adsedare 0.0.6 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f6d62902a49a3f9ae322a91a6409eafe479b473251f1fbfa3ced67fbfbd3683
-  data.tar.gz: 2d8bf85017eea5e2f54d67b021f53c3546cd332bf3f08e0cba9366fa137a05af
+  metadata.gz: '0188667ec36408b4bd8e25d1396efcd88ccf529b54812a3b8b3120c40f6f56f1'
+  data.tar.gz: 29d5b36a0868ee133de957963a7da00f7362d836fd76a3a5b4d63c40c861905b
 SHA512:
-  metadata.gz: 8e012d0c7ef9ccdb72467abdcaa1a7d0df15c9adfb1aabf7bad3630c29e6177a0743f27c206891e20e53a969610fa8174e92f445c302384874c7d57275e2e37b
-  data.tar.gz: 99c7b3a952de4ec42926655452a161c11fbae9b842fcdaa58a7c73943e6ed53d7948a5d5047134c20beac6a14224a99154bed7245c83c2f005765224e6e9ab98
+  metadata.gz: 199c7941e00a2b71260ed190e0855742a10238e8c8265af59d60329cc99532fc0f22648955a04eda31debe0ed064a9f7fa633f79495a096bd051c7424278c2c5
+  data.tar.gz: 553d74cd5cf5e3ab379d98bce99ff5bccd7a9fa6e27d99a0b9ca0e7570a09786da025953ebba162d4106e4b2720292da0bb60aa6cdb382e07ca0bffb3135cf79

data/adsedare.gemspec

@@ -33,4 +33,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "faraday", "~> 2.7"
   spec.add_dependency "faraday-cookie_jar", "~> 0.0.7"
   spec.add_dependency "plist", "~> 3.2.0"
+  spec.add_dependency "fastlane-sirp", "~> 1.0"
 end

data/lib/adsedare/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Adsedare
-  VERSION = "0.0.6"
+  VERSION = "0.0.8"
 end

data/lib/adsedare/xcodeproj.rb

@@ -35,8 +35,10 @@ module Adsedare
         bundle_by_identifier[bundle_id["attributes"]["identifier"]] = bundle_id
       end
 
-      bundles_with_profiles["included"].each do |profile|
-        profiles_by_id[profile["id"]] = profile
+      if bundles_with_profiles["included"]
+        bundles_with_profiles["included"].each do |profile|
+          profiles_by_id[profile["id"]] = profile
+        end
       end
 
       project.targets.each do |target|

data/lib/adsedare.rb

@@ -137,10 +137,14 @@ module Adsedare
       devices = get_devices(team_id)
       deviceIds = devices.map { |device| device["id"] }
 
+      profileDeviceIds = profile["provisioningProfile"]["devices"].map { 
+        |device| device["deviceId"] 
+      }
+
       need_update = false
 
-      profile["provisioningProfile"]["devices"].each do |device|
-        if !deviceIds.include?(device["deviceId"])
+      deviceIds.each do |deviceId|
+        if !profileDeviceIds.include?(deviceId)
           need_update = true
           break
         end
@@ -174,8 +178,8 @@ module Adsedare
       need_update = false
 
       capabilities.each do |capability|
-        if capability.check?(bundle_info)
-        else
+        if !capability.check?(bundle_info)
+          logger.warn "Bundle '#{bundle_identifier}' is missing capability '#{capability.type}'."
           need_update = true
         end
       end

data/lib/appstoreconnect.rb

@@ -24,7 +24,6 @@ module AppStoreConnect
         if response.status == 200
           JSON.parse(response.body)
         else
-          puts response.body
           raise "Failed to get bundle IDs: #{response.status}"
         end
       end

data/lib/starship/2fa_provider.rb

@@ -7,19 +7,13 @@ module Starship
     def initialize
     end
 
-    # Get the 2FA code
-    # @param session_id [String] The session ID from Apple
-    # @param scnt [String] The scnt value from Apple
-    # @return [String] The 2FA code
     def get_code(session_id, scnt)
       raise NotImplementedError, "Subclasses must implement get_code"
     end
 
-    # Verify if this provider can handle the given 2FA type
-    # @param type [String] The 2FA type (sms, voice, etc.)
-    # @return [Boolean] Whether this provider can handle the given type
-    def can_handle?(type)
-      raise NotImplementedError, "Subclasses must implement can_handle?"
+    # @return [String] The type of 2FA ("phone", "trusteddevice")
+    def two_factor_type
+      raise NotImplementedError, "Subclasses must implement two_factor_type"
     end
   end
 
@@ -33,8 +27,8 @@ module Starship
       code
     end
 
-    def can_handle?(type)
-      true
+    def two_factor_type
+      "trusteddevice"
     end
   end
 end

data/lib/starship/auth_helper.rb

@@ -8,6 +8,7 @@ require "digest"
 require "fileutils"
 require "openssl"
 require "securerandom"
+require "fastlane-sirp"
 
 require_relative "2fa_provider"
 require_relative "../logging"
@@ -18,13 +19,19 @@ module Starship
   # AuthHelper handles authentication with Apple's developer portal
   class AuthHelper
     include Logging
-
+    
+    @two_factor_provider = Starship::ManualTwoFactorProvider.new
     attr_reader :session, :csrf, :csrf_ts, :session_data
 
     AUTH_ENDPOINT = "https://idmsa.apple.com/appleauth/auth"
     WIDGET_KEY_URL = "https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com"
 
-    def initialize(two_factor_provider = nil)
+    def two_factor_provider=(provider)
+      @two_factor_provider = provider
+      logger.info "Two-factor provider set to #{provider.class.name}"
+    end
+
+    def initialize()
       # Create session directory if it doesn't exist
       @session_directory = File.expand_path("~/.starship")
       FileUtils.mkdir_p(@session_directory)
@@ -34,7 +41,6 @@ module Starship
       @csrf_ts = nil
       @email = nil
       @session_data = {}
-      @two_factor_provider = two_factor_provider || Starship::ManualTwoFactorProvider.new
 
       # Initialize Faraday with cookie jar
       @session = Faraday.new do |builder|
@@ -72,8 +78,6 @@ module Starship
       auth_result = authenticate_with_srp(email, password)
 
       if auth_result == :two_factor_required
-        logger.info "Two-factor authentication required. Requesting verification code..."
-
         handle_two_factor_auth
       elsif auth_result
         # After successful authentication, get CSRF tokens
@@ -303,13 +307,60 @@ module Starship
       end
     end
 
+    def to_hex(str)
+      str.unpack1('H*')
+    end
+
+    def to_byte(str)
+      [str].pack('H*')
+    end
+
+    def pbkdf2(password, salt, iterations, key_length, digest = OpenSSL::Digest::SHA256.new)
+      password = OpenSSL::Digest::SHA256.digest(password)
+      OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, key_length, digest)
+    end
+
+    def fetch_hashcash
+      response = @session.get(
+        "#{AUTH_ENDPOINT}/signin?widgetKey=#{widget_key}",
+      )
+      headers = response.headers
+
+      bits = headers["X-Apple-HC-Bits"]
+      challenge = headers["X-Apple-HC-Challenge"]
+
+      if bits.nil? || challenge.nil?
+        logger.warn "Unable to find 'X-Apple-HC-Bits' and 'X-Apple-HC-Challenge' to make hashcash"
+        return nil
+      end
+
+      return make_hashcash(bits: bits, challenge: challenge)
+    end
+
+    def make_hashcash(bits: nil, challenge: nil)
+      version = 1
+      date = Time.now.strftime("%Y%m%d%H%M%S")
+
+      counter = 0
+      loop do
+        hc = [
+          version, bits, date, challenge, ":#{counter}"
+        ].join(":")
+
+        if Digest::SHA1.digest(hc).unpack1('B*')[0, bits.to_i].to_i == 0
+          return hc
+        end
+        counter += 1
+      end
+    end
+
     # Authenticate with Secure Remote Password protocol
     # @param email [String] The email address
     # @param password [String] The password
     # @return [Boolean, Symbol] True if successful, :two_factor_required if 2FA is needed, false otherwise
     def authenticate_with_srp(email, password)
-      # This is a simplified SRP implementation since Ruby doesn"t have a direct equivalent to Python"s srp library
-      # In a real implementation, you would use a proper SRP library or implement the full protocol
+      client = SIRP::Client.new(2048)
+	    a = client.start_authentication()
 
       headers = {
         "Accept" => "application/json, text/javascript",
@@ -318,6 +369,17 @@ module Starship
         "X-Apple-Widget-Key" => widget_key,
       }
 
+      federate_data = {
+        "accountName" => email,
+        "rememberMe" => false,
+      }
+
+      response = @session.post(
+        "#{AUTH_ENDPOINT}/federate?isRememberMeEnabled=false",
+        federate_data.to_json,
+        headers
+      )
+
       if @session_data["session_id"]
         headers.update({
           "X-Apple-ID-Session-Id" => @session_data["session_id"],
@@ -325,18 +387,54 @@ module Starship
         })
       end
 
-      # For simplicity, we"ll use a direct password-based authentication approach
-      # In a real implementation, you would implement the full SRP protocol
-      auth_data = {
-        "accountName" => email,
-        "password" => password,
-        "rememberMe" => true,
+      init_data = {
+        "a": Base64.strict_encode64(to_byte(a)),
+        "accountName": email,
+        "protocols": ["s2k", "s2k_fo"],
       }
 
-      logger.info "Initializing authentication request to Apple ID..."
       response = @session.post(
-        "#{AUTH_ENDPOINT}/signin",
-        auth_data.to_json,
+        "#{AUTH_ENDPOINT}/signin/init",
+        init_data.to_json,
+        headers
+      )
+
+      body = JSON.parse(response.body)
+      salt = Base64.strict_decode64(body["salt"])
+      b = Base64.strict_decode64(body["b"])
+      c = body["c"]
+      iterations = body["iteration"]
+      key_length = 32
+
+      encrypted_password = pbkdf2(password, salt, iterations, key_length)
+
+      m1 = client.process_challenge(
+        email,
+        to_hex(encrypted_password),
+        to_hex(salt),
+        to_hex(b),
+        is_password_encrypted: true
+      )
+      m2 = client.H_AMK
+
+      complete_data = {
+        "accountName": email,
+        "c": c,
+        "m1": Base64.encode64(to_byte(m1)).strip,
+        "m2": Base64.encode64(to_byte(m2)).strip,
+        "rememberMe": false
+      }
+
+      hashcash = self.fetch_hashcash
+      if hashcash
+        headers.update({
+          "X-Apple-HC" => hashcash,
+        })
+      end
+
+      response = @session.post(
+        "#{AUTH_ENDPOINT}/signin/complete?isRememberMeEnabled=false",
+        complete_data.to_json,
         headers
       )
 
@@ -391,11 +489,60 @@ module Starship
       end
 
       begin
-        # Get 2FA code from provider
+        two_factor_type = @two_factor_provider.two_factor_type
+        logger.info "Two-factor authentication required. Requesting #{two_factor_type} verification code..."
+
+        auth_options_headers = {
+          "Accept" => "application/json, text/javascript",
+          "Content-Type" => "application/json",
+          "X-Requested-With" => "XMLHttpRequest",
+          "X-Apple-ID-Session-Id" => session_id,
+          "scnt" => scnt,
+          "X-Apple-Widget-Key" => widget_key,
+        }
+
+        auth_options_response = @session.get(
+          "#{AUTH_ENDPOINT}/auth",
+          nil,
+          auth_options_headers
+        )
+        auth_options = JSON.parse(auth_options_response.body)
+
+        trigger_headers = {
+          "Accept" => "application/json",
+          "Content-Type" => "application/json",
+          "X-Requested-With" => "XMLHttpRequest",
+          "X-Apple-ID-Session-Id" => session_id,
+          "scnt" => scnt,
+          "X-Apple-Widget-Key" => widget_key,
+        }
+
+        trigger_data = {
+        }
+
+        if two_factor_type == "phone"
+          phone_number = auth_options["trustedPhoneNumbers"][0]
+          trigger_data = {
+            "phoneNumber" => {
+              "id" => phone_number["id"],
+            },
+            "mode" => "sms",
+          }
+          logger.info "Sending SMS to #{phone_number["numberWithDialCode"]}"
+        end
+
+        response = @session.put(
+          "#{AUTH_ENDPOINT}/verify/#{two_factor_type}",
+          trigger_data.to_json,
+          trigger_headers
+        )
+
         code = @two_factor_provider.get_code(session_id, scnt)
 
+        logger.info "Received code: #{code}"
+
         verify_headers = {
-          "Accept" => "application/json, text/javascript",
+          "Accept" => "application/json",
           "Content-Type" => "application/json",
           "X-Requested-With" => "XMLHttpRequest",
           "X-Apple-ID-Session-Id" => session_id,
@@ -405,14 +552,19 @@ module Starship
 
         verify_data = { "securityCode" => { "code" => code.strip } }
 
+        if two_factor_type == "phone"
+          verify_data["phoneNumber"] = trigger_data["phoneNumber"]
+          verify_data["mode"] = trigger_data["mode"]
+        end
+
         # First verify the security code
         verify_response = @session.post(
-          "#{AUTH_ENDPOINT}/verify/trusteddevice/securitycode",
+          "#{AUTH_ENDPOINT}/verify/#{two_factor_type}/securitycode",
           verify_data.to_json,
           verify_headers
         )
 
-        if verify_response.status == 204
+        if verify_response.status == 204 || verify_response.status == 200
           logger.info "Two-factor code verified successfully."
           logger.info "Trusting the session after 2FA verification..."
 
@@ -423,7 +575,7 @@ module Starship
             verify_headers
           )
 
-          if trust_response.status == 204
+          if trust_response.status == 204 || trust_response.status == 200
             # Store all relevant session data
             @session_data.update({
               "session_id" => session_id,

data/lib/starship.rb

@@ -8,6 +8,10 @@ require_relative "starship/auth_helper"
 # Starship is a wrapper around Apple's developer portal API
 # Inspired by Fatslane's Spaceship
 module Starship
+  def self.set_provider(provider)
+    Client.auth_helper.two_factor_provider = provider
+  end
+
   class Client
     DEV_SERVICES_V1 = "https://developer.apple.com/services-account/v1"
     DEV_SERVICES_QH65B2 = "https://developer.apple.com/services-account/QH65B2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: adsedare
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.8
 platform: ruby
 authors:
 - alexstrnik
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2025-05-05 00:00:00.000000000 Z
+date: 2025-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: fastlane-sirp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: AdSedare is a powerful library designed to simplify the process of iOS
   ad-hoc distribution. By automating and streamlining the distribution of builds,
   it ensures a smooth, pain-free experience for developers and testers. AdSedare is