steamguard-cli/src/login.rs

use std::io::Write;

use log::*;
use secrecy::{ExposeSecret, SecretString};
use steamguard::{
	protobufs::steammessages_auth_steamclient::{EAuthSessionGuardType, EAuthTokenPlatformType},
	refresher::TokenRefresher,
	steamapi::{self, AuthenticationClient},
	token::Tokens,
	transport::Transport,
	DeviceDetails, LoginError, SteamGuardAccount, UserLogin,
};

use crate::tui;

/// Performs a login, prompting for credentials if necessary.
pub fn do_login<T: Transport + Clone>(
	transport: T,
	account: &mut SteamGuardAccount,
) -> anyhow::Result<()> {
	if let Some(tokens) = account.tokens.as_mut() {
		info!("Refreshing access token...");
		let client = AuthenticationClient::new(transport.clone());
		let mut refresher = TokenRefresher::new(client);
		match refresher.refresh(account.steam_id, tokens) {
			Ok(token) => {
				info!("Successfully refreshed access token, no need to prompt to log in.");
				tokens.set_access_token(token);
				return Ok(());
			}
			Err(err) => {
				warn!(
					"Failed to refresh access token, prompting for login: {}",
					err
				);
			}
		}
	}

	if !account.account_name.is_empty() {
		info!("Username: {}", account.account_name);
	} else {
		eprint!("Username: ");
		account.account_name = tui::prompt();
	}
	let _ = std::io::stdout().flush();
	let password = tui::prompt_password()?;
	if !password.expose_secret().is_empty() {
		debug!("password is present");
	} else {
		debug!("password is empty");
	}
	let tokens = do_login_impl(
		transport,
		account.account_name.clone(),
		password,
		Some(account),
	)?;
	let steam_id = tokens.access_token().decode()?.steam_id();
	account.set_tokens(tokens);
	account.steam_id = steam_id;
	Ok(())
}

pub fn do_login_raw<T: Transport + Clone>(
	transport: T,
	username: String,
) -> anyhow::Result<Tokens> {
	let _ = std::io::stdout().flush();
	let password = tui::prompt_password()?;
	if !password.expose_secret().is_empty() {
		debug!("password is present");
	} else {
		debug!("password is empty");
	}
	do_login_impl(transport, username, password, None)
}

fn do_login_impl<T: Transport + Clone>(
	transport: T,
	username: String,
	password: SecretString,
	account: Option<&SteamGuardAccount>,
) -> anyhow::Result<Tokens> {
	let mut login = UserLogin::new(transport.clone(), build_device_details());

	let mut password = password;
	let confirmation_methods;
	loop {
		match login.begin_auth_via_credentials(&username, password.expose_secret()) {
			Ok(methods) => {
				confirmation_methods = methods;
				break;
			}
			Err(LoginError::TooManyAttempts) => {
				error!("Too many login attempts. Steam is rate limiting you. Please wait a while and try again later.");
				return Err(LoginError::TooManyAttempts.into());
			}
			Err(LoginError::BadCredentials) => {
				error!("Incorrect password for {username}");
				password = tui::prompt_password()?;
				continue;
			}
			Err(err) => {
				error!("Unexpected error when trying to log in. If you report this as a bug, please rerun with `-v debug` or `-v trace` and include all output in your issue. {:?}", err);
				return Err(err.into());
			}
		}
	}

	for method in confirmation_methods {
		match method.confirmation_type {
			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceConfirmation => {
				eprintln!("Please confirm this login on your other device.");
				eprintln!("Press enter when you have confirmed.");
				tui::pause();
			}
			EAuthSessionGuardType::k_EAuthSessionGuardType_EmailConfirmation => {
				eprint!("Please confirm this login by clicking the link in your email.");
				if !method.associated_messsage.is_empty() {
					eprint!(" ({})", method.associated_messsage);
				}
				eprintln!();
				eprintln!("Press enter when you have confirmed.");
				tui::pause();
			}
			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode => {
				let code = if let Some(account) = account {
					debug!("Generating 2fa code...");
					let time = steamapi::get_server_time(transport)?.server_time();
					account.generate_code(time)
				} else {
					eprint!("Enter the 2fa code from your device: ");
					tui::prompt().trim().to_owned()
				};
				login.submit_steam_guard_code(method.confirmation_type, code)?;
			}
			EAuthSessionGuardType::k_EAuthSessionGuardType_EmailCode => {
				eprint!("Enter the 2fa code sent to your email: ");
				let code = tui::prompt().trim().to_owned();
				login.submit_steam_guard_code(method.confirmation_type, code)?;
			}
			_ => {
				warn!("Unknown confirmation method: {:?}", method);
				continue;
			}
		}
		break;
	}

	info!("Polling for tokens... -- If this takes a long time, try logging in again.");
	let tokens = login.poll_until_tokens()?;

	info!("Logged in successfully!");
	Ok(tokens)
}

fn build_device_details() -> DeviceDetails {
	DeviceDetails {
		friendly_name: format!(
			"{} (steamguard-cli)",
			gethostname::gethostname()
				.into_string()
				.expect("failed to get hostname")
		),
		platform_type: EAuthTokenPlatformType::k_EAuthTokenPlatformType_MobileApp,
		os_type: -500,
		gaming_device_type: 528,
	}
}
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`use std::io::Write;`

			`use log::*;`
refactor passkey/password prompts so they are always SecretString (#281) 2023-07-05 08:35:32 -04:00			`use secrecy::{ExposeSecret, SecretString};`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`use steamguard::{`
			`protobufs::steammessages_auth_steamclient::{EAuthSessionGuardType, EAuthTokenPlatformType},`
			`refresher::TokenRefresher,`
			`steamapi::{self, AuthenticationClient},`
			`token::Tokens,`
			`transport::Transport,`
			`DeviceDetails, LoginError, SteamGuardAccount, UserLogin,`
			`};`

			`use crate::tui;`

add a comment 2023-08-10 09:14:59 -04:00			`/// Performs a login, prompting for credentials if necessary.`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`pub fn do_login<T: Transport + Clone>(`
			`transport: T,`
			`account: &mut SteamGuardAccount,`
			`) -> anyhow::Result<()> {`
			`if let Some(tokens) = account.tokens.as_mut() {`
			`info!("Refreshing access token...");`
			`let client = AuthenticationClient::new(transport.clone());`
			`let mut refresher = TokenRefresher::new(client);`
			`match refresher.refresh(account.steam_id, tokens) {`
			`Ok(token) => {`
			`info!("Successfully refreshed access token, no need to prompt to log in.");`
			`tokens.set_access_token(token);`
			`return Ok(());`
			`}`
			`Err(err) => {`
			`warn!(`
			`"Failed to refresh access token, prompting for login: {}",`
			`err`
			`);`
			`}`
			`}`
			`}`

			`if !account.account_name.is_empty() {`
			`info!("Username: {}", account.account_name);`
			`} else {`
			`eprint!("Username: ");`
			`account.account_name = tui::prompt();`
			`}`
			`let _ = std::io::stdout().flush();`
refactor passkey/password prompts so they are always SecretString (#281) 2023-07-05 08:35:32 -04:00			`let password = tui::prompt_password()?;`
			`if !password.expose_secret().is_empty() {`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`debug!("password is present");`
			`} else {`
			`debug!("password is empty");`
			`}`
			`let tokens = do_login_impl(`
			`transport,`
			`account.account_name.clone(),`
			`password,`
			`Some(account),`
			`)?;`
			`let steam_id = tokens.access_token().decode()?.steam_id();`
			`account.set_tokens(tokens);`
			`account.steam_id = steam_id;`
			`Ok(())`
			`}`

			`pub fn do_login_raw<T: Transport + Clone>(`
			`transport: T,`
			`username: String,`
			`) -> anyhow::Result<Tokens> {`
			`let _ = std::io::stdout().flush();`
refactor passkey/password prompts so they are always SecretString (#281) 2023-07-05 08:35:32 -04:00			`let password = tui::prompt_password()?;`
			`if !password.expose_secret().is_empty() {`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`debug!("password is present");`
			`} else {`
			`debug!("password is empty");`
			`}`
			`do_login_impl(transport, username, password, None)`
			`}`

			`fn do_login_impl<T: Transport + Clone>(`
			`transport: T,`
			`username: String,`
refactor passkey/password prompts so they are always SecretString (#281) 2023-07-05 08:35:32 -04:00			`password: SecretString,`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`account: Option<&SteamGuardAccount>,`
			`) -> anyhow::Result<Tokens> {`
			`let mut login = UserLogin::new(transport.clone(), build_device_details());`

			`let mut password = password;`
			`let confirmation_methods;`
			`loop {`
refactor passkey/password prompts so they are always SecretString (#281) 2023-07-05 08:35:32 -04:00			`match login.begin_auth_via_credentials(&username, password.expose_secret()) {`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`Ok(methods) => {`
			`confirmation_methods = methods;`
			`break;`
			`}`
			`Err(LoginError::TooManyAttempts) => {`
			`error!("Too many login attempts. Steam is rate limiting you. Please wait a while and try again later.");`
			`return Err(LoginError::TooManyAttempts.into());`
			`}`
			`Err(LoginError::BadCredentials) => {`
refactor passkey/password prompts so they are always SecretString (#281) 2023-07-05 08:35:32 -04:00			`error!("Incorrect password for {username}");`
			`password = tui::prompt_password()?;`
Minor code refactors (#266) 2023-07-02 10:54:01 -04:00			`continue;`
			`}`
			`Err(err) => {`
			error!("Unexpected error when trying to log in. If you report this as a bug, please rerun with `-v debug` or `-v trace` and include all output in your issue. {:?}", err);
			`return Err(err.into());`
			`}`
			`}`
			`}`

			`for method in confirmation_methods {`
			`match method.confirmation_type {`
			`EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceConfirmation => {`
			`eprintln!("Please confirm this login on your other device.");`
			`eprintln!("Press enter when you have confirmed.");`
			`tui::pause();`
			`}`
			`EAuthSessionGuardType::k_EAuthSessionGuardType_EmailConfirmation => {`
			`eprint!("Please confirm this login by clicking the link in your email.");`
			`if !method.associated_messsage.is_empty() {`
			`eprint!(" ({})", method.associated_messsage);`
			`}`
			`eprintln!();`
			`eprintln!("Press enter when you have confirmed.");`
			`tui::pause();`
			`}`
			`EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode => {`
			`let code = if let Some(account) = account {`
			`debug!("Generating 2fa code...");`
			`let time = steamapi::get_server_time(transport)?.server_time();`
			`account.generate_code(time)`
			`} else {`
			`eprint!("Enter the 2fa code from your device: ");`
			`tui::prompt().trim().to_owned()`
			`};`
			`login.submit_steam_guard_code(method.confirmation_type, code)?;`
			`}`
			`EAuthSessionGuardType::k_EAuthSessionGuardType_EmailCode => {`
			`eprint!("Enter the 2fa code sent to your email: ");`
			`let code = tui::prompt().trim().to_owned();`
			`login.submit_steam_guard_code(method.confirmation_type, code)?;`
			`}`
			`_ => {`
			`warn!("Unknown confirmation method: {:?}", method);`
			`continue;`
			`}`
			`}`
			`break;`
			`}`

			`info!("Polling for tokens... -- If this takes a long time, try logging in again.");`
			`let tokens = login.poll_until_tokens()?;`

			`info!("Logged in successfully!");`
			`Ok(tokens)`
			`}`

			`fn build_device_details() -> DeviceDetails {`
			`DeviceDetails {`
			`friendly_name: format!(`
			`"{} (steamguard-cli)",`
			`gethostname::gethostname()`
			`.into_string()`
			`.expect("failed to get hostname")`
			`),`
			`platform_type: EAuthTokenPlatformType::k_EAuthTokenPlatformType_MobileApp,`
			`os_type: -500,`
			`gaming_device_type: 528,`
			`}`
			`}`