Fix GSA

TaeHagen · TaeHagen · commit de10c3694cb3 · 2026-01-09T17:41:16.000-08:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,7 +12,9 @@ jobs:
     name: ${{ matrix.os }} with ${{ matrix.features }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
diff --git a/icloud-auth/src/client.rs b/icloud-auth/src/client.rs
@@ -16,7 +16,7 @@ use srp::{
     client::{SrpClient, SrpClientVerifier},
     groups::G_2048,
 };
-use log::{debug, error, warn};
+use log::{debug, error, info, warn};
 use tokio::sync::Mutex;
 use uuid::Uuid;
 
@@ -175,6 +175,7 @@ pub struct TrustedPhoneNumber {
 #[derive(Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct AuthenticationExtras {
+    #[serde(default)]
     pub trusted_phone_numbers: Vec<TrustedPhoneNumber>,
     pub recovery_url: Option<String>,
     pub cant_use_phone_number_url: Option<String>,
@@ -809,7 +810,12 @@ impl<T: AnisetteProvider> AppleAccount<T> {
             warn!("Got auth response {}", base64::encode(&body));
             return Err(Error::FailedGetting2FAConfig);
         }
-        let mut new_state = req.json::<AuthenticationExtras>().await?;
+        let resp = req.bytes().await?;
+        info!("Got gsa auth extras {:?}", str::from_utf8(&resp).unwrap());
+        let mut new_state: AuthenticationExtras = serde_json::from_slice(&resp)?;
+        if new_state.trusted_phone_numbers.is_empty() {
+            return Err(Error::HardwareKeyError);
+        }
         if status == 201 {
             new_state.new_state = Some(LoginState::NeedsSMS2FAVerification(VerifyBody {
                 phone_number: PhoneNumber {
diff --git a/icloud-auth/src/lib.rs b/icloud-auth/src/lib.rs
@@ -30,4 +30,8 @@ pub enum Error {
     ErrorGettingAnisette(#[from] omnisette::AnisetteError),
     #[error("Disable Advanced Data Protection")]
     FailedGetting2FAConfig,
+    #[error("Serde Error")]
+    SerdeError(#[from] serde_json::Error),
+    #[error("Disable hardware authentication keys and try again!")]
+    HardwareKeyError,
 }

Original file line number	Diff line number	Diff line change
`@@ -30,4 +30,8 @@ pub enum Error {`
`30`	`30`	`ErrorGettingAnisette(#[from] omnisette::AnisetteError),`
`31`	`31`	`#[error("Disable Advanced Data Protection")]`
`32`	`32`	`FailedGetting2FAConfig,`
	`33`	`+ #[error("Serde Error")]`
	`34`	`+ SerdeError(#[from] serde_json::Error),`
	`35`	`+ #[error("Disable hardware authentication keys and try again!")]`
	`36`	`+ HardwareKeyError,`
`33`	`37`	`}`