Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deCONZ: failed logins registered when only surfing Phoscon part in ingress (no need to provide password) #3595

Open
bcutter opened this issue May 10, 2024 · 1 comment
Open

deCONZ: failed logins registered when only surfing Phoscon part in ingress (no need to provide password) #3595

bcutter opened this issue May 10, 2024 · 1 comment

Comments

@bcutter
Copy link

bcutter commented May 10, 2024
edited

Describe the issue you are experiencing

Only surfing /core_deconz/ingress and selecting "Phoscon" ("deCONZ" works just fine) creates failed logins for the client. When using HTTP security (ban module on frequent failed logins) this immediately leads to a blocked client in ip_bans.yaml which hurts quite a bit (need to clean the file and restart HA Core):

xxx.xxx.xxx.xxx:
  banned_at: '2024-05-10T15:38:43.146448+00:00'

I can reproduce this issue with different clients (Win 11 in Firefox, iOS with HA Companion app, doesn't really matter).

It is sufficient to only load the Phoscon part, no need to enter any password at all. Some automatic API request seem to fail.

Assumption: As probably most users don't use HTTP security this issue has not been discovered so far.

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

deCONZ

What is the version of the add-on?

6.23.0

Steps to reproduce the issue

  1. Load deCONZ in ingress (/core_deconz/ingress)
  2. Select "Phoscon"
  3. Wait and see the failed logins

System Health information

System Information

version core-2023.4.6
installation_type Home Assistant OS
dev false
hassio true
docker true
user root
virtualenv false
python_version 3.10.10
os_name Linux
os_version 6.1.73-haos-raspi
arch aarch64
timezone Europe/Berlin
config_dir /config
Home Assistant Community Store
GitHub API ok
GitHub Content ok
GitHub Web ok
GitHub API Calls Remaining 5000
Installed Version 1.32.1
Stage running
Available Repositories 1478
Downloaded Repositories 85
HACS Data ok
Home Assistant Cloud
logged_in false
can_reach_cert_server ok
can_reach_cloud_auth ok
can_reach_cloud ok
Home Assistant Supervisor
host_os Home Assistant OS 12.2
update_channel stable
supervisor_version supervisor-2024.05.1
agent_version 1.6.0
docker_version 25.0.5
healthy true
supported true
board rpi4-64
supervisor_api ok
version_api ok

Anything in the Supervisor logs that might be useful for us?

No, nothing specially related to deCONZ. But see HA logs below.

I see one entry which might be related to "a0d7b954_vscode" used at the same time and having some more log entries before (please check with port and URL if this is deCONZ or VS Code related):

2024-05-10 17:38:26.680 ERROR (MainThread) [supervisor.api.ingress] Stream error with http://172.30.33.2:8099/pwa/language/de/index-de.json: Cannot write to closing transport

Anything in the add-on logs that might be useful for us?

Unfortunately I could not grab addon logs, as the productive log data was too much so the ones from around the last incident was not visible anymore.

Anyway, this is what is logged in HA log:

2024-05-10 17:38:27.691 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from client-name.local (xxx.xxx.xxx.xxx). Requested URL: '/api/config?_=1715355507074'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0)
2024-05-10 17:38:32.428 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from client-name.local (xxx.xxx.xxx.xxx). Requested URL: '/api/config?_=1715355507075'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0)
2024-05-10 17:38:38.146 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from client-name.local (xxx.xxx.xxx.xxx). Requested URL: '/api/config?_=1715355507076'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0)
2024-05-10 17:38:42.462 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from client-name.local (xxx.xxx.xxx.xxx). Requested URL: '/api/config?_=1715355507077'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0)
2024-05-10 17:38:43.126 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from client-name.local (xxx.xxx.xxx.xxx). Requested URL: '/api/config?_=1715355507078'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0)
2024-05-10 17:38:43.129 WARNING (MainThread) [homeassistant.components.http.ban] Banned IP xxx.xxx.xxx.xxx for too many login attempts

Additional information

Possibly related to the Phoscon bug introduced with addon version 6.21.0 (#3226 (comment)), being reverted in 6.22.0 and "somehow" fixed (worked around?) in 6.23.0.

During that adventure the Phoscon page was in the spotlight of issues already. Maybe this issue is a leftover or a side effect of the fix.

grafik
@mirml
Copy link

mirml commented May 26, 2024

I've got same problem ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bcutter @mirml