-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Service Temporarily Unavailable (503) #970
Comments
I suspect something is changing on the Apple side. Similar issue reported in downstream project |
Hello, exactly the same issue here and and I didn't change something for a while, I also suspect a change on Apple side :/ |
same issue for me, tested on mac and docker/linux |
Joining the club! Docker instances with 3 accounts behaving the same. |
same error in the library that was forked into icloudpd |
same issue in other tools using Apple auth |
I tried to compare requests |
same issue for me, on linux |
C:\Users\5257\Desktop\PyCharm\pythonProject.venv\Scripts\python.exe C:\Users\5257\Desktop\PyCharm\pythonProject\2.0000000000\设备名称.py |
Same here. :( |
Same error here for a few days now. It says 'Invalid email/password combination' but I can log into apple ID / account in my web browser with the same credentials. |
Looks like already authenticated accounts (with active sessions) continue to work fine, any way to work around that by creating a session via the website and using that to authenticate instead? |
I tried by logging into iCloud and opening Photos. Unfortunately, the same error occurred |
See the same issue when trying to re-authenticate accounts. Ones where the cookie hasn't expired yet continue to work without issue |
In another repo they are talking about the same, and think they have solved it! fastlane/fastlane#26368 |
I have managed to fix the authentication by implementing the new SRP flow. See commit 4bcb2ac Still the tests should be fixed and the code should be better organized. Just want to share it as a reference if anyone else is working on this issue. btw |
sorry @iowk, but how can i test that? i tried installing with pip and docker, and cant find the base.py to replace with that modified file, in order to test it. Ty! |
I think you can just replace Also you'll have to add |
i'm sorry, i never compiled a python exec from source, so that's the thing, how is the install process for Docker for example? Update: already got the compiled python executable, not the docker image as i get that some executable is missing and i have no clue why, will update when i test it, ty for the effort and fast solution. |
flawlessly working, thank you @iowk, hope someone already merges a PR on the master branch. Ty! |
Awesome! @iowk Will you have time to adjust tests accordingly and submit PR? That would be very much appreciated by all the folks using |
Sure, I am glad to work on this. It might take a while to adjust tests since I am not very familiar with the framework. |
@AndreyNikiforov To fix the tests, I think all the .yml files should be adjusted since the password is no longer directly sent to the server. I tried to fix one of them here f830709. I do not include the keys in the requests since they are randomly generated, and it might take quite some effort to mock the SRP client and server. Could you please help me check if I am on the right track? If so, I will continue to adjust the other .yml files correspondingly. Thank you. |
@iowk thanks for taking a look at fixing tests. A number of thoughts:
Questions:
|
Yes
Edit: I update my thoughts in the next comment
def run_srp_auth(yml_file: str) -> int:
with vcr.use_cassette(os.path.join(self.vcr_path, yml_file)):
runner = CliRunner(env={"CLIENT_ID": "DE309E26-942E-11E8-92F5-14109FE0B321"})
result = runner.invoke(
main,
[
"--username",
"[email protected]",
"--password",
"password1",
"--no-progress-bar",
"--cookie-directory",
cookie_dir,
"--auth-only",
],
)
return result.exit_code
)
def test_listing_albums(self) -> None:
base_dir = os.path.join(self.fixtures_path, inspect.stack()[0][3])
cookie_dir = os.path.join(base_dir, "cookie")
data_dir = os.path.join(base_dir, "data")
for dir in [base_dir, cookie_dir, data_dir]:
recreate_path(dir)
assert run_auth("srp_auth_flow.yml") == 0
with vcr.use_cassette(os.path.join(self.vcr_path, "listing_albums.yml")):
# Pass fixed client ID via environment variable
runner = CliRunner(env={"CLIENT_ID": "DE309E26-942E-11E8-92F5-14109FE0B321"})
result = runner.invoke(
main,
[
"--username",
"[email protected]",
"--list-albums",
"--no-progress-bar",
"--cookie-directory",
cookie_dir,
],
)
...
I think all the auth tests are still valuable since they focus on the flow after srp (2fa, 2sa, etc.). Regarding testing srp itself, we can actually provide a fixed initial key Nontheless, I don't think there's too much worth of doing it since I will be precalculating |
After some more investigation, I think the better way is to mock the cookies directly for behavior tests. I create a new function This way, we can remove auth-related iteractions from behavior tests' cassettes by loading cookies through mocked functions. I have fixed some tests here d843955. I would like to know your opinions. Thanks! |
If we are to use persisted credentials (cookies) for behavior tests, we most likely need another (small) change - perform session validation with hydrated credentials at the beginning of the auth flow. That way starting If we have saved cookies, we may be able to initialize cookie file (==clone into cookie_dir of each test) and do not use mocks at all - easier to modify 100 of test. WDYT? I don't know about |
Acquiring password is not a problem because we are already using
Yes, I agree it is easier.
It worked because we used to auth with password, so POST to If we auth with cookie, |
@AndreyNikiforov I think Regarding srp testing, the auth-related cassettes will replace In the cassettes, The response of I will submit a PR later today based on what you changed. Thanks. |
keep working on auth tests. ill fix what i missed. if you want to take on these missed fixes too, better to have them as separate pr imo |
I submitted the PR with auth tests fixed. All tests except |
Thanks! There are comments about exceptions that needs to be addressed
Submitted #973 with fixes. Strangely, these tests were green on my orig PR #971 but that is for another digging. |
Thanks everyone for their work! I probably don't understand quite what the status is — I tried to reinstall icloudpd using pip, reentered my credentials and it's throwing a bad username/password error (I'm sure they are correct). |
Thanks for all the effort in fixing this one guys |
Thanks for all the work here! I just installed
but I'm getting the following error response:
Is there something else I need to configure? I tried removing |
@scttnlsn Pls open new issue, so it is easier for folks with the same issue to connect. I tried new version with 2fa account (that was failing earlier) before sending 1.24.0 and it worked for downloading and |
Opened a new issue here: #975 |
An observation for the behaviour of the fix in my case. I had to authenticate twice because the first attempt failed. I run icloudpd like this:
The first time I run it after updating for the 503 fix, I got the 2FA prompt, entered the code, and then icloudpd failed with:
After a minute I tried to run it a second time (no reinstall or anything) and it worked like a charm and logged me in correctly. I don't have any weird home network configuration, there is no proxy in the way or anything like that. What I did differently (although I'm doubtful it had anything to do with it) was that in the first case I approved it on iPhone and after typing the code, I didn't close the 2FA popup and kept it running, while for the second try, I confirmed 2FA on a Mac and closed the popup before hitting enter in terminal. If no one else sees this behaviour, then it was just some transient and maybe unrelated issue. And thank you for maintaining this project. 😄 |
Summary
One of my accounts fails authentication
Another account works fine
The text was updated successfully, but these errors were encountered: