API Errors on startup ("Web Page Blocked!")
AndyLow91 opened this issue · comments
I've followed the steps using docker and building locally, have copied the repo, created the .env file and it is the same folder as the docker project/image.
docker can build the image and it runs with --help
when I run with --check-login, I see the following in the logs:
Logging in to t:connect ControlIQ API...
2023-01-06 15:13:56 INFO Logging in to ControlIQApi...
2023-01-06 15:13:57 WARNING Unable to find tconnect software version
Error occurred querying ControlIQ API for dashboard_summary:
'NoneType' object is not subscriptable
Querying ControlIQ therapy_timeline...
2023-01-06 15:13:57 INFO Logging in to ControlIQApi...
2023-01-06 15:13:58 WARNING Unable to find tconnect software version
Error occurred querying ControlIQ therapy_timeline:
'NoneType' object is not subscriptable
Querying ControlIQ therapy_events...
2023-01-06 15:13:58 INFO Logging in to ControlIQApi...
2023-01-06 15:13:58 WARNING Unable to find tconnect software version
Error occurred querying ControlIQ therapy_events:
'NoneType' object is not subscriptable
-----
Initializing t:connect WS2 API...
2023-01-06 15:13:58 INFO Logging in to ControlIQApi...
2023-01-06 15:13:59 WARNING Unable to find tconnect software version
Error occurred querying WS2 API. This is okay so long as you are not using the PUMP_EVENTS or IOB sync features.
'NoneType' object is not subscriptable
Not able to log in to WS2 API, so skipping therapy_timeline_csv
-----
Logging in to t:connect Android API...
2023-01-06 15:14:00 INFO Logged in to AndroidApi successfully (expiration: 2023-01-06T23:14:00.321Z, in 7 hours, 59 minutes)
It is able to communicate with the Nightscout API, but there appears to be an issue with the package somewhere. my Python isn't too great but the line:
'NoneType' object is not subscriptable
Is leading me to believe that the error is perhaps with the package rather than the API?
Hi @AndyLow91 --
I wasn't able to reproduce your issue, but I just pushed an updated v0.8.10 release which adds some additional log output for this failure case to hopefully better debug it. I suspect that there might be some odd issue you are facing actually making network requests to the tconnect servers, but hopefully we can resolve it.
@jwoglom - Thank you for such a quick response to this! And thanks for the update!
Here is the more verbose log now...
Logging in to t:connect ControlIQ API...
2023-01-07 10:11:57 INFO Logging in to ControlIQApi...
2023-01-07 10:11:57 WARNING Unable to find tconnect software version.
2023-01-07 10:11:57 INFO BeautifulSoup parsed contents: b'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">\n<html>\n<head>\n<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>\n<style type="text/css">\n html, body {\n margin: 0;\n padding: 0;\n font-family: Verdana, Arial, sans-serif;\n font-size: 10pt;\n background-color: #ffffff;\n } h1, h2 {\n height: 82px;\n text-indent: -999em;\n marg[SNIP]2>\n</div>\n<div class="main">\n<h3>\n Web Page Blocked!\n </h3>\n<div class="notice">\n<p>\n The page cannot be displayed. Please contact the administrator for additional information.\n </p>\n<p>\n URL: tconnect.tandemdiabetes.com/login.aspx\n <br/>\n<br/>\n Client IP: xxx.xxx.xxx.xxx\n <br/>\n Attack ID: 20000018\n <br/>\n Message ID: 000476687044\n </p>\n<p>\n</p>\n</div>\n</div>\n</body>\n</html>'
Error occurred querying ControlIQ API for dashboard_summary:
Traceback (most recent call last):
File "/home/appuser/tconnectsync/check.py", line 85, in check_login
summary = tconnect.controliq.dashboard_summary(time_start, time_end)
File "/home/appuser/tconnectsync/api/__init__.py", line 31, in controliq
self._ciq = ControlIQApi(self.email, self.password)
File "/home/appuser/tconnectsync/api/controliq.py", line 25, in __init__
self.login(email, password)
File "/home/appuser/tconnectsync/api/controliq.py", line 34, in login
data = self._build_login_data(email, password, soup)
2023-01-07 10:11:57 INFO Logging in to ControlIQApi...
File "/home/appuser/tconnectsync/api/controliq.py", line 73, in _build_login_data
"__VIEWSTATE": soup.select_one("#__VIEWSTATE")["value"],
TypeError: 'NoneType' object is not subscriptable
Querying ControlIQ therapy_timeline...
2023-01-07 10:11:58 WARNING Unable to find tconnect software version.
2023-01-07 10:11:58 INFO BeautifulSoup parsed contents: b'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">\n<html>\n<head>\n<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>\n<style type="text/css">\n html, body {\n margin: 0;\n padding: 0;\n font-family: Verdana, Arial, sans-serif;\n font-size: 10pt;\n background-color: #ffffff;\n } h1, h2 {\n height: 82px;\n text-indent: -999em;\n marg[SNIP]2>\n</div>\n<div class="main">\n<h3>\n Web Page Blocked!\n </h3>\n<div class="notice">\n<p>\n The page cannot be displayed. Please contact the administrator for additional information.\n </p>\n<p>\n URL: tconnect.tandemdiabetes.com/login.aspx\n <br/>\n<br/>\n Client IP: xxx.xxx.xxx.xxx\n <br/>\n Attack ID: 20000018\n <br/>\n Message ID: 000476687045\n </p>\n<p>\n</p>\n</div>\n</div>\n</body>\n</html>'
Error occurred querying ControlIQ therapy_timeline:
Traceback (most recent call last):
File "/home/appuser/tconnectsync/check.py", line 99, in check_login
tt = tconnect.controliq.therapy_timeline(time_start, time_end)
File "/home/appuser/tconnectsync/api/__init__.py", line 31, in controliq
self._ciq = ControlIQApi(self.email, self.password)
File "/home/appuser/tconnectsync/api/controliq.py", line 25, in __init__
self.login(email, password)
File "/home/appuser/tconnectsync/api/controliq.py", line 34, in login
data = self._build_login_data(email, password, soup)
File "/home/appuser/tconnectsync/api/controliq.py", line 73, in _build_login_data
"__VIEWSTATE": soup.select_one("#__VIEWSTATE")["value"],
TypeError: 'NoneType' object is not subscriptable
Querying ControlIQ therapy_events...
2023-01-07 10:11:58 INFO Logging in to ControlIQApi...
2023-01-07 10:11:59 WARNING Unable to find tconnect software version.
2023-01-07 10:11:59 INFO BeautifulSoup parsed contents: b'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">\n<html>\n<head>\n<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>\n<style type="text/css">\n html, body {\n margin: 0;\n padding: 0;\n font-family: Verdana, Arial, sans-serif;\n font-size: 10pt;\n background-color: #ffffff;\n } h1, h2 {\n height: 82px;\n text-indent: -999em;\n marg[SNIP]2>\n</div>\n<div class="main">\n<h3>\n Web Page Blocked!\n </h3>\n<div class="notice">\n<p>\n The page cannot be displayed. Please contact the administrator for additional information.\n </p>\n<p>\n URL: tconnect.tandemdiabetes.com/login.aspx\n <br/>\n<br/>\n Client IP: xxx.xxx.xxx.xxx\n <br/>\n Attack ID: 20000018\n <br/>\n Message ID: 000476687046\n </p>\n<p>\n</p>\n</div>\n</div>\n</body>\n</html>'
Error occurred querying ControlIQ therapy_events:
Traceback (most recent call last):
File "/home/appuser/tconnectsync/check.py", line 115, in check_login
androidevents = tconnect.controliq.therapy_events(time_start, time_end)
File "/home/appuser/tconnectsync/api/__init__.py", line 31, in controliq
self._ciq = ControlIQApi(self.email, self.password)
File "/home/appuser/tconnectsync/api/controliq.py", line 25, in __init__
self.login(email, password)
File "/home/appuser/tconnectsync/api/controliq.py", line 34, in login
data = self._build_login_data(email, password, soup)
File "/home/appuser/tconnectsync/api/controliq.py", line 73, in _build_login_data
"__VIEWSTATE": soup.select_one("#__VIEWSTATE")["value"],
TypeError: 'NoneType' object is not subscriptable
-----
Initializing t:connect WS2 API...
2023-01-07 10:11:59 INFO Logging in to ControlIQApi...
2023-01-07 10:12:00 WARNING Unable to find tconnect software version.
2023-01-07 10:12:00 INFO BeautifulSoup parsed contents: b'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">\n<html>\n<head>\n<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>\n<style type="text/css">\n html, body {\n margin: 0;\n padding: 0;\n font-family: Verdana, Arial, sans-serif;\n font-size: 10pt;\n background-color: #ffffff;\n } h1, h2 {\n height: 82px;\n text-indent: -999em;\n marg[SNIP]2>\n</div>\n<div class="main">\n<h3>\n Web Page Blocked!\n </h3>\n<div class="notice">\n<p>\n The page cannot be displayed. Please contact the administrator for additional information.\n </p>\n<p>\n URL: tconnect.tandemdiabetes.com/login.aspx\n <br/>\n<br/>\n Client IP: xxx.xxx.xxx.xxx\n <br/>\n Attack ID: 20000018\n <br/>\n Message ID: 000476687048\n </p>\n<p>\n</p>\n</div>\n</div>\n</body>\n</html>'
Error occurred querying WS2 API. This is okay so long as you are not using the PUMP_EVENTS or IOB sync features.
Traceback (most recent call last):
File "/home/appuser/tconnectsync/check.py", line 127, in check_login
summary = tconnect.ws2.basaliqtech(time_start, time_end)
File "/home/appuser/tconnectsync/api/__init__.py", line 43, in ws2
self.controliq
File "/home/appuser/tconnectsync/api/__init__.py", line 31, in controliq
self._ciq = ControlIQApi(self.email, self.password)
File "/home/appuser/tconnectsync/api/controliq.py", line 25, in __init__
self.login(email, password)
File "/home/appuser/tconnectsync/api/controliq.py", line 34, in login
data = self._build_login_data(email, password, soup)
File "/home/appuser/tconnectsync/api/controliq.py", line 73, in _build_login_data
"__VIEWSTATE": soup.select_one("#__VIEWSTATE")["value"],
TypeError: 'NoneType' object is not subscriptable
Not able to log in to WS2 API, so skipping therapy_timeline_csv
-----
Logging in to t:connect Android API...
2023-01-07 10:12:01 INFO Logged in to AndroidApi successfully (expiration: 2023-01-07T18:12:01.178Z, in 7 hours, 59 minutes)
It seems you are absolutely correct. There is some networking problem going on here. Notice now the error...
<h3>Web Page Blocked!</h3>
<div class="notice">
<p>The page cannot be displayed. Please contact the administrator for additional information.</p>
</div>
The question is how to interpret this. Is it Tandem blocking the IP address of my server? Or is there a specific firewall rule I should be setting up? Note that I already have ports 80 & 443 opened up and am able to make and receive http requests on this machine, its also the same machine where the nightscout instance is set up and I can connect to the nightscout API ok.
Your help is greatly appreciated!
FWIW, I've just used a different machine, and the program runs exactly as expected.
I would like to run this on the same machine as nightscout, to keep management a bit slicker. I'm hoping there's something I can do at my end to make this possible. Any Ideas?
@AndyLow91 This blocking is occurring on Tandem's end so there's not too much which can be done unfortunately. They use an Azure WAF which we've had to work around already in some cases (API requests were blocked when GET arguments were out of order and etc). But here it seems like you're IP banned for some reason. Are you running this within a cloud provider or on a home/business connection?
I'd suggest using the REQUESTS_PROXY environment/secret variable to route requests through a proxy of some kind as likely the only real remediation if you want to continue to use tconnectsync on this specific machine. That environment variable, when specified, allows you to provide the address of a proxy server which is used to route HTTP and HTTPS traffic. The implementation is pretty rudimentary so let me know if you run into any bugs or problems with it. (e.g., I don't recall off-hand whether the Nightscout connection URL might accidentally go through the proxy, which could be an issue if you're specifying a loopback IP for it running on your local machine).
@jwoglom Thanks, That's a bummer, but not the end of the world. I have a few VPS machines available. The one I tried initially is a pretty new dedicated server, so I don't understand why it's been blocked other than maybe it's a recycled IP, or the whole subnet it runs on has been blocked for some reason. Stange.
Anyway, I've moved the installation to a different VPS (same provider, different network and subnet), and the --check-login returns no API errors.
However, when I try to run --auto-update, It appears to be rate limited...
{
"statusCode":400,
"status":400,
"code":400,
"message":"Max attempted logins exceeded.",
"name":"invalid_request"
}
I see this mentioned in #20 - Did you ever get to the bottom of the rate limit?
I'll wait a while before retrying and update this if it eventually allows the update to run.
Thanks
@AndyLow91 I haven't seen any reports of "Max attempted logins exceeded" outside of cases where tconnectsync was continuously crash-looping. So not sure what the actual max login threshold is, but it seems to not be triggered in normal operation. (using --auto-update, you should only be re-logged in every 8 hours when the credentials expire)
@jwoglom I've played around with this a bit and got it working now, thank you for your help!
In the interest of updating and closing this issue, so others may be able to find the same solution.
SOLUTION
Instead of running the command:
docker run tconnectsync --auto-update
I have set up a cron job to run every 15 mins, creating a shell script containing this - adding in a command to clean up docker after each run.
#!/bin/bash
docker run --env-file=/path/to/tconnectsync/.env tconnectsync
#remove dangling docker containers after each run
docker container prune -f
Note that I also had to make the script executable, which I don't think was in the docs, so maybe worthwhile adding this in using:
chmod +x run.sh
I then added the cron job, and created a log file using
0,15,30,45 * * * * /path/to/tconnectsync/run.sh >> /path/to/tconnectsync/cron.log 2>&1
Et Voila! Everything is now working as expected and updating every 15 mins.
I can't thank you enough for your contributions to the diabetic community!