search

FlussuferOrga / ts-gw2-verifyBot

A python bot that will sit in a Teamspeak3 channel and take commands. It's main purpose was to verify server players for Guild Wars 2 and automatically authenticate and give them the proper Group for permissions to speak/etc in Teamspeak.
MIT License
3 stars 2 forks source link

HTTP 403 upon deleting a guild #35

Closed ogrady closed 4 years ago

ogrady commented 4 years ago

Deleting the guild using the command yields:

2020-08-09 13:15:25,715 [ERROR] bot.rest.server: Exception on /guild [DELETE]
Traceback (most recent call last):
  File "/home/ts3bot/.local/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/ts3bot/.local/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/ts3bot/.local/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/ts3bot/.local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/home/ts3bot/.local/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/ts3bot/.local/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/ts3bot/ts-gw2-verifyBot/bot/rest/controller/guild_controller.py", line 39, in _delete_guild
    res = self._bot.removeGuild(name)
  File "/home/ts3bot/ts-gw2-verifyBot/bot/TS3Bot.py", line 351, in removeGuild
    ginfo = get_guild_info(name)
  File "/home/ts3bot/ts-gw2-verifyBot/bot/gw2_api.py", line 15, in get_guild_info
    return gw2api.v2.guild.get(guild_ids[0])
  File "/home/ts3bot/.local/lib/python3.6/site-packages/gw2api/v2/endpoint.py", line 114, in get
    return self.get_one(args[0])
  File "/home/ts3bot/.local/lib/python3.6/site-packages/gw2api/v2/endpoint.py", line 126, in get_one
    return self.get_cached(name, cache_name)
  File "/home/ts3bot/.local/lib/python3.6/site-packages/gw2api/v2/endpoint.py", line 55, in get_cached
    meta, data = self._get(path, **kwargs)
  File "/home/ts3bot/.local/lib/python3.6/site-packages/gw2api/v2/account.py", line 16, in _get
    return super(AuthenticatedMixin, self)._get(path, **kwargs)
  File "/home/ts3bot/.local/lib/python3.6/site-packages/gw2api/v2/endpoint.py", line 74, in _get
    r.raise_for_status()
  File "/home/ts3bot/.local/lib/python3.6/site-packages/requests/models.py", line 941, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: membership required for url: https://api.guildwars2.com/v2/guild/FB6AAD73-1309-E811-81A1-02A36842867

While calling the URL in the error from a browser works fine.

Xyaren commented 4 years ago

Manually visiting the provided URL leads to a 404 Not Found: { text: "no such guild" }

Using a different Guild does not require authentication: https://api.guildwars2.com/v2/guild/6FF265DD-8D8C-E911-81A8-E944283D67C1

Xyaren commented 4 years ago

Based on the wiki https://wiki.guildwars2.com/wiki/API:2/guild/:id Authentication is optional:

The end point will include more or less fields dependend on whether or not an API Key of a Leader or Member of the Guild with the guilds scope is included in the Request.

Maybe some user key is accidentially used to make the request, that was left in the gw2api package ?

Xyaren commented 4 years ago

It looks like https://pypi.org/project/gw2api/ is not thread safe. The api key is a shared static variable.

It's probably worth taking a look at https://pypi.org/project/GuildWars2-API-Client/ as it uses instantiation for creating a client.

ogrady commented 4 years ago

Manually visiting the provided URL leads to a 404 Not Found: { text: "no such guild" }

Using a different Guild does not require authentication: https://api.guildwars2.com/v2/guild/6FF265DD-8D8C-E911-81A8-E944283D67C1

Sorry, I had taken the liberty to remove some characters from the ID in the error message in an overzealous attempt to not disclose any "personal" information. The link still works fine with the proper ID, so it's not an issue specific for the guild or the user.

For this particular job, we don't really need a wrapper, as it is an unauthenticated endpoint with JSON contents, so we could also fall back to a low-tech approach instead of swapping out an entire dependency: https://repl.it/repls/ActualGenuineParticles

Xyaren commented 4 years ago

I don't like the idea of having 2 ways of talking to the same api. The underlying issue of api key bleeding between concurrent requests is still there.

PR #36 adresses this issue.

ogrady commented 4 years ago

I am still not sure if concurrent requests really are an issue here, since the failing delete request could be reproduced repeatedly, while seemingly no other requests, like authentifcations, were going on. Were you able to reproduce the behaviour locally and is it consequently fixed in #36 ?

Xyaren commented 4 years ago

Closed by #36