mirror/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2026-04-03 07:13:01 -04:00
Code Issues Packages Projects Releases Wiki Activity

iclouddrive: lowercase Apple ID for SRP authentication

Browse Source 
Apple IDs are case-insensitive, but the SRP proof computation (M1)
hashes the username client-side. The old plaintext signin let the
server normalize the case, but with SRP the client must match.
Lowercase the Apple ID before use so mixed-case IDs authenticate
correctly.

Reported-by: ArturKlauser
This commit is contained in:
Mike GIllan
2026-03-23 17:43:10 -04:00
committed by Nick Craig-Wood
parent 2610beb18d
commit 4a00a4dc4b
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/iclouddrive/api/session.go
View File

@@ -91,6 +91,11 @@ func (s *Session) Requires2FA() bool {
// SignIn performs SRP-based authentication against Apple's idmsa endpoint.
func (s *Session) SignIn(ctx context.Context, appleID, password string) error {
// Apple's SRP implementation expects a lowercase account name.
// The old plaintext flow didn't need this because the server normalized
// it, but SRP uses the username in client-side proof computation (M1).
appleID = strings.ToLower(appleID)
// Step 1: Initialize the auth session
if err := s.authStart(ctx); err != nil {
return fmt.Errorf("authStart: %w", err)