Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 864451 - Re-enable product icon API
: Re-enable product icon API
Product: Marketplace
Classification: Server Software
Component: Payments/Refunds (show other bugs)
: 1.2
: x86 Mac OS X
: P2 normal (vote)
: 2013-05-02
Assigned To: Kumar McMillan [:kumar] (needinfo all the things)
Depends on:
Blocks: marketplace-payments
  Show dependency treegraph
Reported: 2013-04-22 12:30 PDT by Kumar McMillan [:kumar] (needinfo all the things)
Modified: 2013-05-06 12:30 PDT (History)
7 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Description Kumar McMillan [:kumar] (needinfo all the things) 2013-04-22 12:30:15 PDT
The product icon API in webpay (bug 848675) is disabled because of authentication issues. This is a placeholder to re-enable it.
Comment 1 Kumar McMillan [:kumar] (needinfo all the things) 2013-04-22 12:32:00 PDT
Comment 2 Kumar McMillan [:kumar] (needinfo all the things) 2013-04-22 12:33:28 PDT
We're trying to get more logging to figure this out. The error you see in webpay is:

Apr 22 11:58:19 [] z.celery:ERROR Celery TASK exception: HttpClientError: Client Error 401: ...
Comment 3 Andy McKay [:andym] 2013-04-22 16:24:49 PDT
Added in lots and lots of logging.

Got to this. The headers being sent are:

Apr 22 16:23:18 [<anon>][] z.api:INFO Headers: OAuth realm="" :/data/www/

Just a bit missing then.

Apr 22 16:23:18 [<anon>][] z.api:ERROR ValueError on verifying_request :/data/www/ (most recent call last):#012  File "/data/www/", line 115, in is_authenticated#012    require_resource_owner=False)#012  File "/data/www/", line 849, in verify_request#012    signature_type, params, oauth_params = self._get_signature_type_and_params(request)#012  File "/data/www/", line 605, in _get_signature_type_and_params#012    raise ValueError('oauth_ params are missing. Could not determine signature type.')#012ValueError: oauth_ params are missing. Could not determine signature type.

Is then the error. Next figuring out why.
Comment 4 Andy McKay [:andym] 2013-04-22 16:48:51 PDT
I'd like to have proof if possible from jason or oremj that something wierd isn't happening with requests here. From everything I can tell they are being sent correctly, just not being received correctly. 

Works locally. 

Sending the same kind of wrong header locally produces the same kind of error.

I note the same error happens with other webpay OAuth api, such as failure, so it's not limited to this API.

Jason or oremj, can you spend some time in a shell with TCPDump or something with me please?
Comment 5 Andy McKay [:andym] 2013-04-23 12:03:45 PDT
If you change webpay to connect to marketplace without HTTPS it works just fine:

[amckay@dev1.addons.phx1 webpay]$ ../venv/bin/python shell
Python 2.6.6 (r266:84292, Oct 12 2012, 14:23:48) 
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from django.conf import settings
>>> settings.MARKETPLACE_URL = ''
>>> from lib.marketplace.api import client
>>> client.slumber.api.v1.webpay.product.icon.get(data={'url':'http://test'})
{'meta': {'previous': None, 'total_count': 4, 'offset': 0...}

The logs:

[amckay@syslog1.webapp.phx1 ~]$ tail -f logs/http_app_addons_marketplacedev/2013/04/2013-04-23 | grep api
Apr 23 12:00:09 [<anon>][] z.api:INFO Request: /api/v1/webpay/product/icon/ :/data/www/
Apr 23 12:00:09 [<anon>][] z.api:INFO Headers: OAuth realm="", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D", oauth_nonce="65933570", oauth  ..[snipped]
Apr 23 12:00:09 [<anon>][] z.api:INFO Authorizer PermissionAuthorization returned: True :/data/www/
Comment 6 Andy McKay [:andym] 2013-04-23 12:20:06 PDT
Jason disabled a "addons-dev-fix-auth" script in Zeus and things started to work again.
Comment 7 Jason Thomas [:jason] 2013-04-23 13:07:02 PDT
We added 'addons-dev-fix-auth' Zeus traffic script to fix a issue with github web hooks to addons-updater service. github was sending double Authentication headers which Zeus combined and caused nginx HTTP basic auth to fail. 

It looks like github fixed this on their end now and we no longer need this traffic script.
Comment 8 Andy McKay [:andym] 2013-04-23 13:19:35 PDT
Kumar, I think you can re-enable now.
Comment 9 Kumar McMillan [:kumar] (needinfo all the things) 2013-04-24 10:39:52 PDT
I re-enabled it on dev to test as of but bug 863487 is making it hard to test. I think because I got that far that it's working though.
Comment 10 Kumar McMillan [:kumar] (needinfo all the things) 2013-04-25 03:12:57 PDT
re-enabled on stage
Comment 11 Kumar McMillan [:kumar] (needinfo all the things) 2013-04-25 03:31:50 PDT
I got a 401 on stage:

HttpClientError: Client Error 401:

so I disabled it again. I can't seem to find what the actual problem is though. Can anyone tell if this is still the same header issue? Maybe stage just needs the right oauth credentials?
Comment 12 Kumar McMillan [:kumar] (needinfo all the things) 2013-04-25 09:06:52 PDT
Is everything from bug 860113 configured right?
Comment 13 Kumar McMillan [:kumar] (needinfo all the things) 2013-05-02 13:52:58 PDT
Now icons seem to be broken everywhere (not just stage) so I disabled them everywhere in

The error on dev is the same:

Client Error 401:
Comment 14 Andy McKay [:andym] 2013-05-02 16:36:59 PDT
Comment 15 Kumar McMillan [:kumar] (needinfo all the things) 2013-05-03 13:30:19 PDT
Thanks for the fix, Andy! It's working in dev. We will enable it Monday morning on stage so we don't ruin the CET morning if something goes wrong.
Comment 16 Kumar McMillan [:kumar] (needinfo all the things) 2013-05-06 12:30:07 PDT
product icons are enabled on stage and working

Note You need to log in before you can comment on or make changes to this bug.