Huh / collar

Utilities for exploring telemetry data
Other
7 stars 9 forks source link

error connecting to lotek site even with the sample password.- token supplied to the function is invalid #80

Open dgermanwildlife opened 2 years ago

dgermanwildlife commented 2 years ago

Here is my sample code:

lotek_base_url <- "https://webservice.lotek.com" usr = "demo", pwd = "PASSWORD09"
httr::POST(url = lotek_base_url, path = list("API", "user", "login"), body = list(grant_type = "password", username = usr, Password = pwd))

Here is the response I get.

Error in curl::curl_fetch_memory(url, handle = handle) : schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

Looking online it may have to do with the Open SSL or the WinSSL security layers but I'm stymied as to how to get past this.

I opened the source code and used the httr commands to isolate which routine(s) contained the error.

Thanks for any help.

Huh commented 2 years ago

@dgermanwildlife which version of the package are you using? The code above does not match the current version and for me returned a 400 error. The up to date version worked for me using:

lotek_base_url <- "https://webservice.lotek.com"

usr = "demo"

pwd = "PASSWORD09"

resp <- httr::RETRY(
  "POST",
  url = lotek_base_url,
  path = list("API", "user", "login"),
  body = list(
    grant_type = "password",
    username = usr,
    Password = pwd
  ),
  encode = "form",
  quiet = TRUE
)

httr::content(tt)
httr::http_error(tt)
httr::http_status(tt)

Please try the above code and perhaps try this as well to see if you can hit any website from your machine

RETRY("GET", "http://httpbin.org/status/200")

Last, any clues if you run lotek_login or the above code with something like:

httr::with_verbose(
  httr::RETRY(
    "POST",
    url = "https://webservice.lotek.com",
    path = list("API", "user", "login"),
    body = list(
      grant_type = "password",
      username = "demo",
      Password = "PASSWORD09"
    ),
    encode = "form",
    quiet = TRUE
  )
)

# Or maybe this

httr::with_verbose(
  collar::lotek_login(usr, pwd)
)
dgermanwildlife commented 2 years ago

Hi Josh,

I tried your suggestions. The results seem to be inconsistent, or at least I can't see why they change. I restarted R and ran the code you sent. See results below as annotated.

Fresh start highlight all code and hit control enter to run --- error

R> lotek_base_url <- https://webservice.lotek.com R> R> usr = "demo" R> R> pwd = "PASSWORD09" R> R> resp<-NULL R> R> resp <- httr::RETRY(

run again stepping through code line by line - error (if I start by stepping through the code line by line with a fresh R implementation, the process seems to start here

R> lotek_base_url <- https://webservice.lotek.com R> usr = "demo" R> pwd = "PASSWORD09" R> resp<-NULL R> resp <- httr::RETRY(

code starts working R> httr::RETRY("GET", http://httpbin.org/status/200) Response [http://httpbin.org/status/200] Date: 2022-08-18 22:22 Status: 200 Content-Type: text/html; charset=utf-8

Error in next section R> httr::with_verbose( + httr::RETRY( + "POST", + url = https://webservice.lotek.com, + path = list("API", "user", "login"), + body = list( + grant_type = "password", + username = "demo", + Password = "PASSWORD09" + ), + encode = "form", + quiet = TRUE + ) + ) Error in curl::curl_fetch_memory(url, handle = handle) : schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid Run again and the code seems to work R> lotek_base_url <- https://webservice.lotek.com R> usr = "demo" R> pwd = "PASSWORD09" R> resp<-NULL R> resp <- httr::RETRY( + "POST", + url = lotek_base_url, + path = list("API", "user", "login"), + body = list( + grant_type = "password", + username = usr, + Password = pwd + ), + encode = "form", + quiet = TRUE + ) R> httr::content(resp) $access_token [1] "Vv3vutpsonoY9PgY0_Rqz0RQJFpI4xw2YrN_OCS58juZsf8OipMblRIswCEuLfwzZFhiSFebZw0ZDYcQDLs1bnmyouSN-qFyBqi0OfAr2y4eAZV9KXgOfOADNaM8d4fh-eUgPVnymQ5f8y8YKgdjkXcT4V6LPub7RN1E6tq3fX5KOC82Ux0gXPHOcEYArMt9mLKJKxsvEPLqGjk2TNLmPg" $token_type [1] "bearer" $expires_in [1] 3599 $refresh_token [1] "f3b58171-8382-4189-a0a3-641d1b816669" $userName [1] "demo" $.issued [1] "Thu, 18 Aug 2022 22:22:54 GMT" $.expires [1] "Thu, 18 Aug 2022 23:22:54 GMT" R> httr::http_error(resp) [1] FALSE R> httr::http_status(resp) $category [1] "Success" $reason [1] "OK" $message [1] "Success: (200) OK" R> httr::RETRY("GET", http://httpbin.org/status/200) Response [http://httpbin.org/status/200] Date: 2022-08-18 22:22 Status: 200 Content-Type: text/html; charset=utf-8 R> httr::with_verbose( + httr::RETRY( + "POST", + url = https://webservice.lotek.com, + path = list("API", "user", "login"), + body = list( + grant_type = "password", + username = "demo", + Password = "PASSWORD09" + ), + encode = "form", + quiet = TRUE + ) + ) -> POST /API/user/login HTTP/1.1 -> Host: webservice.lotek.com -> User-Agent: libcurl/7.64.1 r-curl/4.3.2 httr/1.4.4 -> Accept-Encoding: deflate, gzip -> Accept: application/json, text/xml, application/xml, */* -> Content-Type: application/x-www-form-urlencoded -> Content-Length: 53 -> >> grant_type=password&username=demo&Password=PASSWORD09 <- HTTP/1.1 200 OK <- Cache-Control: no-cache <- Pragma: no-cache <- Content-Length: 452 <- Content-Type: application/json;charset=UTF-8 <- Expires: -1 <- Server: Microsoft-IIS/7.5 <- X-Powered-By: ASP.NET <- Date: Thu, 18 Aug 2022 22:23:00 GMT <- Response [https://webservice.lotek.com/API/user/login] Date: 2022-08-18 22:23 Status: 200 Content-Type: application/json;charset=UTF-8 Size: 452 B R> httr::with_verbose( + collar::lotek_login(usr, pwd) + ) -> POST /API/user/login HTTP/1.1 -> Host: webservice.lotek.com -> User-Agent: libcurl/7.64.1 r-curl/4.3.2 httr/1.4.4 -> Accept-Encoding: deflate, gzip -> Accept: application/json, text/xml, application/xml, */* -> Content-Type: application/x-www-form-urlencoded -> Content-Length: 53 -> >> grant_type=password&username=demo&Password=PASSWORD09 <- HTTP/1.1 200 OK <- Cache-Control: no-cache <- Pragma: no-cache <- Content-Length: 452 <- Content-Type: application/json;charset=UTF-8 <- Expires: -1 <- Server: Microsoft-IIS/7.5 <- X-Powered-By: ASP.NET <- Date: Thu, 18 Aug 2022 22:23:01 GMT <- [1] TRUE R> user="xxxxx"; pw="xxxxx" R> httr::with_verbose( + collar::lotek_login(user, pw) + ) -> POST /API/user/login HTTP/1.1 -> Host: webservice.lotek.com -> User-Agent: libcurl/7.64.1 r-curl/4.3.2 httr/1.4.4 -> Accept-Encoding: deflate, gzip -> Accept: application/json, text/xml, application/xml, */* -> Content-Type: application/x-www-form-urlencoded -> Content-Length: 54 -> >> grant_type=password&username=xxxxx&Password=xxxxxx <- HTTP/1.1 200 OK <- Cache-Control: no-cache <- Pragma: no-cache <- Content-Length: 454 <- Content-Type: application/json;charset=UTF-8 <- Expires: -1 <- Server: Microsoft-IIS/7.5 <- X-Powered-By: ASP.NET <- Date: Thu, 18 Aug 2022 22:23:03 GMT <- [1] TRUE
Huh commented 2 years ago

Turns out CO had a similar issue with ATS. Can you @dgermanwildlife try specifying the user_agent in your requests to see if this helps? I am travling yet again for the next two days, but will do my best to keep digging. Thanks.

Something like:

lotek_base_url <- "https://webservice.lotek.com"

usr = "demo"

pwd = "PASSWORD09"

resp <- httr::RETRY(
  "POST",
  url = lotek_base_url,
  path = list("API", "user", "login"),
  body = list(
    grant_type = "password",
    username = usr,
    Password = pwd
  ),
  encode = "form",
  quiet = TRUE,
  httr::user_agent(paste(
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64)",
    "AppleWebKit/537.36 (KHTML, like Gecko)",
    "Chrome/103.0.0.0 Safari/537.36"
  ))
)

httr::content(resp)
httr::http_error(resp)
httr::http_status(resp)
ericnewkirk commented 2 years ago

@Huh @dgermanwildlife

I've tried digging into this a bit, too, but can't reproduce it. All the Lotek functions are working as intended for me. There were curl updates a while back that may have been related, but the issues there seem a little off and are mostly out of date. I don't think it's related to the user agent issue with ATS, though.

I think a certificate is automatically being sent with the requests for some reason, maybe due to an existing login on the Lotek website that's been cached? I would try logging out of the Lotek website via browser and seeing if that makes a difference. It might also help to force the collar package to discard any existing login information by running lotek_logout() first:

library(collar)

lotek_logout()

usr <- "demo"
pwd <- "PASSWORD09"

lotek_login(usr, pwd)

alerts <- fetch_lotek_alerts()

lotek_logout()

I included a function in the package to refresh an existing token in case it's expired, but that only works sporadically and we should probably just get rid of it. If that's causing the issue then explicitly logging out as above should resolve it.

If neither of those works I'm afraid it might be something specific to your network configuration, but let's hope not. Given #81 it seems to affect requests to other urls too. As Josh suggested in the other thread

devtools::session_info()

could be helpful.

Huh commented 2 years ago

Thanks @ericnewkirk

I am leaning towards a windows specific problem and the way certificates are passed. The schannel behavior in particular is well documented and if you look through issues for curl and libcurl there are mentions of this and a commit that gives the option to specify the cert explicitly. All of that is great, but if we can't reproduce it we are really just guessing.