finalize_confirmation() incorrectly sends tag=conf insteady of tag=allow or tag=cancel

[foresto]

According to all the other libraries I have seen, the tag= parameter should be either 'allow' or 'cancel' when accepting or rejecting a confirmation. (In other words, it should be the same as the op= parameter.)

The current code sends tag='conf' instead, which I believe should only be done when retrieving a list of confirmations. https://github.com/ShyPixie/stlib/blob/8b36fc6/src/webapi.py#L492

References: https://github.com/geel9/SteamAuth/blob/master/SteamAuth/SteamGuardAccount.cs https://github.com/luop90/node-steam-mobile-confirmations/blob/master/index.js https://github.com/bukson/steampy/blob/master/steampy/confirmation.py https://github.com/Zwork101/steam-trade/blob/master/pytrade/confirmations.py https://github.com/i-galetsky-gs-by/steamcommunity-mobile-confirmations/blob/master/index.js https://github.com/DoctorMcKay/node-steamcommunity/blob/master/components/confirmations.js

[calendulish]

I think you are looking it the wrong way. It's sending tag=conf not key=conf. The action is sent via "op" param. "key" param isn't used here.

If you need examples, I'm current using Steam Tools NG as my Steam Authenticator. The confirmations is working fine. https://github.com/ShyPixie/steam-tools-ng/blob/master/src/gtk/confirmation.py

[foresto]

I think you are looking it the wrong way. It's sending tag=conf not key=conf.

Sorry; I was tired while typing. Yes, I meant tag, not key, as you can see in my PR. (I have corrected this in my original comment.)

I believe finalize_confirmation() should call _new_query(tag=action) when allowing/canceling a confirmation. In all the other implementations, tag='conf' is only used when retrieving confirmations, and tag='allow' or tag='cancel' is used when resolving them.

[calendulish]

I used a local dns server to redirect all the android traffic to my webserver, so I log every request. I'm sending exactly the same query as the Steam android app. I can't base it on "what other libraries are doing". So, could you check this out and put logs here? I'll check again at some point, but it may take a while because what I need from stlib is already working and the rest I'm not too excited to programming.

[calendulish]

After some check, I found that nothing has changed, android keeps sending tag=conf. So closing.

[foresto]

How strange. I wonder if Valve made a change at some point that caused the server not to care about that value.

Anyway, thanks for checking. I don't have an easy way to MITM the requests.