Login trouble with 2.3.5

Discussions about Z-Way software and Z-Wave technology in general
Post Reply
klaasjoerg
Posts: 90
Joined: 30 Sep 2016 23:49

Login trouble with 2.3.5

Post by klaasjoerg » 10 Aug 2017 10:12

Since 2.3.5 I have some strange behaviour with browser-login.
First login after restarting zway works just fine. Some while later a new loging trial runs into authentication failure.

The log shows the following output:

Code: Select all

[2017-08-10 09:07:57.681] [E] [HTTP] Callback execution error: Error: Invalid digest
    at Error (native)
    at Object.crypto.sha512 (zway/crypto:25:51)
    at hashPassword (automation/Utils.js:72:51)
    at ZAutomationAPIWebRequest._.extend.verifyLogin (automation/ZAutomationAPIProvider.js:281:181)
    at ZAutomationAPIWebRequest.ZAutomationWebRequest.handleRequest (automation/WebserverRequestRouter.js:259:41)
    at automation/WebserverRequestRouter.js:32:35
    at WebServer.document_root (automation/Webserver.js:35:11)

User avatar
PoltoS
Posts: 3654
Joined: 26 Jan 2011 19:36

Re: Login trouble with 2.3.5

Post by PoltoS » 11 Aug 2017 22:32

This is related to some of the enabled module leaving OpenSSL in some wrong state.

Can you give us more info to let test this?

klaasjoerg
Posts: 90
Joined: 30 Sep 2016 23:49

Re: Login trouble with 2.3.5

Post by klaasjoerg » 12 Aug 2017 20:39

This happened after some while (couple of hours) being logged in the UI, although inactive most of the time.
As soon as I actively logout then and try to re-login, this happened, regardless of the browser. When this error occurs, they is no login possible anymore (Also not from other browsers e.g. Safari, Google Chrome) until I finally restart zwave.
Immediately before I logged out from Google Chrome I was still able to reload screens and do things in the UI. Just after that I couldn't immediately re-login again...
So I am not really sure if it's a combination between a server side session/cookie timeout or such.
Will keep you informed if I find more informations...

User avatar
PoltoS
Posts: 3654
Joined: 26 Jan 2011 19:36

Re: Login trouble with 2.3.5

Post by PoltoS » 12 Aug 2017 22:15

This problem is not related to your browser. During login SHA512 is used (from OpenSSL lib) to check your password. We have noticed before that some unpredictable state of OpenSSL might lead to the impossibility to use this function anymore. This can happen after wrong usage of HTTPS, wss websockets or something else that uses OpenSSL.

The question is what is causing it on your side. We need to reproduce it to understand how to fix.

Newer OpenSSL might are better separating different contexts, bit on most platforms it is still not adopted

klaasjoerg
Posts: 90
Joined: 30 Sep 2016 23:49

Re: Login trouble with 2.3.5

Post by klaasjoerg » 12 Aug 2017 22:34

Hmm...okay. I think I just found a way how to reproduce it.
Interestingly it even seems to be related to my other websocket disconnect problem.
Here is what I did:

1. Login into zwave and go to Apps (where I used a JS-App to connect to my test websocket server)
2. Try to activate the JS-App which tries to connect to websocket (and unsuccessfully disconnects)
3. Logout of UI
4. Try to login again and then the problem occurs.

So it's related to the websocket situation...

root@raspberrypi3-jkl1:~# tail -f /var/log/z-way-server.log
[2017-08-12 21:30:43.586] [core] --- Starting module Load custom JavaScript code
[2017-08-12 21:30:43.741] [core] Executing script: var knausock = new sockets.websocket("ws://192.168.1.61:9000","toptron-protocol"); ...
[2017-08-12 21:31:00.861] [E] [HTTP] Callback execution error: Error: Invalid digest
at Error (native)
at Object.crypto.sha512 (zway/crypto:25:51)
at hashPassword (automation/Utils.js:72:51)
at ZAutomationAPIWebRequest._.extend.verifyLogin (automation/ZAutomationAPIProvider.js:281:181)
at ZAutomationAPIWebRequest.ZAutomationWebRequest.handleRequest (automation/WebserverRequestRouter.js:259:41)
at automation/WebserverRequestRouter.js:32:35
at WebServer.document_root (automation/Webserver.js:35:11)
Attachments
zwave-JS-app.png
test websocket zwave app
zwave-JS-app.png (173.56 KiB) Viewed 274 times

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests