Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop trying to authenticate after a number of failures #221

Open
lazerlabs opened this issue Nov 16, 2024 · 6 comments
Open

Stop trying to authenticate after a number of failures #221

lazerlabs opened this issue Nov 16, 2024 · 6 comments
Labels
enhancement New feature or request

Comments

@lazerlabs
Copy link

During this night IBKR had a maintenance scheduled that broke the authentication.

However, Ibeam continued to try to authenticate and eventually my user got disabled.

After a certain amount of failed login attempts the account get disabled. Is it possible to set a "retry max N number of times than just stop"? Looking at the options I'm not sure I understand which one would achieve this.

Meanwhile, I will automatically stop the docker image for a while in the night and during the weekend.

@lazerlabs lazerlabs added the enhancement New feature or request label Nov 16, 2024
@Voyz
Copy link
Owner

Voyz commented Nov 18, 2024

Hey @lazerlabs I'm sorry to hear this happened.

There is the IBEAM_MAX_FAILED_AUTH which should stop IBeam from trying to authenticate if it observes that number of error messages. There's a section about this in the WiKi: https://github.com/Voyz/ibeam/wiki/IBeam-Configuration#max-failed-authentications

Therefore, IBeam should stop and prevent this from happening. However, if your container was started in auto-restart mode, this would not have helped, as this safety feature simply shuts IBeam down, effectively shutting the container down. An auto-restart will start it again and eventually cause the lock out.

Can you indicate if auto-restart was on? Otherwise, could you share a full log?

It could be that IBKR changed how they indicate errors, and we may not catch it in the current pattern.

if error_trigger.text == 'failed' or error_trigger.text == 'Invalid username password combination' and max_failed_auth > 0:
self.failed_attempts += 1
if self.failed_attempts >= self.max_failed_auth:
_LOGGER.critical(
f'######## ATTENTION! ######## Maximum number of failed authentication attempts (IBEAM_MAX_FAILED_AUTH={self.max_failed_auth}) reached. IBeam will shut down to prevent an account lock-out. It is recommended you attempt to authenticate manually in order to reset the counter. Read the execution logs and report issues at https://github.com/Voyz/ibeam/issues')
raise AttemptException(cause='shutdown')

@lazerlabs
Copy link
Author

Unfortunately I have not the previous log: I'm running it as a docker container in unraid and when I stop/restart the logs are gone.
However, it was not a problem with user/password. I believe not even with the 2FA: this kept working (I'm using an automation on my iphone to send the code to a lambda endpoint).
My suspect is because they were in maintenance the authentication didn't work anyway (not sure about the kind of error unfortunately) so not being an authentication error IBEAM didn't pick it up as such, and continue to repeat the authentication.

I'm changing my configuration to stop the container at least around 11:00pm GMT (they do drop my connection anyway), and during the weekend when they usually schedule maintenance.

However, it would be useful to have a generic login counter per day: if it goes above a certain threshold stop it. It shouldn't be on by default, but as a failsafe for this gray area situations.

@Voyz
Copy link
Owner

Voyz commented Nov 19, 2024

Thanks for sharing your thoughts. If it happens again, please share your logs if possible. Do you have the auto-restart on that Docker container?

Regarding this:

However, it would be useful to have a generic login counter per day: if it goes above a certain threshold stop it.

There is one already, it's the code I've shared with you, it stops after certain amount of failures. Unless you mean to just do a general login counter, then no, there isn't one. Would you be interested in contributing it?

@lazerlabs
Copy link
Author

lazerlabs commented Nov 23, 2024

Ok, I investigated this further, to make sure there are some settings I could use. I changed some variables to be as conservative as possible.

I admit I had restart set to true, but even if I set it to False, after a maintenance period, it restarts anyway.

Here's my current env variables:
IBEAM_MAX_FAILED_AUTH=1
IBEAM_RESTART_FAILED_SESSIONS=False
IBEAM_REQUEST_RETRIES=0
IBEAM_REAUTHENTICATE_WAIT=30
IBEAM_MAX_IMMEDIATE_ATTEMPTS=2
IBEAM_EXTERNAL_REQUEST_TIMEOUT=30

Now, it tries two times (although it fails both times, shouldn't it stop after 1?), and then wait for 60 seconds, and then starts over.

See the attached log.

The only way I see to stop doing this is to extend IBEAM_REAUTHENTICATE_WAIT to an exceeding amount (1 hour?), and maybe extend IBEAM_MAINTENANCE_INTERVAL to like 4 hours.

But my question is, if I set fo False IBEAM_RESTART_FAILED_SESSION shouldn't stop after the first amount of tentatives?

@Voyz
Copy link
Owner

Voyz commented Nov 26, 2024

Now, it tries two times (although it fails both times, shouldn't it stop after 1?),

Yes, it should stop after 1. I'd need to see the log to understand why.

then wait for 60 seconds, and then starts over.

Yupp, that suggests the error you're encountering is not counted as a failure.

But my question is, if I set fo False IBEAM_RESTART_FAILED_SESSION shouldn't stop after the first amount of tentatives?

IBEAM_RESTART_FAILED_SESSION controls something else, though I apologise for the nomenclature and the confusion. This variable will cause a logout and a reattempt to authenticate upon encountering a valid IBKR session that is not authenticated after a successful login.

See the attached log.

I can't quite see any log here, could you share again?

@Bomper
Copy link

Bomper commented Dec 7, 2024

See #225, for me IBeam apparently stopped trying to log in after 5 attempts, but the process keeps going and I couldn't terminate it via Ctrl+C or SIGTERM (SIGKILL worked).

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants