Implement auth command (#55)

Author: majd

.github/workflows/integration-tests.yml

@@ -30,7 +30,7 @@ jobs:
       fail-fast: false
       matrix:
         macos: [macos-10.15, macos-11, macos-12]
-        command: [download, search]
+        command: [auth, download, search]
     steps:
       - name: Download binary
         uses: actions/download-artifact@v2

.swiftpm/xcode/xcshareddata/xcschemes/IPATool-Package.xcscheme

@@ -76,6 +76,20 @@
                ReferencedContainer = "container:">
             </BuildableReference>
          </BuildActionEntry>
+         <BuildActionEntry
+            buildForTesting = "YES"
+            buildForRunning = "YES"
+            buildForProfiling = "YES"
+            buildForArchiving = "YES"
+            buildForAnalyzing = "YES">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "Persistence"
+               BuildableName = "Persistence"
+               BlueprintName = "Persistence"
+               ReferencedContainer = "container:">
+            </BuildableReference>
+         </BuildActionEntry>
       </BuildActionEntries>
    </BuildAction>
    <TestAction

Package.resolved

@@ -1,6 +1,15 @@
 {
   "object": {
     "pins": [
+      {
+        "package": "KeychainAccess",
+        "repositoryURL": "https://github.com/kishikawakatsumi/KeychainAccess",
+        "state": {
+          "branch": "v4.2.2",
+          "revision": "84e546727d66f1adc5439debad16270d0fdd04e7",
+          "version": null
+        }
+      },
       {
         "package": "swift-argument-parser",
         "repositoryURL": "https://github.com/apple/swift-argument-parser",

Package.swift

@@ -8,19 +8,22 @@ let package = Package(
     products: [
         .executable(name: "ipatool", targets: ["CLI"]),
         .library(name: "StoreAPI", targets: ["StoreAPI"]),
-        .library(name: "Networking", targets: ["Networking"])
+        .library(name: "Networking", targets: ["Networking"]),
+        .library(name: "Persistence", targets: ["Persistence"])
     ],
     dependencies: [
         .package(url: "https://github.com/apple/swift-argument-parser", revision: "1.0.2"),
-        .package(url: "https://github.com/weichsel/ZIPFoundation", revision: "0.9.14")
+        .package(url: "https://github.com/weichsel/ZIPFoundation", revision: "0.9.14"),
+        .package(url: "https://github.com/kishikawakatsumi/KeychainAccess", revision: "v4.2.2")
     ],
     targets: [
         .executableTarget(
             name: "CLI",
             dependencies: [
                 .product(name: "ArgumentParser", package: "swift-argument-parser"),
                 .byName(name: "Networking"),
-                .byName(name: "StoreAPI")
+                .byName(name: "StoreAPI"),
+                .byName(name: "Persistence")
             ]
         ),
         .target(
@@ -32,6 +35,9 @@ let package = Package(
             ]
         ),
         .target(name: "Networking", dependencies: []),
-        .testTarget(name: "NetworkingTests", dependencies: ["Networking"])
+        .testTarget(name: "NetworkingTests", dependencies: ["Networking"]),
+        .target(name: "Persistence", dependencies: [
+            .byName(name: "KeychainAccess")
+        ]),
     ]
 )

README.md

@@ -1,4 +1,5 @@
 # IPATool
+
 [![Release](https://img.shields.io/github/release/majd/ipatool.svg?label=Release)](https://GitHub.com/majd/ipatool/releases/)
 [![License](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/majd/ipatool/blob/main/LICENSE)
 [![Unit Tests](https://github.com/majd/ipatool/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/majd/ipatool/actions/workflows/unit-tests.yml)
@@ -10,17 +11,18 @@
 
 ![Demo](./demo.gif)
 
-* [Requirements](#requirements)
-* [Installation](#installation)
-  * [Manual](#manual)
-  * [Homebrew](#homebrew)
-* [Usage](#usage)
-* [FAQ](https://github.com/majd/ipatool/wiki/FAQ)
-* [License](#license)
+- [Requirements](#requirements)
+- [Installation](#installation)
+  - [Manual](#manual)
+  - [Homebrew](#homebrew)
+- [Usage](#usage)
+- [FAQ](https://github.com/majd/ipatool/wiki/FAQ)
+- [License](#license)
 
 ## Requirements
-* macOS 10.15 or later.
-* Apple ID set up to use the App Store.
+
+- macOS 10.15 or later.
+- Apple ID set up to use the App Store.
 
 ## Installation
 
@@ -39,6 +41,24 @@ $ brew install ipatool
 
 ## Usage
 
+To authenticate with the App Store, use the `auth` command.
+
+```
+OVERVIEW: Authenticate with the App Store.
+
+USAGE: ipatool auth <subcommand>
+
+OPTIONS:
+  --version               Show the version.
+  -h, --help              Show help information.
+
+SUBCOMMANDS:
+  login                   Login to the App Store.
+  revoke                  Revoke your App Store credentials.
+
+  See 'ipatool help auth <subcommand>' for detailed help.
+```
+
 To search for apps on the App Store, use the `search` command.
 
 ```
@@ -50,11 +70,13 @@ ARGUMENTS:
   <term>                  The term to search for.
 
 OPTIONS:
-  -l, --limit <limit>     The maximum amount of search results to retrieve. (default: 5)
-  -c, --country <country> The two-letter (ISO 3166-1 alpha-2) country code for the 
-                          iTunes Store. (default: US)
+  -l, --limit <limit>     The maximum amount of search results to retrieve.
+                          (default: 5)
+  -c, --country <country> The two-letter (ISO 3166-1 alpha-2) country code for
+                          the iTunes Store. (default: US)
   -d, --device-family <device-family>
-                          The device family to limit the search query to. (default: iPhone)
+                          The device family to limit the search query to.
+                          (default: iPhone)
   --log-level <log-level> The log level. (default: info)
   --version               Show the version.
   -h, --help              Show help information.
@@ -65,28 +87,24 @@ To download a copy of the ipa file, use the `download` command.
 ```
 OVERVIEW: Download (encrypted) iOS app packages from the App Store.
 
-USAGE: ipatool download --bundle-identifier <bundle-identifier> [--email <email>] [--password <password>] [--auth-code <auth-code>] [--country <country>] [--device-family <device-family>] [--output <output>] [--log-level <log-level>]
+USAGE: ipatool download --bundle-identifier <bundle-identifier> [--country <country>] [--device-family <device-family>] [--output <output>] [--log-level <log-level>]
 
 OPTIONS:
   -b, --bundle-identifier <bundle-identifier>
                           The bundle identifier of the target iOS app.
-  -e, --email <email>     The email address for the Apple ID.
-  -p, --password <password>
-                          The password for the Apple ID.
-  --auth-code <auth-code> The 2FA code for the Apple ID.
-  -c, --country <country> The two-letter (ISO 3166-1 alpha-2) 
-                          country code for the iTunes Store. (default: US)
+  -c, --country <country> The two-letter (ISO 3166-1 alpha-2) country code for
+                          the iTunes Store. (default: US)
   -d, --device-family <device-family>
-                          The device family to limit the search query to. (default: iPhone)
+                          The device family to limit the search query to.
+                          (default: iPhone)
   -o, --output <output>   The destination path of the downloaded app package.
   --log-level <log-level> The log level. (default: info)
   --version               Show the version.
   -h, --help              Show help information.
-
 ```
 
 **Note:** You can specify the Apple ID email address and username as arguments when using the tool or by setting them as environment variables (`IPATOOL_EMAIL` and `IPATOOL_PASSWORD`). If you do not specify this information using either of those methods, the tool will prompt for user input in an interactive session. Similarly, you can supply the 2FA code interactively or using the environment variable `IPATOOL_2FA_CODE`.
 
 ## License
 
-IPATool is released under the [MIT license](https://github.com/majd/ipatool/blob/main/LICENSE).
+IPATool is released under the [MIT license](https://github.com/majd/ipatool/blob/main/LICENSE).

Sources/CLI/Commands/Auth.swift

@@ -0,0 +1,201 @@
+//
+//  Auth.swift
+//  IPATool
+//
+//  Created by Majd Alfhaily on 21.03.22.
+//
+
+import ArgumentParser
+import Foundation
+import Networking
+import StoreAPI
+import Persistence
+
+struct Auth: AsyncParsableCommand {
+    static var configuration: CommandConfiguration {
+        return .init(
+            commandName: "auth",
+            abstract: "Authenticate with the App Store.",
+            subcommands: [Login.self, Revoke.self],
+            defaultSubcommand: nil
+        )
+    }
+}
+
+extension Auth {
+    struct Login: AsyncParsableCommand {
+        static var configuration: CommandConfiguration {
+            return .init(abstract: "Login to the App Store.")
+        }
+
+        @Option(name: [.short, .customLong("email")], help: "The email address for the Apple ID.")
+        private var emailArgument: String?
+
+        @Option(name: [.short, .customLong("password")], help: "The password for the Apple ID.")
+        private var passwordArgument: String?
+
+        @Option(name: [.customLong("auth-code")], help: "The 2FA code for the Apple ID.")
+        private var authCodeArgument: String?
+
+        @Option(name: [.long], help: "The log level.")
+        private var logLevel: LogLevel = .info
+
+        lazy var logger = ConsoleLogger(level: logLevel)
+    }
+
+    struct Revoke: AsyncParsableCommand {
+        static var configuration: CommandConfiguration {
+            return .init(abstract: "Revoke your App Store credentials.")
+        }
+
+        @Option(name: [.long], help: "The log level.")
+        private var logLevel: LogLevel = .info
+
+        lazy var logger = ConsoleLogger(level: logLevel)
+    }
+}
+
+extension Auth.Login {
+    private mutating func email() -> String {
+        if let email = emailArgument {
+            return email
+        } else if let email = ProcessInfo.processInfo.environment["IPATOOL_EMAIL"] {
+            return email
+        } else if let email = String(validatingUTF8: UnsafePointer<CChar>(getpass(logger.compile("Enter Apple ID email: ", level: .warning)))) {
+            return email
+        } else {
+            logger.log("An Apple ID email address is required.", level: .error)
+            _exit(1)
+        }
+    }
+
+    private mutating func password() -> String {
+        if let password = passwordArgument {
+            return password
+        } else if let password = ProcessInfo.processInfo.environment["IPATOOL_PASSWORD"] {
+            return password
+        } else if let password = String(validatingUTF8: UnsafePointer<CChar>(getpass(logger.compile("Enter Apple ID password: ", level: .warning)))) {
+            return password
+        } else {
+            logger.log("An Apple ID password is required.", level: .error)
+            _exit(1)
+        }
+    }
+
+    private mutating func authCode() -> String {
+        if let authCode = authCodeArgument {
+            return authCode
+        } else if let authCode = ProcessInfo.processInfo.environment["IPATOOL_2FA_CODE"] {
+            return authCode
+        } else if let authCode = String(validatingUTF8: UnsafePointer<CChar>(getpass(logger.compile("Enter 2FA code: ", level: .warning)))) {
+            return authCode
+        } else {
+            logger.log("A 2FA auth-code is required.", level: .error)
+            _exit(1)
+        }
+    }
+
+    private mutating func authenticate(email: String, password: String) async -> Account {
+        logger.log("Creating HTTP client...", level: .debug)
+        let httpClient = HTTPClient(session: URLSession.shared)
+
+        logger.log("Creating App Store client...", level: .debug)
+        let storeClient = StoreClient(httpClient: httpClient)
+
+        do {
+            logger.log("Authenticating with the App Store...", level: .info)
+            let account = try await storeClient.authenticate(email: email, password: password, code: nil)
+            return Account(
+                name: "\(account.firstName) \(account.lastName)",
+                email: email,
+                passwordToken: account.passwordToken,
+                directoryServicesIdentifier: account.directoryServicesIdentifier
+            )
+        } catch {
+            switch error {
+            case StoreResponse.Error.codeRequired:
+                do {
+                    let account = try await storeClient.authenticate(email: email, password: password, code: authCode())
+                    return Account(
+                        name: "\(account.firstName) \(account.lastName)",
+                        email: email,
+                        passwordToken: account.passwordToken,
+                        directoryServicesIdentifier: account.directoryServicesIdentifier
+                    )
+                } catch {
+                    logger.log("\(error)", level: .debug)
+
+                    switch error {
+                    case StoreClient.Error.invalidResponse:
+                        logger.log("Received invalid response.", level: .error)
+                    case StoreResponse.Error.invalidAccount:
+                        logger.log("This Apple ID has not been set up to use the App Store.", level: .error)
+                    case StoreResponse.Error.invalidCredentials:
+                        logger.log("Invalid credentials.", level: .error)
+                    case StoreResponse.Error.lockedAccount:
+                        logger.log("This Apple ID has been disabled for security reasons.", level: .error)
+                    default:
+                        logger.log("An unknown error has occurred.", level: .error)
+                    }
+
+                    _exit(1)
+                }
+            default:
+                logger.log("\(error)", level: .debug)
+
+                switch error {
+                case StoreClient.Error.invalidResponse:
+                    logger.log("Received invalid response.", level: .error)
+                case StoreResponse.Error.invalidAccount:
+                    logger.log("This Apple ID has not been set up to use the App Store.", level: .error)
+                case StoreResponse.Error.invalidCredentials:
+                    logger.log("Invalid credentials.", level: .error)
+                case StoreResponse.Error.lockedAccount:
+                    logger.log("This Apple ID has been disabled for security reasons.", level: .error)
+                default:
+                    logger.log("An unknown error has occurred.", level: .error)
+                }
+
+                _exit(1)
+            }
+        }
+    }
+
+    mutating func run() async throws {
+        // Get Apple ID email
+        let email: String = email()
+
+        // Get Apple ID password
+        let password: String = password()
+
+        // Authenticate with the App Store
+        let account: Account = await authenticate(email: email, password: password)
+
+        // Store data in keychain
+        do {
+            let keychainStore = KeychainStore(service: "ipatool.service")
+            try keychainStore.setValue(account, forKey: "account")
+
+            logger.log("Authenticated as '\(account.name)'.", level: .info)
+        } catch {
+            logger.log("Failed to save account data in keychain.", level: .error)
+            logger.log("\(error)", level: .debug)
+
+            _exit(1)
+        }
+    }
+}
+
+extension Auth.Revoke {
+    mutating func run() async throws {
+        let keychainStore = KeychainStore(service: "ipatool.service")
+
+        guard let account: Account = try keychainStore.value(forKey: "account") else {
+            logger.log("No credentials available to revoke.", level: .error)
+            _exit(1)
+        }
+
+        try keychainStore.remove("account")
+        logger.log("Revoked credentials for '\(account.name)'.", level: .info)
+    }
+}