From 793a200eddf06568889ac020e25c45b54b626318 Mon Sep 17 00:00:00 2001
From: Rossen Georgiev <rossen@rgp.io>
Date: Sun, 29 May 2016 22:02:02 +0100
Subject: [PATCH] WebAuth: rework how cookies are set on all domains

---
 steam/webauth.py                        | 15 ++++-----------
 tests/generete_webauth_vcr.py           |  8 ++++++--
 tests/test_webauth.py                   |  5 +++--
 vcr/webauth_user_pass_only_success.yaml |  5 ++++-
 4 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/steam/webauth.py b/steam/webauth.py
index 9a83706..ce9580f 100644
--- a/steam/webauth.py
+++ b/steam/webauth.py
@@ -163,21 +163,14 @@ class WebAuth(object):
             self.complete = True
             self.password = None
 
-            rememberLogin = self.session.cookies['steamRememberLogin'] if 'steamRememberLogin' in self.session.cookies else None
-
-            self.session.cookies.clear()
             data = resp['transfer_parameters']
-
             self.steamid = SteamID(data['steamid'])
 
+            for cookie in list(self.session.cookies):
+                for domain in ['store.steampowered.com', 'help.steampowered.com', 'steamcommunity.com']:
+                    self.session.cookies.set(cookie.name, cookie.value, domain=domain, secure=cookie.secure)
+
             for domain in ['store.steampowered.com', 'help.steampowered.com', 'steamcommunity.com']:
-                if rememberLogin:
-                    self.session.cookies.set('steamRememberLogin', '%s||%s' % (data['steamid'], rememberLogin),
-                                        domain=domain, secure=False)
-                self.session.cookies.set('steamLogin', '%s||%s' % (data['steamid'], data['token']),
-                                    domain=domain, secure=False)
-                self.session.cookies.set('steamLoginSecure', '%s||%s' % (data['steamid'], data['token_secure']),
-                                    domain=domain, secure=True)
                 self.session.cookies.set('Steam_Language', language, domain=domain)
                 self.session.cookies.set('birthtime', '-3333', domain=domain)
 
diff --git a/tests/generete_webauth_vcr.py b/tests/generete_webauth_vcr.py
index 7f6caba..1d5e950 100644
--- a/tests/generete_webauth_vcr.py
+++ b/tests/generete_webauth_vcr.py
@@ -26,7 +26,11 @@ def request_scrubber(r):
 
 def response_scrubber(r):
     if 'set-cookie' in r['headers']:
-        del r['headers']['set-cookie']
+        r['headers']['set-cookie'] = [
+            'steamLogin=0%7C%7C{}; path=/; httponly'.format('A'*16),
+            'steamLoginSecure=0%7C%7C{}; path=/; httponly; secure'.format('B'*16),
+            'steamMachineAuth=0%7C%7C{}; path=/; httponly'.format('C'*16),
+            ]
 
     if r.get('body', ''):
         data = json.loads(r['body']['string'])
@@ -37,7 +41,7 @@ def response_scrubber(r):
             data['transfer_parameters']['steamid'] = '0'
             data['transfer_parameters']['token'] = 'A'*16
             data['transfer_parameters']['token_secure'] = 'B'*16
-            data['transfer_parameters']['auth'] = 'C'*16
+            data['transfer_parameters']['auth'] = 'Z'*16
 
         body = json.dumps(data)
         r['body']['string'] = body
diff --git a/tests/test_webauth.py b/tests/test_webauth.py
index 1de0144..a7f9fb6 100644
--- a/tests/test_webauth.py
+++ b/tests/test_webauth.py
@@ -36,8 +36,9 @@ class WACase(unittest.TestCase):
         self.assertIsInstance(s, requests.Session)
 
         for domain in s.cookies.list_domains():
-            self.assertEqual(s.cookies.get('steamLogin', domain=domain), '0||%s' % ('A'*16))
-            self.assertEqual(s.cookies.get('steamLoginSecure', domain=domain), '0||%s' % ('B'*16))
+            self.assertEqual(s.cookies.get('steamLogin', domain=domain), '0%7C%7C{}'.format('A'*16))
+            self.assertEqual(s.cookies.get('steamLoginSecure', domain=domain), '0%7C%7C{}'.format('B'*16))
+            self.assertEqual(s.cookies.get('steamMachineAuth', domain=domain), '0%7C%7C{}'.format('C'*16))
 
         self.assertEqual(s, user.login())
 
diff --git a/vcr/webauth_user_pass_only_success.yaml b/vcr/webauth_user_pass_only_success.yaml
index 9005877..6ba8e3d 100644
--- a/vcr/webauth_user_pass_only_success.yaml
+++ b/vcr/webauth_user_pass_only_success.yaml
@@ -39,7 +39,7 @@ interactions:
     body: {string: !!python/unicode '{"requires_twofactor": false, "login_complete":
         true, "transfer_urls": ["https://steamcommunity.com/login/transfer", "https://help.steampowered.com/login/transfer"],
         "transfer_parameters": {"steamid": "0", "remember_login": false, "token":
-        "AAAAAAAAAAAAAAAA", "token_secure": "BBBBBBBBBBBBBBBB", "auth": "CCCCCCCCCCCCCCCC"},
+        "AAAAAAAAAAAAAAAA", "token_secure": "BBBBBBBBBBBBBBBB", "auth": "ZZZZZZZZZZZZZZZZ"},
         "success": true}'}
     headers:
       cache-control: [no-cache]
@@ -49,6 +49,9 @@ interactions:
       date: ['Fri, 13 May 2016 03:01:25 GMT']
       expires: ['Mon, 26 Jul 1997 05:00:00 GMT']
       server: [Apache]
+      set-cookie: [steamLogin=0%7C%7CAAAAAAAAAAAAAAAA; path=/; httponly, steamLoginSecure=0%7C%7CBBBBBBBBBBBBBBBB;
+          path=/; httponly; secure, steamMachineAuth=0%7C%7CCCCCCCCCCCCCCCCC; path=/;
+          httponly]
       x-frame-options: [DENY]
     status: {code: 200, message: OK}
 version: 1