#17722 closed defect (fixed)
Blocked user on osm.org does not receive notification, JOSM throws stack trace instead
| Reported by: | mmd | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | 19.05 |
| Component: | Core | Version: | latest |
| Keywords: | blocked user | Cc: | mmd |
Description
In case a user gets blocked on osm.org, the user will only receive an error message during upload, although the API User Detail call returns all relevant information (even translated according to the user's language settings). Unfortunately, JOSM doesn't parse the error message correctly and only throws some stack trace on the console.
Expected behavior would be to notify the user that they have been blocked, and that they should visit osm.org according to the message returned by the API.
Here's what the communication with the API looks like in case of a blocked user:
GET /api/0.6/user/details HTTP/1.1 User-Agent: JOSM/1.5 (15074 SVN) Linux Ubuntu 18.04.2 LTS Java/12.0.1 Cache-Control: no-cache Accept-Encoding: gzip Authorization: OAuth *** Pragma: no-cache Host: localhost:3000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive Cookie: *** HTTP/1.1 403 Forbidden Vary: Accept-Language, Origin Content-Language: en Error: Your access to the API has been blocked. Please log-in to the web interface to find out more. Content-Type: text/plain; charset=utf-8 Cache-Control: no-cache X-Request-Id: *** X-Runtime: 0.043925 X-Frame-Options: sameorigin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Transfer-Encoding: chunked Your access to the API has been blocked. Please log-in to the web interface to find out more.
This is how JOSM currently handles this situation:
2019-05-16 19:24:28.754 INFO: GET http://localhost:3000/api/0.6/user/details (Anzahl der ungelesenen Nachrichten abrufen) -> 403 2019-05-16 19:24:28.755 WARNING: org.openstreetmap.josm.io.OsmApiException: ResponseCode=403, Error Header=<Your access to the API has been blocked. Please log-in to the web interface to find out more.> org.openstreetmap.josm.io.OsmApiException: ResponseCode=403, Error Header=<Your access to the API has been blocked. Please log-in to the web interface to find out more.> at org.openstreetmap.josm.io.OsmServerReader.getInputStreamRaw(OsmServerReader.java:213) at org.openstreetmap.josm.io.OsmServerReader.getInputStreamRaw(OsmServerReader.java:137) at org.openstreetmap.josm.io.OsmServerReader.getInputStreamRaw(OsmServerReader.java:121) at org.openstreetmap.josm.io.OsmServerReader.getInputStream(OsmServerReader.java:85) at org.openstreetmap.josm.io.OsmServerReader.fetchData(OsmServerReader.java:421) at org.openstreetmap.josm.io.OsmServerUserInfoReader.fetchUserInfo(OsmServerUserInfoReader.java:170) at org.openstreetmap.josm.io.MessageNotifier$Worker.run(MessageNotifier.java:82) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:835)
Attachments (0)
Change History (15)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
| Milestone: | → 19.05 |
|---|---|
| Priority: | major → normal |
comment:6 by , 5 years ago
Yes, I can confirm it's looking great over here. I tested on my local Rails port, and got the error message popup when starting JOSM, after the 5 minute interval, and also when creating a new changeset.
comment:7 by , 5 years ago
I noticed one issue with the detecting the error message:
marktr("Your access to the API has been blocked. Please log-in to the web interface to find out more.");
It's one of the very few occasions where the API returns user language dependent error messages. So in case you're not using English as preferred language, the detection logic won't work anymore.
... cs.yml: blocked: Váš přístup k API byl zablokován. Další informace zjistíte přihlášením da.yml: blocked: Din adgang til API'et er blokeret. Log ind på webinterfacet for a finde de.yml: blocked: Dein Zugriff auf die API wurde gesperrt. Bitte melde dich auf der Web-Oberfläche dsb.yml: blocked: Twój pśistup k API jo se zablokěrował. Pšosym pśizjaw se do webpówjercha, el.yml: blocked: Η πρόσβασή σας στο API έχει αποκλειστεί. Παρακαλώ συνδεθείτε με τη en-GB.yml: blocked: Your access to the API has been blocked. Please log-in to the web interface en.yml: blocked: "Your access to the API has been blocked. Please log-in to the web interface to find out more." eo.yml: blocked: Via aliro al API estas blokita. Bonvolu ensaluti al reta interfaco es.yml: blocked: Su acceso a la API ha sido bloqueado. Por favor, inicie sesión en la et.yml: blocked: Sinu juurdepääs API-le on blokeeritud. Palun logi sisse veebiliidese eu.yml: blocked: Zure APIrako sarbidea blokeatu egin da. Mesedez hasi ezazu saioa web-interfazean, fa.yml: blocked: دسترسی شما به API مسدود شده. برای یافتن اطلاعات بیشتر لطفاً به رابط fi.yml: blocked: Pääsysi APIin on estetty. Lisätietoja saat kirjautumalla web-käyttöliittymään. fr.yml: blocked: Votre accès à l’API a été bloqué. Connectez-vous sur l’interface web ga.yml: blocked: Tá bac curtha ar do rochtain ar an API. Logáil isteach ar an gcomhéadan ....
comment:8 by , 5 years ago
Ah. It would be easier if the API returned a fixed string. We can't detect those translated strings.
follow-up: 11 comment:9 by , 5 years ago
Unfortunately, the Rails server currently ignores an Accept-Language: en HTTP header, and returns the error message in the language as in the user configuration. Are you currently checking the HTTP Response header "Error:" or the actual payload in the body?
Maybe we could propose a change to always return the HTTP Header in English, and the body according to the user preferences?
comment:10 by , 5 years ago
By the way, for a "0-hour block", there's even another error message being returned by the API: You have an urgent message on the OpenStreetMap web site.
comment:11 by , 5 years ago
Replying to mmd:
Unfortunately, the Rails server currently ignores an Accept-Language: en HTTP header, and returns the error message in the language as in the user configuration. Are you currently checking the HTTP Response header "Error:" or the actual payload in the body?
The header.
Maybe we could propose a change to always return the HTTP Header in English, and the body according to the user preferences?
It would be great.
comment:13 by , 5 years ago
Ok, I've created a follow up issue for this. https://github.com/openstreetmap/openstreetmap-website/issues/2227
Just to double check how your current logic works: the "Error" field would be required to be in English for you to detect the error condition, but the user would still see a localized error message taken from the body?
https://github.com/openstreetmap/iD/issues/5400 is the related issue for iD, grischard can help setting up a blocked user.