Skip to content

Commit 1396de8

Browse files
AndreyNikiforovAndreyNikiforov
authored
set origin & referer headers for auth (#1209)
1 parent 02b7c01 commit 1396de8

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

src/pyicloud_ipd/base.py

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,12 @@
5353
"scnt": "scnt",
5454
}
5555

56+
def origin_referer_headers(input: str) -> Dict[str, str]:
57+
return {
58+
"Origin": input,
59+
"Referer": f"{input}/"
60+
}
61+
5662
class TrustedPhoneContextProvider(NamedTuple):
5763
domain: str
5864
oauth_session: AuthenticatedSession
@@ -105,10 +111,12 @@ def __init__(
105111
self.password_filter: PyiCloudPasswordFilter|None = None
106112

107113
if (domain == 'com'):
114+
self.AUTH_ROOT_ENDPOINT = "https://idmsa.apple.com"
108115
self.AUTH_ENDPOINT = "https://idmsa.apple.com/appleauth/auth"
109116
self.HOME_ENDPOINT = "https://www.icloud.com"
110117
self.SETUP_ENDPOINT = "https://setup.icloud.com/setup/ws/1"
111118
elif (domain == 'cn'):
119+
self.AUTH_ROOT_ENDPOINT = "https://idmsa.apple.com.cn"
112120
self.AUTH_ENDPOINT = "https://idmsa.apple.com.cn/appleauth/auth"
113121
self.HOME_ENDPOINT = "https://www.icloud.com.cn"
114122
self.SETUP_ENDPOINT = "https://setup.icloud.com.cn/setup/ws/1"
@@ -376,7 +384,7 @@ def encode(self) -> bytes:
376384
'protocols': ['s2k', 's2k_fo']
377385
}
378386

379-
headers = self._get_auth_headers()
387+
headers = self._get_auth_headers(origin_referer_headers(self.AUTH_ROOT_ENDPOINT))
380388
try:
381389
if self.response_observer:
382390

@@ -487,7 +495,7 @@ def _authenticate_raw_password(self, password: str) -> None:
487495
if self.session_data.get("trust_token"):
488496
data["trustTokens"] = [self.session_data.get("trust_token")]
489497

490-
headers = self._get_auth_headers()
498+
headers = self._get_auth_headers(origin_referer_headers(self.AUTH_ROOT_ENDPOINT))
491499
try:
492500
# set observer with obfuscator
493501
if self.response_observer:
@@ -517,6 +525,7 @@ def _authenticate_raw_password(self, password: str) -> None:
517525
def _validate_token(self) -> Dict[str, Any]:
518526
"""Checks if the current access token is still valid."""
519527
LOGGER.debug("Checking session token validity")
528+
headers = origin_referer_headers(self.HOME_ENDPOINT)
520529
try:
521530
# set observer with obfuscator
522531
if self.response_observer:
@@ -533,7 +542,7 @@ def _validate_token(self) -> Dict[str, Any]:
533542
rules = []
534543

535544
with self.use_rules(rules):
536-
response = self.session.post("%s/validate" % self.SETUP_ENDPOINT, data="null")
545+
response = self.session.post("%s/validate" % self.SETUP_ENDPOINT, data="null", headers=headers)
537546
LOGGER.debug("Session token is still valid")
538547
result: Dict[str, Any] = response.json()
539548
return result

0 commit comments

Comments
 (0)