Comments (33)
I guess there could just be a couple hundred photos in his iCloud which he doesn't want to go through manually and has bought an android phone or something.
I'd also like this feature but for a different reason. I back up 3 additional accounts, and with my phone being a trusted device for the other three accounts, SMS based MFA allows me to re-authenticate the other devices without them being present.
In addition to this, it seems that Apple have reduced the cookie validity period from 90 days to 30 days, so I'm having to grab phones to re-authenticate every couple of weeks. Means I can't just sort it when I have time, but have to organise it around them.
from icloud_photos_downloader.
Same problem here, no 2fa code is received.
from icloud_photos_downloader.
The problem is that there is no choice of sms or on the device (and it used to be)
from icloud_photos_downloader.
How can I log in via SMS now? The device is broken and there is no way to get the code on the device
from icloud_photos_downloader.
The problem is that there is no choice of sms or on the device (and it used to be)
SMS auth path was broken in 1.17.x when we did an emergency fix for Apple API changes.
from icloud_photos_downloader.
... The device is broken and there is no way to get the code on the device
Curious how are you getting new pictures into iCloud if device is broken? Trying to understand the urgency for SMS code functionality. If you are not getting new pictures, then there is no urgent need to run icloudpd
. If you are fixing device ASAP to start using it (and getting new pictures), then you'll be able to get MFA once device is fixed. What am I missing?
from icloud_photos_downloader.
I make backups of all family members. And phones are not always at hand. I even extended my session via SMS (since it’s convenient). Also, one of the phones broke down, and I didn’t download all the last photos (the session ended), I had to look for a backup old phone - log into my account on it and then get a code...
It’s just that you can even log into this icloud.com account via SMS without any problems - but in the application it was and stopped working :(
from icloud_photos_downloader.
It’s just strange that this was included in the program - and for some reason it was cut out.
from icloud_photos_downloader.
@ADMiNZ @boredazfcuk for scenarios of supporting multiple account, pls see if #805 makes sense
from icloud_photos_downloader.
v1.17.4 has a fix. Pls reopen the issue if something still not working
from icloud_photos_downloader.
I've just removed my cookie and re-created it, but I wasn't prompted to choose between SMS or the iDevice Popup. It just went straight to Please enter two-factor authentication code:
then gave me warning after I clicked Allow, then entered the code: WARNING Failed to parse response with JSON mimetype
from icloud_photos_downloader.
I've just removed my cookie and re-created it, but I wasn't prompted to choose between SMS or the iDevice Popup. It just went straight to
Please enter two-factor authentication code:
then gave me warning after I clicked Allow, then entered the code:WARNING Failed to parse response with JSON mimetype
new logic checks for trusted devices and only offers sms option ifvthere are such devices.
from icloud_photos_downloader.
new logic checks for trusted devices and only offers sms option ifvthere are such devices.
Can you be more specific? Just today I compiled the latest build for the nas server and upon authorization it immediately asks for a code - there is no choice for SMS. I would like it to be like it was before - when extending the session, you can immediately choose how to receive the code (similar to authorization on icloud.com)
from icloud_photos_downloader.
Can you be more specific? Just today I compiled the latest build for the nas server and upon authorization it immediately asks for a code - there is no choice for SMS. I would like it to be like it was before - when extending the session, you can immediately choose how to receive the code (similar to authorization on icloud.com)
What version are you comparing behavior with? Since 1.17.0 (and before 1.17.4) MFA auth behavior is the following:
- user enters password
- iCloud sends MFA to iDevice
- iCloud auth responds to icloudpd
- icloudpd requests MFA from user
- user enters MFA code
- icloudpd continues with downloading
In 1.17.4 I changed the logic to the following:
- user enters password
- iCloud sends MFA to iDevice
- iCloud auth responds to icloudpd
- icloudpd checks trusted devices
- requests MFA from user and gives an option to use SMS if list of trusted devices is not empty
- user enters MFA code OR index of the trusted device (if there were trusted devices reported)
- if user entered MFA, then icloudpd continues with download (stop auth)
- if user entered trusted device index, then icloudpd request SMS code from iCloud
- icloudpd requests MFA code sent to SMS from user
- icloudpd continues with download
"Trusted devices" request is the same we used pre 1.17.0 to get the list of SMS devices from iCloud. I tested for my account and for single iDevice on the account, it returned one devices, so I can authenticate either way (code on Apple devices or SMS). If you know how to setup different combinations of devices/trusted devices for the account, let me know - I may be able to repro your case.
from icloud_photos_downloader.
As I wrote earlier, I have this workset on a nas server. My task has stopped downloading files because the code has gone bad.
I enter:
(env) root@name:~# icloudpd --username '[email protected]' --password 'password' --directory /folder/iCloud
2024-04-18 14:09:26 DEBUG Authenticating...
2024-04-18 14:09:27 ERROR Authentication required for Account. (421)
2024-04-18 14:09:28 INFO Two-step/two-factor authentication is required (2fa)
Please enter two-factor authentication code: 1
2024-04-18 14:09:31 ERROR Incorrect verification code. (-21669)
2024-04-18 14:09:31 ERROR Code verification failed.
2024-04-18 14:09:31 ERROR Failed to verify two-factor authentication code
What do I need to do to log in via SMS?
from icloud_photos_downloader.
Can you be more specific? Just today I compiled the latest build for the nas server and upon authorization it immediately asks for a code - there is no choice for SMS. I would like it to be like it was before - when extending the session, you can immediately choose how to receive the code (similar to authorization on icloud.com)
What version are you comparing behavior with? Since 1.17.0 (and before 1.17.4) MFA auth behavior is the following:
- user enters password
- iCloud sends MFA to iDevice
- iCloud auth responds to icloudpd
- icloudpd requests MFA from user
- user enters MFA code
- icloudpd continues with downloading
In 1.17.4 I changed the logic to the following:
- user enters password
- iCloud sends MFA to iDevice
- iCloud auth responds to icloudpd
- icloudpd checks trusted devices
- requests MFA from user and gives an option to use SMS if list of trusted devices is not empty
- user enters MFA code OR index of the trusted device (if there were trusted devices reported)
- if user entered MFA, then icloudpd continues with download (stop auth)
- if user entered trusted device index, then icloudpd request SMS code from iCloud
- icloudpd requests MFA code sent to SMS from user
- icloudpd continues with download
"Trusted devices" request is the same we used pre 1.17.0 to get the list of SMS devices from iCloud. I tested for my account and for single iDevice on the account, it returned one devices, so I can authenticate either way (code on Apple devices or SMS). If you know how to setup different combinations of devices/trusted devices for the account, let me know - I may be able to repro your case.
I made a mistake. The second scenario worked for my old iPhone without phone number, with separate iCloud account, and with trusted phone number from my primary account. For my primary account with just one iPhone with a number, it does not provide SMS option - I assume we need to use new Apple APIs to get devices capable of SMS for such cases (I tested icloud.com and it has option for SMS for my primary account, so it is feasible).
from icloud_photos_downloader.
Yeah, I'm sure that historically it used to offer a choice of auth.
When the icloud app was used to save the password into the keyring, the only option it would give you was SMS.
Then when the cookie was created, it would allow you to choose from SMS or Apple MFA.
If you check the docs on my project, it kinda confirms this previous behaviour: https://github.com/boredazfcuk/docker-icloudpd/blob/master/CONFIGURATION.md#multifactor-authentication
2020-08-06 16:45:58 INFO Adding password to keyring...
Enter iCloud password for [email protected]:
Save password in keyring? [y/N]: y
Two-step authentication required. Your trusted devices are:
0: SMS to 07********
Which device would you like to use? [0]: 0
Please enter validation code: 123456
2020-08-06 16:47:04 INFO Using password stored in keyring
2020-08-06 16:47:04 INFO Generate MFA cookie with password: usekeyring
2020-08-06 16:47:04 INFO Check for new files using password stored in keyring...
0: SMS to 07********
1: Enter two-factor authentication code
Please choose an option: [0]: 1
Please enter two-factor authentication code: 123456
2020-08-06 16:47:30 INFO Multifactor authentication cookie generated. Sync should now be successful.
from icloud_photos_downloader.
I think behavior of many Apple APIs changed (and we adjusted icloudpd for it with 1.17.0), because list of devices that was used to return phone number for SMS does not bring primary phone anymore. icloud.com uses different API for devices today, so the path forward I see is to implement new API for devices in icloudpd.
from icloud_photos_downloader.
Would make sense to be honest. Number/SIM cloning is fairly easy now. So much so, that SMS auth is discouraged as it is less secure than app based. We're phasing it out at work in the next couple of months. Guess Apple have already, for main authentication purposes.
from icloud_photos_downloader.
Would make sense to be honest. Number/SIM cloning is fairly easy now. So much so, that SMS auth is discouraged as it is less secure than app based. We're phasing it out at work in the next couple of months. Guess Apple have already, for main authentication purposes.
After replacing SIM cards, they do not receive incoming SMS for a day.
You can also find fault with the fact that all devices linked to the account receive the code :) And if an attacker steals, say, a Macbook, with a simple password and in the notes there will be a password for the account. He can download everything easily :)
This is the second authorization - you also need to know your login and password.
from icloud_photos_downloader.
I see the security concern of SMS auth at Apple as a separate from supporting it in icloudpd
. The fact that many companies dropping support may suggest that Apple will drop it too and we may decide to not invest in supporting it in icloudpd
.
Currently, I do not commit to invest time beyond short trial into supporting new API for SMS.
from icloud_photos_downloader.
So, I've just come to renew the cookie on a family member's device and the process went like this:
2024-04-27 10:37:37 INFO Starting container initialisation
2024-04-27 10:37:37 DEBUG 2024-04-27 10:37:37 INFO Correct owner on config directory, if required
2024-04-27 10:37:37 DEBUG 2024-04-27 10:37:37 INFO Correct group on config directory, if required
2024-04-27 10:37:37 DEBUG Generate MFA cookie using password stored in keyring file
2024-04-27 10:37:39 ERROR Authentication required for Account. (421)
0: SMS to ********01
1: SMS to ********02
Please enter two-factor authentication code or device index (0..1) to send SMS with a code: 1
Please enter two-factor authentication code that you received over SMS: 703638
2024-04-27 10:38:18 INFO Multifactor authentication cookie generated. Sync should now be successful
2024-04-27 10:38:18 INFO Container initialisation complete
The trusted account number (my number) is the one that ends in 02. The number that ends in 01 is the phone number that is registered to the icloud account that I'm downloading photos from.
It's good that I can choose either number for authentication, but surely this means that anybody with a trusted number registered to their account is going to be forced to use SMS auth as there is no option for Apple iDevice auth?
from icloud_photos_downloader.
It's good that I can choose either number for authentication, but surely this means that anybody with a trusted number registered to their account is going to be forced to use SMS auth as there is no option for Apple iDevice auth?
Apple devices receive code right after password is submitted to iCloud and there is no choice to receive on iDevice or not - that is why UI asks for code received on Apple device OR choice of SMS options.
from icloud_photos_downloader.
When I attempt to login to icloud.com using my family member's Apple ID, it automatically performs the iDevice request after putting the password in:
If I want to use SMS instead, I click 'Did not get a verification code?' and then 'Use phone number':
Then select the number:
Can icloudpd not mimic this behaviour? Initially give the user two options, 1: Enter MFA code or 2: Use SMS?
If option 2 is selected, present the trusted numbers for the user to select which they want to use, as currently happens.
from icloud_photos_downloader.
@boredazfcuk I am lost. What auth actions/steps you can do through web and cannot do with icloudpd
(and need them)?
From what I understand icloudpd
supports a) login with MFA sent on Apple device and b) MFA through SMS on trusted device with a minimum amount of steps possible for each use case.
from icloud_photos_downloader.
Sorry, it's me not picking up on the change of behaviour. Previously, it would ask something like:
0: MFA
1: SMS
2: SMS trusted
I was expecting the same prompts. I should read things properly and not skim read.
from icloud_photos_downloader.
Sorry, it's me not picking up on the change of behaviour. Previously, it would ask something like:
0: MFA 1: SMS 2: SMS trusted
MFA choice is unnecessary, because you get the code anyways, that is why the choice you are given:
- enter 6 digit code you already received on Apple device
- get SMS with code on number xxx01
- get SMS with code on number xxx02
Another way to look:
- for users with apple devices it is one step - just enter the code (in old behavior there were two steps - select that you want to enter MFA from Apple and enter MFA itself)
- for user who wants to use SMS there are still two steps - select device to send SMS to and enter the code itself
from icloud_photos_downloader.
Maybe a little deviating from topic, but I got a workaround for this. I was not getting the option to choose 2FA mode (sms or phone), it directly went to enter validation code step and no code was received. I requested the code by logging into icloud web, chose sms option and used that otp in the option and it worked!
from icloud_photos_downloader.
Maybe a little deviating from topic, but I got a workaround for this. I was not getting the option to choose 2FA mode (sms or phone), it directly went to enter validation code step and no code was received. I requested the code by logging into icloud web, chose sms option and used that otp in the option and it worked!
FYI I have noticed recently that I stopped receiving list of SMS devices for either of my two accounts recently. It may be a change on Apple side or maybe the some nuances of the Apple API for trusted devices we do not understand yet.
from icloud_photos_downloader.
I'm having a problem with authenticating a family member's account - mine works fine. When I enter the password, they never receive a code and it seems to go through:
2024-04-30 21:18:39 INFO Directory is writable: /config/python_keyring/
2024-04-30 21:18:39 INFO Starting container initialisation
iCloud Password:
2024-04-30 21:19:19 ERROR Authentication required for Account. (421)
2024-04-30 21:19:25 INFO Multifactor authentication cookie generated. Sync should now be successful
2024-04-30 21:19:25 INFO Container initialisation complete
However, when I look at the logs, I get the following:
2024-04-30 21:28:31 DEBUG Authenticating...
iCloud Password:
2024-04-30 21:28:31 ERROR Failed to download new files
2024-04-30 21:28:31 ERROR - Can you log into icloud.com without receiving pop-up notifications?
2024-04-30 21:28:31 ERROR Error debugging info:
2024-04-30 21:28:31 ERROR getpass.py:91: GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Aborted!
2024-04-30 21:28:31 ERROR ***** Please report problems here: https://github.com/boredazfcuk/docker-icloudpd/issues *****
2024-04-30 21:28:31 INFO Web cookie expires: 2024-06-29 @ 20:19:23
2024-04-30 21:28:31 INFO Multifactor authentication cookie expires: 2024-05-30 @ 20:19:23
2024-04-30 21:28:31 INFO Days remaining until expiration: 29
2024-04-30 21:28:31 INFO Synchronisation ended at 21:28:31
2024-04-30 21:28:31 INFO Total time taken: 00:00:02
2024-04-30 21:28:31 INFO Next synchronisation at 21:28:29
from icloud_photos_downloader.
Please report problems here: https://github.com/boredazfcuk/docker-icloudpd/issues
You need to report problems into another GH project as stated
from icloud_photos_downloader.
Just digging this up again as I've noticed the behaviour where it doesn't list trusted devices again. When I attempt to reauthenticate my wife's device, I just get:
2024-05-16 21:46:53 ERROR Authentication required for Account. (421)
Please enter two-factor authentication code:
Despite her account having two trusted SMS numbers available when logging into icloud.com.
I tried @SurajViitk's solution, but it did not work for me:
Maybe a little deviating from topic, but I got a workaround for this. I was not getting the option to choose 2FA mode (sms or phone), it directly went to enter validation code step and no code was received. I requested the code by logging into icloud web, chose sms option and used that otp in the option and it worked!
from icloud_photos_downloader.
I've also noticed, that when I log in to my iPad's account, which doesn't have a SIM of its own, the UI is a little different:
Instead of having "Use phone number" it just says "Text me" instead. When I click that, it sends the SMS code to my iPhone, which is the only trusted number for the iPad's Apple ID.
from icloud_photos_downloader.
Related Issues (20)
- [RFC] Headless mode for Improving Authentication HOT 2
- ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate
- publish source tarball to pypi? HOT 14
- The China region ID login shows an authentication error HOT 8
- Just trying to get started, no dice. HOT 7
- icloud.com.cn : Failed to download new files
- Can rogue items occur?? HOT 1
- Container Stopped Unexpectedly HOT 3
- iCloudPD needs to check expiration date before initialization HOT 1
- ERROR Invalid username/password combination. (401) HOT 5
- Auto Delete doesn't work with folder-structure set to none HOT 1
- Windows 1.17.5 version detected as Trojan:Win32/Bearfoos.A!ml HOT 6
- x86 1.17.5: "--help" option returns help for 'Find My iPhone CommandLine Tool', not iCloudPD HOT 2
- System Keyring Error
- NameError: name 'PyiCloudConnectionException' is not defined. Did you mean: 'PyiCloudFailedLoginException'? HOT 1
- Authentication failure - failed to parse response with JSON mimetype HOT 4
- Make it default download from all available libraries? HOT 1
- icloudpd-1.17.6 keyring.errors.NoKeyringError: No recommended backend was available HOT 3
- Chinese char in filename is ignored HOT 6
- Changelog is not correctly transferred to release notes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from icloud_photos_downloader.