search

ajdavis / proporti.onl

Compare number of women, men, and nonbinary people among my friends and followers.
https://www.proporti.onl
Apache License 2.0
238 stars 27 forks source link

Intermittent failure in Twitter OAuth #14

Closed ajdavis closed 6 years ago

ajdavis commented 6 years ago

Reported here, occasional HTTP 503 errors on proporti.onl during Twitter auth flow:

https://twitter.com/AidanBudd/status/969217821174583299

The application logs:

2018-03-01 14:28:47,504: [2018-03-01 14:28:47,495] ERROR in app: Exception on /authorized [GET]
2018-03-01 14:28:47,504: Traceback (most recent call last):
2018-03-01 14:28:47,505:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask/app.py", line 1988, in wsgi_app
2018-03-01 14:28:47,505:     response = self.full_dispatch_request()
2018-03-01 14:28:47,505:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask/app.py", line 1641, in full_dispatch_request
2018-03-01 14:28:47,505:     rv = self.handle_user_exception(e)
2018-03-01 14:28:47,505:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask/app.py", line 1544, in handle_user_exception
2018-03-01 14:28:47,506:     reraise(exc_type, exc_value, tb)
2018-03-01 14:28:47,506:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask/app.py", line 1639, in full_dispatch_request
2018-03-01 14:28:47,506:     rv = self.dispatch_request()
2018-03-01 14:28:47,506:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask/app.py", line 1625, in dispatch_request
2018-03-01 14:28:47,506:     return self.view_functions[rule.endpoint](**req.view_args)
2018-03-01 14:28:47,506:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask_oauth.py", line 427, in decorated
2018-03-01 14:28:47,506:     data = self.handle_oauth1_response()
2018-03-01 14:28:47,507:   File "/home/emptysquare/my-venv/local/lib/python2.7/site-packages/flask_oauth.py", line 379, in handle_oauth1_response
2018-03-01 14:28:47,507:     type='invalid_response', data=data)
2018-03-01 14:28:47,507: OAuthException: Invalid response from twitter
ajdavis commented 6 years ago

The original reporter is the only Twitter user who seems to trigger this bug. It must be related to this log message I just noticed:

/home/emptysquare/my-venv/local/lib/python2.7/site-packages/werkzeug/wrappers.py:1116: UserWarning: The "session" cookie is too large: the value was 5010 bytes but the header required 26 extra bytes. The final size was 5036 bytes but the limit is 4093 bytes. Browsers may silently ignore cookies larger than this.

Running the server locally doesn't trigger the bug, but in the context of PythonAnywhere's stack it must result in a corrupt cookie, or perhaps a request that's denied before it even reaches my application.

Only the a Twitter user's "lists" can cause unbounded data to be stored in the cookie. Try to store less info about each list to keep the cookie shorter.