steamcommunity 3.44.3 → 3.45.0

package/components/twofactor.js

@@ -1,159 +1,152 @@
-var SteamTotp = require('steam-totp');
-var SteamCommunity = require('../index.js');
-
-var ETwoFactorTokenType = {
-	"None": 0,                  // No token-based two-factor authentication
-	"ValveMobileApp": 1,        // Tokens generated using Valve's special charset (5 digits, alphanumeric)
-	"ThirdParty": 2             // Tokens generated using literally everyone else's standard charset (6 digits, numeric). This is disabled.
-};
-
-SteamCommunity.prototype.enableTwoFactor = function(callback) {
-	var self = this;
-
-	this.getWebApiOauthToken(function(err, token) {
-		if(err) {
-			callback(err);
-			return;
-		}
-
-		self.httpRequestPost({
-			"uri": "https://api.steampowered.com/ITwoFactorService/AddAuthenticator/v1/",
-			"form": {
-				"steamid": self.steamID.getSteamID64(),
-				"access_token": token,
-				"authenticator_time": Math.floor(Date.now() / 1000),
-				"authenticator_type": ETwoFactorTokenType.ValveMobileApp,
-				"device_identifier": SteamTotp.getDeviceID(self.steamID),
-				"sms_phone_id": "1"
-			},
-			"json": true
-		}, function(err, response, body) {
-			if (err) {
-				callback(err);
-				return;
-			}
-
-			if(!body.response) {
-				callback(new Error("Malformed response"));
-				return;
-			}
-
-			if(body.response.status != 1) {
-				var error = new Error("Error " + body.response.status);
-				error.eresult = body.response.status;
-				callback(error);
-				return;
-			}
-
-			callback(null, body.response);
-		}, "steamcommunity");
-	});
-};
-
-SteamCommunity.prototype.finalizeTwoFactor = function(secret, activationCode, callback) {
-	var attemptsLeft = 30;
-	var diff = 0;
-
-	var self = this;
-	this.getWebApiOauthToken(function(err, token) {
-		if(err) {
-			callback(err);
-			return;
-		}
-
-		SteamTotp.getTimeOffset(function(err, offset, latency) {
-			if (err) {
-				callback(err);
-				return;
-			}
-
-			diff = offset;
-			finalize(token);
-		});
-	});
-
-	function finalize(token) {
-		var code = SteamTotp.generateAuthCode(secret, diff);
-
-		self.httpRequestPost({
-			"uri": "https://api.steampowered.com/ITwoFactorService/FinalizeAddAuthenticator/v1/",
-			"form": {
-				"steamid": self.steamID.getSteamID64(),
-				"access_token": token,
-				"authenticator_code": code,
-				"authenticator_time": Math.floor(Date.now() / 1000),
-				"activation_code": activationCode
-			},
-			"json": true
-		}, function(err, response, body) {
-			if (err) {
-				callback(err);
-				return;
-			}
-
-			if(!body.response) {
-				callback(new Error("Malformed response"));
-				return;
-			}
-
-			body = body.response;
-
-			if(body.server_time) {
-				diff = body.server_time - Math.floor(Date.now() / 1000);
-			}
-
-			if(body.status == 89) {
-				callback(new Error("Invalid activation code"));
-			} else if(body.want_more) {
-				attemptsLeft--;
-				diff += 30;
-
-				finalize(token);
-			} else if(!body.success) {
-				callback(new Error("Error " + body.status));
-			} else {
-				callback(null);
-			}
-		}, "steamcommunity");
-	}
-};
-
-SteamCommunity.prototype.disableTwoFactor = function(revocationCode, callback) {
-	var self = this;
-
-	this.getWebApiOauthToken(function(err, token) {
-		if(err) {
-			callback(err);
-			return;
-		}
-
-		self.httpRequestPost({
-			"uri": "https://api.steampowered.com/ITwoFactorService/RemoveAuthenticator/v1/",
-			"form": {
-				"steamid": self.steamID.getSteamID64(),
-				"access_token": token,
-				"revocation_code": revocationCode,
-				"steamguard_scheme": 1
-			},
-			"json": true
-		}, function(err, response, body) {
-			if (err) {
-				callback(err);
-				return;
-			}
-
-			if(!body.response) {
-				callback(new Error("Malformed response"));
-				return;
-			}
-
-			if(!body.response.success) {
-				callback(new Error("Request failed"));
-				return;
-			}
-
-			// success = true means it worked
-			callback(null);
-		}, "steamcommunity");
-	});
-};
+var SteamTotp = require('steam-totp');
+var SteamCommunity = require('../index.js');
+
+var ETwoFactorTokenType = {
+	None: 0,                  // No token-based two-factor authentication
+	ValveMobileApp: 1,        // Tokens generated using Valve's special charset (5 digits, alphanumeric)
+	ThirdParty: 2             // Tokens generated using literally everyone else's standard charset (6 digits, numeric). This is disabled.
+};
+
+SteamCommunity.prototype.enableTwoFactor = function(callback) {
+	this._verifyMobileAccessToken();
+
+	if (!this.mobileAccessToken) {
+		callback(new Error('No mobile access token available. Provide one by calling setMobileAppAccessToken()'));
+		return;
+	}
+
+	this.httpRequestPost({
+		uri: "https://api.steampowered.com/ITwoFactorService/AddAuthenticator/v1/?access_token=" + this.mobileAccessToken,
+		// TODO: Send this as protobuf to more closely mimic official app behavior
+		form: {
+			steamid: this.steamID.getSteamID64(),
+			authenticator_time: Math.floor(Date.now() / 1000),
+			authenticator_type: ETwoFactorTokenType.ValveMobileApp,
+			device_identifier: SteamTotp.getDeviceID(this.steamID),
+			sms_phone_id: '1'
+		},
+		json: true
+	}, (err, response, body) => {
+		if (err) {
+			callback(err);
+			return;
+		}
+
+		if (!body.response) {
+			callback(new Error('Malformed response'));
+			return;
+		}
+
+		if (body.response.status != 1) {
+			var error = new Error('Error ' + body.response.status);
+			error.eresult = body.response.status;
+			callback(error);
+			return;
+		}
+
+		callback(null, body.response);
+	}, 'steamcommunity');
+};
+
+SteamCommunity.prototype.finalizeTwoFactor = function(secret, activationCode, callback) {
+	this._verifyMobileAccessToken();
+
+	if (!this.mobileAccessToken) {
+		callback(new Error('No mobile access token available. Provide one by calling setMobileAppAccessToken()'));
+		return;
+	}
+
+	let attemptsLeft = 30;
+	let diff = 0;
+
+	let finalize = () => {
+		let code = SteamTotp.generateAuthCode(secret, diff);
+
+		this.httpRequestPost({
+			uri: 'https://api.steampowered.com/ITwoFactorService/FinalizeAddAuthenticator/v1/?access_token=' + this.mobileAccessToken,
+			form: {
+				steamid: this.steamID.getSteamID64(),
+				authenticator_code: code,
+				authenticator_time: Math.floor(Date.now() / 1000),
+				activation_code: activationCode
+			},
+			json: true
+		}, function(err, response, body) {
+			if (err) {
+				callback(err);
+				return;
+			}
+
+			if (!body.response) {
+				callback(new Error('Malformed response'));
+				return;
+			}
+
+			body = body.response;
+
+			if (body.server_time) {
+				diff = body.server_time - Math.floor(Date.now() / 1000);
+			}
+
+			if (body.status == 89) {
+				callback(new Error('Invalid activation code'));
+			} else if(body.want_more) {
+				attemptsLeft--;
+				diff += 30;
+
+				finalize();
+			} else if(!body.success) {
+				callback(new Error('Error ' + body.status));
+			} else {
+				callback(null);
+			}
+		}, 'steamcommunity');
+	}
+
+	SteamTotp.getTimeOffset(function(err, offset, latency) {
+		if (err) {
+			callback(err);
+			return;
+		}
+
+		diff = offset;
+		finalize();
+	});
+};
+
+SteamCommunity.prototype.disableTwoFactor = function(revocationCode, callback) {
+	this._verifyMobileAccessToken();
+
+	if (!this.mobileAccessToken) {
+		callback(new Error('No mobile access token available. Provide one by calling setMobileAppAccessToken()'));
+		return;
+	}
+
+	this.httpRequestPost({
+		uri: 'https://api.steampowered.com/ITwoFactorService/RemoveAuthenticator/v1/?access_token=' + this.mobileAccessToken,
+		form: {
+			steamid: this.steamID.getSteamID64(),
+			revocation_code: revocationCode,
+			steamguard_scheme: 1
+		},
+		json: true
+	}, function(err, response, body) {
+		if (err) {
+			callback(err);
+			return;
+		}
+
+		if (!body.response) {
+			callback(new Error('Malformed response'));
+			return;
+		}
+
+		if (!body.response.success) {
+			callback(new Error('Request failed'));
+			return;
+		}
+
+		// success = true means it worked
+		callback(null);
+	}, 'steamcommunity');
+};

package/components/webapi.js

@@ -1,57 +1,118 @@
-var SteamCommunity = require('../index.js');
-
-SteamCommunity.prototype.getWebApiKey = function(domain, callback) {
-	var self = this;
-	this.httpRequest({
-		"uri": "https://steamcommunity.com/dev/apikey?l=english",
-		"followRedirect": false
-	}, function(err, response, body) {
-		if (err) {
-			callback(err);
-			return;
-		}
-
-		if(body.match(/<h2>Access Denied<\/h2>/)) {
-			return callback(new Error("Access Denied"));
-		}
-
-		if(body.match(/You must have a validated email address to create a Steam Web API key./)) {
-			return callback(new Error("You must have a validated email address to create a Steam Web API key."));
-		}
-
-		var match = body.match(/<p>Key: ([0-9A-F]+)<\/p>/);
-		if(match) {
-			// We already have an API key registered
-			callback(null, match[1]);
-		} else {
-			// We need to register a new API key
-			self.httpRequestPost('https://steamcommunity.com/dev/registerkey?l=english', {
-				"form": {
-					"domain": domain,
-					"agreeToTerms": "agreed",
-					"sessionid": self.getSessionID(),
-					"Submit": "Register"
-				}
-			}, function(err, response, body) {
-				if (err) {
-					callback(err);
-					return;
-				}
-
-				self.getWebApiKey(domain, callback);
-			}, "steamcommunity");
-		}
-	}, "steamcommunity");
-};
-
-/**
- * @deprecated No longer works if not logged in via mobile login. Will be removed in a future release.
- * @param {function} callback
- */
-SteamCommunity.prototype.getWebApiOauthToken = function(callback) {
-	if (this.oAuthToken) {
-		return callback(null, this.oAuthToken);
-	}
-
-	callback(new Error('This operation requires an OAuth token, which can only be obtained from node-steamcommunity\'s `login` method.'));
-};
+var SteamCommunity = require('../index.js');
+
+const Helpers = require('./helpers.js');
+
+SteamCommunity.prototype.getWebApiKey = function(domain, callback) {
+	var self = this;
+	this.httpRequest({
+		"uri": "https://steamcommunity.com/dev/apikey?l=english",
+		"followRedirect": false
+	}, function(err, response, body) {
+		if (err) {
+			callback(err);
+			return;
+		}
+
+		if(body.match(/<h2>Access Denied<\/h2>/)) {
+			return callback(new Error("Access Denied"));
+		}
+
+		if(body.match(/You must have a validated email address to create a Steam Web API key./)) {
+			return callback(new Error("You must have a validated email address to create a Steam Web API key."));
+		}
+
+		var match = body.match(/<p>Key: ([0-9A-F]+)<\/p>/);
+		if(match) {
+			// We already have an API key registered
+			callback(null, match[1]);
+		} else {
+			// We need to register a new API key
+			self.httpRequestPost('https://steamcommunity.com/dev/registerkey?l=english', {
+				"form": {
+					"domain": domain,
+					"agreeToTerms": "agreed",
+					"sessionid": self.getSessionID(),
+					"Submit": "Register"
+				}
+			}, function(err, response, body) {
+				if (err) {
+					callback(err);
+					return;
+				}
+
+				self.getWebApiKey(domain, callback);
+			}, "steamcommunity");
+		}
+	}, "steamcommunity");
+};
+
+/**
+ * @deprecated No longer works. Will be removed in a future release.
+ * @param {function} callback
+ */
+SteamCommunity.prototype.getWebApiOauthToken = function(callback) {
+	if (this.oAuthToken) {
+		return callback(null, this.oAuthToken);
+	}
+
+	callback(new Error('This operation requires an OAuth token, which is no longer issued by Steam.'));
+};
+
+/**
+ * Sets an access_token generated by steam-session using EAuthTokenPlatformType.MobileApp.
+ * Required for some operations such as 2FA enabling and disabling.
+ * This will throw an Error if the provided token is not valid, was not generated for the MobileApp platform, is expired,
+ * or does not belong to the logged-in user account.
+ *
+ * @param {string} token
+ */
+SteamCommunity.prototype.setMobileAppAccessToken = function(token) {
+	if (!this.steamID) {
+		throw new Error('Log on to steamcommunity before setting a mobile app access token');
+	}
+
+	let decodedToken = Helpers.decodeJwt(token);
+
+	if (!decodedToken.iss || !decodedToken.sub || !decodedToken.aud || !decodedToken.exp) {
+		throw new Error('Provided value is not a valid Steam access token');
+	}
+
+	if (decodedToken.iss == 'steam') {
+		throw new Error('Provided token is a refresh token, not an access token');
+	}
+
+	if (decodedToken.sub != this.steamID.getSteamID64()) {
+		throw new Error(`Provided token belongs to account ${decodedToken.sub}, but we are logged into ${this.steamID.getSteamID64()}`);
+	}
+
+	if (decodedToken.exp < Math.floor(Date.now() / 1000)) {
+		throw new Error('Provided token is expired');
+	}
+
+	if ((decodedToken.aud || []).indexOf('mobile') == -1) {
+		throw new Error('Provided token is not valid for MobileApp platform type');
+	}
+
+	this.mobileAccessToken = token;
+};
+
+/**
+ * Verifies that the mobile access token we already have set is still valid for current login.
+ *
+ * @private
+ */
+SteamCommunity.prototype._verifyMobileAccessToken = function() {
+	if (!this.mobileAccessToken) {
+		// No access token, so nothing to do here.
+		return;
+	}
+
+	let decodedToken = Helpers.decodeJwt(this.mobileAccessToken);
+
+	let isTokenInvalid = decodedToken.sub != this.steamID.getSteamID64()    // SteamID doesn't match
+		|| decodedToken.exp < Math.floor(Date.now() / 1000);                      // Token is expired
+
+	if (isTokenInvalid) {
+		delete this.mobileAccessToken;
+	}
+};

package/examples/disable_twofactor.js

@@ -1,62 +1,81 @@
-// If you aren't running this script inside of the repository, replace the following line with:
-// const SteamCommunity = require('steamcommunity');
-const SteamCommunity = require('../index.js');
-const ReadLine = require('readline');
-
-let community = new SteamCommunity();
-let rl = ReadLine.createInterface({
-	input: process.stdin,
-	output: process.stdout
-});
-
-rl.question('Username: ', (accountName) => {
-	rl.question('Password: ', (password) => {
-		rl.question('Two-Factor Auth Code: ', (authCode) =>{
-			rl.question('Revocation Code: R', (rCode) => {
-				doLogin(accountName, password, authCode, '', rCode);
-			});
-		});
-	});
-});
-
-function doLogin(accountName, password, authCode, captcha, rCode) {
-	community.login({
-		accountName: accountName,
-		password: password,
-		twoFactorCode: authCode,
-		captcha: captcha
-	}, (err, sessionID, cookies, steamguard) => {
-		if (err) {
-			if (err.message == 'SteamGuard') {
-				console.log('This account does not have two-factor authentication enabled.');
-				process.exit();
-				return;
-			}
-
-			if (err.message == 'CAPTCHA') {
-				console.log(err.captchaurl);
-				rl.question('CAPTCHA: ', (captchaInput) => {
-					doLogin(accountName, password, authCode, captchaInput);
-				});
-
-				return;
-			}
-
-			console.log(err);
-			process.exit();
-			return;
-		}
-
-		console.log('Logged on!');
-		community.disableTwoFactor('R' + rCode, (err) => {
-			if (err) {
-				console.log(err);
-				process.exit();
-				return;
-			}
-
-			console.log('Two-factor authentication disabled!');
-			process.exit();
-		});
-	});
-}
+// If you aren't running this script inside of the repository, replace the following line with:
+// const SteamCommunity = require('steamcommunity');
+const SteamCommunity = require('../index.js');
+const ReadLine = require('readline');
+
+let community = new SteamCommunity();
+let rl = ReadLine.createInterface({
+	input: process.stdin,
+	output: process.stdout
+});
+
+rl.question('Username: ', (accountName) => {
+	rl.question('Password: ', (password) => {
+		rl.question('Two-Factor Auth Code: ', (authCode) =>{
+			rl.question('Revocation Code: R', (rCode) => {
+				doLogin(accountName, password, authCode, '', rCode);
+			});
+		});
+	});
+});
+
+function doLogin(accountName, password, authCode, captcha, rCode) {
+	community.login({
+		accountName: accountName,
+		password: password,
+		twoFactorCode: authCode,
+		captcha: captcha
+	}, (err, sessionID, cookies, steamguard) => {
+		if (err) {
+			if (err.message == 'SteamGuard') {
+				console.log('This account does not have two-factor authentication enabled.');
+				process.exit();
+				return;
+			}
+
+			if (err.message == 'CAPTCHA') {
+				console.log(err.captchaurl);
+				rl.question('CAPTCHA: ', (captchaInput) => {
+					doLogin(accountName, password, authCode, captchaInput);
+				});
+
+				return;
+			}
+
+			console.log(err);
+			process.exit();
+			return;
+		}
+
+		console.log('Logged on!');
+
+		if (community.mobileAccessToken) {
+			// If we already have a mobile access token, we don't need to prompt for one.
+			doRevoke(rCode);
+			return;
+		}
+
+		console.log('You need to provide a mobile app access token to continue.');
+		console.log('You can generate one using steam-session (https://www.npmjs.com/package/steam-session).');
+		console.log('The access token needs to be generated using EAuthTokenPlatformType.MobileApp.');
+		console.log('Make sure you provide an *ACCESS* token, not a refresh token.');
+
+		rl.question('Access Token: ', (accessToken) => {
+			community.setMobileAppAccessToken(accessToken);
+			doRevoke(rCode);
+		});
+	});
+}
+
+function doRevoke(rCode) {
+	community.disableTwoFactor('R' + rCode, (err) => {
+		if (err) {
+			console.log(err);
+			process.exit();
+			return;
+		}
+
+		console.log('Two-factor authentication disabled!');
+		process.exit();
+	});
+}