- Detect if SteamParental is active
- Verify if the code supplied by user is valid
- If the code is not valid or not supplied, generate it automatically (through local bruteforcing, pending further speed enhancements)
It's really sad seeing how this is possible, Valve seriously, you couldn't dedicate one single request in the backend to verify that? You could easily implement rate-limiting on invalid attempts and make parental more secure, but with the current implementation it's a security joke.
* Split steam messages with respect to newlines
* minor fixes and code style
* handle group messages too + code style
* optimize fallback
* dumbest changes in the history of the Earth
* add newline before ...
* handle edge cases properly
Previously we had this awful "assume rate limit if invalid password" because Steam used to do this falsely for rate limits as well.
Since I can no longer reproduce this false behaviour with latest network, I assume that Valve corrected whatever they had broken back then and the network will properly tell us RLE in RLE condition, and invalid password when account credentials are invalid.
There is still case for invalid account credentials when login key is invalid, and we should still handle that one gracefully.
API key can be pre-fetched after logging in, and cached for longer than an hour, since bot disconnect already triggers the reset. This way we can avoid asking for that later on, and improve performance of API-key oriented features, without drawbacks from doing so early on, and additionally being covered by LoginLimiterDelay which (accidentally) should help in regards to unsupported amount of bots as well.
