["X-Apple-Widget-Key"] = self.itc_service_key
  req.headers["Accept"] = "application/json"
  req.headers["scnt"] = @scnt
end

#user_details_data ⇒ Object

Fetch the general information of the user, is used by various methods across spaceship Sample return value

>

 [{"contentProvider"=>{"contentProviderId"=>11142800, "name"=>"Felix Krause", "contentProviderTypes"=>["Purple Software"], "roles"=>["Developer"], "lastLogin"=>1468784113000}],
"sessionToken"=>"contentProviderId"=>18111111, "expirationDate"=>nil, "ipAddress"=>nil,
"permittedActivities"=>
    ["UserManagementSelf",
    "GameCenterTestData",
    "AppAddonCreation"],
  "REPORT"=>
   ["UserManagementSelf",
    "AppAddonCreation"],
  "VIEW"=>
   ["TestFlightAppExternalTesterManagement",
    ...
    "HelpGeneral",
    "HelpApplicationLoader"],
"preferredCurrencyCode"=>"EUR",
"preferredCountryCode"=>nil,
"countryOfOrigin"=>"AT",
"isLocaleNameReversed"=>false,
"feldsparToken"=>nil,
"feldsparChannelName"=>nil,
"hasPendingFeldsparBindingRequest"=>false,
"isLegalUser"=>false,
"userId"=>"1771111155",
"firstname"=>"Detlef",
"lastname"=>"Mueller",
"isEmailInvalid"=>false,
"hasContractInfo"=>false,
"canEditITCUsersAndRoles"=>false,
"canViewITCUsersAndRoles"=>true,
"canEditIAPUsersAndRoles"=>false,
"transporterEnabled"=>false,
"contentProviderFeatures"=>["APP_SILOING", "PROMO_CODE_REDESIGN", ...],
"contentProviderType"=>"Purple Software",
"displayName"=>"Detlef",
"contentProviderId"=>"18742800",
"userFeatures"=>[],
"visibility"=>true,
"DYCVisibility"=>false,
"contentProvider"=>"Felix Krause",
"userName"=>"detlef@krausefx.com"}

# File 'spaceship/lib/spaceship/client.rb', line 136

def user_details_data
  return @_cached_user_details if @_cached_user_details
  r = request(:get, '/WebObjects/iTunesConnect.woa/ra/user/detail')
  @_cached_user_details = parse_response(r, 'data')
end

#with_retry(tries = 5, &_block) ⇒ Object

# File 'spaceship/lib/spaceship/client.rb', line 521

def with_retry(tries = 5, &_block)
  return yield
rescue \
    Faraday::Error::ConnectionFailed,
    Faraday::Error::TimeoutError,
    Faraday::ParsingError, # <h2>Internal Server Error</h2> with content type json
    AppleTimeoutError,
    InternalServerError => ex # New Faraday version: Faraday::TimeoutError => ex
  tries -= 1
  unless tries.zero?
    logger.warn("Timeout received: '#{ex.message}'. Retrying after 3 seconds (remaining: #{tries})...")
    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
rescue UnauthorizedAccessError => ex
  if @loggedin && !(tries -= 1).zero?
    msg = "Auth error received: '#{ex.message}'. Login in again then retrying after 3 seconds (remaining: #{tries})..."
    puts(msg) if Spaceship::Globals.verbose?
    logger.warn(msg)

    if self.class.spaceship_session_env.to_s.length > 0
      raise UnauthorizedAccessError.new, "Authentication error, you passed an invalid session using the environment variable FASTLANE_SESSION or SPACESHIP_SESSION"
    end

    do_login(self.user, @password)
    sleep(3) unless Object.const_defined?("SpecHelper")
    retry
  end
  raise ex # re-raise the exception
end