[spaceship] Fix Apple ID 2FA with SMS

[joshdholtz]

Motivation and Context

Fixes #21071

Description

• Looks like Apple changed the endpoint for submitting 2FA codes

• Any previous sessions that attempted to be used were causing lockout (Don't ask verification code and access forbiden and apple account block #21071 (comment))

• Fix for SMS

• Fix for Apple device code

More info coming soon

Testing Steps

Update Gemfile and run bundle install, bundle update fastlane, or bundle update

gem "fastlane", :git => "https://github.com/fastlane/fastlane.git", :branch => "joshdholtz-fix-apple-id-2fa"

[MattKiazyk]

So i think the original url was correct, but your body was wrong.

In Xcodes - https://github.com/RobotsAndPencils/XcodesApp/blob/main/Xcodes/AppleAPI/Sources/AppleAPI/URLRequest%2BApple.swift#L68

Depending on if it's sms or device it'll send different bodies.

for SMS: verify/phone/securitycode

  req.body = {
          "phoneNumber": {
            "id": device_id
          },
          "securityCode": {
            "code" => code.to_s
          },
          "mode": "sms"

for trusted device: ``verify/trusteddevice/securitycode`

  req.body = {
          "securityCode": {
            "code" => code.to_s
          }

That hasn't changed for a while and has been working, but maybe that has changed now 🤷

[joshdholtz]

Yeah yeah, the body definitely seemed wrong so not really sure how it didn't break sooner 🤷‍♂️

But... the new url/updated URL look correct though too, right? This is what proxyman showed me today 👇

[MattKiazyk]

My guess is not many people use sms as their 2fa vs a trusted device

that Updated url looks correct for SMS 2FA. For trusted device it's:

[joshdholtz]

Ah yeah yeah, we have a separate path for trusted devices that uses that URL and body already 😊

👉 https://github.com/fastlane/fastlane/blob/master/spaceship/lib/spaceship/two_step_or_factor_client.rb#L162-L170

[joshdholtz]

Punting on the fix for trusted devices because it seems like that might be an issue on Apple and its not reproducible anymore for me 😔

[aquacode]

If I update fastlane using gem "fastlane", :git => "https://github.com/fastlane/fastlane.git", :branch => "joshdholtz-fix-apple-id-2fa" is spaceauth cli to generate session supposed to work now because I get the same errors.

[andrewheavin]

@joshdholtz - You'll love this, its now magically working again and I'm running 2.210.1