search

liamcurry / passport-steam

Steam (OpenID) authentication strategy for Passport and Node.js.
MIT License
346 stars 103 forks source link

Steamcommunity changed all http to https #81

Closed snax4a closed 6 years ago

snax4a commented 6 years ago

Since Valve switched everything on steamcommunity.com to https, a great many websites using Steam OpenID are now giving errors when you try to log in.

The reason is because with Valve's recent SSL/TLS switch, OpenID URLs were changed too. That means while websites used to identify you by http://steamcommunity.com/profiles/{number} they are now receiving https://steamcommunity.com/profiles/{number} back from Valve instead. With this unexpected change, websites generally aren't coded to handle it and will throw an authentication error.

joshverd commented 6 years ago

This was just fixed with v1.0.9.

snax4a commented 6 years ago

I updated it to v1.0.9 but im still unable to login, there are no errors

My site is not https maybe this is an issue?

once i get this error:

Error: write EPROTO 139711476873088:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:

    at exports._errnoException (util.js:1020:11)
    at WriteWrap.afterWrite (net.js:800:14)

BTW i use nginx proxy

lukealford commented 6 years ago

line 88 on the strategy.js needs updating as well.

from var identifierRegex = /^http:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/; to var identifierRegex = /^https:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;

coooool123 commented 6 years ago

I've updated mine too but still can't login...

snax4a commented 6 years ago

luke this line was updated in v1.0.9 but still its not fixed

lukealford commented 6 years ago

Do you have ? try removing that as that's all I changed and it all started working normal for me, I was also having the same problem on a nginx proxy removal of the ? solved this for me.

/^https?:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;

vs

/^https:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;

snax4a commented 6 years ago

What is your proxy configuration? You use 1.0.9 and Just removed ? After https on line 88?

W dniu sob., 7.04.2018 o 07:33 Luke Alford notifications@github.com napisał(a):

Do you have ? try removing that as that's all I changed and it all started working normal for me, I was also having the same problem on a nginx proxy removal of the ? solved this for me.

/^https?:\/\/steamcommunity.com\/openid\/id\/(\d+)$/;

vs

/^https:\/\/steamcommunity.com\/openid\/id\/(\d+)$/;

You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/liamcurry/passport-steam/issues/81#issuecomment-379433942, or mute the thread https://github.com/notifications/unsubscribe-auth/ATtSJMR0aXfC7HAgAqwm0eUlp3Yn1z7hks5tmE-rgaJpZM4TKN8j .

lukealford commented 6 years ago

What is your proxy configuration?

Just a normal nginx proxy passing to the express port.

You use 1.0.9 and Just removed ? After https on line 88?

I manually updated each of http lines before 1.0.9 was released, the only real difference from 1.0.9 and my version is the ? on line 88. I hope this helps.

snax4a commented 6 years ago

Can you give me your skype or steam? We will try to fix it together i will pay :)

W dniu sob., 7.04.2018 o 07:55 Luke Alford notifications@github.com napisał(a):

What is your proxy configuration?

Just a normal nginx proxy passing to the express port.

You use 1.0.9 and Just removed ? After https on line 88?

I manually updated each of http lines before 1.0.9 was released, the only real difference from 1.0.9 and my version is the ? on line 88. I hope this helps.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/liamcurry/passport-steam/issues/81#issuecomment-379434780, or mute the thread https://github.com/notifications/unsubscribe-auth/ATtSJEd0SgsJdzqFdGJbXegNRgNHt8Kdks5tmFS5gaJpZM4TKN8j .

lukealford commented 6 years ago

My site is not https maybe this is an issue?

I think it will be simply solved by moving your site over to HTTPS, you can get a free cert from lets encrypt.

coooool123 commented 6 years ago

I did that via cloudflare and there still is no fix

tobbbles commented 6 years ago

Closing as not an issue of the package.

snax4a commented 6 years ago

But it is issue of package Becouse it worked before update

W dniu sob., 7.04.2018 o 19:10 Toby Archer notifications@github.com napisał(a):

Closed #81 https://github.com/liamcurry/passport-steam/issues/81.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/liamcurry/passport-steam/issues/81#event-1562265294, or mute the thread https://github.com/notifications/unsubscribe-auth/ATtSJPcH3h00CIrgI08_ZObK4nI5Gc8Hks5tmPLogaJpZM4TKN8j .

tobbbles commented 6 years ago

The issue is you not configuring your webserver with SSL correctly, not how passport-steam functions

snax4a commented 6 years ago

So with this update website must have SSL set up to work with paszport steam? I was using this package without SSL before

W dniu sob., 7.04.2018 o 19:12 Toby Archer notifications@github.com napisał(a):

The issue is you not configuring your webserver with SSL correctly, not how passport-steam functions

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/liamcurry/passport-steam/issues/81#issuecomment-379484787, or mute the thread https://github.com/notifications/unsubscribe-auth/ATtSJOxXyJ6C4bgayLXwIpvfcKqzxTeXks5tmPN4gaJpZM4TKN8j .