Modify

Opened 6 weeks ago

Closed 6 weeks ago

Last modified 6 weeks ago

#17722 closed defect (fixed)

Blocked user on osm.org does not receive notification, JOSM throws stack trace instead

Reported by: mmd Owned by: team
Priority: normal Milestone: 19.05
Component: Core Version: latest
Keywords: blocked user Cc: mmd

Description

In case a user gets blocked on osm.org, the user will only receive an error message during upload, although the API User Detail call returns all relevant information (even translated according to the user's language settings). Unfortunately, JOSM doesn't parse the error message correctly and only throws some stack trace on the console.

Expected behavior would be to notify the user that they have been blocked, and that they should visit osm.org according to the message returned by the API.

Here's what the communication with the API looks like in case of a blocked user:

GET /api/0.6/user/details HTTP/1.1
User-Agent: JOSM/1.5 (15074 SVN) Linux Ubuntu 18.04.2 LTS Java/12.0.1
Cache-Control: no-cache
Accept-Encoding: gzip
Authorization: OAuth ***
Pragma: no-cache
Host: localhost:3000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Cookie: ***

HTTP/1.1 403 Forbidden
Vary: Accept-Language, Origin
Content-Language: en
Error: Your access to the API has been blocked. Please log-in to the web interface to find out more.
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache
X-Request-Id: ***
X-Runtime: 0.043925
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked

Your access to the API has been blocked. Please log-in to the web interface to find out more.

This is how JOSM currently handles this situation:

2019-05-16 19:24:28.754 INFO: GET http://localhost:3000/api/0.6/user/details (Anzahl der ungelesenen Nachrichten abrufen) -> 403
2019-05-16 19:24:28.755 WARNING: org.openstreetmap.josm.io.OsmApiException: ResponseCode=403, Error Header=<Your access to the API has been blocked. Please log-in to the web interface to find out more.>
org.openstreetmap.josm.io.OsmApiException: ResponseCode=403, Error Header=<Your access to the API has been blocked. Please log-in to the web interface to find out more.>
	at org.openstreetmap.josm.io.OsmServerReader.getInputStreamRaw(OsmServerReader.java:213)
	at org.openstreetmap.josm.io.OsmServerReader.getInputStreamRaw(OsmServerReader.java:137)
	at org.openstreetmap.josm.io.OsmServerReader.getInputStreamRaw(OsmServerReader.java:121)
	at org.openstreetmap.josm.io.OsmServerReader.getInputStream(OsmServerReader.java:85)
	at org.openstreetmap.josm.io.OsmServerReader.fetchData(OsmServerReader.java:421)
	at org.openstreetmap.josm.io.OsmServerUserInfoReader.fetchUserInfo(OsmServerUserInfoReader.java:170)
	at org.openstreetmap.josm.io.MessageNotifier$Worker.run(MessageNotifier.java:82)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)

Attachments (0)

Change History (14)

comment:1 Changed 6 weeks ago by mmd

https://github.com/openstreetmap/iD/issues/5400 is the related issue for iD, grischard can help setting up a blocked user.

comment:2 Changed 6 weeks ago by Don-vip

Milestone: 19.05
Priority: majornormal

comment:3 Changed 6 weeks ago by Don-vip

In 15084/josm:

see #17722 - proper notification of user block

comment:4 Changed 6 weeks ago by Don-vip

should work, waiting for my test account to be blocked

comment:5 Changed 6 weeks ago by Don-vip

In 15085/josm:

see #17722 - make sure we don't display the same text twice

comment:6 Changed 6 weeks ago by mmd

Yes, I can confirm it's looking great over here. I tested on my local Rails port, and got the error message popup when starting JOSM, after the 5 minute interval, and also when creating a new changeset.

comment:7 Changed 6 weeks ago by mmd

I noticed one issue with the detecting the error message:

marktr("Your access to the API has been blocked. Please log-in to the web interface to find out more.");

It's one of the very few occasions where the API returns user language dependent error messages. So in case you're not using English as preferred language, the detection logic won't work anymore.

...
cs.yml:      blocked: Váš přístup k API byl zablokován. Další informace zjistíte přihlášením
da.yml:      blocked: Din adgang til API'et er blokeret. Log ind på webinterfacet for a finde
de.yml:      blocked: Dein Zugriff auf die API wurde gesperrt. Bitte melde dich auf der Web-Oberfläche
dsb.yml:      blocked: Twój pśistup k API jo se zablokěrował. Pšosym pśizjaw se do webpówjercha,
el.yml:      blocked: Η πρόσβασή σας στο API έχει αποκλειστεί. Παρακαλώ συνδεθείτε με τη
en-GB.yml:      blocked: Your access to the API has been blocked. Please log-in to the web interface
en.yml:      blocked: "Your access to the API has been blocked. Please log-in to the web interface to find out more."
eo.yml:      blocked: Via aliro al API estas blokita. Bonvolu ensaluti al reta interfaco
es.yml:      blocked: Su acceso a la API ha sido bloqueado. Por favor, inicie sesión en la
et.yml:      blocked: Sinu juurdepääs API-le on blokeeritud. Palun logi sisse veebiliidese
eu.yml:      blocked: Zure APIrako sarbidea blokeatu egin da. Mesedez hasi ezazu saioa web-interfazean,
fa.yml:      blocked: دسترسی شما به API مسدود شده. برای یافتن اطلاعات بیشتر لطفاً به رابط
fi.yml:      blocked: Pääsysi APIin on estetty. Lisätietoja saat kirjautumalla web-käyttöliittymään.
fr.yml:      blocked: Votre accès à l’API a été bloqué. Connectez-vous sur l’interface web
ga.yml:      blocked: Tá bac curtha ar do rochtain ar an API. Logáil isteach ar an gcomhéadan
....

comment:8 Changed 6 weeks ago by Don-vip

Ah. It would be easier if the API returned a fixed string. We can't detect those translated strings.

comment:9 Changed 6 weeks ago by mmd

Unfortunately, the Rails server currently ignores an Accept-Language: en HTTP header, and returns the error message in the language as in the user configuration. Are you currently checking the HTTP Response header "Error:" or the actual payload in the body?

Maybe we could propose a change to always return the HTTP Header in English, and the body according to the user preferences?

comment:10 Changed 6 weeks ago by mmd

By the way, for a "0-hour block", there's even another error message being returned by the API: You have an urgent message on the OpenStreetMap web site.

comment:11 in reply to:  9 Changed 6 weeks ago by Don-vip

Replying to mmd:

Unfortunately, the Rails server currently ignores an Accept-Language: en HTTP header, and returns the error message in the language as in the user configuration. Are you currently checking the HTTP Response header "Error:" or the actual payload in the body?

The header.

Maybe we could propose a change to always return the HTTP Header in English, and the body according to the user preferences?

It would be great.

comment:12 Changed 6 weeks ago by Don-vip

Resolution: fixed
Status: newclosed

In 15089/josm:

fix #17722 - detect other block texts. Assume the API will always send Error header in English, and localized message in body

Texts taken from https://github.com/openstreetmap/openstreetmap-website/blob/8e258d810c8db6e5dccc84fb3292af0e5dd19642/config/locales/en.yml#L1845

comment:13 Changed 6 weeks ago by mmd

Ok, I've created a follow up issue for this. https://github.com/openstreetmap/openstreetmap-website/issues/2227

Just to double check how your current logic works: the "Error" field would be required to be in English for you to detect the error condition, but the user would still see a localized error message taken from the body?

comment:14 Changed 6 weeks ago by Don-vip

Yes :)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.