setup: debug print full authenticator status when verification fails (#396)

This solves build errors for me described in
https://aur.archlinux.org/packages/steamguard-cli-git#comment-884235 and
also reproduced in
https://github.com/dyc3/steamguard-cli/actions/runs/9340294638/job/25705683797

```
error: linking with `cc` failed: exit status: 1
  |
  = note: LC_ALL="C" PATH="/usr/lib64/rustlib/x86_64-unknown-linux-gnu/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" VSLANG="1033" "cc" "-m64" "/tmp/rustcWfC4he/symbols.o" "/var/ab/.cache/yay/steamguard-cli-git/src/steamguard-cli/target/release/deps/steamguard-22c99af53504a9e5.steamguard.7abfd362c63e99bf-cgu.13.rcgu.o" "-Wl,--as-needed" "-L" "/var/ab/.cache/yay/steamguard-cli-git/src/steamguard-cli/target/release/deps" "-L" "/var/ab/.cache/yay/steamguard-cli-git/src/steamguard-cli/target/release/build/ring-0dc12641040c6e8f/out" "-L" "/usr/lib64/rustlib/x86_64-unknown-linux-gnu/lib" "-Wl,-Bstatic" "/tmp/rustcWfC4he/libring-949bba2bc6e40fcb.rlib" "/usr/lib64/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins-3ce9c50abe6de474.rlib" "-Wl,-Bdynamic" "-lgcc_s" "-lutil" "-lrt" "-lpthread" "-lm" "-ldl" "-lc" "-Wl,--eh-frame-hdr" "-Wl,-z,noexecstack" "-L" "/usr/lib64/rustlib/x86_64-unknown-linux-gnu/lib" "-o" "/var/ab/.cache/yay/steamguard-cli-git/src/steamguard-cli/target/release/deps/steamguard-22c99af53504a9e5" "-Wl,--gc-sections" "-pie" "-Wl,-z,relro,-z,now" "-Wl,-O1" "-Wl,--strip-debug" "-nodefaultlibs"
  = note: /usr/sbin/ld: /var/ab/.cache/yay/steamguard-cli-git/src/steamguard-cli/target/release/deps/steamguard-22c99af53504a9e5.steamguard.7abfd362c63e99bf-cgu.13.rcgu.o: in function `ring::aead::aes_gcm::aes_gcm_seal':
          steamguard.7abfd362c63e99bf-cgu.13:(.text._ZN4ring4aead7aes_gcm12aes_gcm_seal17hdce0b4a4f2d32350E+0xa9): undefined reference to `ring_core_0_17_8_OPENSSL_ia32cap_P'
```

.github/workflows/aur-checker.yml

@@ -5,12 +5,13 @@ on:
     - cron: "32 5 */3 * *"
   push:
     branches: [ master, main ]
+  workflow_dispatch:
 
 jobs:
   test-install:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
     - name: Install AUR package
       run: ./scripts/check-aur.sh

.github/workflows/rust.yml

@@ -15,9 +15,9 @@ jobs:
 
     steps:
       - run: rustup component add clippy rustfmt
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Rust Cache
-        uses: Swatinem/rust-cache@v2.5.0
+        uses: Swatinem/rust-cache@v2
       - name: Check format
         run: cargo fmt --all -- --check
       - name: Check
@@ -34,13 +34,13 @@ jobs:
       matrix:
         target: [x86_64-unknown-linux-musl, x86_64-pc-windows-gnu]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Rust Cache
-        uses: Swatinem/rust-cache@v2.5.0
+        uses: Swatinem/rust-cache@v2
         with:
           prefix-key: v0-rust-${{ matrix.target }}
       - name: Install Cross
-        uses: baptiste0928/cargo-install@v1
+        uses: baptiste0928/cargo-install@v2
         with:
           crate: cross
       - name: Check

Cargo.toml

@@ -4,9 +4,9 @@ members = ["steamguard"]
 
 [package]
 name = "steamguard-cli"
-version = "0.12.4"
+version = "0.14.0"
 authors = ["dyc3 (Carson McManus) <carson.mcmanus1@gmail.com>"]
-edition = "2018"
+edition = "2021"
 description = "A command line utility to generate Steam 2FA codes and respond to confirmations."
 keywords = ["steam", "2fa", "steamguard", "authentication", "cli"]
 categories = ["command-line-utilities"]
@@ -27,38 +27,43 @@ keyring = ["dep:keyring"]
 name = "steamguard"
 path = "src/main.rs"
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
 [dependencies]
 anyhow = "^1.0"
-base64 = "0.21.2"
+base64 = "0.22.1"
 text_io = "0.1.8"
 rpassword = "7.2.0"
-reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls"] }
+reqwest = { version = "0.12", default-features = false, features = [
+	"blocking",
+	"json",
+	"cookies",
+	"gzip",
+	"rustls-tls",
+] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 rsa = "0.9.2"
 rand = "0.8.5"
-standback = "0.2.17" # required to fix a compilation error on a transient dependency
+clap = { version = "4.5.4", features = ["derive", "cargo", "env"] }
-clap = { version = "3.1.18", features = ["derive", "cargo", "env"] }
+clap_complete = "4.5.2"
-clap_complete = "3.2.1"
 log = "0.4.19"
-stderrlog = "0.4"
+stderrlog = "0.6"
-cookie = "0.14"
+cookie = "0.18"
 regex = "1"
 lazy_static = "1.4.0"
-uuid = { version = "0.8", features = ["v4"] }
+uuid = { version = "1.8", features = ["v4"] }
-steamguard = { version = "^0.12.4", path = "./steamguard" }
+steamguard = { version = "^0.14.0", path = "./steamguard" }
-dirs = "3.0.2"
+dirs = "5.0.1"
 aes = { version = "0.8.3", features = ["zeroize"] }
-thiserror = "1.0.26"
+thiserror = "1.0.61"
 crossterm = { version = "0.23.2", features = ["event-stream"] }
-qrcode = { version = "0.12.0", optional = true }
+qrcode = { version = "0.14.0", optional = true }
 gethostname = "0.4.3"
 secrecy = { version = "0.8", features = ["serde"] }
 zeroize = { version = "^1.6.0", features = ["std", "zeroize_derive"] }
 serde_path_to_error = "0.1.11"
-update-informer = { version = "1.0.0", optional = true, default-features = false, features = ["github"] }
+update-informer = { version = "1.0.0", optional = true, default-features = false, features = [
+	"github",
+] }
 phonenumber = "0.3"
 cbc = { version = "0.1.2", features = ["std", "zeroize"] }
 inout = { version = "0.1.3", features = ["std"] }
@@ -67,9 +72,11 @@ argon2 = { version = "0.5.0", features = ["std", "zeroize"] }
 pbkdf2 = { version = "0.12.1", features = ["parallel"] }
 sha1 = "0.10.5"
 rayon = "1.7.0"
+rqrr = "0.7.1"
+image = "0.25"
 
 [dev-dependencies]
-tempdir = "0.3"
+tempfile = "3"
 proptest = "1"
 
 [profile.release]

PKGBUILD

@@ -3,7 +3,7 @@
 
 _pkgname=steamguard-cli
 pkgname=${_pkgname}-git
-pkgver=0.8.1.r1.fe0d6e9a
+pkgver=0.14.0.r1.602acc66
 pkgrel=1
 pkgdesc="A command line utility to generate Steam 2FA codes and respond to confirmations."
 arch=('i686' 'x86_64' 'armv6h' 'armv7h')
@@ -12,6 +12,7 @@ license=('GPL3')
 makedepends=('rust' 'cargo' 'git')
 source=("git+https://github.com/dyc3/steamguard-cli.git")
 sha256sums=('SKIP')
+options=(!lto)
 
 pkgver() {
     cd "${srcdir}/${_pkgname}"

README.md

@@ -3,7 +3,7 @@
 [![Lint, Build, Test](https://github.com/dyc3/steamguard-cli/actions/workflows/rust.yml/badge.svg)](https://github.com/dyc3/steamguard-cli/actions/workflows/rust.yml)
 [![AUR Tester](https://github.com/dyc3/steamguard-cli/actions/workflows/aur-checker.yml/badge.svg)](https://github.com/dyc3/steamguard-cli/actions/workflows/aur-checker.yml)
 
-A command line utility for setting up and using Steam Mobile Authenticator (AKA Steam 2FA). It can also be used to respond to trade and market confirmations.
+A command line utility for setting up and using Steam Mobile Authenticator (AKA Steam 2FA). It can also be used to respond to trade, market, and any other steam mobile confirmations that you would normally get in the app.
 
 **The only legitimate place to download steamguard-cli binaries is through this repo's releases, or by any package manager that is linked in this document.**
 

scripts/full-release.sh

@@ -54,20 +54,7 @@ This will do everything needed to release a new version:
 """
 
 echo "Previewing changes..."
-cargo smart-release --update-crates-index --no-changelog --no-tag --no-push --no-publish
-
-if [ "$DRY_RUN" = true ]; then
-	echo "This is a dry run, nothing will be done. Artifacts will be built, but not published. Use --execute to do it for real."
-else
-	echo "This is not a dry run. This is the real deal!"
-fi
-echo "Press any key to continue..."
-read -n 1 -s -r
-
 params=()
-if [[ $DRY_RUN == false ]]; then
-	params+=(--execute)
-fi
 if [[ $BUMP != "" ]]; then
 	params+=(--bump "$BUMP")
 	params+=(--bump-dependencies "$BUMP")
@@ -80,6 +67,20 @@ if [[ $ALLOW_DIRTY == true ]]; then
 fi
 cargo smart-release --update-crates-index --no-changelog --no-tag --no-push --no-publish "${params[@]}"
 
+if [ "$DRY_RUN" = true ]; then
+	echo "This is a dry run, nothing will be done. Artifacts will be built, but not published. Use --execute to do it for real."
+else
+	echo "This is not a dry run. This is the real deal!"
+fi
+echo "Press any key to continue..."
+read -n 1 -s -r
+
+
+if [[ $DRY_RUN == false ]]; then
+	params+=(--execute)
+fi
+cargo smart-release --update-crates-index --no-changelog --no-tag --no-push --no-publish "${params[@]}"
+
 #echo "Verify that the publish succeeded, and Press any key to continue..."
 # read -n 1 -s -r
 

src/accountmanager.rs

@@ -339,8 +339,9 @@ impl AccountManager {
 			debug!("Adding missing account names");
 			for i in 0..self.manifest.entries.len() {
 				let account = self.load_account_by_entry(&self.manifest.entries[i].clone())?;
-				self.manifest.entries[i].account_name =
+				self.manifest.entries[i]
-					account.lock().unwrap().account_name.clone();
+					.account_name
+					.clone_from(&account.lock().unwrap().account_name);
 			}
 			upgraded = true;
 		}
@@ -470,11 +471,11 @@ pub enum ManifestAccountImportError {
 mod tests {
 	use super::*;
 	use steamguard::ExposeSecret;
-	use tempdir::TempDir;
+	use tempfile::TempDir;
 
 	#[test]
 	fn test_should_save_new_manifest() {
-		let tmp_dir = TempDir::new("steamguard-cli-test").unwrap();
+		let tmp_dir = TempDir::new().unwrap();
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let manager = AccountManager::new(manifest_path.as_path());
 		assert!(manager.save().is_ok());
@@ -482,7 +483,7 @@ mod tests {
 
 	#[test]
 	fn test_should_save_and_load_manifest() -> anyhow::Result<()> {
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		println!("tempdir: {}", manifest_path.display());
 		let mut manager = AccountManager::new(manifest_path.as_path());
@@ -518,7 +519,7 @@ mod tests {
 	#[test]
 	fn test_should_save_and_load_manifest_encrypted() -> anyhow::Result<()> {
 		let passkey = Some(SecretString::new("password".into()));
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let mut manager = AccountManager::new(manifest_path.as_path());
 		let mut account = SteamGuardAccount::new();
@@ -567,7 +568,7 @@ mod tests {
 	#[test]
 	fn test_should_save_and_load_manifest_encrypted_longer() -> anyhow::Result<()> {
 		let passkey = Some(SecretString::new("password".into()));
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let mut manager = AccountManager::new(manifest_path.as_path());
 		let mut account = SteamGuardAccount::new();
@@ -614,7 +615,7 @@ mod tests {
 
 	#[test]
 	fn test_should_import() -> anyhow::Result<()> {
-		let tmp_dir = TempDir::new("steamguard-cli-test")?;
+		let tmp_dir = TempDir::new()?;
 		let manifest_path = tmp_dir.path().join("manifest.json");
 		let mut manager = AccountManager::new(manifest_path.as_path());
 		let mut account = SteamGuardAccount::new();

src/accountmanager/migrate.rs

@@ -319,6 +319,8 @@ impl From<ExternalAccount> for SteamGuardAccount {
 
 #[cfg(test)]
 mod tests {
+	use tempfile::TempDir;
+
 	use crate::{accountmanager::CURRENT_MANIFEST_VERSION, AccountManager};
 
 	use super::*;
@@ -477,7 +479,7 @@ mod tests {
 		];
 		for case in cases {
 			eprintln!("testing: {:?}", case);
-			let temp = tempdir::TempDir::new("steamguard-cli-test")?;
+			let temp = TempDir::new()?;
 			for file in std::fs::read_dir(case.dir)? {
 				let file = file?;
 				let path = file.path();

src/commands.rs

@@ -1,6 +1,6 @@
 use std::sync::{Arc, Mutex};
 
-use clap::{clap_derive::ArgEnum, Parser};
+use clap::{Parser, Subcommand, ValueEnum};
 use clap_complete::Shell;
 use secrecy::SecretString;
 use std::str::FromStr;
@@ -10,6 +10,7 @@ use crate::AccountManager;
 
 pub mod code;
 pub mod completions;
+pub mod confirm;
 pub mod debug;
 pub mod decrypt;
 pub mod encrypt;
@@ -19,10 +20,10 @@ pub mod qr;
 pub mod qr_login;
 pub mod remove;
 pub mod setup;
-pub mod trade;
 
 pub use code::CodeCommand;
 pub use completions::CompletionsCommand;
+pub use confirm::ConfirmCommand;
 pub use debug::DebugCommand;
 pub use decrypt::DecryptCommand;
 pub use encrypt::EncryptCommand;
@@ -32,7 +33,6 @@ pub use qr::QrCommand;
 pub use qr_login::QrLoginCommand;
 pub use remove::RemoveCommand;
 pub use setup::SetupCommand;
-pub use trade::TradeCommand;
 
 /// A command that does not operate on the manifest or individual accounts.
 pub(crate) trait ConstCommand {
@@ -127,7 +127,7 @@ pub(crate) struct GlobalArgs {
 		help = "Specify your encryption passkey."
 	)]
 	pub passkey: Option<SecretString>,
-	#[clap(short, long, arg_enum, default_value_t=Verbosity::Info, help = "Set the log level. Be warned, trace is capable of printing sensitive data.")]
+	#[clap(short, long, value_enum, default_value_t=Verbosity::Info, help = "Set the log level. Be warned, trace is capable of printing sensitive data.")]
 	pub verbosity: Verbosity,
 
 	#[cfg(feature = "updater")]
@@ -160,13 +160,14 @@ pub(crate) struct GlobalArgs {
 	pub danger_accept_invalid_certs: bool,
 }
 
-#[derive(Debug, Clone, Parser)]
+#[derive(Debug, Clone, Subcommand)]
 pub(crate) enum Subcommands {
 	Debug(DebugCommand),
 	Completion(CompletionsCommand),
 	Setup(SetupCommand),
 	Import(ImportCommand),
-	Trade(TradeCommand),
+	#[clap(alias = "trade")]
+	Confirm(ConfirmCommand),
 	Remove(RemoveCommand),
 	Encrypt(EncryptCommand),
 	Decrypt(DecryptCommand),
@@ -176,7 +177,7 @@ pub(crate) enum Subcommands {
 	QrLogin(QrLoginCommand),
 }
 
-#[derive(Debug, Clone, Copy, ArgEnum)]
+#[derive(Debug, Clone, Copy, ValueEnum)]
 pub(crate) enum Verbosity {
 	Error = 0,
 	Warn = 1,
@@ -222,3 +223,14 @@ impl From<Args> for CodeCommand {
 		args.code
 	}
 }
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+
+	#[test]
+	fn verify_cli() {
+		use clap::CommandFactory;
+		Args::command().debug_assert()
+	}
+}

src/commands/completions.rs

@@ -5,7 +5,12 @@ use super::*;
 #[derive(Debug, Clone, Parser)]
 #[clap(about = "Generate shell completions")]
 pub struct CompletionsCommand {
-	#[clap(short, long, arg_enum, help = "The shell to generate completions for.")]
+	#[clap(
+		short,
+		long,
+		value_enum,
+		help = "The shell to generate completions for."
+	)]
 	pub shell: Shell,
 }
 

src/commands/confirm.rs

@@ -9,12 +9,12 @@ use crate::{tui, AccountManager};
 use super::*;
 
 #[derive(Debug, Clone, Parser)]
-#[clap(about = "Interactive interface for trade confirmations")]
+#[clap(about = "Interactive interface for steam mobile confirmations")]
-pub struct TradeCommand {
+pub struct ConfirmCommand {
 	#[clap(
 		short,
 		long,
-		help = "Accept all open trade confirmations. Does not open interactive interface."
+		help = "Accept all open mobile confirmations. Does not open interactive interface."
 	)]
 	pub accept_all: bool,
 	#[clap(
@@ -25,7 +25,7 @@ pub struct TradeCommand {
 	pub fail_fast: bool,
 }
 
-impl<T> AccountCommand<T> for TradeCommand
+impl<T> AccountCommand<T> for ConfirmCommand
 where
 	T: Transport + Clone,
 {
@@ -44,12 +44,12 @@ where
 				crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 			}
 
-			info!("{}: Checking for trade confirmations", account.account_name);
+			info!("{}: Checking for confirmations", account.account_name);
 			let confirmations: Vec<Confirmation>;
 			loop {
 				let confirmer = Confirmer::new(transport.clone(), &account);
 
-				match confirmer.get_trade_confirmations() {
+				match confirmer.get_confirmations() {
 					Ok(confs) => {
 						confirmations = confs;
 						break;
@@ -59,7 +59,7 @@ where
 						crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 					}
 					Err(err) => {
-						error!("Failed to get trade confirmations: {}", err);
+						error!("Failed to get confirmations: {}", err);
 						return Err(err.into());
 					}
 				}

src/commands/qr_login.rs

@@ -1,6 +1,10 @@
-use std::sync::{Arc, Mutex};
+use std::{
+	path::{Path, PathBuf},
+	sync::{Arc, Mutex},
+};
 
 use log::*;
+use rqrr::PreparedImage;
 use steamguard::{QrApprover, QrApproverError};
 
 use crate::AccountManager;
@@ -10,11 +14,8 @@ use super::*;
 #[derive(Debug, Clone, Parser)]
 #[clap(about = "Log in to Steam on another device using the QR code that it's displaying.")]
 pub struct QrLoginCommand {
-	#[clap(
+	#[clap(flatten)]
-		long,
+	login_url_source: LoginUrlSource,
-		help = "The URL that would normally open in the Steam app. This is the URL that the QR code is displaying. It should start with \"https://s.team/...\""
-	)]
-	pub url: String,
 }
 
 impl<T> AccountCommand<T> for QrLoginCommand
@@ -41,6 +42,8 @@ where
 			crate::do_login(transport.clone(), &mut account, args.password.clone())?;
 		}
 
+		let url = self.login_url_source.url()?;
+		debug!("Using login URL to approve: {}", url);
 		loop {
 			let Some(tokens) = account.tokens.as_ref() else {
 				error!(
@@ -51,7 +54,7 @@ where
 			};
 
 			let mut approver = QrApprover::new(transport.clone(), tokens);
-			match approver.approve(&account, &self.url) {
+			match approver.approve(&account, url.to_owned()) {
 				Ok(_) => {
 					info!("Login approved.");
 					break;
@@ -70,3 +73,56 @@ where
 		Ok(())
 	}
 }
+
+#[derive(Debug, Clone, clap::Args)]
+#[group(required = true, multiple = false)]
+pub struct LoginUrlSource {
+	/// The URL that would normally open in the Steam app. This is the URL that the QR code is displaying. It should start with \"https://s.team/...\"
+	#[clap(long)]
+	url: Option<String>,
+	/// Path to an image file containing the QR code. The QR code will be scanned from this image.
+	#[clap(long)]
+	image: Option<PathBuf>,
+}
+
+impl LoginUrlSource {
+	fn url(&self) -> anyhow::Result<String> {
+		match self {
+			Self { url: Some(url), .. } => Ok(url.clone()),
+			Self {
+				image: Some(path), ..
+			} => read_qr_image(path),
+			_ => Err(anyhow!(
+				"You must provide either a URL with --url or an image file with --image."
+			)),
+		}
+	}
+}
+
+fn read_qr_image(path: &Path) -> anyhow::Result<String> {
+	use image::io::Reader as ImageReader;
+	let image = ImageReader::open(path)?.decode()?.to_luma8();
+	let mut img = PreparedImage::prepare(image);
+	let grids = img.detect_grids();
+	for grid in grids {
+		let (_meta, text) = grid.decode()?;
+		// a rough validation that the QR code is a Steam login code
+		if text.contains("s.team") {
+			return Ok(text);
+		}
+	}
+	Err(anyhow!("No Steam login url found in the QR code"))
+}
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+	use std::path::Path;
+
+	#[test]
+	fn test_read_qr_image() {
+		let path = Path::new("src/fixtures/qr-codes/login-qr.png");
+		let url = read_qr_image(path).unwrap();
+		assert_eq!(url, "https://s.team/q/1/2372462679780599330");
+	}
+}

src/commands/remove.rs

@@ -1,7 +1,7 @@
 use std::sync::{Arc, Mutex};
 
 use log::*;
-use steamguard::{steamapi::TwoFactorClient, transport::TransportError, RemoveAuthenticatorError};
+use steamguard::{accountlinker::RemoveAuthenticatorError, transport::TransportError};
 
 use crate::{errors::UserError, tui, AccountManager};
 
@@ -43,11 +43,10 @@ where
 		let mut successful = vec![];
 		for a in accounts {
 			let mut account = a.lock().unwrap();
-			let client = TwoFactorClient::new(transport.clone());
 
 			let mut revocation: Option<String> = None;
 			loop {
-				match account.remove_authenticator(&client, revocation.as_ref()) {
+				match account.remove_authenticator(transport.clone(), revocation.as_ref()) {
 					Ok(_) => {
 						info!("Removed authenticator from {}", account.account_name);
 						successful.push(account.account_name.clone());
@@ -69,17 +68,17 @@ where
 							error!("No attempts remaining, aborting!");
 							break;
 						}
-						eprint!("Enter the revocation code for {}: ", account.account_name);
+						let code = tui::prompt_non_empty(format!(
-						let code = tui::prompt();
+							"Enter the revocation code for {}: ",
+							account.account_name
+						));
 						revocation = Some(code);
 					}
 					Err(RemoveAuthenticatorError::MissingRevocationCode) => {
-						error!(
+						let code = tui::prompt_non_empty(format!(
-							"Account {} does not have a revocation code",
+							"Enter the revocation code for {}: ",
 							account.account_name
-						);
+						));
-						eprint!("Enter the revocation code for {}: ", account.account_name);
-						let code = tui::prompt();
 						revocation = Some(code);
 					}
 					Err(err) => {

src/commands/setup.rs

@@ -2,7 +2,7 @@ use log::*;
 use phonenumber::PhoneNumber;
 use secrecy::ExposeSecret;
 use steamguard::{
-	accountlinker::{AccountLinkConfirmType, AccountLinkSuccess},
+	accountlinker::{AccountLinkConfirmType, AccountLinkSuccess, RemoveAuthenticatorError},
 	phonelinker::PhoneLinker,
 	steamapi::PhoneClient,
 	token::Tokens,
@@ -43,12 +43,10 @@ where
 
 		info!("Adding authenticator...");
 		let mut linker = AccountLinker::new(transport.clone(), tokens);
-		let link: AccountLinkSuccess;
 		loop {
 			match linker.link() {
-				Ok(a) => {
+				Ok(link) => {
-					link = a;
+					return Self::add_new_account(link, manager, account_name, linker);
-					break;
 				}
 				Err(AccountLinkError::MustProvidePhoneNumber) => {
 					// As of Dec 12, 2023, Steam no longer appears to require a phone number to add an authenticator. Keeping this code here just in case.
@@ -59,6 +57,49 @@ where
 					println!("Check your email and click the link.");
 					tui::pause();
 				}
+				Err(AccountLinkError::AuthenticatorPresent) => {
+					eprintln!("It looks like there's already an authenticator on this account. If you want to link it to steamguard-cli, you'll need to remove it first. If you remove it using your revocation code (R#####), you'll get a 15 day trade ban.");
+					eprintln!("However, you can \"transfer\" the authenticator to steamguard-cli if you have access to the phone number associated with your account. This will cause you to get only a 2 day trade ban.");
+					eprintln!("If you were using SDA or WinAuth, you can import it into steamguard-cli with the `import` command, and have no trade ban.");
+					eprintln!("You can't have the same authenticator on steamguard-cli and the steam mobile app at the same time.");
+
+					eprintln!("\nHere are your options:");
+					eprintln!("[T] Transfer authenticator to steamguard-cli (2 day trade ban)");
+					eprintln!("[R] Revoke authenticator with revocation code (15 day trade ban)");
+					eprintln!("[A] Abort setup");
+					let answer = tui::prompt_char("What would you like to do?", "Tra");
+					match answer {
+						't' => return Self::transfer_new_account(linker, manager),
+						'r' => {
+							loop {
+								let revocation_code =
+									tui::prompt_non_empty("Enter your revocation code (R#####): ");
+								match linker.remove_authenticator(Some(&revocation_code)) {
+									Ok(_) => break,
+									Err(RemoveAuthenticatorError::IncorrectRevocationCode {
+										attempts_remaining,
+									}) => {
+										error!(
+											"Revocation code was incorrect ({} attempts remaining)",
+											attempts_remaining
+										);
+										if attempts_remaining == 0 {
+											error!("No attempts remaining, aborting!");
+											bail!("Failed to remove authenticator: no attempts remaining")
+										}
+									}
+									Err(err) => {
+										error!("Failed to remove authenticator: {}", err);
+									}
+								}
+							}
+						}
+						_ => {
+							info!("Aborting account linking.");
+							return Err(AccountLinkError::AuthenticatorPresent.into());
+						}
+					}
+				}
 				Err(err) => {
 					error!(
 						"Failed to link authenticator. Account has not been linked. {}",
@@ -68,6 +109,20 @@ where
 				}
 			}
 		}
+	}
+}
+
+impl SetupCommand {
+	/// Add a new account to the manifest after linking has started.
+	fn add_new_account<T>(
+		link: AccountLinkSuccess,
+		manager: &mut AccountManager,
+		account_name: String,
+		mut linker: AccountLinker<T>,
+	) -> Result<(), anyhow::Error>
+	where
+		T: Transport + Clone,
+	{
 		let mut server_time = link.server_time();
 		let phone_number_hint = link.phone_number_hint().to_owned();
 		let confirm_type = link.confirm_type();
@@ -77,21 +132,18 @@ where
 			Err(err) => {
 				error!("Aborting the account linking process because we failed to save the manifest. This is really bad. Here is the error: {}", err);
 				eprintln!(
-				"Just in case, here is the account info. Save it somewhere just in case!\n{:#?}",
+					"Just in case, here is the account info. Save it somewhere just in case!\n{:#?}",
-				manager.get_account(&account_name).unwrap().lock().unwrap()
+					manager.get_account(&account_name).unwrap().lock().unwrap()
-			);
+				);
 				return Err(err);
 			}
 		}
-
 		let account_arc = manager
 			.get_account(&account_name)
 			.expect("account was not present in manifest");
 		let mut account = account_arc.lock().unwrap();
-
 		eprintln!("Authenticator has not yet been linked. Before continuing with finalization, please take the time to write down your revocation code: {}", account.revocation_code.expose_secret());
 		tui::pause();
-
 		debug!("attempting link finalization");
 		let confirm_code = match confirm_type {
 			AccountLinkConfirmType::Email => {
@@ -112,7 +164,6 @@ where
 				bail!("Unknown link confirm type: {}", t);
 			}
 		};
-
 		let mut tries = 0;
 		loop {
 			match linker.finalize(server_time, &mut account, confirm_code.clone()) {
@@ -133,8 +184,7 @@ where
 			}
 		}
 		let revocation_code = account.revocation_code.clone();
-		drop(account); // explicitly drop the lock so we don't hang on the mutex
+		drop(account);
-
 		info!("Verifying authenticator status...");
 		let status =
 			linker.query_status(&manager.get_account(&account_name).unwrap().lock().unwrap())?;
@@ -143,11 +193,11 @@ where
 				"authenticator state: {} -- did not actually finalize",
 				status.state()
 			);
+			debug!("full status: {:#?}", status);
 			manager.remove_account(&account_name);
 			manager.save()?;
 			bail!("Authenticator finalization was unsuccessful. You may have entered the wrong confirm code in the previous step. Try again.");
 		}
-
 		info!("Authenticator finalized.");
 		match manager.save() {
 			Ok(_) => {}
@@ -159,12 +209,52 @@ where
 				return Err(err);
 			}
 		}
-
 		eprintln!(
 			"Authenticator has been finalized. Please actually write down your revocation code: {}",
 			revocation_code.expose_secret()
 		);
+		Ok(())
+	}
 
+	/// Transfer an existing authenticator to steamguard-cli.
+	fn transfer_new_account<T>(
+		mut linker: AccountLinker<T>,
+		manager: &mut AccountManager,
+	) -> anyhow::Result<()>
+	where
+		T: Transport + Clone,
+	{
+		info!("Transferring authenticator to steamguard-cli");
+		linker.transfer_start()?;
+
+		let account: SteamGuardAccount;
+		loop {
+			let sms_code = tui::prompt_non_empty("Enter SMS code: ");
+			match linker.transfer_finish(sms_code) {
+				Ok(acc) => {
+					account = acc;
+					break;
+				}
+				Err(err) => {
+					error!("Failed to transfer authenticator: {}", err);
+				}
+			}
+		}
+		info!("Transfer successful, adding account to manifest");
+		let revocation_code = account.revocation_code.clone();
+		eprintln!(
+			"Take a moment to write down your revocation code: {}",
+			revocation_code.expose_secret()
+		);
+
+		manager.add_account(account);
+
+		manager.save()?;
+
+		eprintln!(
+			"Make sure you have your revocation code written down: {}",
+			revocation_code.expose_secret()
+		);
 		Ok(())
 	}
 }

src/login.rs

@@ -8,6 +8,7 @@ use steamguard::{
 	steamapi::{self, AuthenticationClient},
 	token::Tokens,
 	transport::Transport,
+	userlogin::UpdateAuthSessionError,
 	DeviceDetails, LoginError, SteamGuardAccount, UserLogin,
 };
 
@@ -141,21 +142,48 @@ fn do_login_impl<T: Transport + Clone>(
 				eprintln!("Press enter when you have confirmed.");
 				tui::pause();
 			}
-			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode => {
+			EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode
-				let code = if let Some(account) = account {
+			| EAuthSessionGuardType::k_EAuthSessionGuardType_EmailCode => {
-					debug!("Generating 2fa code...");
+				let prompt = if method.confirmation_type
-					let time = steamapi::get_server_time(transport)?.server_time();
+					== EAuthSessionGuardType::k_EAuthSessionGuardType_DeviceCode
-					account.generate_code(time)
+				{
+					"Enter the 2fa code from your device: "
 				} else {
-					eprint!("Enter the 2fa code from your device: ");
+					"Enter the 2fa code sent to your email: "
-					tui::prompt().trim().to_owned()
 				};
-				login.submit_steam_guard_code(method.confirmation_type, code)?;
+				let mut attempts = 0;
-			}
+				loop {
-			EAuthSessionGuardType::k_EAuthSessionGuardType_EmailCode => {
+					let code = if let Some(account) = account {
-				eprint!("Enter the 2fa code sent to your email: ");
+						debug!("Generating 2fa code...");
-				let code = tui::prompt().trim().to_owned();
+						let time = steamapi::get_server_time(transport.clone())?.server_time();
-				login.submit_steam_guard_code(method.confirmation_type, code)?;
+						account.generate_code(time)
+					} else {
+						tui::prompt_non_empty(prompt).trim().to_owned()
+					};
+
+					match login.submit_steam_guard_code(method.confirmation_type, code) {
+						Ok(_) => break,
+						Err(err) => {
+							error!("Failed to submit code: {}", err);
+
+							match err {
+								UpdateAuthSessionError::TooManyAttempts
+								| UpdateAuthSessionError::SessionExpired
+								| UpdateAuthSessionError::InvalidGuardType => {
+									error!("Error is unrecoverable. Aborting.");
+									return Err(err.into());
+								}
+								_ => {}
+							}
+							attempts += 1;
+							debug!("Attempts: {}/3", attempts);
+							if attempts >= 3 {
+								error!("Too many failed attempts. Aborting.");
+								return Err(err.into());
+							}
+						}
+					}
+				}
 			}
 			EAuthSessionGuardType::k_EAuthSessionGuardType_None => {
 				debug!("No login confirmation required. Proceeding with login.");

src/main.rs

@@ -86,7 +86,7 @@ fn run(args: commands::Args) -> anyhow::Result<()> {
 		Subcommands::Import(args) => CommandType::Manifest(Box::new(args)),
 		Subcommands::Encrypt(args) => CommandType::Manifest(Box::new(args)),
 		Subcommands::Decrypt(args) => CommandType::Manifest(Box::new(args)),
-		Subcommands::Trade(args) => CommandType::Account(Box::new(args)),
+		Subcommands::Confirm(args) => CommandType::Account(Box::new(args)),
 		Subcommands::Remove(args) => CommandType::Account(Box::new(args)),
 		Subcommands::Code(args) => CommandType::Account(Box::new(args)),
 		#[cfg(feature = "qr")]

src/tui.rs

@@ -47,6 +47,7 @@ pub(crate) fn prompt_non_empty(prompt_text: impl AsRef<str>) -> String {
 /// Prompt the user for a single character response. Useful for asking yes or no questions.
 ///
 /// `chars` should be all lowercase characters, with at most 1 uppercase character. The uppercase character is the default answer if no answer is provided.
+/// The selected character returned will always be lowercase.
 pub(crate) fn prompt_char(text: &str, chars: &str) -> char {
 	loop {
 		let _ = stderr().queue(Print(format!("{} [{}] ", text, chars)));
@@ -58,10 +59,7 @@ pub(crate) fn prompt_char(text: &str, chars: &str) -> char {
 	}
 }
 
-fn prompt_char_impl<T>(input: T, chars: &str) -> anyhow::Result<char>
+fn prompt_char_impl(input: impl Into<String>, chars: &str) -> anyhow::Result<char> {
-where
-	T: Into<String>,
-{
 	let uppers = chars.replace(char::is_lowercase, "");
 	if uppers.len() > 1 {
 		panic!("Invalid chars for prompt_char. Maximum 1 uppercase letter is allowed.");

steamguard/Cargo.toml

@@ -1,31 +1,34 @@
 [package]
 name = "steamguard"
-version = "0.12.4"
+version = "0.14.0"
 authors = ["Carson McManus <carson.mcmanus1@gmail.com>"]
-edition = "2018"
+edition = "2021"
 description = "Library for generating 2fa codes for Steam and responding to mobile confirmations."
 keywords = ["steam", "2fa", "steamguard", "authentication"]
 repository = "https://github.com/dyc3/steamguard-cli/tree/master/steamguard"
 license = "MIT OR Apache-2.0"
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
 [dependencies]
 anyhow = "^1.0"
 sha1 = "^0.10"
-base64 = "^0.21"
+base64 = "^0.22.1"
-reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "cookies", "gzip", "rustls-tls", "multipart"] }
+reqwest = { version = "0.12", default-features = false, features = [
+	"blocking",
+	"json",
+	"cookies",
+	"gzip",
+	"rustls-tls",
+	"multipart",
+] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 rsa = "0.9.2"
 rand = "0.8.4"
-standback = "0.2.17" # required to fix a compilation error on a transient dependency
+cookie = "0.18"
-cookie = "0.14"
 regex = "1"
 lazy_static = "1.4.0"
-uuid = { version = "0.8", features = ["v4"] }
+uuid = { version = "1.8", features = ["v4"] }
 log = "0.4.19"
-scraper = "0.12.0"
 maplit = "1.0.2"
 thiserror = "1.0.26"
 secrecy = { version = "0.8", features = ["serde"] }
@@ -36,6 +39,7 @@ phonenumber = "0.3"
 serde_path_to_error = "0.1.11"
 hmac = "^0.12"
 sha2 = "^0.10"
+num_enum = "0.7.2"
 
 [build-dependencies]
 anyhow = "^1.0"

steamguard/src/accountlinker.rs

@@ -1,10 +1,12 @@
 use crate::protobufs::service_twofactor::{
 	CTwoFactor_AddAuthenticator_Request, CTwoFactor_FinalizeAddAuthenticator_Request,
-	CTwoFactor_Status_Request, CTwoFactor_Status_Response,
+	CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request,
+	CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request,
+	CTwoFactor_RemoveAuthenticator_Request, CTwoFactor_Status_Request, CTwoFactor_Status_Response,
 };
 use crate::steamapi::twofactor::TwoFactorClient;
 use crate::token::TwoFactorSecret;
-use crate::transport::Transport;
+use crate::transport::{Transport, TransportError};
 use crate::{steamapi::EResult, token::Tokens, SteamGuardAccount};
 use anyhow::Context;
 use base64::Engine;
@@ -135,13 +137,97 @@ where
 		let mut req = CTwoFactor_Status_Request::new();
 		req.set_steamid(account.steam_id);
 
-		let resp = self
+		let resp = self.client.query_status(req, self.tokens.access_token())?;
-			.client
-			.query_status(req, self.tokens.access_token())
-			.unwrap();
 
 		Ok(resp.into_response_data())
 	}
+
+	pub fn remove_authenticator(
+		&self,
+		revocation_code: Option<&String>,
+	) -> Result<(), RemoveAuthenticatorError> {
+		let Some(revocation_code) = revocation_code else {
+			return Err(RemoveAuthenticatorError::MissingRevocationCode);
+		};
+		if revocation_code.is_empty() {
+			return Err(RemoveAuthenticatorError::MissingRevocationCode);
+		}
+		let mut req = CTwoFactor_RemoveAuthenticator_Request::new();
+		req.set_revocation_code(revocation_code.clone());
+		let resp = self
+			.client
+			.remove_authenticator(req, self.tokens.access_token())?;
+
+		// returns EResult::TwoFactorCodeMismatch if the revocation code is incorrect
+		if resp.result != EResult::OK && resp.result != EResult::TwoFactorCodeMismatch {
+			return Err(resp.result.into());
+		}
+		let resp = resp.into_response_data();
+		if !resp.success() {
+			return Err(RemoveAuthenticatorError::IncorrectRevocationCode {
+				attempts_remaining: resp.revocation_attempts_remaining(),
+			});
+		}
+
+		Ok(())
+	}
+
+	/// Begin the process of "transfering" a mobile authenticator from a different device to this device.
+	///
+	/// "Transfering" does not actually literally transfer the secrets from one device to another. Instead, it generates a new set of secrets on this device, and invalidates the old secrets on the other device. Call [`Self::transfer_finish`] to complete the process.
+	pub fn transfer_start(&mut self) -> Result<(), TransferError> {
+		let req = CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request::new();
+		let resp = self
+			.client
+			.remove_authenticator_via_challenge_start(req, self.tokens().access_token())?;
+		if resp.result != EResult::OK {
+			return Err(resp.result.into());
+		}
+		// the success field in the response is always None, so we can't check that
+		// it appears to not be used at all
+		Ok(())
+	}
+
+	/// Completes the process of "transfering" a mobile authenticator from a different device to this device.
+	pub fn transfer_finish(
+		&mut self,
+		sms_code: impl AsRef<str>,
+	) -> Result<SteamGuardAccount, TransferError> {
+		let access_token = self.tokens.access_token();
+		let steam_id = access_token
+			.decode()
+			.context("decoding access token")?
+			.steam_id();
+		let mut req = CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request::new();
+		req.set_sms_code(sms_code.as_ref().to_owned());
+		req.set_generate_new_token(true);
+		let resp = self
+			.client
+			.remove_authenticator_via_challenge_continue(req, access_token)?;
+		if resp.result != EResult::OK {
+			return Err(resp.result.into());
+		}
+		let resp = resp.into_response_data();
+		let mut resp = resp.replacement_token.clone().unwrap();
+		let account = SteamGuardAccount {
+			account_name: resp.take_account_name(),
+			steam_id,
+			serial_number: resp.serial_number().to_string(),
+			revocation_code: resp.take_revocation_code().into(),
+			uri: resp.take_uri().into(),
+			shared_secret: TwoFactorSecret::from_bytes(resp.take_shared_secret()),
+			token_gid: resp.take_token_gid(),
+			identity_secret: base64::engine::general_purpose::STANDARD
+				.encode(resp.take_identity_secret())
+				.into(),
+			device_id: self.device_id.clone(),
+			secret_1: base64::engine::general_purpose::STANDARD
+				.encode(resp.take_secret_1())
+				.into(),
+			tokens: Some(self.tokens.clone()),
+		};
+		Ok(account)
+	}
 }
 
 #[derive(Debug)]
@@ -253,3 +339,44 @@ impl From<EResult> for FinalizeLinkError {
 		}
 	}
 }
+
+#[derive(Debug, thiserror::Error)]
+pub enum RemoveAuthenticatorError {
+	#[error("Missing revocation code")]
+	MissingRevocationCode,
+	#[error("Incorrect revocation code, {attempts_remaining} attempts remaining")]
+	IncorrectRevocationCode { attempts_remaining: u32 },
+	#[error("Transport error: {0}")]
+	TransportError(#[from] TransportError),
+	#[error("Steam returned an enexpected result: {0:?}")]
+	UnknownEResult(EResult),
+	#[error("Unexpected error: {0}")]
+	Unknown(#[from] anyhow::Error),
+}
+
+impl From<EResult> for RemoveAuthenticatorError {
+	fn from(e: EResult) -> Self {
+		Self::UnknownEResult(e)
+	}
+}
+
+#[derive(Error, Debug)]
+pub enum TransferError {
+	#[error("Provided SMS code was incorrect.")]
+	BadSmsCode,
+	#[error("Failed to send request to Steam: {0:?}")]
+	Transport(#[from] crate::transport::TransportError),
+	#[error("Steam returned an unexpected error code: {0:?}")]
+	UnknownEResult(EResult),
+	#[error(transparent)]
+	Unknown(#[from] anyhow::Error),
+}
+
+impl From<EResult> for TransferError {
+	fn from(result: EResult) -> Self {
+		match result {
+			EResult::SMSCodeFailed => TransferError::BadSmsCode,
+			r => TransferError::UnknownEResult(r),
+		}
+	}
+}

steamguard/src/api_responses/login.rs

@@ -1,6 +1,7 @@
 use serde::Deserialize;
 
 #[derive(Debug, Clone, Deserialize)]
+#[allow(dead_code)]
 pub struct OAuthData {
 	pub oauth_token: String,
 	pub steamid: String,

steamguard/src/api_responses/mod.rs

@@ -3,5 +3,3 @@ mod login;
 mod phone_ajax;
 
 pub use i_authentication_service::*;
-pub use login::*;
-pub use phone_ajax::*;

steamguard/src/confirmation.rs

@@ -82,7 +82,7 @@ where
 		cookies
 	}
 
-	pub fn get_trade_confirmations(&self) -> Result<Vec<Confirmation>, ConfirmerError> {
+	pub fn get_confirmations(&self) -> Result<Vec<Confirmation>, ConfirmerError> {
 		let cookies = self.build_cookie_jar();
 		let client = self.transport.innner_http_client()?;
 
@@ -367,34 +367,27 @@ impl Confirmation {
 	}
 }
 
-#[derive(Debug, Clone, Copy, PartialEq, Eq, Deserialize)]
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Deserialize, num_enum::FromPrimitive)]
 #[repr(u32)]
 #[serde(from = "u32")]
-/// Source: <https://github.com/SteamDatabase/SteamTracking/blob/6e7797e69b714c59f4b5784780b24753c17732ba/Structs/enums.steamd#L1607-L1616>
+/// Source: https://github.com/SteamDatabase/SteamTracking/blob/6e7797e69b714c59f4b5784780b24753c17732ba/Structs/enums.steamd#L1607-L1616
+/// There are also some additional undocumented types.
 pub enum ConfirmationType {
 	Test = 1,
+	/// Occurs when sending a trade offer or accepting a received trade offer, only when there is items on the user's side
 	Trade = 2,
+	/// Occurs when selling an item on the Steam community market
 	MarketSell = 3,
 	FeatureOptOut = 4,
+	/// Occurs when changing the phone number associated with the account
 	PhoneNumberChange = 5,
 	AccountRecovery = 6,
+	/// Occurs when a new web API key is created via https://steamcommunity.com/dev/apikey
+	ApiKeyCreation = 9,
+	#[num_enum(catch_all)]
 	Unknown(u32),
 }
 
-impl From<u32> for ConfirmationType {
-	fn from(text: u32) -> Self {
-		match text {
-			1 => ConfirmationType::Test,
-			2 => ConfirmationType::Trade,
-			3 => ConfirmationType::MarketSell,
-			4 => ConfirmationType::FeatureOptOut,
-			5 => ConfirmationType::PhoneNumberChange,
-			6 => ConfirmationType::AccountRecovery,
-			v => ConfirmationType::Unknown(v),
-		}
-	}
-}
-
 #[derive(Debug, Deserialize)]
 pub struct ConfirmationListResponse {
 	pub success: bool,

steamguard/src/lib.rs

@@ -1,6 +1,5 @@
-use crate::protobufs::service_twofactor::CTwoFactor_RemoveAuthenticator_Request;
+use crate::token::TwoFactorSecret;
-use crate::steamapi::EResult;
+use accountlinker::RemoveAuthenticatorError;
-use crate::{steamapi::twofactor::TwoFactorClient, token::TwoFactorSecret};
 pub use accountlinker::{AccountLinkError, AccountLinker, FinalizeLinkError};
 pub use confirmation::*;
 pub use qrapprover::{QrApprover, QrApproverError};
@@ -96,58 +95,21 @@ impl SteamGuardAccount {
 
 	/// Removes the mobile authenticator from the steam account. If this operation succeeds, this object can no longer be considered valid.
 	/// Returns whether or not the operation was successful.
-	pub fn remove_authenticator<T: Transport>(
+	///
+	/// A convenience method for [`AccountLinker::remove_authenticator`].
+	pub fn remove_authenticator(
 		&self,
-		client: &TwoFactorClient<T>,
+		transport: impl Transport,
 		revocation_code: Option<&String>,
 	) -> Result<(), RemoveAuthenticatorError> {
-		if revocation_code.is_none() && self.revocation_code.expose_secret().is_empty() {
-			return Err(RemoveAuthenticatorError::MissingRevocationCode);
-		}
 		let Some(tokens) = &self.tokens else {
 			return Err(RemoveAuthenticatorError::TransportError(
 				TransportError::Unauthorized,
 			));
 		};
-		let mut req = CTwoFactor_RemoveAuthenticator_Request::new();
+		let revocation_code =
-		req.set_revocation_code(
+			Some(revocation_code.unwrap_or_else(|| self.revocation_code.expose_secret()));
-			revocation_code
+		let linker = AccountLinker::new(transport, tokens.clone());
-				.unwrap_or(self.revocation_code.expose_secret())
+		linker.remove_authenticator(revocation_code)
-				.to_owned(),
-		);
-		let resp = client.remove_authenticator(req, tokens.access_token())?;
-
-		// returns EResult::TwoFactorCodeMismatch if the revocation code is incorrect
-		if resp.result != EResult::OK && resp.result != EResult::TwoFactorCodeMismatch {
-			return Err(resp.result.into());
-		}
-		let resp = resp.into_response_data();
-		if !resp.success() {
-			return Err(RemoveAuthenticatorError::IncorrectRevocationCode {
-				attempts_remaining: resp.revocation_attempts_remaining(),
-			});
-		}
-
-		Ok(())
-	}
-}
-
-#[derive(Debug, thiserror::Error)]
-pub enum RemoveAuthenticatorError {
-	#[error("Missing revocation code")]
-	MissingRevocationCode,
-	#[error("Incorrect revocation code, {attempts_remaining} attempts remaining")]
-	IncorrectRevocationCode { attempts_remaining: u32 },
-	#[error("Transport error: {0}")]
-	TransportError(#[from] TransportError),
-	#[error("Steam returned an enexpected result: {0:?}")]
-	UnknownEResult(EResult),
-	#[error("Unexpected error: {0}")]
-	Unknown(#[from] anyhow::Error),
-}
-
-impl From<EResult> for RemoveAuthenticatorError {
-	fn from(e: EResult) -> Self {
-		Self::UnknownEResult(e)
 	}
 }

steamguard/src/steamapi/twofactor.rs

@@ -69,6 +69,45 @@ where
 		Ok(resp)
 	}
 
+	pub fn remove_authenticator_via_challenge_start(
+		&self,
+		req: CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request,
+		access_token: &Jwt,
+	) -> Result<ApiResponse<CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response>, TransportError>
+	{
+		let req = ApiRequest::new(SERVICE_NAME, "RemoveAuthenticatorViaChallengeStart", 1, req)
+			.with_access_token(access_token);
+		let resp = self
+			.transport
+			.send_request::<CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request, CTwoFactor_RemoveAuthenticatorViaChallengeStart_Response>(
+				req,
+			)?;
+		Ok(resp)
+	}
+
+	pub fn remove_authenticator_via_challenge_continue(
+		&self,
+		req: CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request,
+		access_token: &Jwt,
+	) -> Result<
+		ApiResponse<CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response>,
+		TransportError,
+	> {
+		let req = ApiRequest::new(
+			SERVICE_NAME,
+			"RemoveAuthenticatorViaChallengeContinue",
+			1,
+			req,
+		)
+		.with_access_token(access_token);
+		let resp = self
+			.transport
+			.send_request::<CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request, CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Response>(
+				req,
+			)?;
+		Ok(resp)
+	}
+
 	pub fn query_status(
 		&self,
 		req: CTwoFactor_Status_Request,
@@ -108,5 +147,13 @@ macro_rules! impl_buildable_req {
 impl_buildable_req!(CTwoFactor_AddAuthenticator_Request, true);
 impl_buildable_req!(CTwoFactor_FinalizeAddAuthenticator_Request, true);
 impl_buildable_req!(CTwoFactor_RemoveAuthenticator_Request, true);
+impl_buildable_req!(
+	CTwoFactor_RemoveAuthenticatorViaChallengeStart_Request,
+	true
+);
+impl_buildable_req!(
+	CTwoFactor_RemoveAuthenticatorViaChallengeContinue_Request,
+	true
+);
 impl_buildable_req!(CTwoFactor_Status_Request, true);
 impl_buildable_req!(CTwoFactor_Time_Request, false);