Archisteamfarm: A command to accept all pending confirmations from bots only

Safer alternative would involve disabling SendOnFarmingFinished and do !loot yourself. ASF 2FA defeats whole purpose of 2FA, and was added purely to skip trading holds, everything else is an extra.

However, the idea is good. If SteamAuth module is capable of checking details such as who is initiating a trade, I might be able to change current approach from accepting all confirmations to accepting only trades involving bot and the master.

I agree. But I'm just too lazy to confirm the things on my phone :-1: Thanks for considering it!

change current approach from accepting all confirmations to accepting only trades involving bot and the master.

At least make it configurable for each bot it you would implement it.

At least make it configurable for each bot it you would implement it.

Obviously.

From what I see it's not yet possible to get data such as what parties are involved in confirmation, so I improved it only a little:

When we're sending or accepting a trade, ASF now confirms only confirmations related to trading. !2faok and AcceptConfirmationsPeriod still accept all. This ensures that ASF won't accept any market confirmations when dealing with trading.

Well, I sniffed the requests from the Steam app and I was able to find informations about the parties. So, if you're interested, this is the client request about the trade (you'd need the trade ID first, ofc):

http://pastebin.com/BUTzJz9z

And the server response is in JSON (but the actual relevant data is HTML):

JSON response: http://pastebin.com/kHNqstRC
Readable HTML response: http://pastebin.com/VYf4Qby5

The relevant information is available at the line n 13, where the value of the property data-miniprofile is the account id of the person you've sent the trade to. That's it... hope it helps.

And just to be clear, I _really_ think that !2faok shouldn't be removed at all, it has been very useful to me. I just want a alternative to it, you know. Thanks!

Thing is - confirmations are handled by third-party SteamAuth library which ASF is using. It's a matter of whether that library has functions ASF needs or not. Currently SteamAuth supports ID, Key and Description of confirmation. If description contains enough info, perhaps I could add description parsing module that would work. It's on wishlist though, perhaps later.

I've started working on this and indeed, confirmations overview (aka confirmations list) doesn't include the info we need, but there is second call available to fetch confirmation details and there steamID in shorter "3" form is included, available for checking.

In fact, I even added code for that already, just without actual logic yet. It should arrive with ASF V2.1 :+1:

Current mechanism works like this:

!2faok still accepts all confirmations, because that's what it is made for.

When ASF 2FA is executed in the other way, it depends which one:

• If confirming received trades, ASF will allow only trade confirmations, and only those with tradeIDs of the ones we parsed (and accepted).
• If confirming sent trades (e.g. !loot), ASF will confirm only trade confirmations, and only those where we target SteamMasterID.

Therefore, I don't see a need for more safe !2faok at the moment, as ASF now tries to touch only it's own trades (as long as it's possible).