Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does not work when you have 2FA setup for more than 1 device, eg IBKR SecureCard & mobile app #118

Closed
bayareacoder opened this issue May 7, 2021 · 21 comments
Closed

Does not work when you have 2FA setup for more than 1 device, eg IBKR SecureCard & mobile app #118

bayareacoder opened this issue May 7, 2021 · 21 comments

Comments

@bayareacoder
Copy link

bayareacoder commented May 7, 2021
edited

In this case IB Gateway shows an extra dialog to choose the 2FA device you want to use, see screenshot from a remote VNC viewer connected to IBC running inside Docker. Seems this dialog should be detected and a config setting added that fixes which security device to use (select 1st, 2nd, ... in the select window). How can this be added?

This is the console output:

2021-05-07 22:11:14:436 IBC: Found Gateway main window
2021-05-07 22:11:14:436 IBC: Got main window from future
2021-05-07 22:11:14:767 IBC: Detected frame entitled: Loading...; event=Lost focus
2021-05-07 22:11:14:768 IBC: Detected frame entitled: Authenticating...; event=Activated
2021-05-07 22:11:14:769 IBC: Detected frame entitled: Authenticating...; event=Focused
2021-05-07 22:11:14:769 IBC: Detected frame entitled: Authenticating...; event=Opened
2021-05-07 22:11:15:074 IBC: Second Factor Authentication dialog event: Opened
2021-05-07 22:11:15:074 IBC: Second Factor Authentication dialog opened
2021-05-07 22:11:15:074 IBC: Second Factor Authentication initiated
2021-05-07 22:11:15:080 IBC: Detected frame entitled: Authenticating...; event=Lost focus
2021-05-07 22:11:15:081 IBC: Second Factor Authentication dialog event: Activated
2021-05-07 22:11:15:082 IBC: Second Factor Authentication dialog event: Focused

and it gets stuck here.

I'm happy to test things if you can't replicate this because you don't have multi-device 2FA on your account.

Pls advise.

IMG_6555
@rlktradewright
Copy link
Member

It should be perfectly possible for IBC to intercept this selection dialog, and to choose the IB Key option. I need you to run IBC with LogComponents=yes in config.ini, which will log the details of the dialog's structure so I can work out how to recognise it (the fact that it has the same title as the 'normal' Second Factor Authentication dialog is not helpful...). Post the IBC log file containing the information here (but attach it, the whole thing, don't quote it).

But before I commit to do this, can I ask why not just always use IB Key? Why do you need more than one 2FA method?

The reason I ask is that I'm wary of doing this, since it's yet more IBC dependence on recognizing strings that IB define and that they could change at any time. I suppose the answer to that would be that the user is responsible for putting the actual selection string they want in config.ini, and IBC can then be totally unintelligent about it - if it can't find the string in the list, just leave the dialog on display and let the user choose or correct the entry in config.ini and restart.

@bayareacoder
Copy link
Author

bayareacoder commented May 8, 2021 via email

@lexasoft123
Copy link

lexasoft123 commented Oct 4, 2021
edited

HI @rlktradewright.
I experience the same problem.
Please find the log file attached.
ibc-3.10.0_TWS-972_Monday.txt

@rlktradewright
Copy link
Member

@lexasoft123

Thanks for the logfile, but this doesn't seem to me to be the same situation. It's only offering you one option 'One Time Passcode', and it's not clear to me what actually should happen if you proceed with that. I presume you did click OK, and it sent a prompt to your phone, but then it crashed?

Is this is a change in behaviour by TWS, or have you only just started using the IBKR Mobile app for 2FA?

I suspect (without actually looking at the code) that the crash is because you manually clicked OK rather than IBC clicking it, and so it didn't record the time that OK was clicked and then couldn't do a necessary calculation: if so, this is clearly a bug in IBC and I'll fix it.

But as it happens, I'm unwell at present and not really in a fit state to move this forward, so please be patient.

In the meantime, it would be helpful if you could upgrade to the current 'stable' TWS, which I think is 981.3c, just in case this is a result of using an out-of-date TWS (I suspect it'll behave just the same, but it's worth knowing for sure).

@lexasoft123
Copy link

Hi @rlktradewright.
I've repeated the startup with logging once more.
I see a dialog with 2 options on the screen, but now items array in the log file is empty.
Please check following screenshots:
Screenshot 2021-10-04 at 18 38 25
Screenshot 2021-10-04 at 18 41 54

Thanks for the logfile, but this doesn't seem to me to be the same situation. It's only offering you one option 'One Time Passcode', and it's not clear to me what actually should happen if you proceed with that. I presume you did click OK, and it sent a prompt to your phone, but then it crashed?

Yes, it was some kind of bug. Usually it succeeds and opens the terminal.

Is this is a change in behaviour by TWS, or have you only just started using the IBKR Mobile app for 2FA?

I have several accounts and other accounts without 2-nd 2FA device work fine.

But as it happens, I'm unwell at present and not really in a fit state to move this forward, so please be patient.

Hope you are OK and get well soon.

In the meantime, it would be helpful if you could upgrade to the current 'stable' TWS, which I think is 981.3c, just in case this is a result of using an out-of-date TWS (I suspect it'll behave just the same, but it's worth knowing for sure).

I am specially using 927 version of TWS to keep "overnight alive" feature.
If newer versions will work also good, I'll definitely upgrade.

Thanks.

@rlktradewright
Copy link
Member

Sorry for the delay in progressing this. I'm gradually recovering from my ailment and should be able to spend more time on it now.

The last logfile you sent was interesting (and unexpected) in that it didn't include the details of the entries in the 'Select second factor device' list. I've made a change to the window handling in IBC that I hope will resolve this problem. I've created a new zip file for IBC v3.11.0-beta.1 which contains this version. Please just copy the IBC.jar and version files into your IBC folder and run it again, and attach the IBC logfile to your reply. You can find this new zip at:

https://1drv.ms/u/s!AlqfLEOWDJ9Zh94157CLRVqRJEcGhg?e=kLjnMN.

I've understood the cause of the crash last time, but haven't included a fix for it here because I actually want it to crash after displaying that dialog and clicking ok (and I don't have enough information yet to do a proper fix).

@rlktradewright
Copy link
Member

Can someone please try the version referred to in my previous post so I can hopefully get better information?

I can't progress this until I have proper information about the structure of the device list.

@lexasoft123
Copy link

Hi @rlktradewright
Sorry was on a vacation.
Seems that your fix still does not work.
ibc_log.txt

@rlktradewright
Copy link
Member

@lexasoft123 thanks for that.

I now realise where I've gone wrong and will offer you another beta within the next couple of days.

@rlktradewright
Copy link
Member

Sorry for the delay with this: I completely forgot about it!

A new beta (3.12.0-beta.1) is now available here:

https://1drv.ms/u/s!AlqfLEOWDJ9Zh-VR6YgCu5DqFbtBCw?e=FlqSkv

With any luck this should do the job. There is a new setting in config.ini called SecondFactorDevice, which governs IBC's behaviour when there is more than one second factor authentication device configured.

If the 'Select second factor device' dialog is displayed:

  • If there is no value for this setting, then that dialog should now remain on display (rather than crash) waiting for the user to make the selection
  • If the setting has a value that is identical to one of the entries in the second factor device list, then IBC will select that item and click the OK button.

@lexasoft123
Copy link

lexasoft123 commented Nov 3, 2021
edited

@rlktradewright Hi!
Almost works, but...

null(javax.swing.JRootPane){Object.Component.Container.JComponent.JRootPane}
|   null.glassPane(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   null.layeredPane(javax.swing.JLayeredPane){Object.Component.Container.JComponent.JLayeredPane}
|   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   null(javax.swing.JTextArea){JTextArea: Select second factor device}
|   |   |   |   null(javax.swing.JList){JList: }
|   |   |   |   |    IB Key
|   |   |   |   |    One Time Passcode
|   |   |   |   |   null(javax.swing.CellRendererPane){Object.Component.Container.CellRendererPane}
|   |   |   |   null(javax.swing.Box$Filler){Object.Component.Container.JComponent.Filler}
|   |   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: OK}
|   |   |   |   |   |   null(javax.swing.Box$Filler){Object.Component.Container.JComponent.Filler}
|   |   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: Cancel}
|   |   |   |   |   |   null(javax.swing.Box$Filler){Object.Component.Container.JComponent.Filler}
|   |   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: Help}
|   |   |   null(javax.swing.JSeparator){Object.Component.Container.JComponent.JSeparator}
|   |   |   null(twslaunch.jclient.readonly.g){Object.Component.Container.JComponent.JPanel.g}
|   |   |   |   null(javax.swing.JTextArea){JTextArea: Or you may log in to Read Only without entering your security code. However you will not be able to trade or manipulate your accounts.}
|   |   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: Enter Read Only}
|   |   null(jtscomponents.plaf.dT){Object.Component.Container.JComponent.JPanel.dT}
|   |   |   null(javax.swing.JLabel){JLabel: }
|   |   |   null(javax.swing.JLabel){JLabel: Second Factor Authentication}
|   |   |   null(javax.swing.JLabel){JLabel: }
|   |   |   null(jtscomponents.plaf.dy){JButton: }
|   |   |   null(jtscomponents.plaf.dR){Object.Component.Container.JComponent.JPanel.dR}
|   |   |   |   null(jtscomponents.plaf.dO){JLabel: }
|   |   |   Close(jtscomponents.plaf.dm){JButton: }
|   |   |   Maximize(jtscomponents.plaf.dn){JButton: }
|   |   |   Minimize(jtscomponents.plaf.dm){[Disabled]JButton: }


2021-11-03 08:58:11:237 IBC: Second Factor Authentication dialog event: Opened
2021-11-03 08:58:11:237 IBC: Second Factor Authentication dialog opened
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2021-11-03 08:58:11:238 IBC: Could not find second factor device 'IB Key' in the list
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2021-11-03 08:58:11:243 IBC: Detected dialog entitled: Second Factor Authentication; event=Activated
2021-11-03 08:58:11:243 IBC: Second Factor Authentication dialog event: Activated
2021-11-03 08:58:11:244 IBC: Detected dialog entitled: Second Factor Authentication; event=Focused
2021-11-03 08:58:11:244 IBC: Second Factor Authentication dialog event: Focused

@rlktradewright
Copy link
Member

This is very weird that it can't find that entry in the list, since it has just printed out the contents and that entry is definitely there. I suspect that the list entries contain some unprintable characters, so that what's visible is not exactly the same as what's actually in the entry.

To get some extra diagnostics I've produced 3.12.0-beta.2 which prints the contents of each list entry in both characters and hex while it's searching for the required entry. If that doesn't show up the problem I'll have to shut myself in a darkened room with a couple of very long gin and tonics...

https://1drv.ms/u/s!AlqfLEOWDJ9Zh-VS_DAa_-xliIsL-Q?e=0v1owV

@lexasoft123
Copy link

Hi @rlktradewright

null(javax.swing.JRootPane){Object.Component.Container.JComponent.JRootPane}
|   null.glassPane(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   null.layeredPane(javax.swing.JLayeredPane){Object.Component.Container.JComponent.JLayeredPane}
|   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   null(javax.swing.JTextArea){JTextArea: Select second factor device}
|   |   |   |   null(javax.swing.JList){JList: }
|   |   |   |   |    IB Key
|   |   |   |   |    One Time Passcode
|   |   |   |   |   null(javax.swing.CellRendererPane){Object.Component.Container.CellRendererPane}
|   |   |   |   null(javax.swing.Box$Filler){Object.Component.Container.JComponent.Filler}
|   |   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: OK}
|   |   |   |   |   |   null(javax.swing.Box$Filler){Object.Component.Container.JComponent.Filler}
|   |   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: Cancel}
|   |   |   |   |   |   null(javax.swing.Box$Filler){Object.Component.Container.JComponent.Filler}
|   |   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: Help}
|   |   |   null(javax.swing.JSeparator){Object.Component.Container.JComponent.JSeparator}
|   |   |   null(twslaunch.jclient.readonly.g){Object.Component.Container.JComponent.JPanel.g}
|   |   |   |   null(javax.swing.JTextArea){JTextArea: Or you may log in to Read Only without entering your security code. However you will not be able to trade or manipulate your accounts.}
|   |   |   |   null(javax.swing.JPanel){Object.Component.Container.JComponent.JPanel}
|   |   |   |   |   null(twslaunch.jtscomponents.I){JButton: Enter Read Only}
|   |   null(jtscomponents.plaf.dT){Object.Component.Container.JComponent.JPanel.dT}
|   |   |   null(javax.swing.JLabel){JLabel: }
|   |   |   null(javax.swing.JLabel){JLabel: Second Factor Authentication}
|   |   |   null(javax.swing.JLabel){JLabel: }
|   |   |   null(jtscomponents.plaf.dy){JButton: }
|   |   |   null(jtscomponents.plaf.dR){Object.Component.Container.JComponent.JPanel.dR}
|   |   |   |   null(jtscomponents.plaf.dO){JLabel: }
|   |   |   Close(jtscomponents.plaf.dm){JButton: }
|   |   |   Maximize(jtscomponents.plaf.dn){JButton: }
|   |   |   Minimize(jtscomponents.plaf.dm){[Disabled]JButton: }


2021-11-08 15:10:51:764 IBC: Second Factor Authentication dialog event: Opened
2021-11-08 15:10:51:764 IBC: Second Factor Authentication dialog opened
2021-11-08 15:10:51:764 IBC: Device list entry 0= IB Key (7 chars: 204942204b6579)
2021-11-08 15:10:51:764 IBC: Device list entry 1= One Time Passcode (18 chars: 204f6e652054696d652050617373636f6465)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2021-11-08 15:10:51:765 IBC: Could not find second factor device 'IB Key' in the list
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2021-11-08 15:10:51:769 IBC: Detected dialog entitled: Second Factor Authentication; event=Activated
2021-11-08 15:10:51:769 IBC: Second Factor Authentication dialog event: Activated
2021-11-08 15:10:51:769 IBC: Detected dialog entitled: Second Factor Authentication; event=Focused
2021-11-08 15:10:51:769 IBC: Second Factor Authentication dialog event: Focused

Looks like there is a space before the label?

@rlktradewright
Copy link
Member

Well it's a relief to know that! I guess I should have thought of removing leading and trailing spaces from the list entries, but it simply never occurred to me.

I'll get you another version tomorrow, and hopefully it will do the job.

@lexasoft123
Copy link

I think better to look for a substring in the label.

@rlktradewright
Copy link
Member

I considered that suggestion but I think just copying the full value verbatim into config.ini is a simpler rule.

Here's the latest:

https://1drv.ms/u/s!AlqfLEOWDJ9Zh-VTubFGKtHrEb4oGA?e=jzc15o

I've left the extra diagnostics in for now, but will remove them for the release version.

@lexasoft123
Copy link

Hi @rlktradewright
Works good now. Thank you for fixing it!

@rlktradewright
Copy link
Member

Glad to hear it.

@rlktradewright
Copy link
Member

Apologies, I just realised that I haven't put this into a released version. Unfortunately Release 3.12.0-beta.1 published yesterday doesn't contain this fix.

I'll put out another release to correct that soon.

@rlktradewright rlktradewright reopened this Dec 7, 2021
@rlktradewright
Copy link
Member

This was fixed in IBC 3.12.0-beta.2

@bayareacoder
Copy link
Author

@rlktradewright sorry to have never followed up after I opened this 2 years ago but I can confirm now this is fully working.
Thank you. IBC is a fantastic package!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lexasoft123 @rlktradewright @bayareacoder