Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove refresh token on access denied #1776

Merged
merged 1 commit into from
Jul 17, 2024
Merged

fix: remove refresh token on access denied #1776

merged 1 commit into from
Jul 17, 2024

Conversation

Nicklason
Copy link
Collaborator

@Nicklason Nicklason commented Jul 16, 2024
edited
Loading

When logging in the bot removes error listeners and only adds them back when successfully logged in. This means that if you first start the bot and get the accessdenied error, then the bot will keep crashing because it keeps trying to sign in using the invalid refresh token.

Bot registers handler for error events on the client:

tf2autobot/src/classes/Bot.ts

Line 846 in 133b3da

this.addAsyncListener(this.client, 'error', this.onError.bind(this), false);

tf2autobot/src/classes/Bot.ts

Lines 1616 to 1644 in 133b3da

private async onError(err: CustomError): Promise<void> {
if (err.eresult === EResult.LoggedInElsewhere) {
log.warn('Signed in elsewhere, stopping the bot...');
this.botManager.stop(err, false, true);
} else if (err.eresult === EResult.AccessDenied) {
// Access denied during login
await this.deleteRefreshToken();
} else if (err.eresult === EResult.LogonSessionReplaced) {
this.sessionReplaceCount++;
if (this.sessionReplaceCount > 0) {
log.warn('Detected login session replace loop, stopping bot...');
this.botManager.stop(err, false, true);
return;
}
log.warn('Login session replaced, relogging...');
await this.deleteRefreshToken();
this.login(await this.getRefreshToken()).catch(err => {
if (err) {
throw err;
}
});
} else {
throw err;
}
}

Bot removes error listeners when attempting to log in:

tf2autobot/src/classes/Bot.ts

Lines 1389 to 1397 in 133b3da

const listeners = this.client.listeners('error');
this.client.removeAllListeners('error');
const gotEvent = (): void => {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
listeners.forEach(listener => this.client.on('error', listener));
};

Bot does not handle access denied errors in the login error handler:

tf2autobot/src/classes/Bot.ts

Lines 1408 to 1417 in 133b3da

const errorEvent = (err): void => {
gotEvent();
this.client.removeListener('loggedOn', loggedOnEvent);
clearTimeout(timeout);
log.error('Failed to sign in to Steam: ', err);
reject(err);
};

@Nicklason Nicklason requested a review from idinium96 July 16, 2024 20:06
@idinium96
Copy link
Member

Thank you @Nicklason! I will look into this. Looks right already.

@idinium96 idinium96 merged commit b58b7b7 into TF2Autobot:master Jul 17, 2024
2 of 5 checks passed
@Nicklason Nicklason deleted the fix/login-access-denied branch July 17, 2024 21:52
@idinium96 idinium96 mentioned this pull request Jul 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@idinium96 idinium96 idinium96 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Nicklason @idinium96