sebsto/xcodeinstall

Some MFA API Answer can not be decoded

Closed this issue · 2 comments

sebsto commented

Describe the bug
Apple MFA API returns different JSON for different users. Some fails to be parsed and causes the app to crash

To Reproduce
I do not know what Apple Developer Account are returning more or less JSON keys in the API response.

Here is one that fails with v0.4

{
  "trustedPhoneNumbers" : [ {
    "numberWithDialCode" : "+44 ••••• ••••24",
    "pushMode" : "sms",
    "lastTwoDigits" : "24",
    "obfuscatedNumber" : "••••• ••••24",
    "id" : 1
  } ],
  "securityCode" : {
    "length" : 6,
    "tooManyCodesSent" : false,
    "tooManyCodesValidated" : false,
    "securityCodeLocked" : false,
    "securityCodeCooldown" : false
  },
  "authenticationType" : "hsa2",
  "recoveryUrl" : "https://iforgot.apple.com/phone/add?prs_account_nm=ricsue%40amazon.co.uk&autoSubmitAccount=true&appId=142",
  "cantUsePhoneNumberUrl" : "https://iforgot.apple.com/iforgot/phone/add?context=cantuse&prs_account_nm=ricsue%40amazon.co.uk&autoSubmitAccount=true&appId=142",
  "recoveryWebUrl" : "https://iforgot.apple.com/password/verify/appleid?prs_account_nm=ricsue%40amazon.co.uk&autoSubmitAccount=true&appId=142",
  "repairPhoneNumberUrl" : "https://gsa.apple.com/appleid/account/manage/repair/verify/phone",
  "repairPhoneNumberWebUrl" : "https://appleid.apple.com/widget/account/repair?#!repair",
  "aboutTwoFactorAuthenticationUrl" : "https://support.apple.com/kb/HT204921",
  "autoVerified" : false,
  "showAutoVerificationUI" : false,
  "supportsCustodianRecovery" : false,
  "hideSendSMSCodeOption" : false,
  "supervisedChangePasswordFlow" : false,
  "trustedPhoneNumber" : {
    "numberWithDialCode" : "+44 ••••• ••••24",
    "pushMode" : "sms",
    "lastTwoDigits" : "24",
    "obfuscatedNumber" : "••••• ••••24",
    "id" : 1
  },
  "hsa2Account" : true,
  "restrictedAccount" : false,
  "supportsRecovery" : true,
  "managedAccount" : false
}

It fails because properties like twoFactorVerificationSupportUrl, hasRecoveryKey are not present.
https://github.com/sebsto/xcodeinstall/blob/main/Sources/xcodeinstall/API/AuthenticationMFA.swift#L89

sebsto commented

I will make many / most field optional to allow the parsing to be more flexible with different JSON

sebsto commented

fixed by aba78e0