search

gcflames5 / ynab-splitwise-integration

A tool to copy transactions from Splitiwise to YNAB for budgeting purposes.
25 stars 6 forks source link

A potential issue with the OAuth flow causes a barrage of requests to Splitwise, ultimately leading to an IP ban. #9

Closed MaybeThisIsRu closed 3 years ago

MaybeThisIsRu commented 3 years ago

I've been receiving the following response for a while now:

com.github.scribejava.core.exceptions.OAuthException: Response body is incorrect. Can't extract token and secret from this: '{"error": "That action is forbidden. Please wait a few minutes before making further requests."}'
        at com.github.scribejava.core.extractors.AbstractOAuth1TokenExtractor.extract(AbstractOAuth1TokenExtractor.java:42)
        at com.github.scribejava.core.extractors.AbstractOAuth1TokenExtractor.extract(AbstractOAuth1TokenExtractor.java:32)
        at com.github.scribejava.core.extractors.AbstractOAuth1TokenExtractor.extract(AbstractOAuth1TokenExtractor.java:19)
        at com.github.scribejava.core.oauth.OAuth10aService.getRequestToken(OAuth10aService.java:47)
        at splitwise.utils.OAuthUtil.getAuthorizationUrl(OAuthUtil.java:62)
        at splitwise.Splitwise.getAuthorizationUrl(Splitwise.java:45)
        at com.github.gclfames5.sw.SplitwiseHandler.doNewAuthorization(SplitwiseHandler.java:70)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:42)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.sw.SplitwiseHandler.authenticate(SplitwiseHandler.java:43)
        at com.github.gclfames5.Main.main(Main.java:62)

I'm guessing I was rate-limited at the account level, since creating a new app within Splitwise still yields the same response. Waiting a few minutes (or hours) does nothing.

MaybeThisIsRu commented 3 years ago

I reached out to Splitwise's development support, this is what they shared with me:

the issue is that when your client loses authentication, it appears to call the /oauth/request_token endpoint several hundred times per minute. We suspect there is an infinite loop somewhere in your code. (I would look around specifically for the URL "/oauth/request_token".)

Let us know once you've had a chance to look into the /oauth/request_token issue, and then we'd be happy to unblock your IP.

gcflames5 commented 3 years ago

Found the issue, new release (>= 1.2.1) should not do this anymore. Thanks for the heads up!

MaybeThisIsRu commented 3 years ago

Amazing, thank you so much for this fix. 💛