Jottacloud Error 401 (Unauthorized)

albertony · June 9, 2022, 10:52am

The error message comes from the oauth service:

duplicati/oauth-handler/blob/afc902bb816ebc9374f87ea26ad4289729f3839d/main.py#L514


      
          
          if settings.RATE_LIMIT > 0:
          
              ratelimiturl = '/ratelimit?id=' + keyid + '&adr=' + self.request.remote_addr
              ratelimit = memcache.get(ratelimiturl)
          
              if ratelimit is None:
                  memcache.add(key=ratelimiturl, value=1, time=60 * 60)
              elif ratelimit > settings.RATE_LIMIT:
                  logging.info('Rate limit response to: %s', keyid)
                  self.response.headers['X-Reason'] = 'Too many request for this key, wait 60 minutes'
                  self.response.set_status(503, 'Too many request for this key, wait 60 minutes')
                  return
              else:
                  memcache.incr(ratelimiturl)
          
          cacheurl = '/refresh?id=' + keyid + '&h=' + hashlib.sha256(password).hexdigest()
          
          cached_res = memcache.get(cacheurl)
          if cached_res is not None and type(cached_res) != type(''):
              exp_secs = (int)((cached_res['expires'] - datetime.datetime.utcnow()).total_seconds())

The rate limit feature can be enabled or disabled, default disabled:

github.com

duplicati/oauth-handler/blob/afc902bb816ebc9374f87ea26ad4289729f3839d/settings.py#L39


      
          GD_CLIENT_SECRET = 'XXXXXXXXXXXXXXXXXXXX'
          HC_CLIENT_ID = 'XXXXXXXXXXXXXXXXXXXX'
          HC_CLIENT_SECRET = 'XXXXXXXXXXXXXXXXXXXX'
          AMZ_CLIENT_ID = 'XXXXXXXXXXXXXXXXXXXX'
          AMZ_CLIENT_SECRET = 'XXXXXXXXXXXXXXXXXXXX'
          BOX_CLIENT_ID = 'XXXXXXXXXXXXXXXXXXXX'
          BOX_CLIENT_SECRET = 'XXXXXXXXXXXXXXXXXXXX'
          DROPBOX_CLIENT_ID = 'XXXXXXXXXXXXXXXXXXXX'
          DROPBOX_CLIENT_SECRET = 'XXXXXXXXXXXXXXXXXXXX'
          
          RATE_LIMIT = 0
          
          try:
              from config import WL_CLIENT_ID
              from config import WL_CLIENT_SECRET
          except ImportError:
              pass
          
          try:
              from config import MSGRAPH_CLIENT_ID
              from config import MSGRAPH_CLIENT_SECRET

The configuration template “suggests” enabling it with a value of 4 (requests per hour):

github.com

duplicati/oauth-handler/blob/582bb95ddf9e3413da64e4e59a7212cf26e1e469/config-template.py#L19


      
          # APP_NAME = 'CHANGE-ME-IN-CONFIG.PY'
          
          # Name to display on front page
          # SERVICE_DISPLAYNAME = APP_NAME + ' OAuth Handler'
          
          # Callback URI for OAuth
          # OAUTH_CALLBACK_URI = 'https://' + APP_DOMAIN + '/logged-in'
          
          # Sets a limit for how many requests can be performed in
          # an hour for a single keyid+ip pair
          # RATE_LIMIT = 4
          
          # Conditional setup example:
          # if TESTING:
          #     OAUTH_CALLBACK_URI = 'http://localhost:12080/logged-in'
          
          # If you need to modify the lookup table and service list,
          # add this method
          # def POST_CONFIG(lookup, services):
          #     pass

It was obviously enabled on the beta service instance (perhaps with the value 4 from the template), but I have no idea if it is enabled or not in the prod service. I have seen the message myself when testing the beta service, but have no prior experience with the oauth service so don’t know how the prod instance behaves.