wKovacs64 / pwned

A command-line tool for querying the 'Have I been pwned?' service.
https://wkovacs64.github.io/pwned
MIT License
228 stars 27 forks source link

Error no user agent has been specified in the request. #27

Closed roccomuso closed 5 years ago

roccomuso commented 5 years ago

I'm having this error:

✖ Forbidden - no user agent has been specified in the request.

Using pwned version 6.1.2

wKovacs64 commented 5 years ago

Hi @roccomuso, thanks for reporting. That's a strange error to receive under normal circumstances. Any chance navigator is defined in your Node environment?

There is a check performed upstream in hibp to determine if we're in a browser (use its own User-Agent) or not (craft our own), but maybe it's too simplistic. There was a bug in hibp before I was performing that check, but it was fixed back in 7.1.2 and pwned@6.1.2 depends on hibp@7.3.0 so that shouldn't be present for you.

🤔

roccomuso commented 5 years ago

I'm using it from CLI with Node 10. So I do not expect navigator to be defined.

wKovacs64 commented 5 years ago

Weird, running it in Node 10 works for me. Is it installed globally, project-locally, or on-demand using npx?

roccomuso commented 5 years ago

Globally installed. (Please note that I upgraded from a previously installed version). I'll get rid of it and install again from scratch.

wKovacs64 commented 5 years ago

OK, let me know how it goes. I'd definitely like to address this if it's fixable on my end.

wKovacs64 commented 5 years ago

Reopened https://github.com/wKovacs64/hibp/issues/38 for further investigation.

wKovacs64 commented 5 years ago

@roccomuso This is an upstream issue with the haveibeenpwned.com API itself. I've reached out to Troy and awaiting a response. You can observe by visiting the example/test link provided in the documentation and receiving a forbidden message: https://haveibeenpwned.com/api/v2/breachedaccount/test@example.com

Leaving this issue open for now, but I don't think there's anything we can do but wait.

roccomuso commented 5 years ago

Good to know.

wKovacs64 commented 5 years ago

I believe Troy has resolved the issue (at least partially, still discussing). pwned is working again for me in the CLI. Can you try it and confirm?

roccomuso commented 5 years ago

Hm still having the error.

wKovacs64 commented 5 years ago

Are you using the ba command and checking a particular account? If so, try the pa or dc commands to see if those are also blocked. Also, if you're using ba with a particular account, try a different account like pwned ba test@example.com to see if that works. I'm still trying to work with Troy to narrow this down. He's been "tightening down firewall rules" to prevent abuse but legitimate requests are being blocked.

wKovacs64 commented 5 years ago

Closing in favor of wKovacs64/hibp#60 so we have a central location to discuss further.

roccomuso commented 5 years ago

I'm using pwned ba <email>

wKovacs64 commented 5 years ago

You'll have to give Troy the Ray ID from the error you receive and work with him to unblock you. The UA we're sending is not being blocked, so if you're still being blocked, it must be due to something else (IP/network, region, etc.). 🙁