mirror of
https://github.com/DoctorMcKay/node-steamcommunity.git
synced 2025-01-16 18:16:51 +08:00
Updated 2FA methods to use mobile app access token
This commit is contained in:
parent
fd872490c8
commit
6fa6a073a8
@ -54,3 +54,15 @@ exports.eresultError = function(eresult) {
|
|||||||
err.eresult = eresult;
|
err.eresult = eresult;
|
||||||
return err;
|
return err;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
exports.decodeJwt = function(jwt) {
|
||||||
|
let parts = jwt.split('.');
|
||||||
|
if (parts.length != 3) {
|
||||||
|
throw new Error('Invalid JWT');
|
||||||
|
}
|
||||||
|
|
||||||
|
let standardBase64 = parts[1].replace(/-/g, '+')
|
||||||
|
.replace(/_/g, '/');
|
||||||
|
|
||||||
|
return JSON.parse(Buffer.from(standardBase64, 'base64').toString('utf8'));
|
||||||
|
}
|
||||||
|
@ -2,65 +2,107 @@ var SteamTotp = require('steam-totp');
|
|||||||
var SteamCommunity = require('../index.js');
|
var SteamCommunity = require('../index.js');
|
||||||
|
|
||||||
var ETwoFactorTokenType = {
|
var ETwoFactorTokenType = {
|
||||||
"None": 0, // No token-based two-factor authentication
|
None: 0, // No token-based two-factor authentication
|
||||||
"ValveMobileApp": 1, // Tokens generated using Valve's special charset (5 digits, alphanumeric)
|
ValveMobileApp: 1, // Tokens generated using Valve's special charset (5 digits, alphanumeric)
|
||||||
"ThirdParty": 2 // Tokens generated using literally everyone else's standard charset (6 digits, numeric). This is disabled.
|
ThirdParty: 2 // Tokens generated using literally everyone else's standard charset (6 digits, numeric). This is disabled.
|
||||||
};
|
};
|
||||||
|
|
||||||
SteamCommunity.prototype.enableTwoFactor = function(callback) {
|
SteamCommunity.prototype.enableTwoFactor = function(callback) {
|
||||||
var self = this;
|
this._verifyMobileAccessToken();
|
||||||
|
|
||||||
this.getWebApiOauthToken(function(err, token) {
|
if (!this.mobileAccessToken) {
|
||||||
if(err) {
|
callback(new Error('No mobile access token available. Provide one by calling setMobileAppAccessToken()'));
|
||||||
callback(err);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
self.httpRequestPost({
|
this.httpRequestPost({
|
||||||
"uri": "https://api.steampowered.com/ITwoFactorService/AddAuthenticator/v1/",
|
uri: "https://api.steampowered.com/ITwoFactorService/AddAuthenticator/v1/?access_token=" + this.mobileAccessToken,
|
||||||
"form": {
|
// TODO: Send this as protobuf to more closely mimic official app behavior
|
||||||
"steamid": self.steamID.getSteamID64(),
|
form: {
|
||||||
"access_token": token,
|
steamid: this.steamID.getSteamID64(),
|
||||||
"authenticator_time": Math.floor(Date.now() / 1000),
|
authenticator_time: Math.floor(Date.now() / 1000),
|
||||||
"authenticator_type": ETwoFactorTokenType.ValveMobileApp,
|
authenticator_type: ETwoFactorTokenType.ValveMobileApp,
|
||||||
"device_identifier": SteamTotp.getDeviceID(self.steamID),
|
device_identifier: SteamTotp.getDeviceID(this.steamID),
|
||||||
"sms_phone_id": "1"
|
sms_phone_id: '1'
|
||||||
},
|
},
|
||||||
"json": true
|
json: true
|
||||||
}, function(err, response, body) {
|
}, (err, response, body) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
callback(err);
|
callback(err);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!body.response) {
|
if (!body.response) {
|
||||||
callback(new Error("Malformed response"));
|
callback(new Error('Malformed response'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(body.response.status != 1) {
|
if (body.response.status != 1) {
|
||||||
var error = new Error("Error " + body.response.status);
|
var error = new Error('Error ' + body.response.status);
|
||||||
error.eresult = body.response.status;
|
error.eresult = body.response.status;
|
||||||
callback(error);
|
callback(error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
callback(null, body.response);
|
callback(null, body.response);
|
||||||
}, "steamcommunity");
|
}, 'steamcommunity');
|
||||||
});
|
|
||||||
};
|
};
|
||||||
|
|
||||||
SteamCommunity.prototype.finalizeTwoFactor = function(secret, activationCode, callback) {
|
SteamCommunity.prototype.finalizeTwoFactor = function(secret, activationCode, callback) {
|
||||||
var attemptsLeft = 30;
|
this._verifyMobileAccessToken();
|
||||||
var diff = 0;
|
|
||||||
|
|
||||||
var self = this;
|
if (!this.mobileAccessToken) {
|
||||||
this.getWebApiOauthToken(function(err, token) {
|
callback(new Error('No mobile access token available. Provide one by calling setMobileAppAccessToken()'));
|
||||||
if(err) {
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let attemptsLeft = 30;
|
||||||
|
let diff = 0;
|
||||||
|
|
||||||
|
let finalize = () => {
|
||||||
|
let code = SteamTotp.generateAuthCode(secret, diff);
|
||||||
|
|
||||||
|
this.httpRequestPost({
|
||||||
|
uri: 'https://api.steampowered.com/ITwoFactorService/FinalizeAddAuthenticator/v1/?access_token=' + this.mobileAccessToken,
|
||||||
|
form: {
|
||||||
|
steamid: this.steamID.getSteamID64(),
|
||||||
|
authenticator_code: code,
|
||||||
|
authenticator_time: Math.floor(Date.now() / 1000),
|
||||||
|
activation_code: activationCode
|
||||||
|
},
|
||||||
|
json: true
|
||||||
|
}, function(err, response, body) {
|
||||||
|
if (err) {
|
||||||
callback(err);
|
callback(err);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!body.response) {
|
||||||
|
callback(new Error('Malformed response'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
body = body.response;
|
||||||
|
|
||||||
|
if (body.server_time) {
|
||||||
|
diff = body.server_time - Math.floor(Date.now() / 1000);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (body.status == 89) {
|
||||||
|
callback(new Error('Invalid activation code'));
|
||||||
|
} else if(body.want_more) {
|
||||||
|
attemptsLeft--;
|
||||||
|
diff += 30;
|
||||||
|
|
||||||
|
finalize();
|
||||||
|
} else if(!body.success) {
|
||||||
|
callback(new Error('Error ' + body.status));
|
||||||
|
} else {
|
||||||
|
callback(null);
|
||||||
|
}
|
||||||
|
}, 'steamcommunity');
|
||||||
|
}
|
||||||
|
|
||||||
SteamTotp.getTimeOffset(function(err, offset, latency) {
|
SteamTotp.getTimeOffset(function(err, offset, latency) {
|
||||||
if (err) {
|
if (err) {
|
||||||
callback(err);
|
callback(err);
|
||||||
@ -68,92 +110,43 @@ SteamCommunity.prototype.finalizeTwoFactor = function(secret, activationCode, ca
|
|||||||
}
|
}
|
||||||
|
|
||||||
diff = offset;
|
diff = offset;
|
||||||
finalize(token);
|
finalize();
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
function finalize(token) {
|
|
||||||
var code = SteamTotp.generateAuthCode(secret, diff);
|
|
||||||
|
|
||||||
self.httpRequestPost({
|
|
||||||
"uri": "https://api.steampowered.com/ITwoFactorService/FinalizeAddAuthenticator/v1/",
|
|
||||||
"form": {
|
|
||||||
"steamid": self.steamID.getSteamID64(),
|
|
||||||
"access_token": token,
|
|
||||||
"authenticator_code": code,
|
|
||||||
"authenticator_time": Math.floor(Date.now() / 1000),
|
|
||||||
"activation_code": activationCode
|
|
||||||
},
|
|
||||||
"json": true
|
|
||||||
}, function(err, response, body) {
|
|
||||||
if (err) {
|
|
||||||
callback(err);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!body.response) {
|
|
||||||
callback(new Error("Malformed response"));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
body = body.response;
|
|
||||||
|
|
||||||
if(body.server_time) {
|
|
||||||
diff = body.server_time - Math.floor(Date.now() / 1000);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(body.status == 89) {
|
|
||||||
callback(new Error("Invalid activation code"));
|
|
||||||
} else if(body.want_more) {
|
|
||||||
attemptsLeft--;
|
|
||||||
diff += 30;
|
|
||||||
|
|
||||||
finalize(token);
|
|
||||||
} else if(!body.success) {
|
|
||||||
callback(new Error("Error " + body.status));
|
|
||||||
} else {
|
|
||||||
callback(null);
|
|
||||||
}
|
|
||||||
}, "steamcommunity");
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
SteamCommunity.prototype.disableTwoFactor = function(revocationCode, callback) {
|
SteamCommunity.prototype.disableTwoFactor = function(revocationCode, callback) {
|
||||||
var self = this;
|
this._verifyMobileAccessToken();
|
||||||
|
|
||||||
this.getWebApiOauthToken(function(err, token) {
|
if (!this.mobileAccessToken) {
|
||||||
if(err) {
|
callback(new Error('No mobile access token available. Provide one by calling setMobileAppAccessToken()'));
|
||||||
callback(err);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
self.httpRequestPost({
|
this.httpRequestPost({
|
||||||
"uri": "https://api.steampowered.com/ITwoFactorService/RemoveAuthenticator/v1/",
|
uri: 'https://api.steampowered.com/ITwoFactorService/RemoveAuthenticator/v1/?access_token=' + this.mobileAccessToken,
|
||||||
"form": {
|
form: {
|
||||||
"steamid": self.steamID.getSteamID64(),
|
steamid: this.steamID.getSteamID64(),
|
||||||
"access_token": token,
|
revocation_code: revocationCode,
|
||||||
"revocation_code": revocationCode,
|
steamguard_scheme: 1
|
||||||
"steamguard_scheme": 1
|
|
||||||
},
|
},
|
||||||
"json": true
|
json: true
|
||||||
}, function(err, response, body) {
|
}, function(err, response, body) {
|
||||||
if (err) {
|
if (err) {
|
||||||
callback(err);
|
callback(err);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!body.response) {
|
if (!body.response) {
|
||||||
callback(new Error("Malformed response"));
|
callback(new Error('Malformed response'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!body.response.success) {
|
if (!body.response.success) {
|
||||||
callback(new Error("Request failed"));
|
callback(new Error('Request failed'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// success = true means it worked
|
// success = true means it worked
|
||||||
callback(null);
|
callback(null);
|
||||||
}, "steamcommunity");
|
}, 'steamcommunity');
|
||||||
});
|
|
||||||
};
|
};
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
var SteamCommunity = require('../index.js');
|
var SteamCommunity = require('../index.js');
|
||||||
|
|
||||||
|
const Helpers = require('./helpers.js');
|
||||||
|
|
||||||
SteamCommunity.prototype.getWebApiKey = function(domain, callback) {
|
SteamCommunity.prototype.getWebApiKey = function(domain, callback) {
|
||||||
var self = this;
|
var self = this;
|
||||||
this.httpRequest({
|
this.httpRequest({
|
||||||
@ -45,7 +47,7 @@ SteamCommunity.prototype.getWebApiKey = function(domain, callback) {
|
|||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @deprecated No longer works if not logged in via mobile login. Will be removed in a future release.
|
* @deprecated No longer works. Will be removed in a future release.
|
||||||
* @param {function} callback
|
* @param {function} callback
|
||||||
*/
|
*/
|
||||||
SteamCommunity.prototype.getWebApiOauthToken = function(callback) {
|
SteamCommunity.prototype.getWebApiOauthToken = function(callback) {
|
||||||
@ -53,5 +55,64 @@ SteamCommunity.prototype.getWebApiOauthToken = function(callback) {
|
|||||||
return callback(null, this.oAuthToken);
|
return callback(null, this.oAuthToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
callback(new Error('This operation requires an OAuth token, which can only be obtained from node-steamcommunity\'s `login` method.'));
|
callback(new Error('This operation requires an OAuth token, which is no longer issued by Steam.'));
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets an access_token generated by steam-session using EAuthTokenPlatformType.MobileApp.
|
||||||
|
* Required for some operations such as 2FA enabling and disabling.
|
||||||
|
* This will throw an Error if the provided token is not valid, was not generated for the MobileApp platform, is expired,
|
||||||
|
* or does not belong to the logged-in user account.
|
||||||
|
*
|
||||||
|
* @param {string} token
|
||||||
|
*/
|
||||||
|
SteamCommunity.prototype.setMobileAppAccessToken = function(token) {
|
||||||
|
if (!this.steamID) {
|
||||||
|
throw new Error('Log on to steamcommunity before setting a mobile app access token');
|
||||||
|
}
|
||||||
|
|
||||||
|
let decodedToken = Helpers.decodeJwt(token);
|
||||||
|
|
||||||
|
if (!decodedToken.iss || !decodedToken.sub || !decodedToken.aud || !decodedToken.exp) {
|
||||||
|
throw new Error('Provided value is not a valid Steam access token');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (decodedToken.iss == 'steam') {
|
||||||
|
throw new Error('Provided token is a refresh token, not an access token');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (decodedToken.sub != this.steamID.getSteamID64()) {
|
||||||
|
throw new Error(`Provided token belongs to account ${decodedToken.sub}, but we are logged into ${this.steamID.getSteamID64()}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (decodedToken.exp < Math.floor(Date.now() / 1000)) {
|
||||||
|
throw new Error('Provided token is expired');
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((decodedToken.aud || []).indexOf('mobile') == -1) {
|
||||||
|
throw new Error('Provided token is not valid for MobileApp platform type');
|
||||||
|
}
|
||||||
|
|
||||||
|
this.mobileAccessToken = token;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verifies that the mobile access token we already have set is still valid for current login.
|
||||||
|
*
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
SteamCommunity.prototype._verifyMobileAccessToken = function() {
|
||||||
|
if (!this.mobileAccessToken) {
|
||||||
|
// No access token, so nothing to do here.
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let decodedToken = Helpers.decodeJwt(this.mobileAccessToken);
|
||||||
|
|
||||||
|
let isTokenInvalid = decodedToken.sub != this.steamID.getSteamID64() // SteamID doesn't match
|
||||||
|
|| decodedToken.exp < Math.floor(Date.now() / 1000); // Token is expired
|
||||||
|
|
||||||
|
if (isTokenInvalid) {
|
||||||
|
delete this.mobileAccessToken;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
@ -48,6 +48,26 @@ function doLogin(accountName, password, authCode, captcha, rCode) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
console.log('Logged on!');
|
console.log('Logged on!');
|
||||||
|
|
||||||
|
if (community.mobileAccessToken) {
|
||||||
|
// If we already have a mobile access token, we don't need to prompt for one.
|
||||||
|
doRevoke(rCode);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log('You need to provide a mobile app access token to continue.');
|
||||||
|
console.log('You can generate one using steam-session (https://www.npmjs.com/package/steam-session).');
|
||||||
|
console.log('The access token needs to be generated using EAuthTokenPlatformType.MobileApp.');
|
||||||
|
console.log('Make sure you provide an *ACCESS* token, not a refresh token.');
|
||||||
|
|
||||||
|
rl.question('Access Token: ', (accessToken) => {
|
||||||
|
community.setMobileAppAccessToken(accessToken);
|
||||||
|
doRevoke(rCode);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function doRevoke(rCode) {
|
||||||
community.disableTwoFactor('R' + rCode, (err) => {
|
community.disableTwoFactor('R' + rCode, (err) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
console.log(err);
|
console.log(err);
|
||||||
@ -58,5 +78,4 @@ function doLogin(accountName, password, authCode, captcha, rCode) {
|
|||||||
console.log('Two-factor authentication disabled!');
|
console.log('Two-factor authentication disabled!');
|
||||||
process.exit();
|
process.exit();
|
||||||
});
|
});
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
@ -56,6 +56,26 @@ function doLogin(accountName, password, authCode, captcha) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
console.log('Logged on!');
|
console.log('Logged on!');
|
||||||
|
|
||||||
|
if (community.mobileAccessToken) {
|
||||||
|
// If we already have a mobile access token, we don't need to prompt for one.
|
||||||
|
doSetup();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log('You need to provide a mobile app access token to continue.');
|
||||||
|
console.log('You can generate one using steam-session (https://www.npmjs.com/package/steam-session).');
|
||||||
|
console.log('The access token needs to be generated using EAuthTokenPlatformType.MobileApp.');
|
||||||
|
console.log('Make sure you provide an *ACCESS* token, not a refresh token.');
|
||||||
|
|
||||||
|
rl.question('Access Token: ', (accessToken) => {
|
||||||
|
community.setMobileAppAccessToken(accessToken);
|
||||||
|
doSetup();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function doSetup() {
|
||||||
community.enableTwoFactor((err, response) => {
|
community.enableTwoFactor((err, response) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
if (err.eresult == EResult.Fail) {
|
if (err.eresult == EResult.Fail) {
|
||||||
@ -88,7 +108,6 @@ function doLogin(accountName, password, authCode, captcha) {
|
|||||||
|
|
||||||
promptActivationCode(response);
|
promptActivationCode(response);
|
||||||
});
|
});
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function promptActivationCode(response) {
|
function promptActivationCode(response) {
|
||||||
|
10
index.js
10
index.js
@ -214,6 +214,12 @@ SteamCommunity.prototype.login = function(details, callback) {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated
|
||||||
|
* @param {string} steamguard
|
||||||
|
* @param {string} token
|
||||||
|
* @param {function} callback
|
||||||
|
*/
|
||||||
SteamCommunity.prototype.oAuthLogin = function(steamguard, token, callback) {
|
SteamCommunity.prototype.oAuthLogin = function(steamguard, token, callback) {
|
||||||
steamguard = steamguard.split('||');
|
steamguard = steamguard.split('||');
|
||||||
var steamID = new SteamID(steamguard[0]);
|
var steamID = new SteamID(steamguard[0]);
|
||||||
@ -300,6 +306,10 @@ SteamCommunity.prototype.setCookies = function(cookies) {
|
|||||||
|
|
||||||
this._setCookie(Request.cookie(cookie), !!(cookieName.match(/^steamMachineAuth/) || cookieName.match(/Secure$/)));
|
this._setCookie(Request.cookie(cookie), !!(cookieName.match(/^steamMachineAuth/) || cookieName.match(/Secure$/)));
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// The account we're logged in as might have changed, so verify that our mobile access token (if any) is still valid
|
||||||
|
// for this account.
|
||||||
|
this._verifyMobileAccessToken();
|
||||||
};
|
};
|
||||||
|
|
||||||
SteamCommunity.prototype.getSessionID = function(host = "http://steamcommunity.com") {
|
SteamCommunity.prototype.getSessionID = function(host = "http://steamcommunity.com") {
|
||||||
|
Loading…
Reference in New Issue
Block a user