Stop trying to authenticate after a number of failures

[lazerlabs]

During this night IBKR had a maintenance scheduled that broke the authentication.

However, Ibeam continued to try to authenticate and eventually my user got disabled.

After a certain amount of failed login attempts the account get disabled. Is it possible to set a "retry max N number of times than just stop"? Looking at the options I'm not sure I understand which one would achieve this.

Meanwhile, I will automatically stop the docker image for a while in the night and during the weekend.

[Voyz]

Hey @lazerlabs I'm sorry to hear this happened.

There is the IBEAM_MAX_FAILED_AUTH which should stop IBeam from trying to authenticate if it observes that number of error messages. There's a section about this in the WiKi: https://github.com/Voyz/ibeam/wiki/IBeam-Configuration#max-failed-authentications

Therefore, IBeam should stop and prevent this from happening. However, if your container was started in auto-restart mode, this would not have helped, as this safety feature simply shuts IBeam down, effectively shutting the container down. An auto-restart will start it again and eventually cause the lock out.

Can you indicate if auto-restart was on? Otherwise, could you share a full log?

It could be that IBKR changed how they indicate errors, and we may not catch it in the current pattern.

ibeam/ibeam/src/handlers/login_handler.py

Lines 318 to 323 in a0ab1cc

	if error_trigger.text == 'failed' or error_trigger.text == 'Invalid username password combination' and max_failed_auth > 0:
	self.failed_attempts += 1
	if self.failed_attempts >= self.max_failed_auth:
	_LOGGER.critical(
	f'######## ATTENTION! ######## Maximum number of failed authentication attempts (IBEAM_MAX_FAILED_AUTH={self.max_failed_auth}) reached. IBeam will shut down to prevent an account lock-out. It is recommended you attempt to authenticate manually in order to reset the counter. Read the execution logs and report issues at https://github.com/Voyz/ibeam/issues')
	raise AttemptException(cause='shutdown')

[lazerlabs]

Unfortunately I have not the previous log: I'm running it as a docker container in unraid and when I stop/restart the logs are gone.
However, it was not a problem with user/password. I believe not even with the 2FA: this kept working (I'm using an automation on my iphone to send the code to a lambda endpoint).
My suspect is because they were in maintenance the authentication didn't work anyway (not sure about the kind of error unfortunately) so not being an authentication error IBEAM didn't pick it up as such, and continue to repeat the authentication.

I'm changing my configuration to stop the container at least around 11:00pm GMT (they do drop my connection anyway), and during the weekend when they usually schedule maintenance.

However, it would be useful to have a generic login counter per day: if it goes above a certain threshold stop it. It shouldn't be on by default, but as a failsafe for this gray area situations.

[Voyz]

Thanks for sharing your thoughts. If it happens again, please share your logs if possible. Do you have the auto-restart on that Docker container?

Regarding this:

However, it would be useful to have a generic login counter per day: if it goes above a certain threshold stop it.

There is one already, it's the code I've shared with you, it stops after certain amount of failures. Unless you mean to just do a general login counter, then no, there isn't one. Would you be interested in contributing it?