search

mozilla-services / syncserver

Run-Your-Own Firefox Sync Server
Mozilla Public License 2.0
1.87k stars 145 forks source link

Removing Mozilla-hosted data error #211

Closed rforced closed 4 years ago

rforced commented 4 years ago

Hello,

I'm trying to remove my data from Mozilla's servers using the provided python script, but continue to receive a login error. I can login normally on Mozilla's website, but the script keeps erroring out.

I have two factor auth enabled. The code is infact valid, and I can successfully use my authenticator logging in normally through firefox.

[root@server bin]# python2 delete_user_data.py xxxxxxxx@gmail.com Password for xxxxxxxxxx@gmail.com: Enter verification link or code: 376105 Traceback (most recent call last): File "delete_user_data.py", line 91, in main(sys.argv[1:]) File "delete_user_data.py", line 61, in main s.verify_email_code(code) File "/usr/lib/python2.7/site-packages/fxa/core.py", line 313, in verify_email_code return self.client.verify_email_code(self.uid, code) # note: not authenticated File "/usr/lib/python2.7/site-packages/fxa/core.py", line 228, in verify_email_code return self.apiclient.post(url, body) File "/usr/lib/python2.7/site-packages/fxa/_utils.py", line 335, in post return self.request("POST", url, json, **kwds) File "/usr/lib/python2.7/site-packages/fxa/_utils.py", line 321, in request raise fxa.errors.ClientError(body) fxa.errors.ClientError: Invalid parameter in request body [root@server bin]#

Any suggestions?

rfk commented 4 years ago

Thanks for reaching out. It looks like this script has not yet been updated to support accounts with TOTP enabled. I'll take a quick look and see what would be involved...

rfk commented 4 years ago

@ReinforcedPanda could you please try the updated script from https://github.com/mozilla-services/syncserver/pull/212 and let us know if it works for you?

rforced commented 4 years ago

Hello,

Sorry for the delay, I didn't have notifications on! I tested out this branch and now I'm getting a "The request was blocked for security reasons" error, which I do not get with the master branch.

Any suggestions?

[xxxxxxx@server bin]$ python2 delete_user_data.py XXXXXXXX@gmail.com Password for XXXXXXXX@gmail.com: Traceback (most recent call last): File "delete_user_data.py", line 95, in main(sys.argv[1:]) File "delete_user_data.py", line 50, in main s = c.login(args.email, password, keys=True) File "/usr/lib/python2.7/site-packages/fxa/core.py", line 90, in login resp = self.apiclient.post(url, body) File "/usr/lib/python2.7/site-packages/fxa/_utils.py", line 335, in post return self.request("POST", url, json, **kwds) File "/usr/lib/python2.7/site-packages/fxa/_utils.py", line 321, in request raise fxa.errors.ClientError(body) fxa.errors.ClientError: The request was blocked for security reasons [xxxxxxxx@server bin]$

rfk commented 4 years ago

Thanks for trying this out. I think I have a vague understanding of what's going wrong here, but I'm also afraid that the deliberately-vague wording "blocked for security reasons" means that I can't say too much about it in public. I'll see if I can work through the details and come up with an actionable next step, but it'll probably take me a few days at least as I have a backlog of other tasks building up.

If you want to just remove the data from Mozilla servers and move on, another option is for you to deliberately do a password reset on your Firefox Account, which can be done here. Doing a password reset triggers a notification that propagates through our system and results in your sync data being deleted from the servers. (But I do understand that it's more concrete to be able to run a script that does the deletion right away, and I think we should restore this script to working order).

rforced commented 4 years ago

Thanks for looking into this, I don't have an immediate need to delete my data so I'll leave it there so we can eventually test with an updated tool :)

Thanks,

ghost commented 4 years ago

Hi,

I don't have TOTP enabled for my account, and I am not able to delete my data. Two-step authentication shows as disabled on my Firefox Accounts page.

I get the same result with master as with the totp branch.

nezumi:~/tmp/syncserver/bin$ git checkout delete-data-with-totp
Branch 'delete-data-with-totp' set up to track remote branch 'delete-data-with-totp' from 'origin'.
Switched to a new branch 'delete-data-with-totp'
nezumi:~/tmp/syncserver/bin$ python delete_user_data.py <scrubbed>
Password for <scrubbed>: 
Traceback (most recent call last):
  File "delete_user_data.py", line 95, in <module>
    main(sys.argv[1:])
  File "delete_user_data.py", line 50, in main
    s = c.login(args.email, password, keys=True)
  File "/usr/local/lib/python2.7/dist-packages/fxa/core.py", line 90, in login
    resp = self.apiclient.post(url, body)
  File "/usr/local/lib/python2.7/dist-packages/fxa/_utils.py", line 335, in post
    return self.request("POST", url, json, **kwds)
  File "/usr/local/lib/python2.7/dist-packages/fxa/_utils.py", line 321, in request
    raise fxa.errors.ClientError(body)
fxa.errors.ClientError: The request was blocked for security reasons
rfk commented 4 years ago

Cross-linking, sounds like this may be caused by https://github.com/mozilla/PyFxA/issues/82, which I haven't had a chance to dig into yet.

rfk commented 4 years ago

I merged the branch because I'm pretty confident it works, but leaving this open for the "security reasons" issue.

rfk commented 4 years ago

@ReinforcedPanda any chance you're able to install PyFxA from this pull-request and see if that resolves the issue for you?

I think the following comment should work to install it from the branch:

./local/bin/pip install https://github.com/mozilla/PyFxA/archive/login-reason-verification-method.zip
rforced commented 4 years ago

Looks good now, thank you for fixing this :)

rfk commented 4 years ago

Great, thanks for your patience here! I'll make a new release of PyFxA with the fix included.