search

xcpretty / xcode-install

🔽 Install and update your Xcodes
https://fastlane.tools
MIT License
2.59k stars 243 forks source link

xcversion fails with "Invalid 2 step response" #308

Open gitoby opened 6 years ago

gitoby commented 6 years ago

We have been using xcode-install for a while now on our CI system and everything worked fine for the better part of the year. Yesterday it started failing with a service response asking for security questions and thus failing in two_step_client.rb:45 at handle_two_step. It turned out that the particular account that caused the problem had been locked down, so we tried with a couple of other accounts that had not been locked. All of them exhibited the same issue. We are no longer able to login via fastlane. We suspect that something has changed on the server side at Apple in the last few days causing this problem with xcversion.

We're still able to log in with a valid service key though.

Here's the command output (credentials and email addresses masked):

~ ❯❯❯ FASTLANE_USER=*** FASTLANE_PASSWORD=*** /usr/local/bin/xcversion update
Service key is empty
/Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/two_step_client.rb:45:in `handle_two_step': Invalid 2 step response {"securityQuestions"=>{"questions"=>[{"id"=>136, "question"=>"What is your dream job?", "number"=>2, "userDefined"=>false}, {"id"=>130, "question"=>"What was the name of your best friend as a teenager?", "number"=>1, "userDefined"=>false}]}, "rescueEmailAddress"=>"•••••", "crResetEnabled"=>false, "resetSecurityQuestionsSupportLink"=>"http://support.apple.com/kb/HT6170"} (RuntimeError)
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/client.rb:463:in `send_shared_login_request'
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/portal/portal_client.rb:28:in `send_login_request'
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/client.rb:664:in `do_login'
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/client.rb:363:in `login'
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/client.rb:71:in `login'
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/portal/spaceship.rb:25:in `login'
    from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.103.0/spaceship/lib/spaceship/portal/spaceship.rb:103:in `login'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/lib/xcode/install.rb:335:in `spaceship'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/lib/xcode/install.rb:375:in `fetch_seedlist'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/lib/xcode/install.rb:199:in `seedlist'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/lib/xcode/install.rb:413:in `list_versions'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/lib/xcode/install.rb:305:in `list'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/lib/xcode/install/update.rb:10:in `run'
    from /Library/Ruby/Gems/2.3.0/gems/claide-1.0.2/lib/claide/command.rb:334:in `run'
    from /Library/Ruby/Gems/2.3.0/gems/xcode-install-2.4.4/bin/xcversion:12:in `<top (required)>'
    from /usr/local/bin/xcversion:22:in `load'
    from /usr/local/bin/xcversion:22:in `<main>'

Did anyone else encounter this issue?

Any help would be highly appreciated.

KrauseFx commented 6 years ago

Can you try to delete the /tmp/spaceship_itc_service_key.txt file?

KrauseFx commented 6 years ago

Oh actually it looks like you can't reach the https://olympus.itunes.apple.com/v1/app/config?hostname=itunesconnect.apple.com URL. Can you do so manually via GET?

gitoby commented 6 years ago

Here's the contents of the log file written when trying to run xcversion without a /tmp/spaceship_itc_service_key.txt file:

# Logfile created on 2018-09-11 13:34:51 +0200 by logger.rb/56438
[13:34:51]: >> POST:  
[13:34:51]: >> GET: https://olympus.itunes.apple.com/v1/app/config?hostname=appstoreconnect.apple.com 
[13:34:53]: << GET: https://olympus.itunes.apple.com/v1/app/config?hostname=appstoreconnect.apple.com: {"code"=>"FORBIDDEN", "message"=>"The current session is not authorized to perform this operation"}
[13:34:53]: Timeout received: 'Could not receive latest API key from App Store Connect, this might be a server issue.'. Retrying after 3 seconds (remaining: 4)...
[13:34:57]: << POST: : {"authType"=>"sa"}
[13:34:57]: >> GET:  
[13:34:57]: << GET: : {"securityQuestions"=>{"questions"=>[{"id"=>136, "question"=>"What is your dream job?", "number"=>2, "userDefined"=>false}, {"id"=>130, "question"=>"What was the name of your best friend as a teenager?", "number"=>1, "userDefined"=>false}]}, "rescueEmailAddress"=>"•••••", "crResetEnabled"=>false, "resetSecurityQuestionsSupportLink"=>"http://support.apple.com/kb/HT6170"}

Here's what happens when manually GETting the olympus URL using curl:

curl 'https://olympus.itunes.apple.com/v1/app/config?hostname=appstoreconnect.apple.com'
{
  "code" : "FORBIDDEN",
  "message" : "The current session is not authorized to perform this operation"
}

The same happens when specifying basic auth headers:

curl --user ***:*** 'https://olympus.itunes.apple.com/v1/app/config?hostname=appstoreconnect.apple.com'
{
  "code" : "FORBIDDEN",
  "message" : "The current session is not authorized to perform this operation"
}
KrauseFx commented 6 years ago

Cool, thanks for letting me know. This is actually not an xcode-install issue, but a spaceship issue, which is part of fastlane/fastlane. Can you create a ticket there?