Remove dead webauth code

DoctorMcKay · Oct 31, 2023 · 455c693 · 455c693
1 parent d0ff9bd
commit 455c693
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 86 deletions.
diff --git a/components/07-web.js b/components/07-web.js
@@ -1,11 +1,6 @@
 const Crypto = require('crypto');
-const SteamCrypto = require('@doctormckay/steam-crypto');
 const SteamID = require('steamid');
 
-const EMsg = require('../enums/EMsg.js');
-const EResult = require('../enums/EResult.js');
-
-const SteamUserBase = require('./00-base.js');
 const SteamUserWebAPI = require('./06-webapi.js');
 
 class SteamUserWeb extends SteamUserWebAPI {
@@ -24,9 +19,8 @@ class SteamUserWeb extends SteamUserWebAPI {
 		}
 
 		if (!this._logOnDetails.access_token) {
-			// deprecated
-			this._send(EMsg.ClientRequestWebAPIAuthenticateUserNonce, {});
-			return;
+			// This would only happen when logging on with a webLogonToken
+			throw new Error('Cannot use webLogOn() without having a refresh token available');
 		}
 
 		// The client uses access tokens for its session cookie now. Even though we might already technically have an
@@ -47,85 +41,17 @@ class SteamUserWeb extends SteamUserWebAPI {
 			}
 
 			let sessionId = cookies.find(c => c.startsWith('sessionid=')).substring(10);
-			this.emit('webSession', sessionId, cookies);
-		});
-	}
-
-	_webLogOn() {
-		// Identical to webLogOn, except silently fails if not logged on
-		if (!this.steamID || this.steamID.type != SteamID.Type.INDIVIDUAL) {
-			return;
-		}
-
-		this.webLogOn();
-	}
-
-	async _webAuthenticate(nonce) {
-		// Encrypt the nonce. I don't know if the client uses HMAC IV here, but there's no harm in it...
-		let sessionKey = SteamCrypto.generateSessionKey();
-		let encryptedNonce = SteamCrypto.symmetricEncryptWithHmacIv(nonce, sessionKey.plain);
 
-		let data = {
-			steamid: this.steamID.toString(),
-			sessionkey: sessionKey.encrypted,
-			encrypted_loginkey: encryptedNonce
-		};
+			/**
+			 * Emitted when a steamcommunity.com web session is negotiated
+			 * @event SteamUser#webSession
+			 * @param {string} sessionID
+			 * @param {string[]} cookies
+			 */
 
-		let sessionid, cookies;
-
-		try {
-			let res = await this._apiRequest('POST', 'ISteamUserAuth', 'AuthenticateUser', 1, data);
-			if (!res.authenticateuser || (!res.authenticateuser.token && !res.authenticateuser.tokensecure)) {
-				throw new Error('Malformed response');
-			}
-
-			// Generate a random sessionid (CSRF token)
-			sessionid = Crypto.randomBytes(12).toString('hex');
-			cookies = ['sessionid=' + sessionid];
-			if (res.authenticateuser.token) {
-				cookies.push('steamLogin=' + res.authenticateuser.token);
-			}
-			if (res.authenticateuser.tokensecure) {
-				cookies.push('steamLoginSecure=' + res.authenticateuser.tokensecure);
-			}
-		} catch (ex) {
-			this.emit('debug', 'Webauth failed: ' + ex.message);
-
-			if (ex.message == 'HTTP error 429') {
-				// We got rate-limited
-				this._webauthTimeout = 50000;
-			}
-
-			if (this._webauthTimeout) {
-				this._webauthTimeout = Math.min(this._webauthTimeout * 2, 50000);
-			} else {
-				this._webauthTimeout = 1000;
-			}
-
-			setTimeout(this._webLogOn.bind(this), this._webauthTimeout);
-			return;
-		}
-
-		/**
-		 * Emitted when a steamcommunity.com web session is negotiated
-		 * @event SteamUser#webSession
-		 * @param {string} sessionID
-		 * @param {string[]} cookies
-		 */
-
-		this.emit('webSession', sessionid, cookies);
+			this.emit('webSession', sessionId, cookies);
+		});
 	}
 }
 
-// Handlers
-
-SteamUserBase.prototype._handlerManager.add(EMsg.ClientRequestWebAPIAuthenticateUserNonceResponse, function(body) {
-	if (body.eresult != EResult.OK) {
-		this.emit('debug', 'Got response ' + body.eresult + ' from ClientRequestWebAPIAuthenticateUserNonceResponse, retrying');
-		setTimeout(this._webLogOn.bind(this), 500);
-	} else {
-		this._webAuthenticate(body.webapi_authenticate_user_nonce);
-	}
-});
-
 module.exports = SteamUserWeb;
diff --git a/components/09-logon.js b/components/09-logon.js
@@ -765,8 +765,6 @@ class SteamUserLogon extends SteamUserMachineAuth {
 						// The new way of getting web cookies is to use a refresh token to get a fresh access token, which
 						// is what's used as the cookie. Confusingly, access_token in CMsgClientLogOn is actually a refresh token.
 						this.webLogOn();
-					} else if (body.webapi_authenticate_user_nonce) {
-						this._webAuthenticate(body.webapi_authenticate_user_nonce);
 					}
 				} else if (this.steamID.type == SteamID.Type.ANON_USER) {
 					this._getLicenseInfo();