feat: complete iCloud 2FA from Telegram (headless re-auth, no shell/web UI)#470
Open
epheterson wants to merge 2 commits into
Open
feat: complete iCloud 2FA from Telegram (headless re-auth, no shell/web UI)#470epheterson wants to merge 2 commits into
epheterson wants to merge 2 commits into
Conversation
…eb UI) Headless deployments can't finish iCloud's 2FA without shelling into the container. This adds an opt-in Telegram reply flow: when re-authentication is needed, reply the auth keyword to have Apple push a code to your trusted devices, then reply the 6-digit code to validate and trust the session. The headless path previously waited for a code it never requested -- it never called trigger_2fa_push_notification, so no code was ever pushed. This wires up the trigger plus a getUpdates poll gated on app.telegram.listen. - config_parser: app.telegram.listen + auth_keyword - notify: poll_telegram_for_text; reply prompt routed through notify.send so it inherits the 24h throttle and other channels still get the standard alert - sync: thread the live api into the 2FA handler; poll for keyword/code - requires icloudpy 0.9.0 (trigger_2fa_push_notification); this bump also fixes the documented `docker exec ... icloud --username` CLI flow, which now pushes a code via icloudpy cmdline - codes tolerate spaces/dashes; docs note 1:1 chat + per-container bot token Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Owner
yes - @epheterson please split this PR as Telegram flow is optional. |
Contributor
Author
|
No problem, put up a PR with just the bump needed to get 2FA working and will rebase the telegram PR on top. Glad this 2FA issue is finally unblocked! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Headless deployments can't finish iCloud's 2FA without shelling into the container. This adds an opt-in Telegram reply flow: when re-authentication is needed, reply the auth keyword to have Apple push a code to your trusted devices, then reply the 6-digit code — the session validates and trusts, and sync resumes. No console, no web UI.
Root cause it also fixes: the headless path waited for a code it never requested — it never called
trigger_2fa_push_notification, so no code was ever pushed. This wires up the trigger.Config (opt-in, off by default)
Details
config_parser:app.telegram.listen+auth_keyword.notify:poll_telegram_for_text; the reply prompt is routed throughnotify.send, so it inherits the existing 24h throttle and other channels (email/Discord/Pushover) still get the standard alert.sync: threads the liveapiinto the 2FA handler and polls for the keyword/code.123 456). Docs note 1:1 chat (group privacy mode) + a per-container bot token for multi-container setups.icloudpy==0.9.0fortrigger_2fa_push_notification. As a bonus, that bump also fixes the documenteddocker exec ... icloud --usernameCLI flow, which now pushes a code via icloudpy'scmdline.Testing
New
tests/test_telegram_2fa.pycovers the poller, config getters, notify routing, and the wait loop. Verified end-to-end against real Apple + Telegram (push triggered, code validated, session trusted).Happy to split the pure trigger bug-fix (the missing
trigger_2fa_push_notificationcall + icloudpy bump) from the Telegram convenience layer into two PRs if you'd prefer — just say the word.